Terms and Conditions for co-bloc

Privacy Policy

Last updated: October 27, 2023

The company ENTERTAINMENT-LAB is a simplified joint-stock company with a share capital of 1,000 euros, registered in the Versailles Trade and Companies Register under number 922 362 769, with its registered office at 63 rue Richepanse - 78500 Sartrouville, hereinafter referred to as "we."

Concerned about the protection of personal data, we comply with Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms (hereinafter referred to as the "LIL"), and European Regulation 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, known as the "General Data Protection Regulation" or "GDPR" (hereinafter referred to as the "GDPR").

This privacy policy (hereinafter the "Privacy Policy") informs you about how we process your personal data in the context of our business, including the management of our customer, prospect, and user files, our website accessible at the address: www.co-bloc.fr, and our "Belayers" application (hereinafter collectively referred to as the "Site and Application"), as well as our social media platforms, including Facebook, Twitter, Instagram, and LinkedIn (hereinafter referred to as the "Social Media").

The Privacy Policy is not a contractual document and does not create obligations beyond what is already provided by the aforementioned regulations on the protection of personal data.

If you are under the age of 15 or legally incapacitated, you declare that you have obtained the consent of your parents or legal representatives before we collect your personal data.

We may update our Privacy Policy, and when your consent is required, we will obtain it. The latest version is the one accessible on our Site and Application.

The terms "data controller," "joint controller," "processor," "data subject," "personal data," "processing," "personal data breach," and "Member State" have the same meanings ascribed to them in the GDPR, and related terms should be interpreted in the same manner.

Collecting and Using
Your Personal Data

Types of Data Collected

Who is responsible for the processing of your personal data?

We are the data controller.

For any questions related to the processing of your personal data that we carry out as the data controller, you can contact us at:

  • Email at the following email address: info@entertainment-lab.fr
  • Mail at the following postal address: 63 rue Richepanse - 78500 Sartrouville
  • Phone at the following number: 0033 69 56 37 800


On what occasions do we collect your personal data?

Your personal data may be collected in the following instances:

  • When you create an account on our Site and Application.
  • When you contact us or request to be contacted by our company through any means of communication, such as phone, email, via forms on our Site and Application, or through online chat.
  • When you apply for a position within our company.
  • When you place orders for products.
  • When you respond to our surveys and satisfaction inquiries.
  • When you visit or use our Site and Application.
  • When you interact with us.
  • When you leave a review on our products.
  • When you subscribe to our newsletters.
  • When you participate in an event organized by us.
  • When you view, subscribe to, use, and/or post comments or content on one of our Social Media platforms.
  • When you provide consent to our service providers or partners for the transmission of your data to us.
  • When you make a request to exercise your rights.
Personal data may also be collected through cookies and other online tracking methods on our Site and Application. In this regard, we invite you to consult our cookie management policy at https://www.co-bloc.fr/privacy.html.

What are the personal data that we process?

We process the following personal data:

  • For creating an account on our Site and Application: first name, last name, email address, phone number, date of birth, geographic location, photo, gender, sports practiced, sports level. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to create an account for you. This data requirement.
  • For managing your contact and information requests: name, email address, reason for the request, content of your requests and our interactions. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to respond to your contact and information requests. This data requirement is contractual.
  • For order management, product delivery, commercial relationship management, handling complaints, and after-sales service: first name, last name, email address, phone number, delivery address, billing address, order number, order details, order history, delivery incidents, payment data, our correspondence, your complaints. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to process your orders, perform deliveries, manage the commercial relationship, handle your complaints, and provide after-sales service. This data requirement is contractual.
  • For managing your product reviews: first name, last name, pseudonym, email address, submitted reviews. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to manage your reviews. This data requirement is contractual.
  • For managing our surveys, and satisfaction inquiries: first name, last name, email address, provided responses. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to consider your participation in contests, surveys, and satisfaction inquiries. This data requirement is contractual.
  • For sending our newsletters: email address. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to send you newsletters. This data requirement is regulatory.
  • For managing the events we organize: first name, last name, phone number, email address. The collection of this data is mandatory. Without providing this mandatory information, we will not be able to register you for the events we organize. This data requirement is regulatory.
  • For managing and processing your job applications: first name, last name, email address, phone number, LinkedIn profile, curriculum vitae, education, work experience, skills, information related to the position you are applying for, desired position. The collection of this data is mandatory. If you do not provide these mandatory pieces of information, we will not be able to respond to your job application within our company. This data requirement is contractual.
  • To exercise your rights: as outlined below, you may be required to provide information or documents confirming your identity or additional information about the nature of your requests. Failure to provide this information may prevent us from responding to your requests. This data requirement is regulatory.

