PRIVACY POLICY

PRIVACY AND PERSONAL DATA PROTECTION

Within the framework of its activities, the PURE OCEAN Endowment Fund is required to collect and process a certain amount of personal data concerning its interlocutors.

In accordance with the regulation on the protection of personal data (European Regulation 2016/679 of April 27, 2016) and recommended good practices, PURE OCEAN has developed a Privacy and Data Protection Policy.

In compliance with this regulation, PURE OCEAN will guarantee the confidentiality of the personal data processed.

To this end, it will adopt the necessary technical and organizational measures.

It is the responsibility of each partner to be aware of this policy.

I. Definition

The “Data Controller” refers to the entity that, alone or as a group, determines the purposes and means used for the
processing of Personal Data.

“GDPR” refers to the General Regulation (EU) No. 2016/679 on the Protection of Personal Data.

“Personal Data Protection Laws” refers to the laws, decrees, ordinances, directives or other norms relating to the protection of personal data and/or the protection of life to which a contracting party of PURE OCEAN is subject and which are applicable to the Services provided.

“Personal Data” means information relating to an identified or identifiable natural person that is processed by PURE
OCEAN.

“Sensitive Personal Data”: “Sensitive Personal Data” are those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning health or data concerning the sex life or sexual orientation of a natural person, data relating to criminal convictions or offences.

“Recipient”: means the person(s) entitled to obtain communication of data recorded in a file or processing operation by virtue of his or her duties.

Processing” means any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, harmonization or aggregation, deletion or destruction.

“Data subjects” are the natural persons whose personal data are being processed.

II. The person in charge of processing personal data

The person in charge of the processing is the Endowment Fund PURE OCEAN, whose head office is located at 8 Boulevard Edouard Herriot 13008 MARSEILLE, registered at the RCS of MARSEILLE under the number 413 959 610 and represented by Mr. David SUSSMANN as legal representative.

You can contact the person in charge of the treatment by e-mail : gdpr@pure-ocean.org or by mail : PURE OCEAN, 8 Boulevard Edouard Herriot 13008 MARSEILLE.

III. Personal data processed

In order to carry out the relations with its interlocutors and partners, PURE OCEAN is likely to collect and process personal data in the sense of the European Regulation 2016/679.

The personal data you provide may include information relating to your identity, contact details (telephone numbers, email, postal address), economic and financial information (bank details, tax situation, etc.), or photographs.

IV. Purposes of the processing

The above-mentioned data is collected in order to maintain our partner databases and to ensure the smooth running of relations, the distribution of newsletters and the management and processing of donations.

These data are collected when you communicate with one of PURE OCEAN’s departments in the context of the execution of a contract (sponsorship, partnership, etc.) or when you fill in certain forms or documents.

We collect and/or process your data in accordance with applicable laws and regulations on data protection and
confidentiality. PURE OCEAN informs the individual directly at the time of collection of personal data. The information provided specifies the purpose, the legal basis of the processing, the rights that the data subject may exercise, the period of time for which the data will be kept, the recipients of the data, the security measures to protect the data and the contact in case of questions about the processing of personal data (gdpr@pure-ocean.org)

V. Recipients and transfer of data

In the respect of the exposed purposes, the personal data are communicated only to the internal services of the Endowment Fund.

The Endowment Fund undertakes not to use the personal data processed in any other context, nor to pass them on to third parties without the express consent of the person concerned. In cases where personal data is transmitted to third parties, we will always act in accordance with the applicable regulations, informing the Data Subject where appropriate.

This does not include our subcontractors and service providers. They are subject to an obligation of confidentiality and may only use your data in accordance with our contractual terms and applicable law.

We may need to share your personal data in order to comply with applicable law and/or to respond to legal requests or legal process, including from public and governmental authorities, to meet national security or law enforcement requirements.

VI. Data retention period

Personal data is kept for a period of three years from the end of the relationship between the Endowment Fund and the person concerned by the collection for the purpose of managing its contact database, unless a longer retention period is required or authorized by law (e.g. for accounting or legal purposes).

Photographs and related rights (transfer of image rights) are kept for a period of five years from their collection by the Endowment Fund for the purpose of illustrating projects.

VII. Data security

We deploy various security measures to ensure the safety of your personal data.

The computers, servers and cloud used to store personal data are located in a secure environment.

We undertake to inform the supervisory authority of any breach of security and data protection within a maximum of 72 hours after the alert and also to keep you duly informed.

VIII. Exercise of rights

The person concerned by the collection of personal data may at any time exercise the rights recognized by PURE OCEAN which are the right of access, the right of rectification, the right of erasure, the right of opposition, the right to limit the processing, the right to data portability, the right to lodge a complaint with a supervisory authority.

– Right of access: the right to be informed and to request access to the personal data that we process and that concern you;
– Right of rectification: the right to request that we modify or update your personal data if they are inaccurate or incomplete;
– Right to erasure: the right to request that your personal data be erased. If you request it, we will delete your personal data or make it anonymous so that it cannot be used to identify you, except to meet legal requirements or if the law allows us to retain certain personal data, including in circumstances such as those listed below:
If there is an outstanding issue relating to your account, such as an outstanding credit or unresolved dispute;
In the event that we are required to retain personal data in accordance with our legal or tax obligations or accounting or auditing requirements;
– Right to limitation: the right to request to temporarily or permanently cease processing all or part of your personal data, while retaining it; where processing has been limited, such personal data may, with the exception of storage, only be processed with the consent of the data subject.
– Right to object: the right to object at any time to our processing of your personal data.
– Right to data portability: the right to request a copy of your personal data in electronic format and the right to transmit this personal data for use by third party services;
– Filing a complaint with the administrative authority: In case of non-compliance with this policy, you may, in case of dispute, file a complaint with the CNIL https://www.cnil.fr/.

To exercise these rights, please send your request, indicating your e-mail address, your first and last name and the subject of your request as follows “exercise of the right of access to personal data”, to the following e-mail address gdpr@pure-ocean.org.

PURE OCEAN undertakes to deal with your request within a reasonable time and within 15 days of receiving your request.

Last updated on February 21st, 2023