Accessibility
Establishments
logo ucl
LOGO ALL

Privacy Policy

Last updated: November 2025

Introduction

Thank you for taking the time to read our Privacy Policy (hereinafter the “Policy” or “Privacy Policy”). This document informs you about the processing of personal data concerning you, implemented as part of the online services provided by the Association d’Entraide Universitaire on the websites www.all-lacatho.fr and https://logement.all-lacatho.fr/ (hereinafter the “Services”). It also informs you about your data protection rights. If you have any questions regarding this Policy, you can contact our Data Protection Officer (DPO) at any time at the following address: dpo@all-lacatho.fr.

The terms defined in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) have the same meaning when used in this Policy. Terms beginning with a capital letter have the meaning given to them in this Policy or, failing that, in the General Terms of Use of www.all-lacatho.fr.

This Privacy Policy applies exclusively to processing carried out by the Association d’Entraide Universitaire (hereinafter “AEU”, “we” or “All”) that we implement in our capacity as data controller with respect to data collected via the Services. This data concerns persons using the Services (hereinafter “Internet Users”, “you”) and who may also have a personal account dedicated to their use of the Services (hereinafter “User Account”), who are then referred to as a “User” within this “Policy”.

This Policy is divided into two parts: a first part describing the data processing carried out within the scope of the Services (purposes, categories of data processed, legal bases, retention periods, recipients, etc.), and a second part detailing the conditions under which such processing is implemented (security measures, use of processors, etc.).

Updates to the Policy

We reserve the right to update or amend this Privacy Policy at any time. Any changes we make will be published on this page, and any substantial update likely to have an impact on your rights or freedoms will be notified by appropriate means such as an email or a notification within the Services interface. You will find at the bottom of this Policy a summary of the latest changes made.

Identity of the Data Controller and DPO

The data controller for the processing described in this Privacy Policy is the Association d’Entraide Universitaire, registered with the SIRET under number 783 685 696 00016, whose registered office is located at 47 boulevard Vauban, 59 000 Lille, France.

AEU has a reference service for GDPR compliance. For any questions relating to data protection or to exercise your rights, you can contact this service at the following address: dpo@all-lacatho.fr.

Part 1 - Description of processing carried out as part of the Services

1.1. Management of user accounts

In order for you to use our Services, we need to collect and process certain information about you. Here is what you need to know about this:

1.1.1. Creating your user account

When you sign up to create an account on our website, we ask you to provide certain information. Once your account has been created, you become a user of our Services after accepting our General Terms, available at the following address: https://www.all-lacatho.fr/fr/conditions-generales-de-vente.

The information we collect

We collect only the information necessary to identify you and enable you to use our Services:

  • Your first name,
  • Your last name,
  • Your email address,
  • Your password (it is secured and encrypted, and therefore unreadable to us),
  • The confirmation status of your registration.
What is this information used for?

This information is used to manage your account and give you access to our Services. It is shared only with the Association d’Entraide Universitaire (AEU) and two companies that help us ensure the proper functioning of the website:

  • NEOWEB (development and IT maintenance): 165 avenue de Bretagne, 59000 Lille, France.
  • Infomaniak Network SA (hosting of your data): 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
How long do we keep your information?

We retain your information only for as long as necessary:

  1. Your account data: We keep it as long as your account is active. Once you delete it, your information is erased or anonymized within a reasonable timeframe.
  2. Your connection data (“logs”): By legal obligation, we must keep it for 12 months after it is collected.

After these periods, your data is deleted or anonymized, unless we must retain it for legal reasons or to resolve a specific issue.

Is your data sent outside Europe?

Yes, but only to Switzerland, because our host, Infomaniak Network SA, is based there. Don’t worry: Switzerland is recognized by the European Union as a country offering a level of data protection equivalent to that of Europe.
In addition, we have signed a specific agreement with Infomaniak to ensure that your data remains well protected.

1.1.2. Sending registration confirmation emails

When you sign up for our Services, we send an email to confirm your registration. Here are the details of this processing:

Why do we send these emails?

These emails make it possible to verify that the email address provided during your registration is correct and actually used by you. Without this step, you will not be able to activate your account.

Information used

To send these emails, we use only:

  • Your email address,
  • The status of your registration (confirmed or pending).
Who manages this sending?

Emails are sent directly by the Association d’Entraide Universitaire (AEU) with the help of our service providers, who ensure the proper functioning of the Services:

  • NEOWEB (maintenance and IT development of the Services), located at 165 avenue de Bretagne, 59000 Lille, France.
  • Infomaniak Network SA (hosting of the Services data), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
How long do we keep your information?

The data needed to send emails (your email address and the status of your registration) is retained:

  1. As long as your account is active.
  2. If your registration is not confirmed within a reasonable timeframe, your information will be deleted.
Is your data sent outside Europe?

Yes, as with account management, your data may be hosted in Switzerland by our partner, Infomaniak Network SA. Switzerland is recognized by the European Union as offering a level of data protection equivalent to ours, and we have signed agreements to guarantee this security.

1.1.3. Administration of user accounts and their permissions

To enable you to use our Services securely and in a way that is appropriate to your needs, we manage the information related to your account and your access permissions. Here are the details of this processing:

Why do we manage your accounts and permissions?

