Privacy Policy
General Data Protection Regulation (GDPR)
We attach great importance to the protection of your data. This page details how Doinsport collects, uses, stores, and secures personal data in accordance with the GDPR.
Last updated: August 12, 2025
Summary
1 – Commitments
DOINSPORT SAS is committed to processing all data transmitted or collected in accordance with applicable legislation, notably the Law No. 78-17 of January 6, 1978 as amended (Data Protection Act), the Regulation (EU) 2016/679 (GDPR), and the ePrivacy directive along with associated national texts.
This policy concerns: professionals/partners, employees, job applicants, customers, and prospects, internet users browsing www.doinsport.com, as well as users of the platforms v3.doinsport.club and the custom mobile applications published by Doinsport.
2 – GDPR Glossary
Personal Data: information that directly or indirectly identifies a natural person.
Processing: operation performed on data (collection, retention, modification, communication, deletion…).
Data Subject: individual identified or identifiable by the processed data.
Data Controller: entity that determines the purposes and means of the processing.
Processor: entity processing data on behalf of the data controller.
Recipient: individual or organization receiving communication of the data.
Cookie: file placed on a device to facilitate navigation and/or measure audience.
Biometric Data: data related to physical, physiological, or behavioral characteristics allowing identification.
Pseudonymization: separation of identifying information from the main data to reduce risks.
3 – Nature of the Data Collected
In line with the principle of minimization, only strictly necessary data is collected:
Identity: name, first name, image/logo.
Contact Details: postal address, phone(s), e-mail(s).
Professional Information: position, status, remuneration, benefits.
Connection Data: IP address, device type, browser, cookies.
Service Usage: booking history, payment methods, sports preferences.
Technical/Specific Data: access controls, automated lighting, and data from integrated third-party APIs.
4 – Purposes of Processing
Compliance with legal and regulatory obligations.
Management of human resources and recruitment.
Management of client, supplier, and partner relationships.
Provision, improvement, and personalization of online and onsite services.
Security, maintenance, and optimization of systems.
Invoicing, payments, and accounting.
Statistical analysis and improvement of user experience.
Fraud prevention and transaction security.
Communication and marketing (with prior consent when required).
5 – Access to Data
Access to data is strictly limited to authorized personnel and service providers, bound by confidentiality commitments. Selected processors provide sufficient guarantees regarding security and GDPR compliance.
No data is sold, rented, or transferred to third parties outside of the legal/contractual framework. In the event of a transfer outside the European Union, appropriate safeguards are put in place (standard contractual clauses or equivalent).
6 – Retention Periods
Data is retained for the period strictly necessary for the purposes pursued:
Processing | Maximum Duration |
|---|---|
Recruitment | 3 years if the candidate is not selected |
HR Management | 5 years after the employee's departure |
Payroll | 5 years after payment |
Commercial Contacts | 1 year after the last contact |
IT Data and Access | 1 year after a user's departure |
Biometric Data | Duration related to the purpose, immediate deletion in case of withdrawal of consent |
7 – Rights of Individuals
You have the following rights: access, rectification, deletion, limitation, opposition, portability, withdrawal of consent at any time, absence of automated decisions producing significant legal effects, and notification in case of data breaches concerning you.
To exercise your rights, see DPO Contact.
8 – Security
Encryption of data in transit and at rest.
Strong authentication and strict access control.
Regular backups and restoration tests.
Monitoring and detection of security incidents.
Training and awareness for staff.
Notification procedure to the CNIL and informing individuals in the event of a breach that may pose a high risk.
9 – DPO Contact
DOINSPORT SAS – Data Protection Officer
7, Rue François Moisson – 13002 Marseille – France
contact@doinsport.com – +33 7 68 63 07 83
Please specify the right exercised, your name/first name and contact details, and attach proof of identity.
© 2026 DOINSPORT SAS — All rights reserved.