The collection of other personal data may also be mandatory. All mandatory personal data, the contractual or regulatory nature of this obligation to provide, and the consequences of not providing the relevant personal data will be communicated directly at the time of collection. In the context of online forms on our Site and Application, mandatory personal data are indicated by the presence of an asterisk.

You may voluntarily provide personal data when using our Social Media, in the free text areas available on our Site and Application within online contact forms, and in online chat. Please note that you should only provide relevant and appropriate information. You agree not to make excessive, offensive, defamatory, obscene, or otherwise inappropriate comments, or communicate data considered sensitive under Article 9 of the GDPR (racial or ethnic origin, political, philosophical or religious beliefs, trade union membership, data related to health or sexual life, criminal offenses, convictions, security measures).

We do not collect or process your personal data related to credit cards. Transactions are entirely processed by our Payment Service Provider (PSP).


Purposes pursued Legal base
Management of accounts on the website and application Performance of a contract to which you or your organization are a party
Management of orders placed (management and tracking of orders, management of deliveries, management of corresponding payments, and handling of complaints and after-sales service) Performance of a contract to which you or your organization are a party
Management of our customer/prospect relationships (handling and processing of your requests; management of interactions with you and informative follow-up). Execution of a contract to which you are a party or pre-contractual measures taken at your request or that of your organization.
Management and processing of your job applications Performance of a contract to which you are a party or of pre-contractual measures taken at your request or that of your organization
Management and processing of your applications to resell our products Execution of pre-contractual measures taken at your request or that of your organization
Management of our commercial prospecting (management of newsletter distribution, organization of events (event registration), surveys, and satisfaction surveys) Our legitimate interest (promotion of our activities) or consent, depending on the purpose of the prospecting (related to your professional activity).
Management of your reviews Our legitimate interest (conducting our business and improving our products)
Management of outstanding payments, pre-litigation, and litigation. Our legitimate interest (to defend our rights and interests) or compliance with our legal obligations, as appropriate.
Management of our general accounting and subsidiary accounts. Compliance with our legal obligations.
Sharing of the content you post on our social media networks. Your consent.
Prevention and fight against fraud Our legitimate interest (to ensure the accuracy and authenticity of transactions).
Management of the exercise of your rights (including the maintenance of a "do not contact" list for various communications). Compliance with our legal obligations.

Who are the recipients of your personal data?

The personal data we collect is intended, as appropriate, and in accordance with the purposes described above, for the strictly authorized personnel of our customer service, accounting, marketing, sales, transportation, legal, and human resources departments.

We may need to disclose your personal data:

  • To our subcontractors and their own subcontractors when it is strictly necessary for the provision of services we entrust to them in the context of the purposes (marketing service provider, transportation service provider, IT service provider including the host of our website and application, online chat service provider, technical service provider, payment service provider, identity verification service provider, analytics solutions provider, review collection solutions providers, insurers, debt collection agencies, credit agencies, accounting firms and accountants, law firms, audit firms, recruitment agencies). Our subcontractors are bound by obligations of confidentiality and security, as well as other obligations listed in the GDPR.
  • To financial, judicial, administrative, police authorities, customs services, public bodies, and regulatory authorities to whom we may be required to disclose certain data, particularly in the context of a procedure, dispute, inspection, and/or request, upon demand and within the limits permitted by regulations.
  • To our potential rights holders or successors.

In accordance with Article 19 of the GDPR, we will notify each recipient to whom your personal data has been disclosed of any request for rectification, erasure, or restriction of processing carried out in accordance with Article 16, Article 17(1), or Article 18 of the GDPR (see below in Article 6.), unless such communication proves impossible or requires disproportionate effort.

What are your rights and how can you exercise them?

