Privacy Policy

ARTICLE 1: PREAMBLE

This privacy policy aims to inform users of the site about:

• How their personal data is collected. Personal data is considered any information that allows identification of a user. This may include: names and surnames, age, postal or email address, location, or IP address (non-exhaustive list);
• The rights they have regarding this data;
• The person responsible for processing the personal data collected and processed;
• The recipients of this personal data;
• The site's cookie policy.

This policy complements the legal notices and General Terms of Use accessible to users at the following address:

ARTICLE 2: PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

In accordance with Article 5 of European Regulation 2016/679, personal data is:

• Processed lawfully, fairly, and transparently with regard to the data subject;
• Collected for specific purposes (see Article 3.1 hereof), explicit and legitimate, and not further processed in a manner incompatible with these purposes;
• Adequate, relevant, and limited to what is necessary for the purposes for which they are processed;
• Accurate and, if necessary, kept up to date. All reasonable measures must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
• Kept in a form allowing identification of data subjects for no longer than necessary for the purposes for which they are processed;
• Processed in a manner that ensures appropriate security of the collected data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Template created on LegalPlace.fr

Processing is lawful only if, and to the extent that, at least one of the following conditions is met:

• The data subject has consented to the processing of their personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary to protect the vital interests of the data subject or another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF NAVIGATION ON THE SITE

Article 3.1: Data collected

The personal data collected in the context of our activity are:

The collection and processing of this data serves the following purpose(s): Example: contract management, customer area management, service quality monitoring, newsletter sending, etc.

Article 3.2: Method of data collection

When you use our site, the following data is automatically collected:

Other personal data is collected when you perform the following operations on the platform:

They are kept by the data controller under reasonable security conditions, for a period of: 2 years

The company may retain certain personal data beyond the deadlines announced above to fulfill its legal or regulatory obligations.

Article 3.3: Data hosting

The site is hosted by Shopify

Contact: info@coretriad.org

[In the case where personal data collected by the company would be shared with third parties, insert a clause "Article 3.4: Transmission of data to third parties": "Data may be transmitted to our partners, listed below:"]

[If the site is concerned by the use of cookies, specify their use in Article 3.5: "Cookies" policy]

ARTICLE 4: DATA PROCESSING CONTROLLER AND DATA PROTECTION OFFICER

Article 4.1: The data processing controller

Personal data is collected by CineOx

The personal data processing controller can be contacted as follows:

By email: info@coretriad.org

Article 4.2: The data protection officer

The company's or controller's data protection officer is: info@coretriad.org

If you believe, after contacting us, that your "Data Protection" rights are not respected, you may file a complaint with the CNIL.

ARTICLE 5: USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING

Any user concerned by the processing of their personal data may claim the following rights, in application of European regulation 2016/679 and the Data Protection Law (Law 78-17 of January 6, 1978):

• Right of access, rectification, and right to erasure of data (set respectively in articles 15, 16, and 17 of GDPR);
• Right to data portability (article 20 of GDPR);
• Right to limitation (article 18 of GDPR) and to object to data processing (article 21 of GDPR);
• Right not to be subject to a decision based solely on automated processing;
• Right to determine the fate of data after death;
• Right to contact the competent supervisory authority (article 77 of GDPR).

To exercise your rights, please send your request to CineOx or by email to info@coretriad.org

In order for the data processing controller to respond to the request, the user may be required to provide certain information such as: names and surnames, email address, as well as account number, personal space, or subscriber number.

Visit cnil.fr for more information about your rights.

ARTICLE 6: CONDITIONS FOR MODIFYING THE PRIVACY POLICY

The publisher of the CineOx site reserves the right to modify this Policy at any time to ensure users of the site its compliance with applicable law.

Any modifications cannot affect purchases previously made on the site, which remain subject to the Policy in force at the time of purchase and as accepted by the user when validating the purchase.

The user is invited to review this Policy each time they use our services, without the need for formal notification.

This policy, published on September 14, 2025, was last updated on September 14, 2025.