POLICY ON PROTECTION OF PERSONAL DATA OF THE COMPANY ARKOSE SAS
(updated 12 September 2025)
The company ARKOSE&CO SAS, a société par actions simplifiée with share capital of €1,055,712.75, registered with the Registre du Commerce et des Sociétés of PARIS under number 793 196 536, having its registered office at 37, rue des Grands Champs - 75020 PARIS (FRANCE),
carries out the Processing of Personal Data in the course of its activities and has established this Personal Data protection Policy which applies to it (the “Policy”).
Hereinafter, ARKOSE&CO SAS is also referred to as the “Company”.
Terms beginning with a capital letter in the Policy are defined in Article 15 below.
1. SOURCES OF PERSONAL DATA COLLECTED
We collect Personal Data concerning you from the following sources :
The Personal Data originating from our Website when you browse our Website or when you use the functions and resources available on or accessible via our Website.
Note to visitors and users of our Website :
The use of our Website as well as the Personal Data that are communicated by its users are subject to the provisions of the Policy as well as to its terms of use.
Certain features and functions of our Website may be used only if certain Personal Data are provided. The user is free to provide, or not to provide, all or part of the requested Personal Data. However, if the user decides not to provide them in full, certain services and/or certain functions of our Website may not work or may work only in part.
These provisions apply to :
The Website www.arkose.com, of which the Company is owner and publisher; and
. The application / the Website Arkose+/ plus.arkose.com of which the Company is owner and publisher.
2. RECIPIENTS OF PERSONAL DATA
The recipients of Personal Data are, as applicable :
(i) The authorised internal departments of the Company ;
(ii) The authorised suppliers, service providers and Data Processors of the Company, in the context of file management and the provision/delivery of services and/or products.
3. PERSONAL DATA CONCERNED
The Personal Data that we may collect varies depending on the purpose of the Processing. They are mainly intended to enable the identification of individuals in the context of their relationship with the Company, whether such relationship is ongoing or relates to prospecting.
In any event, the Personal Data collected shall be limited to the data necessary for the purposes set out in Article 5 below.
3.A Personal Data relating to clients and prospects :
We collect the following categories of Personal Data relating to our clients and prospects :
To create a client account :*
Last name
First name
Title/gender
Date of birth
Company (name)
E-mail address
Telephone number
Postcode
Level of sports practice
To make a booking / subscribe in the lofts :
Last name
First name
Address
Telephone number
E-mail address
Means of payment and bank details
In the event of a request by you for suspension or early termination of your subscription on medical grounds in accordance with our general terms and conditions of sale, a medical certificate indicating a contraindication to sports practice may be requested from you
For minors aged 12 and above with free access to the climbing lofts, without supervision, parental authorisation is required :
Last name and first name of parent/guardian
Specify whether: father/mother/legal guardian
Last name and first name of the child
Address
Telephone number
Copy of parent/guardian ID to be attached
. To book a restaurant :
Last name
First name
E-mail address
Telephone number
***. For professional clients (purchase of services in the lofts) :***
First name
Last name
Company name
Position
Postal address
Billing address if different
Order notes (possible comments)
E-mail address
Telephone number
Information relating to quotes and orders (order records and their amount) ;
Information relating to means and methods of payment (payment date, payment records, amount paid) ;
Information relating to client needs or constraints, collected in the context of client satisfaction surveys, which we may then use to ensure that our marketing communications towards you are relevant and timely ;
Additional Personal Data that our clients have chosen to provide to us, insofar as they are necessary for the achievement of the purposes set out in Article 5 below.
3.B Personal Data relating to suppliers, service providers and Data Processors :
We collect the following categories of Personal Data relating to our suppliers, service providers and Data Processors :
3.C Personal Data relating to candidates applying for our job offers :
We collect the following categories of Personal Data relating to candidates applying for job offers :
3.D Personal Data relating to our employees and corporate officers :
We collect all information necessary for the proper management of our personnel, in particular their identity, civil status, personal contact details, career-related information, diplomas, bank details, social security number, administrative information, all in compliance with applicable legal and regulatory provisions.