We need to manage your accounts in order to:

  • Give you access to the features of the Services according to your role or profile.
  • Maintain the security of our Services by controlling who can access what.
Information used

As part of administering user accounts, we use the following information:

  • Your first and last name,
  • Your email address,
  • Your user status (active, inactive, or deleted),
  • Your access permissions to the various features of the Services.
Who manages this information?

This information is administered by the Association d’Entraide Universitaire (AEU) and may be shared with our technical partners in order to ensure the proper functioning of the Services:

  • NEOWEB (maintenance and IT development), located at 165 avenue de Bretagne, 59000 Lille, France.
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
How long do we keep this information?

Data related to administration of accounts and permissions is retained:

  1. As long as your account is active: We keep your information to enable you to access the Services.
  2. After account deletion: Certain information may be temporarily retained in our archives for a reasonable period, in case of specific needs (legal obligations or issue resolution).

Is your data sent outside the European Union?

Yes, certain data may be hosted in Switzerland by our service provider, Infomaniak Network SA. Switzerland is recognized by the European Union as offering a level of data protection equivalent to ours, and specific agreements guarantee the security of your information.

1.1.4. Matching user accounts with student accounts

As part of our Services, we match your user account on our website with your student account within the schools and institutions under the Université Catholique de Lille.

Why do we perform this matching?

This matching is necessary to:

  • Verify that you are indeed a student within an institution of the Université Catholique de Lille,
  • Create an individual access card for the Services, also called the “All Card”,
  • Allow you to access specific services reserved for students,
  • Adapt the Services’ features according to your institution or your status.
Information used

To perform this matching, we process the following information:

  • Information from your user account: first name, last name, email address,
  • Information provided by your institution: student ID number, enrollment status, affiliated institution.
  • Information related to your All Card: last name, first name, unique identification number
Who manages this processing?

This matching is carried out by the Association d’Entraide Universitaire (AEU) in collaboration with the institutions of the Université Catholique de Lille. The information is also shared, if necessary, with our technical service providers to ensure the proper functioning of the Services:

  • NEOWEB (maintenance and IT development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
  • HOROQUARTZ (provider of the All Cards management and printing solution), located at Bât Château Rouge, 282 Av. de la Marne, 59700 Marcq-en-Barœul
  • SERVICES ET INFRASTRUCTURE, SARL, (server maintenance provider) located at 241 AVENUE CLÉMENT ADER, 59118 WAMBRECHIES
How long do we keep this information?

Data used for matching is retained:

  1. For the duration of your enrollment as an active student in an institution of the Université Catholique de Lille,
  2. After you no longer have student status: Your matching data is deleted or anonymized within a reasonable timeframe, unless retention is required to meet a legal obligation or resolve a particular issue.
Is your data sent outside Europe?

Some information may be hosted in Switzerland by our service provider, Infomaniak Network SA. Switzerland offers a level of data protection recognized as equivalent to that of the European Union, and we have taken contractual measures to guarantee its security.

1.1.5. Recording preferences for receiving notifications by email

To allow you to receive only the email notifications you are interested in, we record your preferences, which you can set via the Services features accessible from the “My Account” section. Here are the details of this processing:

Why do we record your preferences?

The purpose is to offer you a personalized service by allowing you to choose:

  • The types of notifications you wish to receive (for example: reminders, important information, events),
  • Whether you want to continue receiving certain communications by email.

This ensures that you only receive emails that concern you and that you have chosen.

Information used

To manage your preferences, we collect and record:

  • Your email address,
  • Your unique identification number for your User Account
  • Your notification choices (preferences enabled or disabled).
Who manages this processing?

This processing is carried out by the Association d’Entraide Universitaire (AEU), in collaboration with its service providers:

  • NEOWEB (maintenance and IT development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
How long do we keep this information?

Data related to your notification preferences is retained:

  1. As long as your user account is active,
  2. After deletion of your account, your preferences are also deleted.
Is your data sent outside Europe?

Some data may be hosted in Switzerland by Infomaniak Network SA. Switzerland is recognized by the European Union as offering a level of data protection equivalent to ours, and specific agreements guarantee the security of your information.

1.1.6. Online password changes

To ensure the security of your user account, we allow you to change your password directly online. Here are the details of this processing:

Why do we allow you to change your password online?

This feature is intended to:

  • Allow you to secure your account in case of suspected compromise,
  • Give you the ability to easily update your password if you forgot it or wish to change it.
Information used

As part of changing your password, we process the following information:

  • Your email address (to identify your account),
  • Your old password (when required to validate the change),
  • Your new password (which is immediately encrypted and secured).
Who manages this processing?

Password changes are administered by the Association d’Entraide Universitaire (AEU). We also work with our service providers to ensure the security and availability of the service:

  • NEOWEB (maintenance and IT development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
How long do we keep this information?

Passwords are encrypted as soon as they are recorded and are never stored in plain text.
Once the password is encrypted, it results in a cryptographic fingerprint, which is retained until your User Account is deleted

Is your data sent outside Europe?

As with other data, some information may be hosted in Switzerland by Infomaniak Network SA. Thanks to specific agreements and Switzerland’s recognition by the European Union as a country offering an adequate level of data protection, your information remains secure.

1.1.7. Management of user authentication on https://all-lacatho.fr

Management of user authentication on the website https://all-lacatho.fr

To secure access to your account and ensure that logging in to our Services functions properly, we use technical cookies related to authentication. Here are the details of this processing:

Why do we use these cookies?

