Privacy Policy
LUMA/Arles is committed to building a strong and lasting relationship with its clients, based on trust and mutual interest.
LUMA/Arles is also committed to protecting your personal data and your privacy.
This personal data protection policy (hereinafter referred to as the “Policy”) describes the commitments implemented by LUMA/Arles in the capacity of data controller, to ensure the respect of your personal data. Through this Policy, LUMA/Arles also wishes to inform you with clarity of how your personal data is collected and used as a Client using our website www.luma.org (the “Website”) and/or our LUMA mobile application (the “Application”) as within the framework of your relations, of whatever nature, with LUMA / Arles.
LUMA/Arles has utmost respect for your privacy and your fundamental rights and freedoms. LUMA/Arles will not use some of your personal data for commercial purposes without your consent, such as data relating to your geolocation, your activity on social networks, or your tastes and preferences. Your personal data will not be sold to third parties for commercial purposes. Nor will it be communicated to third parties without your consent, outside the context of the regulatory and contractual obligations necessary for the supply of products and/or subscribed services.
This Policy is an integral part of the Terms and Conditions. Capitalized terms have the same definition as those used in the General Terms and Conditions.
This Policy may be subject to updates. In this case, we will indicate the date of the last update at the bottom of this Policy. Your consent will be systematically required if the update of this privacy statement affects in any way the rights to use your personal information in accordance with the provisions of this Policy at the time of the collection of information.
Table of Contents
- What data is subject to being processed?
- Who is responsible for collecting and processing data?
- For what purposes do we process your personal data?
- Who are the recipients of personal data?
- How long is personal data retained?
- How is data secured?
- The use of cookies
- The transfer of data outside the European Union 9. What are your rights and how can you exercise them?
1. What data is subject to being processed?
LUMA/Arles ensures it only collects data that is strictly necessary in view of the reason for which it is processed.
When your data is collected through a questionnaire, information that is obligatory to share is indicated by an asterisk or by an equivalent means. Failure to provide this data will make it impossible for LUMA/Arles to process your request.
We may collect and process the following types of data:
1.1. Data you transmit directly
This includes:
- Data necessary for registration on our platform, including your first and last name, email address and postal address (in the event that products are sent to you by mail), date of birth, and password. This information is obligatory. Otherwise, you will not be allowed to create an account on our Platform and access our services;
- Financial information (e.g. your credit card number);
- Data about your choices, preferences, and habits when interacting with the activities we offer;
- Your comments and opinions on our products and services. This data is collected through forms that you will be required to complete automatically.
We do not deliberately collect sensitive information, such as information concerning racial or ethnic origins, political opinions, religious and philosophical beliefs, membership to unions, health details, or sexual orientation.
1.2. Data collected automatically
We may record usage data when you access our platform and services (or use them in any way).
During each of your visits, and in accordance with the applicable legislation and with your consent, we may, if necessary, collect information about the devices you use to access our services or about the networks through which you access our services, such as your IP address, connection data, types and versions of internet browsers used, types and versions of browser plugins, operating systems and platforms, clickstream data, including the URL of the page from which you access our platform, and the content you access or view.
Among the technologies used to collect this information, we use the cookies described in detail in Article 7 below.
2. Who is responsible for collecting and processing data?
The subscription, access and/or use of certain services involve the processing of personal data. The person in charge of the processing of users’ personal data is referred to in Article 2 of the General Terms and Conditions
LUMA/Arles, as the data controller referred to in Article 2 of the General Terms and Conditions, is conscientious of the trust you place in it by giving it your personal information for the use of its services. LUMA/Arles attaches the greatest importance to the confidentiality and security of this information.
As such, LUMA/Arles agrees to comply with this privacy policy, which you accept when you subscribe to its products or use its services.
3. For what purposes is your personal data processed?
The data processing carried out by LUMA/Arles is done according to an explicit, legitimate and determined purpose, which is founded on the execution of our services, on the respect of legal or regulatory obligations, and on the legitimate interest in business development.
Depending on how you interact with our platform, your personal data will be processed for the following purposes:
3.1. Supply of products and services
If you wish to access some of our services, such as a subscription to one of the LUMA/Arles newsletters or a ticket to one of our exhibitions or events, you will be asked to provide us with personal data so that we can respond to your request, including your name and email address.
We process personal data in order to enable us to manage, invoice and monitor the activity of the platform. This data is necessary for the proper execution of our services.
We use this personal information solely to provide the services that you have accepted.
When collecting your data through a questionnaire, some boxes will be marked as mandatory with the presence of an asterisk or by any other equivalent means, this being the data we need to provide you the service in question or to allow you to access certain features. Thus, if you decide not to provide us with this data, it is possible that your registration as a user will not be successful or that you will not be able to take full advantage of these services or features.
3.2. Compliance with legal and regulatory requirements
LUMA/Arles may be required to collect certain personal data necessary to comply with all the legal and regulatory obligations to which it is subject, as the case may be.
3.3. Business development
LUMA/Arles may process your data for business purposes. LUMA/Arles is committed to offering you products and services that are constantly adapted to your wishes, chiefly by means of emails or SMS.
