GDPR

Privacy policy.

What we collect, why, how long we keep it, and how to exercise your rights. In plain English, no jargon.

1. Data controller

Non-profit LE CH'TI LILLOIS (French loi 1901), running the CH'TI FETISH brand. To exercise your rights or for any GDPR question: contact form.

2. Data we collect and why

Contact form

  • Data: name (or alias), email, subject, message.
  • Purpose: answering your request.
  • Legal basis: legitimate interest of the non-profit (communicating with its audience).
  • Retention: 24 months after the last exchange, then deletion.

Membership

  • Data: first name, last name, email, payment (handled directly by HelloAsso).
  • Purpose: managing your membership and the legal members register.
  • Legal basis: performance of the membership contract + legal obligation (register).
  • Retention: duration of membership + 5 years (accounting and tax obligations).
  • Payment processor: HelloAsso privacy policy.

Usage statistics (in-house analytics)

  • Data: page viewed, country code (ISO 2-letter), device type (mobile / desktop / tablet), browser, OS, referring site (without parameters), load time, anonymous session ID (technical cookie not tied to your identity).
  • Not collected: your IP address is not stored, no advertising identifier, no third-party cookies.
  • Purpose: measuring traffic to improve the site.
  • Legal basis: legitimate interest — anonymised analytics in line with French CNIL exemptions (no consent required).
  • Retention: 13 months maximum.

Photo takedown request

  • Data: photo concerned, reason, contact email (optional).
  • Purpose: handling the takedown request within 48 hours.
  • Retention: 12 months after handling, then deletion.

3. Cookies

The site uses no third-party cookies (no Google Analytics, no advertising pixels, no embedded social networks). Only strictly necessary technical cookies are set:

  • Admin session (only for the organising team logging into admin).
  • Anonymous session ID for usage statistics.
  • Language preference (FR / EN).

No consent banner is required because no consent-bound cookie is used.

4. Recipients

Collected data is strictly reserved for the organising team of the non-profit. It is never sold, transferred or shared with third parties for commercial purposes.

Technical sub-processors:

  • OVHcloud (hosting, France) — data stored on servers in the European Union.
  • HelloAsso (membership / ticketing payments, France).
  • Brevo (transactional emails, France) — only for membership or hotel booking confirmations.

5. Your rights

Under the GDPR and the French Data Protection Act, you have the following rights over your data:

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion (unless we have a legal retention obligation).
  • Restriction: temporarily suspend processing.
  • Objection: refuse processing for legitimate reasons.
  • Portability: retrieve your data in a structured format.

To exercise a right: use the contact form stating the nature of your request. Reply within one month maximum (often within 48 hours).

6. Complaint

If you believe your rights are not respected, you can file a complaint with the French CNIL:

7. Security

The site is fully served over HTTPS. Admin passwords are hashed. Access to data is restricted to authorised members of the organising team. Backups are encrypted.

8. Updates

This policy may evolve. Major changes will be announced on the homepage. Current version date: April 2026.