These cookies are necessary to:

•   Enable your secure login to your user account,

•   Correctly manage the authentication steps,

•   Ensure continuity of your session so you do not have to log in again on every page,

•   Redirect you to the correct page after logging in, if needed.

These cookies are not used for advertising or behavioral tracking purposes. They are strictly necessary for the website to function.

Data collected (via cookies set)

When you log in or access pages requiring authentication, the following cookies may be set:

•   SRVGROUP: helps ensure load balancing and the proper technical functioning of the website,

•   \_\_Host-next-auth.csrf-token: prevents “Cross Site Request Forgery” (CSRF) attacks,

•   \_\_Secure-next-auth.callback-url: stores the URL to which you must be redirected after logging in,

•   route: manages secure navigation between the different pages of the website,

•   KC\_RESTART: allows the session to be resumed in the event of a temporary interruption,

•   AUTH\_SESSION\_ID\_LEGACY and AUTH\_: session identifiers used to keep your authentication active for a given period.

Who manages this processing?

Authentication management is provided by the Association d’Entraide Universitaire (AEU), with the assistance of its technical partners:

•   **NEOWEB** (website maintenance and development), located at 165 avenue de Bretagne, 59000 Lille, France,

•   **Infomaniak Network SA** (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

How long do we keep these cookies?

Authentication cookies are temporary and are retained only for:

The SRVGROUP cookie as well as the __Secure-next-auth.callback-url cookie are session cookies, and they are deleted when you close your browser.

However, the other cookies are retained for a period of 365 days

They are automatically deleted once the session expires or you log out.

Is your data sent outside Europe?

Some cookies may be associated with services hosted in Switzerland by Infomaniak Network SA, a host recognized by the European Union as ensuring an equivalent level of protection for personal data. Specific agreements are in place to ensure the security and confidentiality of the data

1.2. Management of accommodation allocation requests

1.2.1 Creating an account on the Tenant Area on logement.all-lacatho.fr

To facilitate your search for or renewal of student accommodation, we offer an online booking service via the website accessible at https://logement.all-lacatho.fr (hereinafter referred to as the “Espace Locataire”). This requires you to create an account.

Why do we need to create your account?

Creating an account is necessary in order to:

  • Identify you securely,
  • Enable you to book or renew accommodation online,
  • Offer you personalized access to your tenant area, where you can view your bookings and manage your information.

Information collected

When creating your account, we collect the following information:

  • Your Username
  • Your Password
  • Your Title
  • Your Last name
  • Your First name
  • Your Email

Who manages this processing?

The creation and management of accounts on the tenant area are administered by the Association d’Entraide Universitaire (AEU). We work with our service providers to ensure the operation and security of the platform:

  • IRIGA-NETWORKS (provider of the WEASYLOC solution, the online software used to carry out this processing)
  • SERVICES ET INFRASTRUCTURE, SARL, (server maintenance provider) located at 241 AVENUE CLÉMENT ADER, 59118 WAMBRECHIE

How long do we keep this information?

Your account data is retained:

  1. As long as your account is active: This allows you to access the services of the tenant area.
  2. After you delete your account: Your data is deleted.

Is your data sent outside Europe?

This information is not subject to any transfer outside the European Union.

1.2.2 Request to rent or renew a rental for student accommodation on the Tenant Area

To facilitate your search for or renewal of student accommodation, we offer an online booking service via the Tenant Area. This Tenant Area makes it possible to complete a tenant application file and to follow an allocation procedure for taking up a lease for student accommodation.

Why do we use your data for this service?

This processing is necessary in order to:

  • Enable you to book student accommodation directly online,
  • Manage requests to renew your accommodation,
  • Manage applications for accommodation allocation campaigns

Information used

As part of booking or renewing accommodation, we collect and use the following information:

  • Identification and study information
  • Your Title
  • Your First name
  • Your Last name
  • Your Date of birth
  • Your Place of birth
  • Your Nationality
  • Your Email
  • Your Mobile phone number
  • Your INE
  • Your School
  • Your Year of study
  • Your Address
  • Your Postal code
  • Your City
  • Your Country
  • Documents required for the booking
  • Your tenant photo
  • Your Identity document
  • Your VISA or residence permit
  • Information relating to the student’s stay
  • Your Academic year
  • Your Arrival date
  • Your Departure date
  • Your Ordered residence choices
  • Your Choice of accommodation type
  • Information about the Trusted person
  • Your Title
  • Your Last name
  • Your First name
  • Your Relationship with the tenant (Family, Acquaintance)
  • Your Phone number
  • Your Email address
  • Information about the individual financial guarantor
  • Your Title
  • Your First name
  • Your Last name
  • Your Postal address
  • Your Postal code
  • Your City
  • Your Nationality
  • Your Date of birth
  • Your Place of birth
  • Your Phone
  • Your Email
  • Your Profession
  • Your Employment status
  • Your Identity document
  • Your Proof of address less than 3 months old
  • Your Tax notice
  • Your Payslip
  • Your Unemployment or retirement benefit certificate
  • Your VISALE visa (first name, last name, and guarantee amount)
  • The legal representative’s identity card if the tenant is a minor

Who are the recipients of this data?

Booking management is ensured by the Association d’Entraide Universitaire (AEU), with the support of its technical partners to guarantee the reliability and availability of the service:

  • IRIGA-NETWORKS (provider of the WEASYLOC solution, the online software used to carry out this processing)
  • SERVICES ET INFRASTRUCTURE, SARL, (server maintenance provider) located at 241 AVENUE CLÉMENT ADER, 59118 WAMBRECHIES

How long do we keep this information?

