Personal Data Protection Policy - Mobile App

PDF version

Update : 29/07/2025

 

As part of the visit to the Pathé France mobile application (hereinafter referred to as the "Mobile Application"), Pathé Cinémas Services processes the personal data of users (hereinafter referred to as "Personal Data" or "Data", as well as "Users").

 

In this context, Pathé Cinémas Services complies with the applicable data protection regulations specific to the Mobile Application, including the CNIL recommendation dated April 8, 2025: https://www.cnil.fr/sites/cnil/files/2025-04/recommandation-applications-mobiles-modifiee.pdf

 

This Charter does not cover the processing of personal data carried out on the Pathé web page: www.pathe.fr. You will find all the necessary information regarding this web processing directly on the aforementioned website: https://media.pathe.fr/files/conditions/CharteConfidentialite.pdf

 

Table of contents

1.      Purpose of the Mobile Application Personal Data Protection Charter

2.      Actors and Roles

3.      Responsibility of the Publisher

4.      What Personal Data is Collected Through the Mobile Application?

5.      For What Purposes Do We Process Your Data?

6.      Permissions and Consents

6.1 – Optional Permissions

6.2 – Mandatory Permissions

7.      Cookies and Other Trackers on the Mobile Application

8.      The List of SDKs Used on the Mobile Application

9.      What is the retention period of the data collected ?

10.        Who Are the Recipients of Your Data?

11. Transfers of Data Outside the European Economic Area (EEA)

12. What Are Your Rights and How to Exercise Them?

12.1 - What Are Your Rights?

12.2 - How to Exercise Your Rights?

13. Update and Maintenance of the Mobile Application

14. Data Protection Officer

15. Submitting a Complaint to the CNIL

 

1. Purpose of the Mobile Application Personal Data Protection Charter

 

All Users of the Mobile Application are subject to this personal data protection charter specific to Pathé France's Mobile Application.

As part of its Services, Pathé Cinémas Services offers its Users a Mobile Application to manage their cinema session bookings/purchases directly from their phone. In this context, Pathé Cinémas Services collects, records, consults, modifies, accesses, and/or may delete Users' personal data directly from the Mobile Application.

 

2. Actors and Roles

 

Pathé Cinémas Services acts as the publisher of the Mobile Application, hereinafter referred to as the "Publisher." It is the data controller in managing the Mobile Application. For the proper management of the Mobile Application, the Publisher may at any time:

 

• Suspend, interrupt, or limit access to all or part of the Mobile Application, reserve access to the Mobile Application, or to certain parts, to a category of Users
• Suspend the Mobile Application to perform updates.

 

JEMS Group acts as the developer of the Mobile Application, hereinafter referred to as the "Developer." It is a processor in the management of the Mobile Application.

 

The Mobile Application operates with Software Development Kits (hereinafter referred to as "SDKs"): a set of tools used for the development of the Mobile Application, depending on the operating system used. The SDKs are processors in the design of the Mobile Application.

 

The Mobile Application is available on iOS and Android. These are the operating system providers, hereinafter referred to as the "OS Providers." They are independent Data Controllers of the Mobile Application.

 

3. Responsibility of the Publisher

 

Pathé Cinémas Services cannot be held liable for any failure, breakdown, difficulty, or interruption in operation that prevents access to the Mobile Application and its features. The connection equipment you use to access the Mobile Application is your sole responsibility. The User must take all appropriate measures to protect their equipment and personal data.

 

The Publisher cannot be held liable in the event of legal proceedings:

 

• Due to the use of the Mobile Application or any service accessible via the Internet
• Due to a User's failure to comply with this personal data protection charter

 

For all requests concerning Personal Data for which Pathé Cinémas Services is the data controller, the User can contact Pathé Cinémas Services (see below).

