Data Protection

Last Updated: January 2025

1. Data Controller

The data controller for the processing of your personal data is:

4marine.life
Association loi 1901
Paris, France

If you have any questions about data protection, please contact us at the email address above.

2. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of Access — You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification — You can request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure — You have the right to request the deletion of your personal data ("right to be forgotten").
  • Right to Restriction — You can request that we limit the processing of your personal data.
  • Right to Data Portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object — You can object to the processing of your personal data for certain purposes, including direct marketing.
  • Right to Withdraw Consent — Where processing is based on your consent, you may withdraw it at any time.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent — When you subscribe to our newsletter, make a donation, or submit a contact form.
  • Contractual Necessity — When processing is necessary for the performance of a contract, such as a shop purchase.
  • Legitimate Interest — For website analytics and improving our services, where this does not override your fundamental rights.
  • Legal Obligation — When we are required to retain data for tax or regulatory compliance.

4. Data We Collect

We may collect and process the following categories of personal data:

  • Identity data — Name, email address
  • Contact data — Email address, phone number (if provided), postal address (for orders)
  • Financial data — Payment information processed securely through PayGreen (we do not store card details)
  • Technical data — IP address, browser type, operating system, pages visited
  • Communication data — Contact form messages, newsletter preferences
  • Donation data — Donation amounts, frequency, and related information
  • Order data — Products purchased, shipping details, order history

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions — Deleted after 12 months unless an ongoing conversation requires retention.
  • Newsletter subscriptions — Retained until you unsubscribe.
  • Donation records — Retained for 10 years as required by French tax law.
  • Order records — Retained for 10 years as required by French commercial law.
  • Website analytics data — Anonymised after 26 months.
  • Account data — Retained until you request deletion.

6. Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Our media storage (MinIO) and database (PostgreSQL) are hosted on servers within the EU.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Regular security reviews and updates
  • Access controls limiting data access to authorised personnel only
  • Secure payment processing through PayGreen (PCI DSS compliant)

8. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

9. Exercising Your Rights

To exercise any of your data protection rights, please contact us at:

Email: support@4marine.life

We will respond to your request within 30 days. In certain circumstances, we may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL):

CNIL — Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
Website: www.cnil.fr

10. Changes to This Policy

We may update this data protection information from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.