HAUTE ROUTE PRIVATE POLICY

France Vélo Evénements Online Privacy and Cookie Policy

Privacy protection is important to us. This Online Privacy and Cookie Policy (“Privacy Policy”) describes how we process personal data through our Services.
When we use the term “personal data” we mean any data that identifies you or makes you identifiable as a natural person.
When we use the term “Services” we mean any of the services or websites that we own or operate that post or link to this specific Privacy Policy, including:
• Our websites (gravelfever.fr; hauteroute.fr)
• Our marketing activities
• Our social networking pages, profiles, and feeds.
This Privacy Policy does not govern, and we maintain separate privacy policies for, the following:
• Our merchandizing activities, which shoppers will find on our store websites
• Processing of personal data of participants in our sporting events, which participants can find here; and
Who is data controller of your personal data?
France Vélo Evénements (FVE), located at 25 rue Notre Dame des Victoires, Paris. FVE is the data controller. We control the processing of your personal data.
What personal data do we collect?
In the context of rendering our Services, we may collect personal data about you. Please see Annex 1 for a detailed description on the data we collect. On a more general level, the personal data we collect can include the following:
• If you set up an account on our websites. Username, password, name, e-mail address, birth date, gender and other information you provide during registration.
• If you contact us via e-mail, phone or mail. Name, e-mail address, phone number, address and other information you provide.
• If you subscribe to our newsletter. Name, e-mail address and marketing campaign information such as your reaction to our marketing and your interest in our Services.
• If you merely use our website. IP address, network file system, access times, domain name, browser data, browser type and language, device type, device ID, Uniform Resource Locators (URL), operating system, language preferences and information on your usage of our websites and online activities.