You have, under the conditions defined in Articles 15 and following of the GDPR, unless exceptions apply, the following rights:

  • The right to obtain confirmation as to whether your personal data is being processed or not, and when it is, access to your personal data along with various information about the processing we carry out (right of access).
  • The right to obtain the rectification of your inaccurate personal data (right of rectification).
  • The right to obtain the erasure of your personal data in certain cases (right of erasure or "right to be forgotten")
  • The right to obtain the limitation of processing in certain cases (right to restriction of processing).
  • The right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and/or to request the transmission of this data to another data controller when processing is based on your consent or a contract and is carried out by automated means (right to data portability).
  • The right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or significantly affects you in a similar way (right not to be subject to automated individual decision-making)
  • The right to object, for reasons related to your particular situation, to the processing of your personal data by us in certain cases (right of objection)
  • The right to object to the processing of your personal data for direct marketing purposes (right to object to marketing).
  • The right to withdraw your consent to the processing of your personal data at any time when the processing is based on such consent, without affecting the lawfulness of the processing carried out before the withdrawal (right to withdraw your consent)
  • The right to define, modify, and revoke at any time directives regarding the retention, erasure, and disclosure of your personal data after your death. These directives can be general or specific. We can only be custodians of specific directives regarding your personal data that we process. General directives can be collected and stored by a trusted digital third party certified by the Commission Nationale de l'Informatique et des Libertés (CNIL). You also have the right to designate a third party to whom your personal data can be disclosed after your death. You must then inform this third party of your intentions and the fact that data allowing their unambiguous identification will be transmitted to us, and provide them with this Privacy Policy.
The existence of these various rights depends, in particular, on the legal basis of the processing involved in the request. These rights are not without limits, and in some cases, we may therefore refuse your request (for example, for overriding legitimate grounds regarding the right of objection). Thus, in some cases, we may respond that your request cannot be granted, and we will explain the reason why we cannot comply.

In accordance with the conditions set by the regulations, you can exercise your rights by contacting us at the following email address: info@entertainment-lab.fr or at the following postal address: 63 rue Richepanse – 78500 Sartrouville.

If we have a reasonable doubt about your identity, we may request additional information or documents to verify your identity (for example, in some cases, a black and white copy of the front of your identity card).

We strive to respond to your requests in a reasonable timeframe and, in any case, within the deadlines set by the GDPR.

For how long will your personal data be retained?

Your personal data is retained for the time strictly necessary for the purposes described below

Personal data concerned Total retention period
Data related to your account 3 years from your last activity on your account
Data related to your job application For a period of 2 years from the last contact in the case of an unsuccessful application. In the case of a successful application, data is retained for the duration of the contractual relationship and until the expiration of legal prescription and retention periods.
Data related to placed orders Throughout the entire duration of the contractual relationship, extended by 5 years for intermediate archiving for evidentiary purposes, or 10 years for contracts concluded electronically for an amount equal to or exceeding 120 euros
Data necessary to meet our accounting obligations For 10 years from the closure of the relevant fiscal year.
Data related to the management of a default payment. For 48 hours from the resolution of the default or 5 years from the occurrence of the default if it is not resolved.
Data related to directives concerning the fate of your data after your death. For as long as the data covered by the directives is retained.
Data related to the exercise of the right of access, rectification, or erasure. For 5 years from the end of the procedure related to your request.
Data related to the exercise of the right of objection. For 6 years from the end of the procedure related to your request.
Data related to the exercise of the right to limit processing. For 5 years from the end of the processing limitation.
Data related to the prevention and fight against fraud. For 6 months from the issuance of the alert, and if the alert is deemed "relevant," 5 years from the closure of the fraud case.
Data used for commercial prospecting purposes (newsletters and events we organize). For 3 years from their collection or from the last contact initiated by you (for example, your last purchase or your last login to your account).
Other data used outside the scenarios mentioned above: data used to respond to various contact and information requests, project simulations, data related to reviews, contests, surveys, and satisfaction surveys, data collected through online chat (conversation histories), on our social media networks. For 3 years from their collection or from the last contact initiated by you.

At the end of the previously listed durations, your data will either be deleted or anonymized so that they no longer allow for your identification.

However, in exceptional cases, in the event of pre-litigation or litigation, all or some of your data may be subject to extended retention in intermediate archiving with restricted access to authorized personnel only, if they prove useful for such pre-litigation or litigation purposes.

What security measures for your personal data do we implement?

We implement technical and organizational security measures appropriate to the sensitivity of your personal data to protect them against malicious intrusion, accidental loss, accidental or unlawful destruction, alteration, or disclosure to unauthorized third parties.

