Chargement...
💝 Make a donation

Privacy Policy

1. Introduction

L'Association Princesse Paloma, organisatrice de l'evenement L'Envol des Gamers, accorde une grande importance a la protection de vos donnees personnelles.

Data Controller : Association Princesse Paloma NF2 France
RNA : W062010592
Address : Le Moulin de Rigaud, 5381 Route des Gorges du Cians, 06260 RIGAUD, France
Contact : [email protected]

2. Data collected

Nous collectons les donnees suivantes :

  • Identification data : Twitch username, display name, email address
  • Connection data : Twitch ID, authentication token, profile picture
  • Registration data : Information provided during registration as a streamer (number of followers, subscribers, moderators, etc.)
  • Navigation data : IP address (anonymized), browser type, pages visited, visit duration
  • Preference data : Selected language, player volume, clip progression
  • Notification data : Notification preferences, notification history
  • Analytical data : Anonymized visitor statistics via Google Analytics - with your consent only

About Google Analytics :

We use Google Tag Manager to collect anonymized analytical data. :

  • Number of visitors and page views
  • Navigation route and time passing
  • Geographic origin (country/region only)
  • Device type and browser
  • Bounce rate and technical errors

Important : Your IP address is automatically anonymized and no personally identifiable information is transmitted to Google. This data only helps us improve the user experience.

3. Purposes of the processing

Vos donnees sont utilisees pour :

  • Event management : Organizing the charity marathon, coordinating participating streamers
  • Authentication : Twitch OAuth login, user session management
  • Communication : Sending important notifications, responding to contact requests
  • Service improvement : Analysis of anonymized visitor statistics via Google Analytics, optimization of the user experience
  • Legal obligations : Compliance with tax and accounting obligations for donations
  • Security : Fraud prevention, protection against abuse

4. Legal basis for processing

Le traitement de vos donnees repose sur :

  • Your consent : For registration as a streamer, the use of non-essential cookies
  • The execution of a contract : For participation in the event
  • Our legitimate interest : For site improvement and security
  • A legal obligation : For the retention of donation data (tax obligations)

5. Data recipients

Vos donnees peuvent etre partagees avec :

  • Twitch : For OAuth authentication and retrieving your public information
  • Google Analytics : Anonymized data only - with your consent
  • TipeeeStream : For managing donations (only the necessary data)
  • Host (O2Switch) : For storing data on servers
  • Organization : Access limited to administrators for event management

We never sell your data to third parties.

Confidentiality guarantees :

  • Google Analytics : Only anonymized data is transmitted (anonymized IP address, no personal identifiers)
  • Twitch : Only the public data from your profile (name, photo, followers)
  • TipeeeStream : Server-side API access only; no personal data transmitted.

6. Your rights (GDPR)

Conformement au RGPD, vous disposez des droits suivants :

  • Right of access : Obtain a copy of your personal data
  • Right of rectification : Correcting inaccurate or incomplete data
  • Right to erasure : Request the deletion of your data (subject to conditions)
  • Right to limitation : Limit the processing of your data in certain cases
  • Right to data portability : Receive your data in a structured format
  • Right to object : You have the right to object to the processing of your data
  • Right to withdraw your consent : At any time, without affecting the legality of prior processing

To exercise these rights, contact us at : [email protected]

You also have the right to lodge a complaint with the CNIL : www.cnil.fr

7. Shelf life

Vos donnees sont conservees pendant les durees suivantes :

  • Account data : For the entire duration of your participation + 1 year after the end of the event
  • Registration data : 3 years after submission (for unapproved entries) or during the participation period
  • Donation data : 10 years (legal accounting and tax obligation)
  • Connection logs : Maximum 1 year (security)
  • Security audit logs : 1 year (traceability of sensitive actions)
  • Secure session data : 24 hours after expiration
  • Connection attempts failed : 1 hour (brute-force protection)
  • Remember Me Tokens : 30 days or until disconnected
  • Cookies : Duration varies depending on the type (see cookie policy)

At the end of these periods, your data is automatically deleted or anonymized. An automated process (cron) regularly cleans up expired data.

8. Data security

8.1 Technical measures

  • HTTPS/TLS encryption for all communications
  • Secure password storage (bcrypt hashing)
  • Authentication tokens and numbers
  • CSRF (Cross-Site Request Forgery) protection on all forms
  • Validation and sanitization of all user input
  • HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options)

8.2 Session protection

  • Binding de session : Your sessions are linked to your IP address and browser to detect session hijacking attempts.
  • Session identifiers are regenerated periodically
  • Inactive sessions expire after 24 hours.
  • Option to disconnect all your active sessions

8.3 Protection against attacks

  • Protection brute-force : Limiting the number of connection attempts with an exponential delay
  • Rate limiting : Limiting the number of requests per IP address to prevent abuse
  • Monitoring for suspicious patterns and automatic blocking
  • Notification in case of suspicious activity on your account

8.4 Audit and traceability

  • Recording of sensitive actions (logins, profile changes, etc.)
  • Security logs are kept for a maximum of 1 year
  • Only authorized administrators can view the logs.

8.5 Organizational measures

  • Restricted access to data (administrator authentication with optional MFA)
  • Regular and encrypted backups
  • Regular updates to security systems
  • Training the team in good safety practices

9. International transfers

Your data may be transferred to countries outside the European Union in the following cases: :

  • Twitch (Etats-Unis) : For OAuth authentication - Twitch is Privacy Shield certified
  • Google Analytics (Etats-Unis) : Anonymized data only - Google complies with EU standard contractual clauses
  • Services cloud : Our hosting providers may use servers in different EU countries

These transfers are governed by appropriate safeguards (standard contractual clauses of the European Commission).

10. Minors

Our site is accessible to minors. However, to participate as a streamer or make a donation, you must be of legal age or have the permission of your parents/legal guardians.

If you are a parent and you discover that your child has provided us with data without your consent, contact us so that we can delete it.

11. Policy changes

We reserve the right to modify this privacy policy at any time. Modifications will take effect immediately upon posting on this page.

Last updated : 6 mars 2026

For any questions regarding this policy, please contact us at : [email protected]

💝 Make a donation