Privacy policy
Last Updated: October 1, 2025
1. General Information
ADES – Association for the Defense of SMS+ Service Publishers (“ADES”) is committed to protecting your personal data (“Data”).
Your Data is processed in compliance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR) and with French Law No. 78-17 of January 6, 1978, as amended (Data Protection Act).
This policy describes the processing activities we carry out on your Data, notably in connection with the use of the website www.ades-sms.org (the “Site”).
2. Data Controller and Contact
Data Controller:
ADES – Association for the Defense of SMS+ Service Publishers
Nonprofit Association (Law 1901)
Registered Office: 244, Route de Seysses, 31100 Toulouse, France
RNA Number: W313041054
DPO Contact:
Email: ades@allopass.com
Postal Address: ADES – Association for the Defense of SMS+ Service Publishers, 244, Route de Seysses, 31100 Toulouse, France
A proof of identity may be requested to process certain requests.
ADES responds within a maximum of one month, extendable by two months in cases of complexity or a high number of requests (Art. 12.3 GDPR).
3. Purpose – Data – Legal Basis – Retention Period
| Purpose | Personal Data Processed | Legal Basis | Retention Period |
|---|---|---|---|
| Membership management | Name, surname, postal address, phone, email, membership date, status | Contract (membership under statutes) | During membership + 3 years after last contact; accounting data retained 10 years |
| Communication with members (newsletter, activity info) | Name, surname, email, phone | Legitimate interest (informing members) | During membership or until consent is withdrawn |
| Event organization (registration, logistics) | Name, surname, email, phone | Legitimate interest | Up to 1 year after the event ends (anonymized thereafter) |
| Donation management | Name, surname, contact details, donation amount | Legal obligation (tax receipts) | 10 years (accounting obligations) |
| Volunteer management | Name, surname, contact details, availability | Legitimate interest | During volunteer relationship + 3 years |
| Website tracking | IP addresses | Legitimate interest (essential cookies only) | Session duration (deleted on browser close) and maximum 13 months¹ |
¹ On your first visit, a banner will inform you of cookie usage and invite you to accept or reject them. You can modify your cookie preferences at any time via your browser settings.
Mandatory Nature of Data Collection & Categories of Data Subjects
Providing Data is necessary for membership management, member communication, and representing the interests of ADES with telecom operators and professional associations.
Data subjects include:
Members, donors, volunteers, and partners of ADES
Various actors in the SMS+ sector aiming to develop and sustain this activity in France
Data Recipients
Data may be shared with:
ADES board members
ADES IT teams
ADES subcontractors (Article 28 GDPR), notably:
Hosting: ALLOPASS, in the PA3 data center (Equinix, Paris)
These recipients are contractually bound to strict confidentiality and data security obligations.
Data Transfers Outside the EU
No Data is transferred outside the European Union.
If a transfer becomes necessary, it will only occur with an adequate level of protection recognized by the European Commission or appropriate safeguards (standard contractual clauses).
Data Security and Storage
ADES implements all appropriate technical and organizational measures (Art. 32 GDPR), such as encryption, access control, and logging, to protect your Data against loss, destruction, or unauthorized access.
Data is hosted exclusively in France.
In case of a data breach likely to result in a high risk to your rights and freedoms, you will be informed promptly.
User Rights
Users have the following rights: access, rectification, erasure, restriction, objection, and portability.
To exercise these rights, users can contact ADES’s DPO using the contact details provided above.
If users believe their rights are not respected, they can file a complaint with the French Data Protection Authority (CNIL) at https://www.cnil.fr/fr/plaintes or by mail at CNIL – 3, place de Fontenoy-Unesco – 75007 Paris.
For more information on personal data: https://www.cnil.fr
Changes to the Data Protection Policy
This policy may be updated to comply with legal and regulatory developments.
In case of significant changes, users will be informed at least 15 days before they take effect via publication on the Site and/or email notification.