When your rental request is refused, the information you provided to process your request is retained for up to 3 months in the active database from the date the refusal to grant the right to take up the lease is communicated, and is then deleted.

When your rental request is accepted, the information you provided to process your request is retained for the entire duration of the lease in the active database, and then for a period of 3 years from the end of the lease.

Is your data sent outside Europe?

This information is not subject to any transfer of data outside the European Union.

1.2.3 Review of requests to reduce notice periods for current leases

As part of our Services, we review requests to reduce notice periods related to current leases when we receive them. The request is made on the Tenant Area.

Why do we use your data for this service?

This processing is necessary in order to:

  • Review and analyze your request to reduce the notice period,
  • Check whether the conditions for a reduction of the notice period are met (for example, medical, academic, or professional reasons),
  • Provide you with an appropriate response in compliance with the rules in force.

Information used

To process your request, we collect and use only the information necessary, in particular:

  • Your first and last name,
  • Your email address and tenant number,
  • Information relating to your lease (accommodation address, lease start and end dates, length of the current notice period),
  • Supporting documents you provide (for example, medical certificates or attestations).

Who manages this processing?

Review of requests is carried out by the Association d’Entraide Universitaire (AEU). Your data may also be processed by our technical partners to ensure the proper functioning of the lease management platform:

  • IRIGA-NETWORKS (provider of the WEASYLOC solution, the online software used to carry out this processing)
  • SERVICES ET INFRASTRUCTURE, SARL, (server maintenance provider) located at 241 AVENUE CLÉMENT ADER, 59118 WAMBRECHIES

How long do we keep this information?

Data related to your notice reduction requests is retained:

  1. During processing of your request: This information is necessary to analyze and respond to your request.
  2. After your request is closed: supporting documents are deleted; only the status (accepted or refused) is retained for 3 years in legal archiving.

Is your data sent outside Europe?

This information is not subject to any transfer outside the European Union.

1.3. Management of click-and-collect orders for the catering service

1.3.1 Online collection of Click and Collect orders

To enable you to order and collect your products quickly and easily, we collect online the information necessary for managing your orders via our Click and Collect service made available using the Moneweb online software. In order to place orders, it is necessary to extend your User Account to Moneweb so that you have an individual booking and payment area for orders. You therefore have a Moneweb User Account, created from your User Account information as soon as the latter is created, when you have previously consented to its creation in order to allow the sending of newsletters about news relating to the services offered by All. Here are the details of this processing:

Why do we collect this information?

Collecting your information is essential in order to:

  • Manage your online orders and prepare your products for collection,
  • Inform you about the status of your order (confirmation, availability for collection),
  • Ensure tracking of your purchases.
Information collected

As part of Click and Collect, we collect and use the following data:

  • Your collection location
  • Your collection date and time
  • Your order contents
  • Your order amount
  • Your booking number
Who manages this processing?

Management of Click and Collect orders is ensured by the Association d’Entraide Universitaire (AEU), with the support of our service providers to ensure the proper technical functioning of the service:

  • NEOWEB (IT maintenance and development of the delegated authentication system), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (hosting of the authentication system data), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
  • JES Labs, SA, (publisher of the Moneweb online solution, allowing reservations and payment for orders), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN
  • Le Casier Français, SARL, (distribution provider at order collection points), located at Zone Acti+, Rte de Vendeville Bâtiment 6, 59175 Templemars
How long do we keep this information?

Data related to your orders is retained from the completion of each order until your Moneweb User Account is deleted.
As part of the management of accounting operations related to orders, which constitutes another processing activity, the retention necessary to meet accounting and tax obligations also extends this retention period. For more information, you can consult the information relating to this processing.

Is your data sent outside Europe?

Certain authentication-related data may be hosted in Switzerland by our provider Infomaniak Network SA. Switzerland is recognized by the European Union as offering an equivalent level of data protection. Specific contractual agreements also guarantee the confidentiality and security of your information

1.4. Management of quotation requests for the catering service

1.4.1. Online quotation request collection form

To enable you to request a personalized quotation for catering services via the Website, we collect the information necessary to review and respond to your request. Here are the details of this processing:

Why do we collect this information?

Collecting this information is essential in order to:

  • Understand your need and prepare an appropriate response,
  • Send you a personalized quotation in line with your request,
  • Ensure tracking of your catering service requests and facilitate exchanges.
Information collected

When you submit an online quotation request, we collect and use the following data:

  • Context and purpose of the event,
  • Date of the service,
  • Start and end time of the event,
  • time when the venue is available for installation,
  • time when the venue is available for collection,
  • exact location of the service,
  • contact details of the person to contact during the event,
  • free text field for additional information,
  • Number of guests,
  • average budget per guest,
  • number of tables available,
  • wish for 100% vegetarian,
  • Type of event,
  • Specific dietary regime (free text field),
  • wish for service staff to be present,
  • desired tableware and glassware,
  • desired type of tablecloth,
  • additional information (free text field),
  • last name of the ordering contact,
  • first name of the ordering contact,
  • email of the ordering contact,
  • contact phone number
  • ordering party,
  • name of the ordering party’s organization,
  • status of membership as a member of the ordering party in the FUPL,
  • name of the entity to be invoiced,
  • address of the entity to be invoiced,
  • postal code of the entity to be invoiced,
  • city of the invoiced entity address,
  • country of the entity to be invoiced, additional information,
  • analytical code of the entity to be invoiced.
Who manages this processing?