 

 

4. What Personal Data is Collected Through the Mobile Application?

 

We offer various services to Users for which we collect their Personal Data. We collect the following Data:

 

• When creating a customer account: name, first name, email, history, password, interactions with customer service
• When making a reservation or payment: name, first name, email, card number, expiration date, CVV
• When you enable geolocation: GPS position
• When you accept push notifications: your phone's token
• When paying with a so-called "X-Pay" solution (Apple Pay / Huawei Pay / Samsung Pay): the following data is collected:
  • Phone data: phone model, operating system version, application version, mobile identifier for routing
  • Transaction data: purchase amount, merchant, transaction date
  • User data: X-Pay account, name, email, contact information, billing address
  • Payment method information: device account number
• When using Google Wallet on your phone to access your CinéCarte or e-ticket: order number, seat number, session
• When you agree to sync with the calendar: order number, session
• When you allow access to photos and videos in your library to upload a photo on the CinéPass or upload a CinéCarte: profile photo, or order number
• When you consent to advertising cookies:
  • Advertising identifiers: IDFA (Apple) / GAID (Google) / AAID (Android)
  • Mobile model, operating system version, application version, mobile identifier for routing
• When you open a web version on your Mobile Application: your browser identity (also known as "User Agent")
• When you allow Pathé to track you: User number (also known as ATT: App Tracking Transparency)

 

 

5. For What Purposes Do We Process Your Data?

 

We collect your personal data for the following purposes :

 

Personal Data Collected	Purposes
Name, first name, email, history, password, interactions with customer service	Creation and management of customer account
Name, first name, email, card number, expiration date, CVV	Reservation and ticket purchase
GPS position	Find the nearest Pathé cinema
Your mobile token when you accept push notification	Inform you about already reserved sessions (session reminders) and/or current promotional offers
Mobile data: mobile model, operating system version, application version, mobile identifier for routing Transaction data: purchase amount, merchant, transaction date User data: X-Pay account, name, email, contact information, billing address Payment method information: device account number	Optimize the cinema ticket purchasing journey
Order number, seat number, session	Access your e-ticket or CinéCarte in Wallet
Order number, session	Add the cinema session to the calendar
Profile photo, or order number	Add a profile photo to your customer account and/or import a prepaid CinéCarte into the Mobile Application
Advertising identifiers : IDFA (Apple) / GAID (Google) / AAID (Android) Mobile model, operating system version, application version, mobile identifier for routing	Send you targeted advertising
Your browser identity (also known as "User Agent")	Identify the type of device you are using
User number (also known as ATT: App Tracking Transparency)	Track your activities across other apps and websites for advertising or analytical purposes

 

 

6. Permissions and Consents

 

6.1 – Optional Permissions

 

A permission on a mobile application is an authorization that the application requests from the User to access certain features or data on their phone.

 

• Permissions allow applications to access specific phone features or data, such as the calendar, location, and photo gallery on the Pathé Mobile Application, for example.
• User Consent: Users must explicitly grant these permissions, often through a pop-up that appears during the installation of the Mobile Application or the initial use of the feature.

 

Permissions are managed by the OS Provider. Depending on your phone, this could be iOS (Apple phone) or Android (Google phone).

 

• The OS provider defines the types of permissions available for applications. These permissions cover access to various phone features and data, such as the calendar, location, and photo gallery.
• The OS provider offers a User interface that allows Users to manage the permissions granted to applications. This includes the ability to grant or revoke permissions at any time, either on the Mobile Application or in the phone settings.

 

 

Here is an image of permissions managed in the phone settings (iOS): Settings >> select the Application: Pathé (among all your applications).

 

Here is an image of the permissions managed in the Mobile Application settings (iOS): Pathé >> Account >> Settings.

 

Regarding the Pathé Mobile Application, the OS provider collects your permission (or authorization) in the following cases:

 

Permission	Purpose	Default Status	Alternative	Duration of the permission
Geolocation	Fint the nearest Pathé cinema	Disabled	Enter an address manually	Permanent. To disable the permission: go to the phone settings
Push Notification	Session reminder	Disabled	No alternative	Permanent. To disable the permission: go to the Mobile Application settings
	Sending of commercial offers	Disabled	Subscribe to a newsletter	Permanent. To disable the permission: go to the Mobile Application settings
X-Pay	Optimize the purchasing journey	Disabled	Pay by another method	Permanent. To disable the permission: go to the phone settings
Wallet	Access to the e-ticket	Disabled	Access the e-ticket via email in pdf	Permanent. To disable the permission: go to Wallet on your phone and delete the e-ticket
Calendar	Add the session to the schedule	Disabled	Add manually the session in your calendar	Permanent. To disable the permission: go to the phone settings
Photo Gallery	Set a profile picture	Disabled	No alternative. A photo is needed to identify the CinéPass holder (an avatar is not possible)	Permanent. To disable the permission: go to the phone settings
ATT (App trancking Transparency)	Track User activities across other apps and websites for advertising or analytical purposes	Disabled	Accept advertising or analytical cookies	Permanent. To disable the permission: go to the phone settings

