Privacy and cookie
September 2024
FANATICS COLLECTIBLES FRANCE SAS (“Fanatics”, "we", “our” or "us") provides an online marketplace (the “site”) where users can buy and sell items (“our services").
This privacy notice (“Privacy Statement”) sets out the basis on which any Personal Data we collect from you (“you”, “your”) or that you provide to us, will be processed by us. This notice applies to Users, Buyers and Sellers of items, and business partners, including customers and suppliers.
By “Personal Data”, we mean any information which, either alone or in combination with other data, enables you to be directly or indirectly identified, for example, your name, email address, username, contact details or any unique identifier such as an IP address, device ID or other online identifier.
Capitalized terms that are not defined in this Privacy Statement shall have the meaning ascribed in our Site General Terms and Conditions (the “Terms”).
Please read the following carefully to understand what Personal Data we collect, how that Personal Data is used and the ways it can be shared by us.
We may amend this Privacy Statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version.
1. About us (as the data controller)
FANATICS COLLECTIBLES FRANCE SAS is a simplified joint stock company whose registered office is located at 183 rue de Courcelles, 75017 Paris, France, and registered with the Registry of Commerce and Companies of Paris under number 932 248 438.
2. Our Processing of Your Personal Data
In the tables below we have provided a description of the different purposes for which we process Personal Data.
2.1. Users
If you are a User, we process your Personal Data for the following purposes.
Purpose | Personal Data | Legal Basis | |
From You | From Others and Your Devices | ||
Establish and maintain a relationship with you (Creation and management of your Customer Account with us for access to the platform, including dealing with your requests to make account changes) | Email, phone number, username, password, language of choice (to display relevant content) | Technical information, including the Internet protocol (IP) address used to connect your computer or other device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, logs history | Performance of a contract |
Increase your visibility on the platform to allow a better experience as a user and create a community | First name, last name, biography, picture. | N/A | Legitimate interest |
Deliver our services to you | Email, phone number, username, password | IP address, browser type and version, access times, URL requested and referral URL Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Performance of a contract |
Administer the Site, system administration and detecting usage patterns (including fraud activities), provide information about developments and new products, including development and enhancement to the Site | Email address, phone number | IP address, browser type and version, access times, URL requested and referral URL Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Legitimate interest |
Detection for troubleshooting purposes | N/A | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Legitimate interest |
Provide you with news and other matters of general interest to you as a user of our services | Email address | IP address, other technical information through cookies, web beacons and other tracking technologies (and plug-ins) | Legitimate interest |
Enhance your browsing experience by delivering personalized content, ads, and promotions tailored to your interests and preferences. | Email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items). | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Consent |
Send you targeted marketing communications | Email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items). | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Consent |
Request feedback from you | Email and the personal information you share on such feedback. | N/A | Legitimate interest |
Respond to user queries or complaints | Email, details of query or complaint, information about your use of the services (i.e., if you have been buying or selling any items). | N/A | Compliance with a legal obligation (e.g., under consumer rights law) |
2.2. Buyers
If you are a Buyer, in addition to the purposes exposed in 2.1., we will also process your Personal Data for the following purposes.
Purpose | Personal Information | Legal Basis | |
From You | From Others and Your Devices | ||
Facilitate payment | Full name, payment method, card information (if appropriate), country | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Performance of a contract |
Facilitate shipping | Full name, email, phone number, address | N/A | Performance of a contract |
2.3. Seller
If you are a Seller, in addition to the purposes exposed in 2.1., we will also process your Personal Data for the following purposes.
Purpose | Personal Data | Legal Basis | |
From You | From Others and Your Devices | ||
Establish and maintain a relationship with you (Creation and management of your Seller Account) | Full name, username, information related to your selling experience and your items’ category of interest. | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Performance of a contract |
Facilitate payment | Full name, bank account, VAT number, country | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Performance of a contract |
Meet our legal and regulatory requirements, including checking your identity and verifying you are in legal capacity to contract | Full name, birth date, email, phone number, username, copy of your ID card, proof of residence | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | Compliance with a legal obligation |
2.4. Business partners
If you are our business partner, we process your Personal Data for the following purposes.