Management of quotation requests is ensured by the Association d’Entraide Universitaire (AEU). We work with our technical partners to ensure the proper functioning of the online form:

  • NEOWEB (IT maintenance and development of the Website), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (hosting of the Website data), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
  • SERVICES ET INFRASTRUCTURE, SARL, (server maintenance provider for the software used by the catering service) located at 241 AVENUE CLÉMENT ADER, 59118 WAMBRECHIES
How long do we keep this information?

Data related to your quotation request is retained during the processing of your request. If your request results in an accepted quotation, then the information is retained until the service is completed. If the request does not result in such an accepted quotation, then this information is deleted from the active database.
After completion of the services, the information is retained for the purposes of processing implemented to carry out accounting and administrative formalities. For more information, please refer to those processing activities in this Policy.

Is your data sent outside Europe?

Certain information may be hosted in Switzerland by our provider Infomaniak Network SA. Switzerland is recognized by the European Union as offering an equivalent level of data protection. Specific contractual agreements guarantee the security and confidentiality of your information.

1.5. Management of payments and users’ payment methods

1.5.1. Top-up of the All Card via Moneweb with payment by bank card

To enable you to top up your All Card online quickly and securely, we offer the necessary features for this purpose via the Moneweb online software. Here are the details of this processing:

Why do we implement this processing

Collecting this information is essential in order to:

  • Enable use of the All Card via the Moneweb platform,
  • Ensure proper execution of your bank card payment,
  • Guarantee the security and traceability of transactions.
Information collected

When loading credits onto your All Card by bank card, we collect and use the following data:

  • Your bank card number,
  • Your bank card expiry date,
  • Your bank card security code,
  • Your Transaction amount,
  • Your contract number, payment dates
  • Credited amount
  • Operation status
Who manages this processing?

Top-up management is ensured by the Association d’Entraide Universitaire (AEU). We work with our partners to guarantee payment security and the proper functioning of the service:

  • JES Labs, SA, (publisher of the Moneweb online solution, allowing your All Card to be credited with a bank card payment), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN
  • Worldline, (online payment solution integrated into and used by Moneweb), located at Tour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense Cedex
How long do we keep this information?

Bank card information is not retained beyond completion of the transaction.

Information about the status of the operation and the credited amount is retained until the Moneweb User Account is deleted, and beyond if this information is necessary to carry out processing required for the completion of accounting and administrative formalities legally imposed on AEU.

Is your data sent outside Europe?

JES Labs uses Worldline’s services to manage bank card payments. Worldline indicates that it may transfer payment information outside the European Union, while ensuring the implementation of appropriate safeguards.

1.5.2. Purchase of the All Card

You can make purchases or take out paid subscriptions offered as part of our offer using a specific, individual card assigned to you by All. This card is called the “All Card” and is distinct from your student card..

To enable you to purchase an All Card online in a simple and secure manner, we collect and process the information necessary for the purchase and payment. Here are the details of this processing:

Why do we collect this information?

Collecting this information is essential in order to:

  • Process your order and assign you an All Card,
  • Ensure proper execution of your online payment via the Sogecommerce platform,
  • Guarantee the security and traceability of the transactions carried out.
Information collected

When purchasing the All Card, we collect and use the following data:

  • as part of the form collecting the information necessary to create the card:
  • Your INE
  • Your Last name
  • Your First name
  • Your Institution
  • Your Email address
  • Your Address
  • Your Scholarship beneficiary document (if you are eligible to receive a scholarship)
  • Your CVAE certificate (if you are a student)
  • Your Student status or not
  • Matching by correspondence with your university account within an institution of the Fédération Universitaire Catholique de Lille
  • as part of carrying out the online payment operation:
  • Your bank card number,
  • Your bank card expiry date,
  • Your bank card security code,
  • Your Transaction amount,
  • Operation status
Who manages this processing?

The purchase and management of payments related to the All Card are administered by the Association d’Entraide Universitaire (AEU). We work with technical and financial partners to ensure the security and proper functioning of the service:

  • Sogecommerce (secure online payment solution),
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.
  • NEOWEB (Website IT development and maintenance): 165 avenue de Bretagne, 59000 Lille, France.
How long do we keep this information?

Data related to the purchase of the All Card is retained:

  • regarding the information from the collection form:
  • for the entire validity period of the All Card, until its definitive deletion following a validity period of 3 years in the absence of renewal.
  • regarding the bank card information used to pay the amount necessary to purchase the All Card:
    1. For the time necessary for the transaction: The information is used to process and secure your order and your payment.
    2. Beyond the transaction: Certain data (such as purchase supporting documents or accounting information) may be retained for legal or administrative obligations before being deleted or anonymized.
Is your data sent outside Europe?

Certain information may be hosted in Switzerland by Infomaniak Network SA, a provider recognized by the European Union as guaranteeing an equivalent level of data protection.

1.5.3. Management of the Moneweb User Account profile

The Moneweb online solution allows you to view and change the information relating to your Moneweb User Account. Here are the details of this processing:

Why do we manage this information?

