Privacy Policy

Who are we?

The M24 – Musée du Sport Automobile website (hereinafter the “Site”) is published by:

MACO, a simplified joint stock company (société par actions simplifiée) incorporated under French law, with its registered office at Place Luigi Chinetti, Circuit des 24 Heures – 72019 Le Mans – France, registered with the Trade and Companies Register of Le Mans under number 917 458 812.

Website address: https://www.m24-musee.com/

For any questions relating to the protection of personal data, you may contact our Data Protection Officer (DPO) at the following address: dpo@lemans.org

2. Data Collected

We collect personal data when you:

  • use the contact form
  • create a user account (where applicable)
  • leave a comment on the Site
  • purchase a ticket or place an order
  • subscribe to a newsletter
  • browse the Site (cookies)

The data collected may include in particular:

  • data necessary for processing orders
  • identity data (surname, first name)
  • contact details (email, telephone number)
  • login information
  • IP address
  • browsing history

3. Purposes of Processing

MACO processes your personal data for the following purposes:

  • management of orders and ticketing
  • management of contact requests
  • management of user accounts
  • sending information and newsletters, subject to your consent
  • improvement of user experience and audience measurement
  • compliance with legal and regulatory obligations

Legal bases

  • Site security (logging, abuse prevention, anti-spam): legitimate interest.
  • Order and ticketing management: performance of a contract or pre-contractual measures.
  • Management of requests via the contact form: legitimate interest (responding to inquiries) and, where applicable, pre-contractual measures.
  • User account management: performance of a contract / legitimate interest depending on the service provided.
  • Sending information and newsletters: consent (unsubscribe possible at any time).
  • Audience measurement and non-essential personalization: consent where required under cookie regulations.
  • Compliance with legal obligations: legal obligation (e.g. accounting/tax obligations).

4. Comments

When you leave a comment on the Site, the data entered in the comment form, as well as your IP address and your browser’s user agent, are collected to help detect unwanted comments.

An anonymized string created from your email address (hash) may be sent to the Gravatar service to verify whether you use this service. The Gravatar privacy policy is available here: https://automattic.com/privacy/.

After approval of your comment, your profile picture may be publicly visible next to it.

5. Media

If you upload images to the Site, we recommend avoiding uploading images containing EXIF data including GPS coordinates. Visitors to the Site may download and extract such location data.

6. Embedded Content from Other Websites

Pages of the Site may include embedded content (e.g. videos, images, or articles).

Embedded content from other websites behaves in the same way as if you had visited those third-party websites directly. These websites may collect data about you, use cookies, or track your interactions with their content, particularly if you have an account logged in on their platform.

7. Cookies

When browsing the Site, cookies may be placed on your device.

The cookies used may include:

  • cookies strictly necessary for the operation of the Site
  • audience measurement cookies
  • cookies related to third-party services (e.g. video content)

When you leave a comment on the Site, you may be offered the option to save your name, email address and website in cookies to facilitate future interactions. These cookies expire after one year.

A temporary cookie may be created when you log in to verify whether your browser accepts cookies. It does not contain personal data and is deleted automatically when the browser is closed.

Cookies may also store your login information and screen preferences:

  • login cookie: 2 days
  • “Remember me” option: 2 weeks
  • screen preference cookies: 1 year

In accordance with applicable regulations, the storage and reading of cookies that are not strictly necessary for the operation of the Site (in particular audience measurement cookies and third-party cookies) require your prior consent. Refusal of cookies must be offered through means that are as simple as acceptance.

You may accept, refuse, or configure cookies via the preferences management banner displayed during your first visit to the Site, and subsequently modify your preferences at any time.

8. Use and Disclosure of Your Personal Data

Your personal data is accessible, within the scope of their respective duties, to authorized MACO departments (for example: ticketing/visitor relations, communications and inquiry management, Site administration and IT support).

Your personal data may also be processed by service providers acting on behalf of MACO (for example: hosting, maintenance and IT management, ticketing/payment solutions, communication tools). These providers act as processors within the meaning of the GDPR, on the basis of documented instructions from MACO, and are subject to contractual obligations of confidentiality and security.

As a matter of principle, your data is processed within the European Union/EEA. If certain service providers involve transfers of data outside the EU/EEA, MACO ensures that such transfers are governed by appropriate safeguards in accordance with the GDPR (for example, standard contractual clauses of the European Commission, and where applicable supplementary measures). You may request further information on these safeguards by contacting the DPO.

In the event of a password reset request, the IP address may be included in the reset email to enhance security.

Comments may be checked through an automated spam detection service.

9. Data Retention Periods

Personal data is retained for the period strictly necessary for the purposes for which it was collected.

  • Comments: retained as long as the comment remains published and for the duration necessary for moderation, unless deleted or upon a valid erasure request.
  • User accounts: retained as long as the account is active.
  • Billing data: retained for the legally required retention period.
  • Contact form: retained for the time necessary to process your request, then archived/deleted in accordance with applicable internal retention periods (unless required by law or necessary for dispute management).
  • Newsletter : retained until withdrawal of consent (unsubscribe), then deleted within a reasonable timeframe, unless otherwise required by law.
  • Technical logs and security: retained for a limited period necessary for Site security and incident detection, then deleted/rotated.
  • Cookies: retention period specified in the cookies section.

At the end of the above retention periods, data is deleted or, where necessary, archived in an intermediate form (for example, to comply with a legal obligation or for the establishment, exercise or defense of legal claims).

10. Your Rights

In accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act as amended, you have the following rights:

  • right of access
  • right to rectification
  • right to erasure
  • right to object
  • right to restriction of processing
  • right to data portability
  • right to withdraw your consent at any time

You may exercise these rights by writing to: dpo@lemans.org

You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

11. Security

MACO implements all appropriate technical and organizational measures to ensure the security and confidentiality of your personal data.

NEWSLETTER INSCRIPTION

    FOLLOW-US
     
    ON NETWORKS
    Facebook Instagram