Privacy Policy

OM is committed to protecting your privacy. This privacy policy (the “Policy”) is important to us. It applies to our Services and the offers we provide through them. It governs our practices regarding the collection, processing, and use of personal data. Use of our Services constitutes acceptance of this Policy.

The Policy may be updated from time to time. Changes are made without prior notice and published online. The previous version will automatically be terminated and replaced by the new version, which will immediately apply to all Users. While we inform you of any significant changes to this Policy, we encourage you to review it periodically.

If you have any questions regarding this Policy or the processing of your Personal Data, please contact us at service.clients@om.fr and/or dpo@om.fr.

For the purposes of this Policy, the following definitions apply:

• “OM”: the company Olympique de Marseille SASP, a professional sports joint-stock company, registered with the Marseille Trade and Companies Register under number 401 887 401, with its registered office at Robert Louis-Dreyfus Training Center – 33 Traverse de la Martine 13012 Marseille, including:
  (i) any for-profit entity controlled by Olympique de Marseille as defined in Article L.233-3 of the French Commercial Code, including OM OPERATIONS SAS (RCS Marseille 842 891 970), responsible for stadium operations; OM MEDIAS SAS (RCS Marseille 421 729 070), responsible for OM media operations; and OM FEMININES SAS (RCS Marseille 988 409 355), responsible for the OM women’s section;
  (ii) any non-profit entity (corporate foundation, endowment fund, etc.) in which OM SASP or its controlled entities participate as member, administrator, or manager;
  (iii) the Association Olympique de Marseille, whose relations with OM SASP are defined under an agreement pursuant to Article L.122-14 of the French Sports Code.
• “I&L Regulation”: all applicable or future laws and regulations in France regarding the protection of personal data, including Law No. 78-17 of 6 January 1978 (“Informatique et Libertés”) as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
• “Personal Data” (hereinafter “PD”), “Data” or “Collected Data”: any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identifier or one or more specific elements. This includes information enabling identification of Users.
• “Services”: services provided by OM to Users, including:
  • The website lesmarseillaises.om.fr, om.fr, mobile application(s) versions of the site, and OM social media platforms (hereinafter “Club Universe”);
  • The website martigues-tourisme.com/loisirs-sportifs/stade-francis-turcan, mobile application(s), the Wi-Fi network at Stade Francis Turcan, and associated social media (hereinafter “Stadium Universe”);
  • The website omfondation.org, mobile application(s), and related social media (hereinafter “OMFoundation Universe”);
  • Any other websites, mobile applications, or social media channels published by OM.
• “Processor(s)”: any individual or legal entity performing processing of Data on behalf of OM.
• “Processing”: any operation or set of operations with personal data, whether automated or not, including collection, recording, storage, adaptation, modification, extraction, consultation, use, communication, alignment, locking, erasure, or destruction, as defined by I&L Regulation.
• “User(s)”: anyone accessing the Services, with or without an account, whose Personal Data may be collected during visits or connections.
• “Stadium”: Stade Francis Turcan, chemin de Paradis, 13500 Martigues.
• “Wi-Fi”: a wireless communication protocol governed by IEEE 802.11 standards, connecting multiple devices within a network to transmit data.

Capitalized terms not defined in this Policy have the meaning given in the Terms of Use of the Site or related Service Universe.

This Policy describes OM’s commitments to protect the Personal Data it collects and processes.

This Policy does not apply to processing on third-party websites or applications for which OM is not responsible, even if such sites are referenced on the Services.

Notable examples of third-party sites include:

Club Universe:

• OM’s official online store managed by Panini France SA;
• OM’s official ticketing platform operated via DT CONSULTING and WETIX;
• OM EXPERIENCE packages for match tickets, hotel, transport, or peripheral activities managed by STEP BY STEP ORGANISATION;
• OM accounts/pages on social media platforms such as Viber, Instagram, Twitter, Snapchat, Dailymotion, YouTube, TikTok, LinkedIn, Facebook, etc.

Stadium Universe:

• Official stadium ticketing operated via FNAC DARTY PARTICIPATIONS ET SERVICES and FRANCE BILLET;
• Stadium food ordering via DIGIFOOD;
• Parking comparison and reservation services via NEOPARK SAS.