Managing your profile is necessary in order to:

  • Adapt Moneweb’s features to your preferences,
  • Enable you to configure and manage your notifications,
  • Change information about you that may be incorrect,
  • Ensure a smooth and secure experience, in particular on mobile devices connected to Moneweb.

Information collected

As part of managing your profile, we collect and use the following data:

  • Moneweb user account identifier,
  • Email address,
  • Language selected for the interface,
  • Notification preferences, in particular:
  • Alerts in case of balance overrun,
  • Notifications for a new top-up,
  • Preferences for printing receipts.
  • Notification configuration for the Moneweb mobile application,
  • Connection devices used with Moneweb mobile (brand, model, registration date),
  • Preference for automatic top-up (if enabled).

Who manages this processing?

Management of Moneweb user profiles is carried out by the Association d’Entraide Universitaire (AEU), with the assistance of its technical partners:

  • JES Labs, SA, (publisher of the Moneweb online solution, allowing your All Card to be credited with a bank card payment), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN

How long do we keep this information?

Data related to your Moneweb profile is retained:

  1. As long as your account is active: The information is necessary to guarantee an optimal user experience.
  2. After your account is deactivated or deleted: The data is deleted at the end of the retention period necessary for AEU to meet its legal and accounting obligations

Is your data sent outside Europe?

As part of this processing, your data is not transferred outside the European Economic Area.

1.5.4. Creation of a Moneweb User Account

Creation of a Moneweb User Account can be carried out in two possible ways:

  • during your administrative enrollment as a student within an institution of the Université Catholique de Lille
  • when you create a User Account on the Website.

Why do we implement this processing?

Creating your Moneweb User Account is essential in order to:

  • Identify you securely on the Moneweb platform,
  • Enable you to access all features of the Moneweb platform which make it possible to benefit from the entire range of Services offered by AEU,
  • Send you newsletters by email, if you have consented to this.

Information collected

When creating your account, we collect the following data:

  • First name,
  • Last name,
  • Email address,
  • Secure password (encrypted and unreadable by our teams),
  • Consent to accept the General Terms of Use, which is required to finalize registration.

Who manages this processing?

Creation and management of Moneweb User Accounts are administered by the Association d’Entraide Universitaire (AEU). We work with technical partners to ensure the security and proper functioning of the platform:

  • NEOWEB (IT maintenance and development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • JES Labs, SA, (publisher of the Moneweb online solution, allowing your All Card to be credited with a bank card payment), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN
  • Infomaniak Network SA (hosting of the Website), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

How long do we keep this information?

Data related to your Moneweb account is retained:

  1. As long as your Moneweb User Account is active: The information is necessary to identify you and guarantee access to our services.
  2. After you delete your account: The data is deleted after a period necessary for AEU to meet its legal and accounting obligations..

Is your data sent outside Europe?

Certain information may be hosted in Switzerland by our provider Infomaniak Network SA. Switzerland is recognized by the European Union as offering an equivalent level of data protection. Specific contractual agreements also guarantee the security and confidentiality of your information.

1.5.6. Viewing payment histories and transactions on Moneweb

To enable you to view your payment histories and transaction histories carried out via the Moneweb platform, we collect and process the data necessary to manage and display your receipts and histories. Here are the details of this processing:

Why do we collect this information?

Collection and management of payment histories have the following purposes:

  • Provide you with transparent and detailed access to your past transactions,
  • Enable traceability of payments and purchases,
  • Respond to any requests you may have for verification or rectification.

Information collected

To display your histories and receipts, we collect and use the following data:

Receipt data:

  • Order number,
  • Point of sale,
  • Tax number,
  • Cash register receipt number,
  • Number of place settings (if applicable),
  • First and last name of the Moneweb account holder,
  • Holder status (student, staff, visitor — person without an INE number),
  • Badge number (All Card or student card),
  • Previous account balance,
  • List of products purchased,
  • Quantity of products,
  • Unit price,
  • Price incl. taxes,
  • Total receipt amount,
  • VAT applied,
  • New account balance,
  • Date and time of receipt printing,
  • Receipt printing number.

Receipt history data:

  • Date and time the receipt was issued,
  • Previous account balance,
  • Order total,
  • New account balance.

Who manages this processing?

Management and display of payment histories are ensured by the Association d’Entraide Universitaire (AEU) with the support of technical partners:

  • JES Labs, SA, (publisher of the Moneweb online solution, allowing your All Card to be credited with a bank card payment), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN

How long do we keep this information?

Data related to your payment and transaction histories is retained:

  1. For the duration of active use of your Moneweb User Account, to ensure access to your histories.
  2. After deactivation or deletion of your Moneweb User Account: Certain information may be archived for a limited period for legal or administrative purposes before being deleted

Is your data sent outside Europe?

This information is not subject to any transfer outside the European Union as part of this processing.

1.5.7. Linking All User Accounts and Moneweb User Accounts

When you have a Moneweb User Account, following your administrative enrollment as a student within an institution of the Université Catholique de Lille, you are instructed to create an All User Account on the Services accessible on the website https://all-lacatho.fr, using the email address you used to enroll within that institution.

Why do we implement this processing?

This allows All to correlate your Moneweb User Account, created following enrollment within the institution you attend, with your All User Account. This correlation allows holders of All User Accounts to fully benefit from the services offered to them by All.