• Information we collect from social networks. When you interact with our Services through various social media, such as when you login through Facebook or when you follow FVE or share our content on Facebook, Twitter, Instagram or other websites, we may receive information from those social networks including your profile information, picture, user ID associated with your social media account, friends list, and any other information you permit the social network to share with third parties. The personal data we receive is dependent upon your privacy settings on the respective social media platforms.
How do we collect your personal data?
Personal data is collected in many ways and may include:
• Personal data you provide to us. Most of the personal data we receive comes to us voluntarily from our users in the course of using our Services, such as when setting up or using their accounts on our websites, subscribing to our e-mail newsletter or communicating with us.
You are free to choose which information you want to provide to us or whether you want to provide us with personal data at all. However, some information, such as information requested for setting up an account on our websites, may be necessary for the performance of our contractual obligations in the context of your account registration. Without providing this personal data, you will not be able to set up or use an account.
• Personal data collected via technology. As you use our websites and apps, we may collect information through the use of cookies and similar technologies. Please see Section 9 for more information.
• Personal data we receive from others. We may receive personal data about users from third parties such as social media sites, data enhancement services and law enforcement agencies.
When you fill in one of our contact forms we collect your name, email address, IP Address, and your country of residence.
We use your email address to contact you back and give you answers after your form submission. We use your country to know your preferred language of communication. We do not sell any of this contact information to third parties.
This information is stored on an internal database. Should you want access to the information or to have your information removed then please contact us using the details below.
Why and on which legal basis do we collect and use your personal data?
The reasons for using your personal data may differ depending on the purpose of the processing. Please see Annex 1 for a detailed description of the purposes for which we use your data. On a more general level, we regularly use your personal data for the following purposes and on the following legal grounds:
• We use your personal data for the performance of our contractual services or for the preparation of a contract with you. If you set up an account, we use your personal data to provide you with the account and its features.
• We use your personal data if justified by our legitimate interests. The usage of your personal data may be necessary for our own business interests and for providing you with our Services. For example, we use some of your personal data to enable you to visit and use our websites (see also Section 9 on cookies and similar technologies). We may use some of your personal data to evaluate and review our business performance, improve and individualize your experience and enjoyment of our Services and identify potential cyber security threats. If necessary, we may also use your personal data to pursue or defend ourselves against legal claims.
• We use your personal data after obtaining your consent. In some cases, we may ask you to grant us separate consent to use your personal data. Where we ask you for your consent, you are free to deny your consent and the denial will have no negative consequences for you. You are also free to withdraw your consent at any time with effect for the future. If you have granted us consent to use your personal data, we will use it only for the purposes specified in the consent form.
This also includes our e-mail marketing activities. If you sign up for our e-mail newsletter on our websites, we will use your personal data for our e-mail marketing campaigns. You may unsubscribe from our e-mail newsletter at any time [unsubscribe from this list]. You may also contact us via e-mail, phone or mail at the address provided at the end of this document to request that we remove you from our e-mail list.
Depending on regional legal requirements, such as in the European Union, we also ask for your consent when setting certain Cookies (see Section 9 for further information).
• We use your personal data to comply with legal obligations. We are legally obligated to retain certain personal data for tax reasons and commercial law requirements and we might be required to provide data to law enforcement on request.
We will only use your personal data for the purposes for which we have collected them. We do not use your personal data for automated individual decision-making.
When you fill in one of our ambassador event registration forms we collect your name, email address, phone number, emergency contacts information, and IP Address.
We use the information below to validate your registration on the event, and to have all the legal information needed for your participation. We do not sell any of this contact information to third parties.
This information is stored on an internal database. Should you want access to the information or to have your information removed then please contact us using the details below.
With whom do we share your personal data?
As required in accordance with how we use it, we will share your personal data with third parties. Please see Annex 1 for a detailed description of the third parties and the personal data we might share with them. On a more general level, we share your personal data with the following categories of third parties:
• Our affiliates and subsidiaries. We work closely together with our affiliates and subsidiaries around the world in regard to marketing activities. Please see the full list of our affiliates and subsidiaries in Annex 2.
• Service providers and advisors. Third-party vendors and other service providers that perform services for us and on our behalf, which may include marketing campaign services, providing mailing or e-mail services, data enhancement services, fraud prevention, web hosting, or providing analytic services. If applicable, such service providers will, by appropriate data processing agreements, be bound to process personal data only on our behalf and under our instructions.
• Purchasers and third parties in connection with a business transaction. Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of our assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.
• Law enforcement, regulators and other parties for legal reasons. Personal data may be disclosed to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our legal claims or to protect the security or integrity of our Services; and/or (c) to exercise or protect the rights, property, or personal safety of FVE, our partners, employees, or others.
How long do we keep your personal data?
We will store personal data for as long as necessary to fulfill the purposes for which we collect the personal data, in accordance with our legal obligations and legitimate business interests. Afterwards, or at the end of the statutory retention times, the personal data will be deleted as applicable. For example, national commercial or financial codes may require retaining certain information for up to 10 years.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal data when you use our Services. However, no system of security can be 100% secure and so we cannot guarantee in all cases the security of the information that we process. In the event we learn that personal data is compromised as a result of a breach of security, we will take steps to investigate and comply with notification obligations and take other steps in accordance with applicable laws and regulations.
How do we safeguard your personal data when there is an international transfer?
As we are located in the United States, we transfer personal data from other countries to the United States. Depending on your place of residence or location, this may mean that your personal data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal data than your resident jurisdiction.
If you are located in the European Union, the following applies:
To safeguard the direct collection of personal data from data subjects located in the European Union to third parties outside the European Union and the European Economic Area, we have entered into contracts that are based on the EU Standard Contractual Clauses with our European affiliates for the benefit of the affected data subjects. Please contact hello@hauteroute.fr for more information.
Before transferring your personal data to a third party outside the European Union and European Economic Area, we will enter into contracts based on the EU Standard Contractual Clauses to safeguard your personal data.
If you wish to inquire further about the safeguards we use, please contact us using the details set out at the end of this Privacy Policy.
Cookies and similar technologies
We, and our third-party partners, automatically collect certain types of usage information when you visit our websites, apps or social networking pages, when you read our e-mails, or when you otherwise engage with us. Cookies, flash objects, web beacons, file information and similar technologies are used to distinguish you from other users of our websites. You can usually change the settings of your browser to modify the permissions you give to us and third parties for the storing of and gaining access to cookies on your device.