1.1. Categories of Data Collected

OM collects only relevant and necessary PD for proper use of the Services. Mandatory vs. optional data is indicated during collection with an asterisk.

Data collected includes:

• Identification/contact information: username, password, full name, birth date, postal/email address, phone number, IP/MAC address, ID or family book, etc.
• Customer interactions: emails, letters, phone calls, messages via social media;
• Commercial relationship data: purchases, subscriptions, delivery details, service history, etc.;
• Geolocation and navigation data;
• Data for marketing, loyalty, surveys, product tests, promotions, contests, and lotteries;
• Data related to online payments (bank details, card number, expiration date – CVV never stored);
• Data related to account activity: creation/activation/deactivation dates, last login, password changes, account personalization, etc.;
• Stadium Wi-Fi traffic data (IP, date/time, duration, communication identifiers) in compliance with Article L.34-1 of the French Electronic Communications Code.

1.2. Purposes and Legal Bases for Processing

Personal Data is processed for:

• Operating and administering Services (legitimate interest);
• Managing user accounts (contractual necessity or legitimate interest);
• Providing paid or free offers (consent or legitimate interest);
• Improving customer experience;
• Processing user inquiries and support requests (legitimate interest or contractual necessity);
• Marketing and advertising (consent or legitimate interest);
• Stadium safety and access management;
• Fraud prevention and Service security;
• Customer relationship management (CRM);
• Legal and regulatory compliance;
• Analytics and statistics to improve Services (consent or legitimate interest).

OM ensures that processing meets one of the following legal bases: user consent, contractual necessity, legal obligation, vital interests, or legitimate interest balanced against fundamental rights.

Data is never used for unrelated purposes or shared with partners without express user consent.

1.3. Recipients of Personal Data

Data is intended for OM personnel only. Disclosure to third parties (partners, service providers) occurs only with user consent or where necessary to provide Services, including:

• Service providers for delivery, payment, IT hosting, analytics, CRM, and email campaigns;
• Sponsors of contests or promotions;
• Third-party social media, advertising networks;
• Stadium service providers (access, security);
• Administrative or judicial authorities as required by law.

OM does not transfer PD outside the EU unless appropriate safeguards (e.g., EU standard contractual clauses) are in place.

In the event of a merger, acquisition, or business sale, OM may share PD with the third party involved, notifying users as required by law. Anonymized data may also be shared with service providers for analysis and improvement purposes.

1.4. User-submitted Data

Users should not provide unsolicited content (advertisements, ideas, concepts, etc.). Submitted content must be accurate and not infringe third-party rights.

1.5. Accuracy of Data

Users must provide accurate PD and update it immediately if changes occur. Users may request access, correction, or deletion as described in the “User Rights” section.

1.6. Minors

OM provides special protection for minors, particularly under 15 years old, including clear explanations of data processing and parental consent verification. Consent is obtained from legal guardians for account creation or participation in activities such as contests.

OM Services may contain links to third-party gambling sites, for which OM is not responsible.

1.7. Data Retention

Data retention periods vary by purpose:

• Prospects/Users: 3 years from last contact or login;
• Orders: 5 years in active archive, then 5 years in intermediate archive;
• Customers: 5 years in active archive, then 5 years in intermediate archive;
• Bank card data: validity period plus one day.

OM deletes or anonymizes data when retention expires or upon user request.

1.8. Data Security

OM implements appropriate physical, technical, and organizational measures to protect PD. HTTPS, secure logins, strong passwords, and two-factor authentication are used. Users are responsible for protecting their account credentials.

For Wi-Fi, users are advised not to transmit sensitive data, minimize shared information, and log out after use.

1.9. User Rights

Under GDPR (Articles 15+), Users have the right to:

• Access, rectify, erase, or restrict processing of their PD;
• Object to processing;
• Data portability;
• Set posthumous instructions regarding PD.

Requests can be made via:

• Dedicated Service page;
• Email: service.clients@om.fr and/or dpo@om.fr, with ID copy;
• Registered mail, with ID copy.

OM will respond within one month. Users may file a complaint with the CNIL for unresolved issues.