Information processed for this purpose

We process the information collected when you enrolled within the institution that is part of the Université Catholique de Lille, namely:

  • your email address

And we also use the information collected when your All User Account was created, namely:

  • First name,
  • Last name,
  • Email address,
  • Password,
  • Registration confirmation status

Who implements this processing?

The linking of All User Accounts and Moneweb User Accounts is orchestrated by the Association d’Entraide Universitaire (AEU). We work with technical partners to ensure the security and proper functioning of the platform:

  • NEOWEB (IT maintenance and development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • JES Labs, SA, (publisher of the Moneweb online solution, allowing your All Card to be credited with a bank card payment), located at 5, rue Guglielmo Marconi F-44800 SAINT-HERBLAIN
  • Infomaniak Network SA (hosting of the Website), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

How long do we keep this information?

Data used to carry out this correlation is retained until the Moneweb User Account thus created is deleted.

Is your data sent outside Europe?

This information is subject to correlation processing carried out on servers provided by Infomaniak, located in Switzerland. Switzerland is recognized by the European Union as offering an equivalent level of data protection. Specific contractual agreements also guarantee the security and confidentiality of your information.

1.5.8. Management of operations carried out with the Moneweb wallet

In order to enable the operation of the Moneweb digital wallet and ensure precise tracking of operations carried out with your All card or Moneweb account, we implement processing dedicated to managing transactional data related to the daily use of the service.

Why do we implement this processing?

This processing aims to:

  • Guarantee the proper functioning of the Moneweb wallet and real-time tracking of operations,
  • Enable financial traceability of the uses of your account,
  • Provide you with a clear and structured history of your operations, accessible from your personal space.
Information collected

For each operation carried out with your Moneweb wallet (payment, top-up, etc.), the following data is collected and recorded:

  • Frequency (where applicable, for recurring products or services),
  • Date and time the operation was carried out,
  • Operation activity (corresponding to the place or service of execution, e.g.: university restaurant, vending machine, checkout, etc.),
  • Previous account balance before the operation,
  • Operation total,
  • New account balance after the operation.

This data makes it possible to guarantee the accuracy of financial movements related to your Moneweb account.

Who manages this processing?

The processing is implemented by the Association d’Entraide Universitaire (AEU), with the assistance of technical partners:

  • JES Labs, SA, publisher of the Moneweb solution, located at 5 rue Guglielmo Marconi, 44800 Saint-Herblain (France),
How long do we keep this information?

Data relating to Moneweb operations is retained:

  • For 12 months from the date the operation is carried out
  • Then temporarily archived, for legal, administrative, or accounting justification purposes, before its definitive deletion.
Is your data sent outside Europe?

No, this data is not transferred outside the European Economic Area.

1.5.9. Management of payments for purchasing goodies and subscribing to the gym

In order to enable the online purchase of derivative products (goodies) and gym subscriptions offered on the All platform, payment data processing is implemented via the secure SOGECOMMERCE module.

Why do we implement this processing?

This processing aims to:

  • Enable and secure online payments,
  • Ensure traceability and confirmation of payment operations carried out by the user,
  • Facilitate the administrative management of gym registrations and goodies orders.

Information collected

As part of the transaction, the following data is collected and processed:

  • Payment method information, such as the bank card number
  • Operation amount,
  • First and last name of the payment method holder,
  • Operation label (e.g.: t-shirt purchase, quarterly subscription, etc.),
  • Unique operation identifier.

No complete bank card data is retained by AEU. All sensitive information is processed in accordance with PCI DSS standards by the payment service provider.

Who manages this processing?

Payment management is ensured by the Association d’Entraide Universitaire (AEU), with the support of technical partners:

  • SOGECOMMERCE (Société Générale payment solution), responsible for processing transactions,
  • NEOWEB, for the technical integration of the payment solution on the website all-lacatho.fr,
  • Infomaniak Network SA, the Website host, located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

How long do we keep this information?

Data relating to the operation (excluding payment method data which is not retained beyond the time necessary to carry out the payment operation) is:

  • Retained for the time necessary to manage the order, verify payment and issue supporting documentation,
  • Then archived for accounting and legal purposes for a period not exceeding the applicable legal time limits.

Is your data sent outside Europe?

Certain data may be hosted in Switzerland by Infomaniak Network SA, a country recognized as offering an adequate level of data protection by the European Union. Bank data processing, for its part, is carried out exclusively within the European Economic Area (EEA) by SOGECOMMERCE, in compliance with applicable payment security regulations.

1.6 Management of user requests submitted via form

1.6.1. Processing of requests received via the forms on the website https://all-lacatho.fr

When you contact us via an online form, we collect the information necessary to process your request and respond effectively. Here are the details of this processing:

Why do we collect this information?

This processing is implemented in order to:

  • Forward your request to the appropriate internal department of the Association d’Entraide Universitaire (AEU),
  • Identify you and be able to respond to you as quickly as possible,
  • Ensure clear and structured tracking of your requests.

Information collected

When you submit a contact or request form, we collect the following data:

  • The internal department concerned by your request (e.g.: accommodation, catering, All card…),
  • Last name and first name,
  • Email address,
  • Phone number (if provided),
  • Additional information you choose to share with us in the message field,
  • Your consent to the processing of this data (via a mandatory checkbox).

Who manages this processing?

Management of requests is ensured by the Association d’Entraide Universitaire (AEU). To ensure the proper technical functioning of the form, we use:

  • NEOWEB (IT maintenance and development), located at 165 avenue de Bretagne, 59000 Lille, France,
  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

How long do we keep this information?

