Privacy Policy

Last updated: April 1, 2026

1. DATA CONTROLLER

The data controller responsible for your personal data is:

AEG Presents France SAS
99 Jardin de l'Arche, 92000 Nanterre, France
Email: contact@celinedion.com
SIRET: 823 456 789 00015

AEG Presents France SAS is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR) and French law no. 78-17 of January 6, 1978 on information technology, data files, and civil liberties (loi n° 78-17 du 6 janvier 1978 relative a l'informatique, aux fichiers et aux libertes).

2. DATA COLLECTED

In connection with the use of the ticketing service, we collect the following data:

Identification data: last name, first name, email address
Billing data: postal address, country, postal code, city
Transaction data: order history, amounts, payment references
Technical data: IP address, browser type and version, operating system, pages viewed, visit duration
Browsing data: session cookies, language preferences

Payment data (card number, expiration date, security code) is never stored on our servers. It is processed directly by our PCI-DSS certified payment provider.

3. PURPOSES AND LEGAL BASIS

Your data is processed for the following purposes:

Performance of a contract (Article 6(1)(b) GDPR):
• Processing and confirming your ticket orders
• Issuing and sending personalized e-tickets
• Managing after-sales service and complaints
• Communications related to the event (changes, practical information)

Legitimate interest (Article 6(1)(f) GDPR):
• Fraud prevention and transaction security
• Improvement of our services and user experience
• Anonymized statistical analysis of website traffic

Legal obligation (Article 6(1)(c) GDPR):
• Retention of accounting and billing records
• Responding to requests from administrative or judicial authorities

4. DATA RETENTION

Your personal data is retained for the following periods:

• Order and billing data: 10 years from the date of the order (accounting and tax obligation, article L.123-22 of the French Commercial Code / Code de commerce)
• Browsing data and cookies: 13 months maximum
• Session recording data: 7 days
• Contact data (form submissions): 3 years from the last exchange

5. DATA RECIPIENTS

Your data may be shared with the following categories of recipients, strictly to the extent necessary for the purposes described:

• Payment provider: for secure processing of bank transactions
• Hosting provider: Hostinger International Ltd., for technical data storage
• Access control service: ticket verification at the entrance to Paris La Defense Arena
• Analytics providers: anonymized data only (Meta Pixel)

We do not sell or rent your personal data to third parties. No data transfer outside the European Economic Area is carried out without appropriate safeguards in compliance with the GDPR.

6. COOKIES AND TRACKERS

Strictly necessary cookies (exempt from consent):
• Session cookie (shopping cart, authentication)
• CSRF cookie (form security)
• Language preference cookie

Analytical and advertising cookies:
• Meta Pixel (Facebook): advertising campaign performance measurement and audience analysis

You can manage your cookie preferences through your browser settings. Disabling strictly necessary cookies may impair the functionality of the ticketing service.

7. SESSION RECORDING

In order to improve the user experience, we may record visitor interactions with the website in an anonymized manner (mouse movements, clicks, scrolling). These recordings do not contain any personally identifiable data, do not capture form fields, and are automatically deleted after 7 days. You can disable this feature by configuring your browser to block third-party scripts.

8. YOUR RIGHTS

In accordance with the GDPR and the French Data Protection Act (loi Informatique et Libertes), you have the following rights:

• Right of access (Article 15 GDPR): obtain a copy of your personal data
• Right to rectification (Article 16 GDPR): have inaccurate data corrected
• Right to erasure (Article 17 GDPR): request the deletion of your data, subject to mandatory legal retention obligations
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR): receive your data in a structured format
• Right to object (Article 21 GDPR): object to processing based on legitimate interest

To exercise these rights, please submit your request along with a copy of your identity document via our contact page. We undertake to respond within one month.

In the event of a complaint, you may file a claim with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertes — CNIL): www.cnil.fr.

9. SECURITY

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure: SSL/TLS encryption of all communications, 3D Secure authentication for payments, data access restricted on a need-to-know basis, and regular secure backups.

10. CHANGES TO THIS POLICY

This policy may be amended at any time. In the event of a substantial change, users will be notified via the website. The date of the last update is shown at the top of this document.