American Legion Paris Post 1

Privacy Policy and Member/Contributor Data Consent

Effective Date: 14 January 2026

1. Identity of the Data Controller

Paris Post 1 of The American Legion, a nonprofit association under the French Law of 1901, is the primary data controller for all members and contributors. Paris Post 1 is a registered trademark.

The Paris Post 1 GDPR Officer serves as the Data Protection Officer and may be contacted at: gdpr @ parispost1.fr

This privacy policy explains how Paris Post 1, the Department of France of the American Legion, and the American Legion National Headquarters collect, store, and use personal data from members, contributors, and visitors, and how members provide consent through annual membership renewal.

2. Categories of Data Collected

Members:

• Name, email, telephone, mailing address
• Membership type, status, and dues
• Optional historical or legacy contributions
• Photos, videos, or other materials for newsletters, archives, or social media

Public Contributors:

• Photos, videos, articles, news, or announcements submitted voluntarily

Visitors / Public Inquiries:

• Name, email, nationality, and inquiry details (for travel guidance or event participation)

Donors:

• Name, contact info, donation history, messages or memorial dedications

Media or Press Contacts:

• Name, email, phone, affiliation, and submitted requests

Other:

• Emergency contact data (optional, for events)

3. Purposes of Processing

Paris Post 1 processes personal data to:

• Administer membership and manage Post activities
• Communicate official updates, events, newsletters, or educational content
• Maintain historical archives for legacy purposes (with explicit member consent)
• Report membership statistics to the Department of France and the American Legion National Headquarters as required
• Share submitted content (photos, videos, news, announcements) in newsletters, social media, YouTube, and other public channels
• Respond to public inquiries regarding travel, ceremonies, or events

4. Legal Basis

• Core membership processing (name, contact info, membership dues, MyLegion.org reporting): necessary for performance of a membership agreement under GDPR Article 6(1)(b).
• Optional processing (archival, newsletters, photos/videos, DOF/TAL access beyond reporting): explicit consent via annual membership renewal.
• Submitted content from members or the public: sending content constitutes explicit consent to publish and distribute as described.

Annual membership renewal constitutes the primary mechanism for member consent. Members who do not consent must close their membership, because the structure and responsibilities of Paris Post 1, the Department of France, and the American Legion National Headquarters are fixed and cannot be changed.

5. International Data Transfers

• Member data is stored in France and the United States.
• MyLegion.org and Mailchimp may process or store data outside the European Union.
• By renewing membership, members consent to such transfers as necessary for Post operations, reporting, and optional communications.

6. Data Retention

• Core membership data: duration of membership + 5 years for accounting and historical purposes.
• Optional archival/legacy data: retained indefinitely with member consent.
• Submitted photos, videos, or news: retained and published as necessary; contributors’ consent is implied by submission.
• Visitor inquiry data: retained only for the duration necessary to respond, unless additional consent is given.

7. Contributor Consent

• Anyone submitting photos, videos, news, or announcements confirms they own the content or have permission to share it.
• Submission constitutes consent for Paris Post 1 to process, distribute, and publish content in:
  • Newsletters
  • Social media platforms (Facebook, X, Instagram, or others)
  • YouTube
  • Other public channels associated with Paris Post 1
• Once published, content may be shared by third parties. Paris Post 1 is not responsible for further redistribution.

8. Visitor / Inquiry Data Consent

• Visitors or members of the public requesting travel or event guidance consent to the collection and use of their contact information for the purposes of providing requested information.
• Data is not published publicly without explicit consent.

9. Member Rights

Under the European Union General Data Protection Regulation (GDPR), members have the right to:

• Access their personal data
• Request rectification or erasure of inaccurate data
• Restrict processing
• Withdraw consent for optional processing (archival, newsletter, external reporting)
• Request data portability
• Submit a complaint to the French Data Protection Authority (CNIL: https://www.cnil.fr/)

Note: Withdrawal of consent for optional processing or core membership data processing may have an effect on membership eligibility. To withdraw all consent, members must close their membership.

10. Security and Access

• Access to member and contributor data is limited to authorized Paris Post 1 officers.
• Officers are trained in GDPR compliance and internal procedures.
• Google Workspace, MyLegion.org, and Mailchimp accounts are secured with strong authentication measures.
• Unauthorized access or data breaches are reported immediately to the Post Commander.

11. Contact

For questions, requests, or concerns about personal data, or to exercise GDPR rights:

Paris Post 1 GDPR Officer
Email: gdpr @ parispost1.fr