Privacy Policy

Welcome to the AFEPAME website (accessible via the following URL: https://www.afepame.fr/), hereinafter referred to as the “Website.”

The personal data protection and cookies policy (hereinafter the “Policy”) aims to inform you of the rights and freedoms you can exercise with regard to our use of your personal data and describes the measures put in place to protect them.

AFEPAME is the “data controller” for personal data relating to the management of the Website.

1. Purpose of processing

The purpose of processing is to ensure the day-to-day running of the association via the Website in accordance with its missions and statutes.

Processing carried out via the Website enables, in particular:

Registration and login to the members' area: we use your personal data to register you and allow you to access the Website, the services linked to the Website, and your account;

Communication to members of any communication from the authorities intended for members, regulatory developments;

Convocation to AFEPAME general or extraordinary meetings;

Information on the life of AFEPAME and its various working groups;

Information about events and seminars organized by AFEPAME for its members and partners;

Notification of annual membership fees to representatives of AFEPAME members;

Management of the functioning and security of the Site: we use your personal data to operate the Site and services and to ensure security;

Implementation of the individual rights of data subjects;

Compliance with legal obligations: we use your personal data when we are required to do so in accordance with applicable regulations.

By using the Site, you must provide us with certain personal data such as your first and last name, email address, telephone number, photo, postal address, and gender in order to create an account and access the various services and features of the Site.

2. Basis for processing collected data

The information collected for the above purposes is necessary for the following legal reasons:

Performance of a contract (connection to the Site, management of the Site in accordance with the Terms of Use);

Legitimate interest (sending communications, events, and notices of general meetings, ensuring the security of the Site, improving our services);

Compliance with a legal obligation (storage, exercise of rights).

3. Shelf life

Personal data is retained for as long as the company remains a member of AFEPAME and the person who registered is affiliated with that company. In any event, the data will be deleted no later than twelve (12) months after the end of membership.

This period may be extended if required by legal or regulatory obligations, or if the retention of data is necessary for the recovery of sums owed to AFEPAME or its Consumer Mediation Service.

AFEPAME reserves the right to adapt its Charter to comply with any applicable legislative or regulatory changes.

Personal data will not be further processed in a manner incompatible with the purposes described in this Charter or in the collection form

4. Recipients of the data

Within the framework of the processing operations provided for in the Charter, only the president, treasurer, secretary, and their representatives specifically authorized by the data controller may have access to the personal data of the individuals concerned by the processing operations described in this Charter.

These authorizations are granted to the extent strictly necessary for the processing to be carried out:

Persons responsible for relaying information and communications from the authorities to AFEPAME members;

Persons responsible for organizing general meetings, extraordinary meetings, and seminars;

Persons responsible for leading working groups and gathering the opinions of members;

Persons responsible for disseminating information on events and seminars organized by AFEPAME to its members and partners;

Persons responsible for notifying and collecting annual membership fees from representatives of AFEPAME members;

Persons responsible for implementing the individual rights of data subjects.

In order to prevent unauthorized persons from accessing the data, the Data Controller and its subcontractors shall ensure that They rigorously manage authorizations and controls for access to the data.

5. Transferts de données personnelles et sous-traitants

The personal data processed is not transferred outside the EU.

The following subcontractors are used in connection with the Website's services:

Domain name management: Gandi - France (Paris)

Website hosting: Scaleway - France (Paris)

Website development and maintenance: Pulpopush SRL - Romania (Bucharest)

6. Data security measures

The data controller implements appropriate measures to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties.

7. Cookies and trackers

A cookie is a file that stores information about your browsing activity and facilitates your use of the Website. All cookies are listed below:

Functional and essential: Member area login (retention period: 7 days)

Website usage statistics: Google Analytics (retention period: 14 months)

8. Exercising your rights

The data controller makes every effort to be transparent and to enable you to control and manage your personal data. You may exercise the following rights at any time:

Right of access: you may request confirmation as to whether or not data concerning you is being processed and, if so, you may request access to your data;

the right to rectification: you may ask Afepame to rectify any incorrect data concerning you. This means that you may also ask Afepame to update or complete your data;

the right to erasure (right to be forgotten): in certain cases provided for in Article 17 of the GDPR, you can ask Afepame to delete your data;

the right to object: when processing is carried out in accordance with a legitimate interest of Afepame and subject to the absence of legitimate and compelling reasons on our part, you may object to Afepame processing your data;

the right to restrict processing: in certain cases provided for in Article 18 of the GDPR, you may ask Afepame to restrict the processing of your data to certain purposes and under certain conditions;

the right to data portability: when the data is necessary for the performance of a contract with you or is processed on the basis of your consent, you may request Afepame to provide you with your data in a structured, commonly used, and machine-readable format; and/or to transmit it to another data controller;

the right not to be subject to automated decision-making: data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Withdrawal of consent: when your data is processed on the basis of your consent, you may withdraw that consent at any time;

The right to define post-mortem guidelines: under the conditions provided for in Articles 84 to 86 of the French Data Protection Act, you may define guidelines regarding the fate of your Data after your death.

You can exercise your rights or ask any questions you may have by sending an email to the following address: info@afepame.fr.

If, after contacting us, you feel that your rights have not been respected, you have the right to lodge a complaint with a supervisory authority, in particular with the Commission Nationale de l’Informatique et des Libertés (CNIL).

The Charter may be updated regularly in light of technical, legal, and organizational developments.

Date of last modification: 06/23/2025