• What are Cookies used for? Cookies are pieces of code that allow for personalization of our website experience by saving some of your personal data, such as user ID and preferences. A cookie is a small data file that is transferred to your device’s hard disk (such as your computer or smartphone) for record-keeping purposes. Cookies and similar technologies (“Cookies”) do lots of different jobs, like helping us understand how our website is being used, letting you navigate between pages efficiently, remembering your preferences and language settings and generally improving your browsing experience. Cookies can also help us to ensure that marketing you see online is more relevant to you and your interests.
• What types of Cookies are used by us and our partners? The types of Cookies used on our websites can generally be put into one of the following categories: strictly necessary; analytics; functionality; advertising; and social media.
• Strictly Necessary: These Cookies are essential to make our website work. They enable you to move around the websites and use their features. Without these Cookies, services that are necessary for you to fully use our website may not be available. Insofar as personal data are processed at all when strictly necessary Cookies are set, the processing is based either on the performance of a contract or it is necessary for the purposes of our legitimate interests.
• Functionality Cookies: These Cookies allow us to remember choices you make and tailor our website to provide enhanced features and content to you. For example, these Cookies can be used to remember your username, language choice or country selection, and they can also be used to remember changes you have made. The processing is based either on the performance of a contract or it is necessary for the purposes of our legitimate interests.
• Analytics Cookies: These Cookies collect information about how people are using our websites, for example which pages are visited the most often, how people are moving from one link to another and if a user experiences error messages on certain pages. All information these Cookies collect is grouped together with information from other people’s use of our website. Overall, these Cookies provide us with analytical information about how our websites is performing and
additional information on the users of our Services. If you are accessing our websites with a European IP address, you have been asked to consent to the use of these Cookies. You are free to deny your consent. Please see Annex 3 for more information.
• Advertising Cookies: These Cookies are used to deliver advertisements that are more relevant to you and your interests. If you are accessing our websites with a European IP address, you have been asked to consent to the use of these Cookies. You are free to deny your consent. Please see Annex 3 for more information.
• Social Media Cookies: In order to enhance your internet experience and to make the sharing of content easier, some of the pages on our website may contain tools or applications that are linked to third-party social media service providers such as Facebook or Twitter. Through these tools or applications, the social media service provider may set its own Cookies on your device. We do not control these Cookies and you should check the social media service provider’s website for further details about how they use Cookies.
• Mobile devices: If you enter our website or apps via a mobile device with activated location-based services, we may collect information about your current location as well as the kind of mobile device in use. Most of the mobile devices provide the possibility to disconnect from location-based services or to deactivate those.
• How can you manage Cookies? If you would prefer not to accept Cookies, most browsers will allow you to (i) change your browser settings to notify you when you receive a Cookie, which lets you choose whether or not to accept it; (ii) disable existing Cookies; or (iii) set your browser to automatically reject Cookies. Please note that doing so may negatively impact your experience using our websites and apps, as some features and services on our websites and apps may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all Cookies.
Your Cookie settings can typically be adjusted in the “options” or “preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.
• Cookie settings in Internet Explorer
• Cookie settings in Firefox
• Cookie settings in Chrome
• Cookie settings in Safari web and iOS
We also use clear gifs in HTML-based e-mails sent to our newsletter subscribers to track which e-mails are opened and which links are clicked by them. The information allows for more accurate reporting and improvement of our Services. You can set your e-mail options to prevent the automatic downloading of images that may contain these technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
Additionally, we support the self-regulatory principles for online advertising (Principles) published by the Digital Advertising Alliance (DAA). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found http://www.aboutads.info/. If you want to “opt out” of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an “opt-out” cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt-out of interest-based advertisements across all your browsers and devices, you will need to opt-out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt-out again.
Please note that when you “opt-out” of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on the Services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of the Services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.
What rights and choices do you have?
We want you to understand your rights and choices regarding how we may use your personal data.
Individual Rights. You have specific rights under applicable privacy law in respect to your personal data that we hold, including a right of access and erasure and a right to prevent certain processing activities.
a) Your European Union Rights
If you are located in the European Union, you have the following rights in respect to your personal data that we hold:
• Right of access. The right to obtain access to your personal data.
• Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
• Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
• Right to restriction. The right to obtain the restriction of our data processing in certain circumstances, such as, where you contest the accuracy of your personal data, for a period of time enabling us to verify the accuracy of that personal data.
• Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another. It only applies to personal data that you have directly provided to us.
• RIGHT TO OBJECT. YOU HAVE A RIGHT TO OBJECT TO ANY PROCESSING BASED ON OUR LEGITIMATE INTERESTS WHERE THERE ARE GROUNDS RELATING TO YOUR PARTICULAR SITUATION. YOU CAN OBJECT TO THE USE OF YOUR PERSONAL DATA FOR MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.
If you wish to exercise one of these rights, please contact us using the contact details below.
For Cookies or e-mail marketing, we provide the following easily usable options:
• Cookies Settings and Preferences. You may disable cookies and similar technologies through the settings in your browser.
• E-Mail Settings and Preferences. If you no longer want to receive marketing e-mails from us, you may choose to unsubscribe at any time [unsubscribe from this list].
In addition to the foregoing listed rights, if you are located in the European Union, you also have the right to lodge a complaint with a data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
b) Your Nevada Privacy Rights
Under Nevada law, Nevada residents may opt out of the “sale” of their personal information, where the information is exchanged for monetary consideration. If you are a Nevada resident, you may submit a request to opt out of potential future sales under Nevada law by sending a message to our data protection team at [Insert OneTrust Form]. Please note we will take reasonable steps to verify your identity and the authenticity of the request.
c) Your California Privacy Rights
California law requires us to disclose certain information regarding the categories of personal data we collect. Please see below for a detailed description of the categories of personal data we collect, the purposes for which we use your personal data and the third parties we might share personal data with.
Categories of Personal Data Purposes of Use Recipients
Identifiers and Demographic Information
Commercial Information
Inferences based on the above
• Providing you with the services, experiences, or products you purchase or request.
• Conducting e-mail marketing.
• Evaluating and improving our business performance.
• If you contact us to give us feedback, ask us questions or communicate with us for any reason (via e-mail, mail or phone), we will use your data to answer your request.

Business Support Vendors: Vendors that provide FVE with business support software, including e-mail account applications, spreadsheet and word editors, presentation programs, data storage and management applications, and IT security software. These vendors may, by contract, only process data on behalf of FVE.
Marketing Vendors: Vendors that provide marketing services for FVE – either by marketing software applications or by external marketing management. These vendors may, by contract, only process data on behalf of FVE.
Analytics Vendors: Vendors that provide FVE with applications or software to analyze or enhance personal data. These Vendors may, by contract, only process data on behalf of FVE.
Website Application Hosting Providers. Such providers may, by contract, only process data on behalf of FVE.

JOIN OUR NEWSLETTER