Insofar as you have given us your prior consent, we will have be able to use your personal data, under the conditions explained herein, to keep you informed of developments regarding our products and services and to offer you products and services.
However, when collecting information that may be used to keep you informed about our products and services, you will always be given the opportunity to accept or refuse that this information be used for business development. In addition, each email that we send contains an unsubscribe link allowing you to automatically discontinue this type of communication. If you choose to unsubscribe, you will be removed from the corresponding mailing list within a reasonable time.
4. Who are the recipients of personal data?
LUMA/Arles is aware of the sensitivity of your data and treats it with the greatest care. Data will only be communicated to third parties if strictly necessary for processing.
LUMA/Arles only shares your data with the third parties mentioned in this article in the following cases:
-
- LUMA/Arles may communicate information to the persons with whom it negotiates, fulfils or concludes contracts, service contracts concluded with a third party to whom important operational functions are entrusted, or at the time of the review or development of any type of contract or transaction between its affiliates, on the condition that this information is necessary for the operations concerned. Third-party recipients of this information are also subject to an obligation of confidentiality and to the provisions of the General Data Protection Regulation.
-
- LUMA/Arles may also communicate your personal data to its technical service providers, partners, brokers, insurers or its affiliates whose intervention is strictly necessary for the purposes mentioned above. LUMA/Arles ensures that these third parties process your data so as to guarantee their integrity, confidentiality and security.
-
- When you have expressed consent to the business partners of LUMA/Arles, to receive promotional offers from them;
-
- When LUMA/Arles has the legal obligation to do so or if LUMA/Arles believes in good faith that it is necessary to respond to any claim against it, to comply with any legal request, or to guarantee the rights, property and security of LUMA/Arles, of its members and more generally of any third party.
LUMA/Arles cannot be held responsible for the content of websites linked to its Website/Application, their level of security or their applied privacy practices.
In accordance with the applicable law and with your consent when required, LUMA/Arles may aggregate data concerning you and that LUMA/Arles receives or sends to its business partners, such as all or part of your personal data and information collected through cookies. This aggregated information will only be used for the purposes described above.
Your data will not be transferred for purposes other than those described in Section 3 of this Policy, except with your express permission, which may be withdrawn at any time.
5. How long is personal data retained?
As regards data concerning the management of our commercial relationship:
Your personal data will not be stored beyond the time strictly necessary to manage our business relationship;
-
- Regarding possible survey operations, your data may be kept for a period of up to three years from the end of the business relationship. At the end of this three-year period, we will be able to contact you again to determine whether you wish to continue receiving commercial solicitations. You retain the option to withdraw your consent at any time, as specified in Section 9 of this Policy.
As regards data concerning your credit cards:
-
- Financial transactions concerning the payment of purchases and fees via the platform are entrusted to an external payment service provider that ensures their security and smooth functioning. This provider collects and retains the time of your registration on the Platform and, at least until you carry out your last transaction, and in our name and on our behalf, your personal data concerning your credit card numbers. We do not have access to this data. By ticking the box specifically provided for this purpose on the Platform, you give us your express consent for this preservation of data.
-
- Data concerning the visual cryptogram or CVV2 registered on your credit card is not stored.
Generally, your data is conserved for the time necessary to fulfil the purpose for which it was collected, as defined in this Policy. It will be deleted subsequently. By way of exception, this data may be archived to manage current claims and litigations, and to meet our legal and/or regulatory obligations and/or to respond to requests from authorities authorized to make such a request.
6. How is data secured?
LUMA/Arles ensures the security of your data through the implementation of enhanced data protection by means of physical and logical security measures, to guarantee the integrity of your data as well as their confidential and secure processing. More specifically, LUMA/Arles systematically encrypts your personal data as it flows through the networks, to ensure their confidentiality and prevent it from being intercepted by unauthorized third parties.
The LUMA/Arles servers on which your data is stored are located in closed computer rooms, access to which is restricted solely to the necessary persons. This access is strictly controlled to prevent any data theft. To ensure the confidentiality of your data in LUMA/Arles systems, logical access is only granted to automatic processes and to staff members who need to access data to process it.
7. The use of cookies
We use different cookies on the Website/Application to improve its interactivity and that of our services.
7.1. What is a “cookie”?
When visiting our Website/Application, cookies are stored on your computer, mobile or tablet. A cookie is a text file stored on your device when visiting a site or when consulting an advertisement. Their purpose is to collect information about your web-browsing activity and to send you personalized services. We use cookies so that our Website/Application are best adapted to its users, e.g. in the following ways, to identify you and to give you access to your account, to allow you to manage your shopping cart, to memorize your consultations, to personalize our offers or to offer targeted advertising. Most cookies can be managed through your web browser.
7.2. Cookie List
LUMA/Arles technical cookies
LUMA/Arles stores cookies on your device for the purposes of browsing our Website/Application, and of optimizing and customizing our services on the Website/Application. These cookies do not identify you, and if they do, they are deleted when you leave the webpage without ever being uploaded on a server.