 

6.2 – Mandatory Permissions

The OS Provider (iOS for Apple phones or Android for Google phones) requires the following SDKs for the operation of the Mobile Application:

 

• Local storage to optimize the app's UX
• read_phone_state / network reachability for network access, to detect network connection
• FOREGROUND_SERVICE for continuous operation of the app
• WAKE_LOCK to prevent the device from going to sleep during an active action
• AVAudioSession for audio control (playback, mute, call)
• Haptics (UIImpactFeedbackGenerator) to signal to Users that an action has been successful or to guide Users through tactile cues
• Device info (UIDevice) to collect and manage information about the device on which an application is running, e.g., helps determine the device's current orientation (portrait, landscape, etc.)

 

7. Cookies and Other Trackers on the Mobile Application

 

During the first navigation on the Mobile Application, a Consent Management Platform (also known as "CMP") appears to collect your consent for certain cookies/trackers.

 

• Pathé does not use any cookies on the Mobile Application, except when the User enters the cinema ticket purchase tunnel.
• When cookies require your consent: the Mobile Application Publisher and/or third-party partners may place cookies/trackers on your device with your agreement.
• Before continuing to navigate, the User must accept or refuse the use of these "cookies." The consent given will be valid for a specified period.

 

Type of cookie	Cookie Name	Consent Required	Retention Period
Technical and Authentication Cookies	Akamai mPulse	No
	Apple Sign-In	No
	Facebook Login	No
	Google Sign-In	No
	Pathé Cinémas (choice on CMP)	No	1 year and 1 day
Audience Measurement	Google Analytics	Yes	1 year and 1 day
	Salesforce	Yes	13 months
User Performance Measurement	Salesforce	Yes	13 months
Personalized Advertising	Airship	Yes	1 year and 1 day
	Google Advertising Products	Yes	1 year and 1 day
	Salesforce	Yes	13 months

 

Cookies are placed either by Pathé or by third parties based on the choices you made when setting your Cookie consent during your first use of the Mobile Application.

 

To learn more about third-party cookies and the privacy policy of our partners and/or to exercise your rights with our partners, we invite you to consult the following links:

• Akamai: https://www.akamai.com/fr/legal
• Airship: https://www.airship.com/legal/privacy/
• Apple: https://www.apple.com/fr/legal/privacy/fr-ww/
• Facebook Ads: https://www.facebook.com/about/privacy/
• Google Advertising Products: https://policies.google.com/privacy
• Google Analytics:  https://support.google.com/analytics/answer/6004245?hl=fr
• Salesforce : https://www.salesforce.com/ap/company/privacy/full_privacy/

 

The User has the option to disable cookies at any time. To modify the cookies: the User must go to the Mobile Application settings >> Settings >> My Consents, then modify their cookie consents (access the CMP). See image below.

 

8. The List of SDKs Used on the Mobile Application

 

SDK	Purpose
Firebase (Crashlytics, Analytics et performence)	Analytics
Airship	Analytics
Facebook	Auth
GoogleSignIn	Auth
Auth0	Auth
AcknowList	List dependencies
Alamofire	Networking
AlamofireImage	Image-loading
AnnotationInject	Dependency Injection
CocoaLumberjack	Logging
Codextended	Mapping
Didomi	Consent
EasyTipView	View
JTAppleCalendar (noueavu	Calendar
KeychainSwift	Keychain
MBProgressHUD	progress UI
Moya	Networking
Realm	Database
Reusable	View Recycling
RxSwift	Reactive Programming
Shimmer	Loading Animation
SnapKit	Auto Layout
SwiftLint	Code Linter
Swinject	Dependency Injection
YouTubeiOSPlayerHelper	YouTube Player
ZipArchive	Archiving
SFMCSDK	Salesforce Analytics
CDP	Salesforce Analytics

 

 

9. What is the retention period of the data collected ?

 