3.E Personal Data relating to users of our Website (access and use) :
We collect the following Personal Data :
. To create a client account :
Last name
First name
Title/gender
Date of birth
Company
E-mail address
Telephone number
Postcode
Level of sports practice
. To subscribe to the Newsletter :
Choice to subscribe or not to the newsletter when creating a client account
. To contact us :
Last name
First name
E-mail address
Telephone number
. To use the application / the Arkose+ website, we collect the following Personal Data :
Name or pseudonym
Gender
Date of birth
E-mail address
If you contact us through our Website, we will collect all information you provide to us, insofar as it is necessary for the achievement of the purposes set out in Article 5 below.
3.F Personal Data relating to users of our Website (audience measurement and browsing statistics) :
We collect the following categories of Personal Data from users of our Website in order to improve the use of our Website and to manage the services that we provide. This information includes :
4. PROTECTION OF MINORS’ PERSONAL DATA
As indicated above in Articles 3.A, 3.E and 3.F, ARKOSE may collect Personal Data concerning minors. Such minors must have the required parental authorisation, which may be requested from them at any time. Failure to provide such authorisation immediately may result in the suspension or immediate termination of their relationship with ARKOSE&CO, at the discretion of ARKOSE&CO.
With respect to the Arkose+ application/website: the user is deemed to have obtained parental authorisation prior to registration. Such authorisation must be produced at the first request of the Company.
5. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASES
Legal bases
In order to Process your Personal Data in accordance with the purposes set out above, we rely on one or more legal bases :
The Processing may be necessary for the performance of the contract that you have entered into with us or to take steps prior to entering into the contract ;
The Processing may be necessary for compliance with a legal obligation ;
The Processing may be based on your prior consent to the Processing (this legal basis is used only for optional Processing, and not for Processing that is necessary or mandatory) ;
We have a legitimate interest in carrying out the Processing of Personal Data for the purposes listed under b) followed by an asterisk *()**.
We Process your Personal Data for the following purposes :
To enable our contacts to request and obtain information about the Company, its services and its products*;
To prepare and submit commercial offers, to participate in calls for tenders or requests for proposals*;
To enable the monitoring of the commercial and contractual relationship with our clients (sending quotes, sending invoices, fulfilling orders, technical assistance and support, management of possible disputes, etc.)*;
To carry out calls for tenders or requests for proposals and to enable the monitoring of the commercial and contractual relationship with suppliers, service providers and Data Processors*;
To comply with our contractual obligations;
To conduct client satisfaction surveys*;
To carry out promotional operations for our services to existing clients or prospects*;
To conduct quality audits*;
To manage unsolicited applications or applications submitted in response to job offers*;
To manage, from a human resources perspective, our employees and corporate officers;
To ensure the physical security of our premises (including visitor logs to the premises and CCTV recordings) and the electronic security of our systems and the Website (including records of identifiers and access information)*;
To improve our Website as well as our products and services (identify problems; anticipate improvements; create new ones)*;
For accounting, financial, legal and audit management;
In the context of legal proceedings (establishment, exercise or defence of legal claims);
For the purposes of analyses or market studies and analyses of online and offline media (which we may carry out ourselves or through other companies)*;
To comply with our legal obligations.
6. SENSITIVE PERSONAL DATA
We do not seek to collect or Process Sensitive Personal Data in the normal course of our activities. Nevertheless, this may occur within the scope of the following exceptions only :
If you provide us with Sensitive Personal Data concerning third parties, you must specifically inform us of this.
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We may disclose your Personal Data to the following third parties :
Where one of our Data Processors participates in the Processing of your Personal Data, such as the Publisher of the management software GESTIXI, it will be subject to contractual obligations requiring it : (i) to Process Personal Data solely in accordance with our prior written instructions, (ii) to use measures to protect the confidentiality and security of Personal Data, as well as (iii) any other additional obligation imposed by applicable regulations.
8. LIMITATION AND RETENTION PERIOD OF PERSONAL DATA
8.1 We take all appropriate measures to ensure that the volume of Personal Data that we Process is limited to the Personal Data reasonably necessary for the purposes set out in the Policy.