Hôte |
Nom |
Description |
Durée de vie |
Luma.org |
_dc_gtm_UA-xxxxxxxx |
This cookie is associated with sites using Google Tag Manager to load other scripts and code into a page. Where it is used it may be regarded as Strictly Necessary as without it, other scripts may not function correctly. The end of the name is a unique number which is also an identifier for an associated Google Analytics account. |
A few seconds |
Analytics cookies
These cookies are used to obtain information about your use of the Website/Application. These cookies are necessary for the proper functioning of the Website/Application. They can at times identify the user.
Hôte |
Nom |
Description |
Durée de vie |
Luma.org |
_gid |
Cookie provided by Google to count page views |
Un jour |
Luma.org |
_ga |
Cookie provided by Google to count page views |
2 ans |
Third-party cookies
These are cookies deposited by third-party companies (for example, advertising agencies or partners) in order to measure our Website/Application traffic, to identify your centres of interest through the products consulted or purchased, and to personalize our advertising offers for you on our Website/Application or outside them.
These features use third-party cookies that are stored directly by these services. During your first visit on the Website/Application a banner informs you of the presence of these cookies and invites you to indicate your preferences. They are only stored if you accept them or continue browsing the Website/Application by visiting another webpage of the Website/Application.
You can remain informed at all times and set your cookies to accept or reject them by going to the Cookie Management page at the bottom of each webpage of the Website/Application. You can indicate your preferences either for the entire Website/Application or for individual services.
Hôte |
Nom |
Description |
Durée de vie |
Luma.org |
_fbp |
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. |
90 days |
Facebook.com |
fr |
Contains the combination of the browser and the user's unique identifier, used for targeted advertising. |
90 days |
7.3. Accepting or refusing cookies
At any time, you can change or withdraw your consent in the cookie management tool on our website.
8. The transfer of data outside the European Union
In general, LUMA/Arles retains personal data within the European Union. Nevertheless,
LUMA/Arles may transfer some personal data to countries outside the
European Union ("Third Countries"), for example in cases where our service providers are located in Third countries. This may be the case with Third Countries for which the European Commission has not taken a decision of "adequate protection", for example. In such a case, LUMA/Arles ensures that the transfer is carried out in accordance with the applicable regulations, and guarantees a sufficient level of protection for the privacy and fundamental rights of the persons concerned (as defined specifically by the standard contractual clauses of the Commission European).
LUMA/Arles can provide you with more information about these transfers (including the standard contractual clauses of the European Commission) upon request to the following address: dpo@luma-arles.org.
9. What are your rights and how can you exercise them?
In accordance with Act n° 78-17 of January 6, 1978, as amended relating to data processing, information, and liberties, as well as with the General Data Protection Regulation, you have:
- The right to access: the right to receive a copy of your personal data in our possession;
- The right to rectification: the right to modify the personal data in the possession of LUMA/Arles concerning you, which is erroneous or obsolete;
- The right to erasure and the right to be forgotten: the right to the erasure of your personal data in the possession of LUMA/Arles (except when the law requires that this data be stored, or when LUMA/Arles has a legitimate reason for doing so);
- The right of objection: you may oppose, at any time and for reasons relating to your particular situation, the processing of your personal data for direct marketing purposes, except when legitimate and compelling reasons for the processing prevail over the interests, rights and freedoms of the person concerned, or for the establishment, exercise or defence of legal claims;
- The right to limitation: you have the right to limit the processing of your personal data in the following cases:
-
- If you exercise your right to rectification, it may be required to limit processing for the period necessary for LUMA/Arles to verify its accuracy;
- If you exercise your right to objection, data processing is limited for the period necessary to verify whether the legitimate grounds claimed by
LUMA/Arles prevail over yours; o In case of unlawful processing of your personal data, you may demand that their use be limited, rather than erased;
-
- For personal data processing whose erasure is requested, but is still necessary for the establishment, exercise or defense of legal claims.
- The right to portability: you have the right to receive personal data that you have provided to LUMA/Arles. These must be communicated in a structured format that is commonly used and readable by machine. This right also includes the right to transmit this data to another controller.
Lastly, you have the right to set guidelines regarding the fate of your personal data after your death.
These rights may be exercised under the conditions and limitations defined by current legislation. It is specified that the exercise of some of these rights may, on a case by case basis, leave LUMA/Arles unable to provide products or services.
You can, at any time, without charge and without having to justify your request, exercise these rights by contacting LUMA/Arles at the following email address: dpo@luma-arles.org.
It is specified that these rights can only be exercised upon proof of identity. Incomplete requests cannot be processed by LUMA/Arles.
In the event of a dispute with LUMA/Arles regarding data processing, you may address your claim to LUMA/Arles.
To do so, you can contact us by completing a form at the following here : Form
If no satisfactory solution can be reached or if the dispute persists, you can lodge a claim with the French Data Protection Authority (CNIL) or with the supervisory authority of the Member State of the European Union in which you usually reside.
Contact
If you have any questions about this Privacy Policy or any request regarding your personal data, you can contact us by sending an email to the following address: dpo@luma-arles.org.
Last update of this Policy: June 22, 2021.