Paris Saint-Germain places particular importance, as part of its activities, on ensuring the confidentiality of the personal data it collects and uses, and more broadly, on protecting the privacy of its clients and other stakeholders.

This Data Protection Policy describes how the personal data concerning you (hereinafter referred to as “Data”) are collected by Paris Saint-Germain in the context of your relationship with the Club. It explains how your personal data are used and protected by Paris Saint-Germain, the rights you have, and how to contact us.

This policy is an important document. We encourage you to read it carefully and to check regularly for any updates. This policy was last updated in March 2021.

Contact Us

If you have any questions about the use of your data or wish to share comments or concerns, you may contact our Data Protection Officer (DPO) at the following address: [email protected]

Personal Data We Collect

Paris Saint-Germain ensures that it receives and collects only the information that is necessary and relevant to you.

Among the information you may be required to provide are:

• Data allowing us to identify you (name, first name, date of birth);

• Contact details (postal and email address, telephone number);

• Data concerning your guests (name, first name) whom you acknowledge having informed;

• Data related to your professional life (employer, position, etc.).

We thank you for ensuring the accuracy and regular updating of this information.

As part of the organization of the event, additional data may be generated by Paris Saint-Germain, such as:

• All data related to the invitation (ticket number, number of seats, parking number, etc.);

• Any information you choose to provide to us.

You will be informed, at the time of data collection, whether certain fields are mandatory or optional.

How Your Data Are Used

Paris Saint-Germain collects and processes your data in order to:

• Manage invitations by maintaining a contact database;

• Manage rights associated with your invitation (parking space, lounge access, guest management, etc.);

• Communicate about the event to which you are invited;

• Respond to your requests (e.g., ticket purchase);

• Ensure your safety during the event.

We may also process data for purposes other than the strict execution of a contract, provided that we have a legitimate interest to do so. These purposes include:

• Producing statistics related to events you are invited to;

• Optimizing the operation and efficiency of our services;

• Improving your overall experience;

• Ensuring the exercise of your rights.

Your data may also be processed to comply with legal, regulatory, or contractual obligations.

Paris Saint-Germain is committed not to send you communications about its products, services, or events, or those of its partners, without your prior consent.

Access to Your Personal Data

Paris Saint-Germain may share all or part of your data with:

• Service providers involved in the organization of events, including those responsible for reception, access, and security, strictly to the extent necessary for their role;

• Third-party IT service providers, such as platform hosts, technical support providers, and email distribution or data analytics services;

• Administrative, judicial, or regulatory authorities when required by law.

Paris Saint-Germain ensures that all its partners comply with the principles of current data protection regulations.

The Club also undertakes not to share your information with other entities of the Paris Saint-Germain group or with third parties without your consent.

Retention Period of Your Data

Your data will be kept only for the period strictly necessary to achieve the purposes described in this Policy, within the limits imposed by applicable tax and legal regulations.

Our contact database is updated annually by the team managing invitations. Your data will then be retained for up to three (3) years following the end of the last season during which you were invited.

Additionally, your personal data may be retained for up to six (6) years after the current season to meet tax and accounting obligations.

Transfer of Your Data Outside the EU

Your data may be processed outside the European Union. In such cases, we take all necessary measures with our service providers to ensure an adequate level of protection in full compliance with applicable regulations.

If the concerned providers are not located in a country recognized as providing adequate protection, they will have signed the European Commission’s Standard Contractual Clauses or be subject to Binding Corporate Rules approved by data protection authorities.

Security of Your Data

To protect your data, we implement appropriate organizational and technical measures. We strive to safeguard personal data according to the sensitivity of the information and the potential risks arising from its processing.

We take all necessary steps to ensure the confidentiality, integrity, availability, and resilience of your data and store them in secure information systems with restricted, protected, and logged access.

We enter into strict confidentiality agreements with anyone involved in data processing on our behalf and ensure that all staff members comply with data protection regulations and confidentiality obligations.

If you believe your personal data are being misused by third parties, please notify us immediately at [email protected].

Your Rights

In accordance with applicable regulations, you have the following rights:

• Right of access – to obtain information about how your data are processed and to receive a copy of it;

• Right of rectification – to correct inaccurate personal data (If you have an account, you can easily update your data through the “My Account” section.) ;

• Right to erasure / right to be forgotten – to request deletion of your personal data;

• Right to restriction – to request limitation of data processing;

• Right to data portability – to obtain an electronic copy or request the transfer of your data to another data controller.

You may also provide us with specific instructions regarding the retention, deletion, or communication of your data after your death and designate a person responsible for carrying them out.

These rights are not absolute and are exercised under the conditions and limits set by applicable law.

Exercising Your Rights

You may contact your usual point of contact at any time to update your data or exercise your rights.

You may also contact our Data Protection Officer by writing to: Paris Saint-Germain – Customer Service, 53 avenue Émile Zola, 92100 Boulogne-Billancourt, or by email at [email protected].

You will receive a response within one month of receiving your request, unless further investigation is required, in which case you will be informed.

If you wish, you may also lodge a complaint with the CNIL (French Data Protection Authority) following the procedures indicated on its website: www.cnil.fr.

Changes to This Privacy Policy

Regulations and practices evolve over time. Therefore, we reserve the right to update this Privacy Policy at any time to reflect such changes.

If this occurs, you will be informed accordingly. The updated Privacy Policy will be republished on our websites and applications for your review.