8.2 We take all appropriate measures to ensure that your Personal Data is retained for no longer than is necessary in view of the purposes set out in the Policy.
The criteria used to determine the retention periods for Personal Data are as follows :
8.3 Upon expiry of these retention periods, the Personal Data is securely deleted or archived.
9. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
We will not transfer Personal Data outside the European Union.
10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Depending on the type of Processing, within the framework established by the GDPR, you have a number of rights regarding the Processing of your Personal Data, which may include :
10.A Right to object in relation to Processing based on the legal grounds of legitimate interest or public interest :
You may, at any time, object to our Processing of your Personal Data. Your objection request will be handled diligently and we will cease the Processing to which you object. Nevertheless, we reserve the right not to cease the Processing in question if :
10.B Right to withdraw consent :
If we have obtained your consent to the Processing of your Personal Data for certain Processing other than those for which no consent is required, you may withdraw this consent at any time and we will cease the specific Processing to which you had consented, unless we consider that there is another reason justifying the continuation of our Processing of your Personal Data for this purpose, in which case we will inform you of this situation.
Please note that such withdrawal does not affect the lawfulness of any Processing carried out before the date on which we received notification of said withdrawal, nor does it prevent the Processing of your Personal Data on the basis of other available legal grounds.
10.C Right of access :
You have the right to request access to or copies of your Personal Data, together with information concerning the nature of the Processing and the persons who may access such Personal Data.
When we provide you with access to the Personal Data that we hold about you, we will not charge you for such access unless your request is manifestly unfounded or excessive. If you request further copies of such information, we may charge you reasonable administrative fees where permitted by law. If the law allows us, we may refuse your request. If we do so, we will always provide justification for such refusal.
10.D Right to erasure :
You have the right to request that we erase your Personal Data under certain circumstances.
In principle, the Personal Data in question must meet one of the following criteria :
We would be entitled to refuse to comply with your request for one of the following reasons :
Where we respond to a valid request for the erasure of Personal Data, we will take all appropriate practical measures to delete the relevant Personal Data.
10.E Right to restriction of Processing :
You have the right to request that we restrict the Processing of your Personal Data under certain circumstances. This means that we will only continue to store your Personal Data and that we will only be able to carry out further Processing activities in one of the following cases : (i) resolution of one of the circumstances listed below ; (ii) your consent ; or (iii) further Processing is necessary for the establishment, exercise or defence of legal claims, for the protection of the rights of another person, or for important reasons of public interest of the European Union or a Member State.
The cases in which you are entitled to request that we restrict the Processing of your Personal Data are as follows:
If we have disclosed your Personal Data to third parties, we will inform them of the restricted Processing unless this proves impossible or involves disproportionate effort. Of course, we will inform you before lifting any restriction on the Processing of your Personal Data.
10.F Right to rectification :
You also have the right to request that we rectify inaccurate or incomplete Personal Data that we hold about you. If we have disclosed this Personal Data to third parties, we will inform them of the rectification unless this proves impossible or involves disproportionate effort. Where appropriate, we will also inform you of the third parties to whom we have disclosed such inaccurate or incomplete Personal Data. If we consider it reasonable not to comply with your request, we will provide you with the reasons for such decision.
10.G Right to obtain and to portability of Personal Data that we process on the basis of your consent or in the performance of a contract :
If you so wish, you have the right to obtain and transfer your Personal Data from one Data Controller to another. Specifically, this means that you have the right to transfer the Personal Data to another online platform. In order for you to do so, we will provide you with your Personal Data in a commonly used format. This right to portability applies to the following Personal Data: (i) Personal Data that we Process automatically (i.e. without human intervention) and (ii) Personal Data that you provide.