Purpose | Personal Data | Legal Basis | |
From You | From Others and Your Devices | ||
Enter and maintain a commercial relationship with you | The categories of personal data will vary but we anticipate processing only business related contact details (full name, professional email address, etc.) or information (such as the fact that you are an authorized representative or a director) | N/A | Legitimate interest |
When we consider we have a legitimate interest (for ourselves or of a third party) to process your Personal Data it refers to being in the interest of our organization to conduct and manage our business; this includes conducting analytics to improve and optimize the site and the services, protecting our interests and enforcing agreements with others, as well as complying with industry self-regulatory requirements. We might have legitimate interest to process Personal Data in other contexts. We ensure that we balance any potential impact on you and your rights before we process your Personal Data on that basis. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Please also consult the section “Your rights” below.
It is important that the Personal Data we collect from you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. You can do so by contacting us. We will endeavor to effect those changes within a reasonable timeframe.
If you do not wish for your Personal Data to be used in the ways described within this Privacy Statement, then you should not use our services. Where we need information from you to offer our services or meet any of our legal or regulatory requirements, failure to provide such information will mean that you will not get access to the services.
We do not rely on consent as a legal basis for processing your Personal Data other than in relation to our use of cookies (please see our Cookies Notice for more details which can be found here); when we send third party direct marketing communications to you via email; and, when providing you with personalized content, ads, and promotions tailored to your interests and preferences. From time to time, Fanatics may share your Personal Data with third parties with your consent.
3. Sharing Personal Data with third parties
As necessary, we share your Personal Data with:
a) Any member of our group, including any of our associates or affiliates or any of their representatives.
b) Our service providers, to the extent necessary to supply our services to you, such as payment service providers to whom we fully outsource the handling and other processing of your payment card information.
c) Selected third parties, including analytics and search engine providers that assist us in the improvement and optimization of our services.
d) Authorities and law enforcement agencies worldwide either when ordered to do so or on a voluntary basis if this appears reasonable and necessary to us.
We also disclose your Personal Data to third parties:
a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
b) If Fanatics (or any other legal entities in the corporate structure) or substantially all of their assets are acquired by a third party, in which case your Personal Data will be one of the transferred assets.
c) If we are under a duty to disclose or share your Personal Data to comply with any legal obligation, court or police request, or to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of Fanatics, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
You can find more information on the actual parties we are sharing your data in Appendix 1 below. The list is updated regularly.
4. International transfers
Your Personal Data will be stored in the European Economic Area (EEA) and may be transferred worldwide.
We are taking all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Statement. The Personal Data you provide to us is stored on our secure servers. Where we transfer our data outside of the EEA, we ensure that adequate safeguards are in place. When no adequacy decisions exist in relation to the country of the data exporter, we are relying on the Standard Contractual Clauses adopted by the European Commission and, evaluate the risks raised by the transfers. Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
5. Security
We are committed to protecting your privacy. Internally, only people with a business need to know Personal Data, or whose duties reasonably require access to it, are granted access to users’ Personal Data. Such individuals will only process your Personal Data on your instructions and are subject to a duty of confidentiality. We audit our personal compliance regularly.
Fanatics’ systems and data are reviewed periodically to ensure that you are getting a quality service and that leading security features are in place. We have put in place procedures to deal with any actual or suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We take all reasonable endeavors to protect and safeguard Personal Data. Unfortunately, the transmission of information via the Internet is not completely secure. While we do our utmost to protect your Personal Data, we cannot guarantee the security of your data transmitted to us over email or through the Site; any transmission is at your own risk. Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorized access, but there are protective measures you should take, as well. Do not share your Personal Data with others unless you clearly understand the purpose of their request for it and you know with whom you are dealing. Do not keep sensitive Personal Data in your e-mail inbox or on Webmail. If you are asked to assign passwords to connect you to your Personal Data, you should use a secure password and always use a two-factor authentication (2FA), where available. You should change your password regularly.
6. Your rights
You have a number of rights in relation to how we process your Personal Data. You may exercise these rights by contacting us (see details below). These are:
- To access Personal Data that we may hold about you;
- To rectify any inaccurate Personal Data that we may hold about you;
- To erase Personal Data in certain circumstances, for example, where it is no longer necessary for us to process it to fulfill our processing purposes; or where you have exercised your right to object to the processing;
- To restrict the processing of your Personal Data where, for example, the data is inaccurate or it is no longer necessary for us to process such data or where you have exercised your right to object to our processing;
- To transfer your Personal Data to a new service provider if you no longer wish to use our services (‘data portability’).