Purposes	Legal basis	Retention period before deletion or anonymization
Creation and Management of Customer Account	Legitimate Interest	3 years from customer inactivity
Ticket Reservation and Purchase	Contract Execution	IBAN, card number, card expiration date: Until full payment, then 13 months for debit cards, or 15 months for deferred debit cards to manage claims in case of transaction disputes With customer consent, to facilitate future purchases: until consent withdrawal and/or expiration of card data validity CVV: Deleted after the transaction (even in the case of successive payments or retention of the card number for future purchases) Name, first name, email: Deleted 5 years post-transaction
Find the nearest Pathé cinema	Permission	Permanent permission, until disabled
Inform you about already booked sessions (session reminders) and/or current promotional offers	Permission	Permanent permission, until disabled
Optimize the cinema ticket purchasing journey	Permission	Permanent permission, until disabled
Access your e-ticket, CinéPass, or CinéCartes in Wallet	Permission	Permanent permission, until disabled
Add the cinema session to the calendar	Permission	Permanent permission, until disabled
Add a profile photo to your customer account and/or import a prepaid CinéCarte into the Mobile Application	Permission	Permanent permission, until disabled
Targeted advertising cookies for goods and services	Consent	13 months for advertising cookies
Track User activities across other apps and websites for advertising or analytical purposes	Permission	Permanent permission, until disabled
Identify the type of device	Intérêt légitime	Permission obligatoire

 

10. Who Are the Recipients of Your Data?

 

When using the Mobile Application, the User provides the Publisher with Personal Data necessary for the use of certain features offered by the Mobile Application.

 

Pathé Cinémas Services, as the Publisher and data controller of this data, is committed to protecting Users' Data and minimizing its sharing. Each data sharing is either necessary to ensure the service of the Mobile Application or justified to contribute to service improvement.

 

Here are the parties with whom your Data is shared:

• Employees of Pathé Cinémas Services: The Personal Data of Users is processed by the employees of Pathé Cinémas Services, within the limits of their respective roles and exclusively to fulfill the purposes of this Charter.
• Developers of the Mobile Application
• Providers of SDKs integrated into the Mobile Application: Pathé Cinémas Services uses a set of development tools necessary to develop the Mobile Application and/or some of its features. These development tools are called "SDK" (Software Development Kit). They are directly integrated into the Mobile Application and can utilize the personal data we process.
• OS Providers

 

11. Transfers of Data Outside the European Economic Area (EEA)

 

Pathé Cinémas Services collects personal data on the Mobile Application in France. The Pathé Cinémas Services servers are managed by Amazon Web Services within the European Union.

 

The Developer processes Personal Data within the European Economic Area. The Developer may engage another subcontractor ("Subsequent Processor") to carry out specific processing activities.

 

The SDK providers process personal data within the EEA and outside the EEA, depending on their development and operation locations. In this regard, Pathé Cinémas Services requests subcontractors to implement necessary measures to ensure that the transferred data receives protection equivalent to that within the EEA.

 

12. What Are Your Rights and How to Exercise Them?

The applicable data protection regulations, notably the General Data Protection Regulation or "GDPR," grant Users rights related to their personal data.

 

12.1 - What Are Your Rights?

 

The User has the rights listed below.

 

Right of Access: You have the right to access the personal data we hold about you. This gives you the right to receive a copy of your Data and information concerning the processing of your Data.

 

Right to Rectification/Modification: You have the right to ask us to correct your Data if it is inaccurate or outdated.

 

Right to Erasure: You have the right to request the deletion of your Data. Please note that your Data can only be erased when it is no longer necessary for the purposes for which we collected it and when we have no other legal basis for processing it.

 

Right to Object: When we process your Data based on a legitimate interest, you may object to this processing if your particular situation justifies it. In some cases, we may not comply with your request if we demonstrate that the legitimate interest we pursue prevails.

 

Right to Restriction: You can request the restriction of the use of your Data, particularly when the Data is not or no longer necessary, or if you have disputed its accuracy, while we verify its accuracy.

 

Right to Data Portability: We will provide you, or a third party of your choice, with your Data in a structured, commonly used, and machine-readable format. Note that this right only applies to your data that we process automatically, (i) with your consent or (ii) as part of a contract concluded with you.