10.H Right to lodge a complaint with a Data Protection Authority :
You also have the right to lodge a complaint with a Data Protection Authority, and in particular with the Data Protection Authority of the European Union Member State in which you reside or work, or in which the alleged violation occurred. This in no way affects the rights you have under applicable laws and regulations. To exercise one or more of these rights, to ask us a question regarding these rights or any other clause of this Policy, or to inquire about our Processing of your Personal Data, please use the contact details provided in Article 13 of our Policy. Please note that :
11. SECURITY OF PERSONAL DATA
We are committed to taking all necessary measures to protect the Personal Data we hold against any misuse, loss, alteration, disclosure, destruction, unauthorised access and any other form of unlawful or unauthorised Processing, in accordance with applicable law. To this end, we have in place a range of appropriate technical and organisational measures. These may include measures to address suspected Personal Data breaches.
Because the Internet is an open system, the transmission of information over this network is not completely secure. Although we implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us over the Internet; such transmission is at your own risk and you are responsible for ensuring that any Personal Data you send us is transmitted securely.
If you suspect misuse, loss or unauthorised access to your Personal Data, please inform us immediately in accordance with the procedures set out in Article 13 below.
Access to Personal Data is limited to employees, corporate officers, suppliers, service providers and Data Processors of the Company who need to know such information in the course of their mission. All persons who have access to your Personal Data are bound by a duty of confidentiality and are subject to disciplinary measures and/or other sanctions should they fail to comply with this duty.
12. DISPUTE RESOLUTION
Although the Company has taken all appropriate measures to protect your Personal Data, no transmission or storage technology is completely infallible.
However, the Company is committed to ensuring the protection of your Personal Data. If you have reason to believe that the security of your Personal Data has been compromised or that it has been subject to unlawful or improper use, you are invited to contact the Company at the following address :
By post at the following address :
. ARKOSE&CO SAS : 37, rue des Grands Champs - 75020 PARIS (FRANCE)
By email at the following address :
. vosdonnees@arkose.com
The Company will investigate complaints regarding the use and disclosure of your Personal Data and will attempt to resolve them in accordance with the principles set out in the Policy.
Unauthorised access to or misuse of Personal Data may constitute a violation of applicable law.
If Individuals consider, after having contacted the Company, that their “Informatique et Libertés” rights are not being respected, they may lodge a complaint in France with the CNIL :
COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS (CNIL)
3, place de Fontenoy \ TSA 80715 \ 75334 PARIS CEDEX 07
13. CONTACT
For any questions regarding the Policy, to stop receiving commercial information from the Company, or to exercise your rights regarding your Personal Data, you may send an email to the following address :
. vosdonnees@arkose.com
14. COOKIE POLICY
When you visit our website, we may store cookies on your device, or read cookies already present on your device, provided that we have always obtained your prior express consent.
Websites to which this cookie policy applies
This cookie policy applies to the following website/application, which are operated and controlled by the Company :
Arkose+ / plus.arkose.com
What is a cookie ?
A "cookie" is a small file of information stored on your computer's hard drive that records your navigation on a website so that, during your next visit to the website, it can present you with personalised options based on the information stored regarding your previous visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. Almost all websites use them, and they do not damage your system.
There are different types of cookies, which can be distinguished according to their origin, purpose, and lifespan. The main characteristics of cookies are as follows :
Why do we use cookies ?
We use cookies for the following purpose :
How long do the cookies we use last ?
The cookies we use on our website do not exceed twelve (12) months in duration.
Some cookies are placed by third parties who are responsible for them.
How can you control cookies ?
Most Internet browsers are configured to automatically accept cookies. Depending on the type of browser used, you can configure it (i) to receive a warning before cookies are set, allowing you to accept or refuse these cookies, or (ii) so that cookies are always refused. To know how to configure this, click the "help" button (or equivalent) of your browser. Disabling cookies may affect your browsing experience on our website.
If you use different devices to access our website, you must ensure that each browser on each device is configured according to your cookie preferences.
You can find more information at : http://www.allaboutcookies.org/manage-cookies/.
Additionally, you can opt-out of cookies from certain companies by visiting the following websites : http://www.aboutads.info/choices/#completed et http://www.youronlinechoices.com/.
Please note that the Company is neither affiliated with nor responsible for third-party websites.
15. DEFINITIONS
For the purposes of the Policy and in accordance with French law n° 78-17 of 6 January 1978 as amended, relating to data processing, files, and civil liberties, and the GDPR, the following definitions apply :