- To object to the processing of your Personal Data, which may be exercised in certain circumstances, for example, where we are processing your Personal Data for direct marketing purposes, or where your own legitimate interests outweigh ours;
- When we rely on your consent to process Personal Data (cookies, marketing communication, as well as personalized content, ads, and promotions), you have the right to withdraw your consent at any time. For cookies, this is done by setting up the cookie’s preferences (please check our Cookies Notice for more details which can be found here) or by updating your preferences. We will do your best to honor your request promptly.
No fee usually required
You will not have to pay a fee to access your Personal Data or to exercise any of your other rights. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7. Retention of your Personal Data
We have data retention and deletion policies designed to retain Personal Data for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business needs. Because of those requirements, we might not be able to honor erasure requests.
8. Contact & Complaints
If you have any questions or concerns about this Privacy Statement or our privacy practices, or wish to exercise your rights, please contact our DPO using the details provided below.
Fanatics can be contacted in writing at 183 rue de Courcelles, 75017 Paris or by email ([email protected]), or through the 'Contact Us' form.
You also have the right to lodge a complaint with your data protection authority or with the one having authority on us, i.e., the CNIL. You can do so here.
9. Changes to this Privacy Policy
We may from time to time, make changes to this Privacy Statement. We suggest you check back regularly to check to see if there have been any changes to this Privacy Statement.
Appendix – List of Third-Party Service providers with whom Personal Data may be shared (as processors or controllers)
Party Name and Jurisdiction | Purpose | Categories of Personal Data shared |
Adjust (Germany) | To monitor the performance of our marketing campaigns | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items). IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the Site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Airbyte (US) | To manage our data (integrate data) | Full name, email, phone number, username, password, biography, picture, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, birth date, ID card, proof of residence, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Airflow (US) | To manage our data (transform data from raw source into an aggregated database) | Full name, email, phone number, username, password, biography, picture, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, birth date, ID card, proof of residence, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Amazon Web Services (US) | To provide you with interface that allows you to deliver video for promotional purposes | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Amplitude (US) | To monitor the performance of our marketing campaigns. | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Customer.io (US) | To send you targeted marketing communications | Email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Datadog (US) | To manage our data (data storage) | Full name, email, phone number, username, password, biography, picture, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, birth date, ID card, proof of residence, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
DBT (US) | To manage our data (transform data) | Full name, email, phone number, username, password, biography, picture, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, birth date, ID card, proof of residence, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Google Cloud Platform (US) | To manage our data (data storage) | Full name, email, phone number, username, password, biography, picture, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, birth date, ID card, proof of residence, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Ledger (France) | To process your payment. | Full name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location. |
Lokalise (US) | To translate the different content on our site. | Full name, email, phone number, username, biography, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you. |
Meta (US) | To provide you with personalized content, ads and promotions for marketing purposes. | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Metabase (US) | To monitor the performance of our marketing campaigns. | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
To process your payment. | Full name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location | |
Setex (Madagascar) | To provide you customer service. | Full name, email, phone number, username, password, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
To process your payment. | Bank account details, billing/shipping address, name, order description (including date, time, amount, product or service description), device ID, email address, IP address/location, order ID, payment card details, tax ID/status, unique customer identifier, identity information including government issued documents (e.g., national IDs, driver’s licenses and passports) | |
To provide you with personalized content, ads and promotions for marketing purposes. | Full name, email, phone number, username, information about your use of the services (i.e., if you have been buying or selling any items), IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. | |
Typeform (Spain) | To request feedback from you. | Full name, email, phone number, username, password, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Vonage (US) | To provide you with customer service. | Full name, email, phone number, username, password, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Zendesk (US) | To provide you with customer service. | Full name, email, phone number, username, password, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Zoho (Madagascar) | To provide you with customer service. | Full name, email, phone number, username, password, information about your use of the services (i.e., if you have been buying or selling any items), communications with customer service, payment and shipping details provided by you, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the dates and times you use the site, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page. |
Version 2024_1