 

Fate of Data After Death: In accordance with Article 48 of Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms (the "Data Protection Act"), you have the right to define directives regarding the fate of your Data after your death. These directives can be general or specific and may be modified or revoked at any time. In the absence of directives or unless otherwise stated in these directives, your heirs may exercise your rights after your death under the conditions provided in Article 85 of the Data Protection Act.

 

Withdrawal of Consent: If the processing of your Data is based on your consent, you also have the right to withdraw your consent at any time.

 

Additionally, regarding mobile phone numbers, Pathé reminds that it does not engage in telephone solicitation via SMS/voice call or otherwise on the customer's mobile phone. However, we remind you that you can register for free on an opt-out list called "Bloctel" on the website www.bloctel.gouv.fr to no longer be solicited by phone by a professional.

 

12.2 - How to Exercise Your Rights?

 

Right to Object and Right to Restrict:

• To commercial prospecting via email and/or push notifications: directly in the Mobile Application >> Settings >> Notifications >> "Receive film news and our best offers"
• To commercial prospecting: by using the unsubscribe link present in the commercial email sent to you
• To advertising cookies: directly in the Mobile Application >> Settings >> Notifications >> "My Consents"

 

Right of Access and Right to Data Portability:

• Account >> Settings >> My Information and Contact Details >> at the bottom of the form, you have a "Privacy" section >> Request a copy of the data collected by Pathé >> Make a request

 

Right to Erasure of Your Personal Data:

• Account >> Settings >> My Information and Contact Details >> at the bottom of the form, you have a "Privacy" section >> Request the deletion of my account and all my personal data online by Pathé >> Make a request

 

Right to Modify Your Personal Data:

• Password: Account >> Settings >> My Information and Contact Details >> section: My Information >> Change my password
• Email: Account >> Settings >> My Information and Contact Details >> section: My Contact Details >> Change my email
• Modification of all other personal data can be done directly in the relevant section

 

Here is how you can exercise your right to erasure and/or your right of access to your Personal Data:

 

For any other request, you can contact Pathé Cinémas customer service:

• Via the contact form accessible on the Mobile Application: Account >> Settings >> Help Center and Contact >> then ask the following question: "How to contact Pathé Cinemas customer service?" >> You will then have access to a contact form
• By email at the following address: dpo@pathe.fr
• By postal mail at the following address: DPO Pathé, 1 rue Meyerbeer 75009 Paris (France).

 

Here is how to access the contact form via the Help Center:

 

In this case, to efficiently process your request, we kindly ask you to provide your first and last name and your email address. You should also specify in your request whether you wish to receive the response by postal mail or electronically. Please note that if the information you provide does not allow us to confirm your identity or if a reasonable doubt persists, we may ask you to provide additional information or documents.

 

We will respond to you as soon as possible and in any case within one month from the receipt of your request, which may be extended by an additional month depending on the nature of the request.

 

13. Update and Maintenance of the Mobile Application

 

Updates to the Mobile Application are irregular and depend on the features being implemented.

In the event of a Mobile Application update, the process for informing Users is as follows:

 

• "Minor" Updates:
  • Updating the Mobile Application is optional.
  • The User has access to the Mobile Application even if they do not perform the update.
  • The OS Provider encourages the User to update the Mobile Application.
  • The User performs the update themselves by clicking "Update" in their OS provider's app store (Apple Store or Google Play Store).
• "Substantial" Updates:
  • Pathé has a mechanism to force the update for Users.
  • Mandatory updates are necessary when the Publisher makes significant changes.
    • Example: Transition to Auth0 (security)
    • Example: If Pathé discovers a major security issue
  • The User no longer has access to the Mobile Application until they perform the update.

 

14. Data Protection Officer

 

We have appointed a Data Protection Officer (DPO) who can be reached at :

 

• Electronically at the following address: dpo@pathe.fr for requests that cannot be made through your Pathé account or via the contact form.
• By postal mail at the following address: DPO Pathé, 1 rue Meyerbeer 75009 Paris (France).

 

15. Submitting a Complaint to the CNIL

 

If you believe that we have not processed your Data in accordance with personal data protection regulations, you have the option to file a complaint with the CNIL: https://www.cnil.fr/fr/plaintes.