On all pages of our website and application requiring the input of personal data, we use standard SSL (Secure Sockets Layer) encryption.

The creation of an online account can only be done by entering a strictly personal username and password. We recommend that you do not share your username and password with third parties to minimize the risk of unauthorized access or account impersonation. We also recommend choosing a complex and relatively long password, with a minimum of 12 characters including uppercase letters, lowercase letters, numbers, and special characters.

We also ensure the security of online payments. Finally, when we detect a breach of personal data that may pose a high risk to your rights and freedoms, we will inform you of this breach as soon as possible, in accordance with the GDPR.

Where are your personal data stored?

Your personal data is stored on secure servers located in France.

However, we may need to transmit all or part of your personal data to some of our subcontractors and partners located outside the European Union, for the purposes mentioned above.

We ensure that these transfers of personal data outside the European Union are carried out in accordance with our Privacy Policy. When the destination country of personal data is not a member of the European Union and has not been officially recognized as providing an adequate level of protection by the European Commission, we commit to providing appropriate safeguards to protect your personal data, in accordance with Article 46 of the GDPR. This includes the use of standard contractual clauses approved by the European Commission. Furthermore, we ensure that you always have enforceable rights and effective remedies.

we adhere to regulations regarding the use of cookies as outlined in Article 5 of Directive 2002/58/EC and Article 82 of the LIL.

This cookie management policy informs you about the ways in which we collect and process your personal data through cookies and other trackers placed on our website accessible at the following address: www.co-bloc.fr (hereinafter referred to as the "Site").

We may update our cookie management policy. When your consent is required, we will obtain it. The latest version of the cookie management policy is the one accessible on our Site.

We also invite you to consult our privacy policy, which informs you about your rights concerning the protection of your personal data: https://www.co-bloc.fr/privacy.html

What is a cookie?

A cookie is a small text file deposited, during your visit to the Site, by your web browser and stored on your device (computer, tablet, smartphone, e-reader, etc.)

During your visit to our Site, information about your device's navigation on our Site may be recorded in this cookie. When you connect to our Site using the same device, the browser can use the data from the cookie and transmit it to our Site. Only the issuer of the relevant cookie is able to read or modify the information it contains

There are different types of cookies (see point 3). The use of cookies is subject to your consent when they are not strictly necessary for the operation of the Site.

Who deposits the cookies?

Cookies can be deposited on our Site by ourselves, as the Site's publisher, or by third-party companies, our partners Stripe. The deposit and use of cookies by our partners are subject to their own terms and policies for managing personal data. We recommend visiting the websites of these third parties for more information on the cookies they store and how to manage them.

What cookies may be deposited on our Site and for what reasons?

Cookies necessary for the operation of our Site

These cookies are essential for browsing our Site. They enable, among other things:

  • To provide and maintain our Service: Implementing security measures, for instance, when you are asked to log in again to access content or a service after a certain period.
  • Security: to manage Your Providing a secure connection when you access our Site.
  • Functionality: To keep our Site and Services working correctly, like showing you the right information for your selected location.
  • Fraud Prevention and Detection: the Cookies and similar technologies that we deploy through our Site help us learn things about computers and web browsers used to access the Services. This information helps us monitor for and detect potentially harmful or illegal use of our Services. For example, in order to process payments transactions for our Users, it is necessary for Stripe to collect information about the transaction and the Customer. To help secure these transactions and minimize fraud, we collect additional information through the use of cookies and other technologies in helping to identify bad actors and prevent them from making fraudulent transactions. Customers should check our Users' sites for more information about the use of Stripe cookies for fraud detection.

    • Retention of Your Personal Data

    The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

    The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

    Transfer of Your Personal Data

    Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

    Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

    The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

    Delete Your Personal Data

    You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

    Our Service may give You the ability to delete certain information about You from within the Service.

    You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

    Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

    Disclosure of Your Personal Data

    Business Transactions

    If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

    Law enforcement

    Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

    Other legal requirements

    The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

    • Comply with a legal obligation
    • Protect and defend the rights or property of the Company
    • Prevent or investigate possible wrongdoing in connection with the Service
    • Protect the personal safety of Users of the Service or the public
    • Protect against legal liability

    Security of Your Personal Data

    The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

    Security of Your Personal Data

    The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Changes to this
Privacy Policy

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: