Privacy policy
1. Data Controller
The controller of personal data collected via the website cso-events.fr is
- Company name: Corporate Sport Organisation
- Legal structure: SAS
- Head office: 18 Rue Négresko 13008 Marseille - FRANCE
- E-mail : info@cso-events.fr
- Telephone: +33 (0)1 77 70 65 15
Data Protection Officer (DPO) Pierre Lusinchi
2. Data collected
Depending on your use of the site, we may collect the following categories of data:
- Identification details: surname, first name. ;
- Contact details: email address, telephone, company; ;
- data contained in your messages; ;
- Connection technical data (IP address, browser, operating system); ;
- data related to navigation and audience measurement; ;
- data relating to your cookie consent choices.
3. Collection cases
Your data may be collected when you:
- use the contact form; ;
- Ask for information or a reminder; ;
- accept some cookies or trackers during your visit; ;
- Browse the site (audience measurement tools or external content enabled).
4. Purposes and legal bases
| Purpose | Legal basis |
| Responding to your contact requests (contact form) | Legitimate interest / performance of pre-contractual measures (special fee) |
| Administrative follow-up | Performance of a contract / legitimate interest |
| Site Security and Fraud Prevention | Legitimate interest |
| Audience measurement (exempt from CNIL) | Legitimate interest (WP Statistics cookieless) |
| Preservation of proof of consent | Legal obligation (GDPR) |
5. Data recipients
The data is accessible to authorised individuals within SICTOM du Marsan.
They may be transferred to subcontractors and technical service providers strictly necessary for the operation of the site:
- maintenance contractor D-FUZION, France ;
- Audience measurement tool WP Statistics, France ;
- Email sending service O2Switch, France;
- other tools enabled with your consent (see Cookie Policy).
No data is sold or transferred to third parties for commercial purposes.
6. Shelf lives
The data is kept for the time strictly necessary for each purpose:
| Data category | Shelf life |
| Requests via contact form | 3 years since last contact |
| Active customer/prospect data | 3 years from last commercial contact |
| Customer data (executed contracts) | 5 years (legal statute of limitations) |
| Technical logs (access, errors) | 12 months (CNIL / ANSSI recommendation) |
| Cookie consent log | 13 months |
| Audience measurement data | 13 months (logs) – no persistent personal data (cookieless mode and no local storage) |
7. Data transfers outside the European Union
Certain tools and services used on this website may involve the transfer of personal data to countries outside the European Union, notably to United States.
Services concerned
| Service | Editor | Pays | Transfer frame |
| Vimeo | Vimeo Inc | United States | EU-US Data Privacy Framework (DPF) |
| YouTube | Google LLC | United States | EU-US Data Privacy Framework (DPF) |
EU-US Data Privacy Framework
These transfers are based on the European Commission adequacy decision No 2023/1795 of 10 July 2023 relating to the EU-US Data Privacy Framework (DPF). This framework ensures a level of data protection equivalent to that of the European Union for certified US companies.
The DPF certification of the services used can be verified on the official register: https://www.dataprivacyframework.gov.
In addition, and in the event that the DPF were to be invalidated, further Standard contract clauses adopted by the European Commission would be put in place as an alternative transfer mechanism (Art. 46 GDPR).
8. Your rights
In accordance with Regulation (EU) 2016/679 (GDPR) and the Data Protection Act, you have the following rights:
- Right of access (Art. 15): Obtain a copy of your data; ;
- Right of rectification (Art. 16) : correct inaccurate data; ;
- Right to erasure (Article 17): Request erasure where the conditions are met; ;
- Right to limitation (Art. 18): suspend processing in certain cases; ;
- Right to object (Art. 21): object to processing based on legitimate interest; ;
- Right to data portability (Art. 20): retrieve your data in a structured format, where this right applies; ;
- Right to withdraw consent (Art. 7) : at any time, without prejudice to the lawfulness of the prior processing; ;
- Right to set post-mortem guidelines (Data Protection Act): concerning the fate of your data after your death.
9. How to exercise your rights
You can exercise your rights:
- By email: info@cso-events.fr
- By post CSO 18 Rue Négresko 13008 Marseille – FRANCE
We will acknowledge receipt of your request and respond to you. within a month from its receipt (Art. 12 GDPR). This period may be extended by two additional months due to the complexity or number of requests; we will inform you within one month with the reasons for the postponement.
We may be brought to verify your identity to protect your data from unauthorised access.
In case of an unsatisfactory response or no response within the specified time, you can Make a complaint to the CNIL :
National Commission for Information Technology and Civil Liberties
3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
Online form www.cnil.fr/fr/plaintes
10. Safety
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, disclosure or destruction (Art. 32 GDPR).
11. Mods
This policy may be amended at any time to reflect legal, technical or organisational changes. In the event of any substantial changes, we will inform you by appropriate means.
Last updated: 21/05/2026