Data resulting from your requests is retained:

  1. For the time necessary to process and respond to your request,
  2. Then deleted after the request has been processed

Is your data sent outside Europe?

Certain data may be hosted in Switzerland by Infomaniak Network SA, a country recognized by the European Union as offering an adequate level of data protection. Specific agreements are put in place to guarantee the security and confidentiality of your information.

1.7. User experience and Website improvement

1.7.1. Analytics tracking and audience measurement via Google Tag Manager

In order to optimize the browsing experience on the website https://all-lacatho.fr and to better understand how its features are used, we implement data processing for audience measurement and performance purposes via the Google Tag Manager tool.

Why do we implement this processing?

This processing pursues several objectives:

  • Analyze website traffic and usage (pages visited, browsing time, bounce rate, etc.),
  • Identify areas for improvement in ergonomics and navigation,
  • Track the effectiveness of features made available to users,
  • Deploy or adjust certain tags according to observed behaviors, in compliance with your consent preferences.
Information collected

Analytics tracking via Google Tag Manager does not directly collect personal data, but enables the activation or deactivation of JavaScript tags, some of which may trigger third-party tools such as Google Analytics, subject to your consent.

The following may potentially be processed:

  • IP address (in anonymized form, if anonymization is enabled),
  • URL of the page visited,
  • Browser type,
  • Operating system used,
  • Session duration,
  • Navigation path (pages viewed, clicks, interactions).
Who manages this processing?

Implementation of analytics tracking is ensured by the Association d’Entraide Universitaire (AEU), in collaboration with the following technical partners:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the management of Google Tag Manager and associated tags (Google Analytics, etc.),
  • NEOWEB, for technical development and integration of the tool on the Website,
  • Infomaniak Network SA, located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland, for hosting of the Website.
How long do we keep this information?

The retention period depends on the configuration of tags activated via Google Tag Manager, but in general:

  • Anonymized audience measurement data is retained for up to 14 months after collection, in accordance with Google Analytics standards,
  • Consent preferences related to cookies are retained for up to 13 months, in accordance with CNIL obligations.
Is your data sent outside Europe?

Yes, certain processing may involve a transfer outside the European Union. Google Ireland Limited may transfer data to the United States or other third countries as part of using Google tools. These transfers are governed by standard contractual clauses approved by the European Commission, and Google undertakes to put in place additional safeguards to ensure an adequate level of protection.

You can change your consent preferences at any time via the cookie banner provided for this purpose, accessible from the bottom of the Website pages.

1.7.2. Adapting the Website display according to accessibility preferences

As part of our commitment to digital accessibility, we implement processing intended to adapt the display of the website https://all-lacatho.fr to the specific needs of certain users with disabilities. This processing relies on parameters stored locally in the user’s browser, without transfer to the server.

Why do we implement this processing?

This processing aims to:

  • Facilitate navigation for users with visual or cognitive impairments,
  • Enable a personalized interface adjustment based on accessibility preferences,
  • Provide better readability and an inclusive user experience.
Information collected

Accessibility preferences are stored locally in the user’s browser in the form of local storage (non-cookie), through the following key:

  • Local storage name: accessibility_state

  • Data contained:

  • isContrast: indicates whether high-contrast mode is enabled (true or false),

  • isDyslexic: indicates whether the font adapted for people with dyslexia is enabled (true or false),

  • theme: indicates the display theme selected ("light" or "dark").

This data is accessible only by the local browser and is not sent to or shared with servers or third parties.

Who manages this processing?

The processing is implemented by the Association d’Entraide Universitaire (AEU). It relies on features developed and integrated by:

  • NEOWEB, for technical management and implementation of accessibility settings on the Website,
  • Infomaniak Network SA, for hosting of the Website, although data related to this processing is not transmitted to servers.
How long do we keep this information?

Preferences are retained until the user manually deletes them via their browser settings. They may also be reset automatically if the cache is cleared or if the browser is changed.

Is your data sent outside Europe?

No. Information relating to your accessibility preferences is stored only in your browser, on your device. It is not transmitted, processed, or stored on external servers and therefore never leaves the European Union.

We provide a simulation tool to help you estimate expenses and resources you may have during your studies in Lille. Here are the details of the processing of data used in this context:

Why do we collect this information?

This processing aims to:

  • Provide you with a personalized estimate of your monthly or annual expenses related to student life,
  • Generate a clear summary of your projected budget,
  • Help you better anticipate your financial needs.
Information collected

When you use our simulator, you may be asked to provide all or part of the following items:

  • Annual tuition fees,

  • Rent and housing-related charges,

  • Home insurance,

  • Phone plan and Internet,

  • Car (fuel, insurance),

  • Public transport,

  • Food expenses,

  • Exceptional expenses,

  • Leisure,

  • Health expenses / supplemental health insurance,

  • Benefits received:

  • CAF income,

  • CROUS grant,

  • Health and social studies grant,

  • Additional resources (family, student jobs, etc.).

This data is used exclusively for the simulation and is not retained unless you choose to save it or transmit it as part of a contact request or follow-up.

Who manages this processing?

This service is implemented by the Association d’Entraide Universitaire (AEU), with the support of its technical service providers:

  • NEOWEB (IT maintenance and development), located at 165 avenue de Bretagne, 59000 Lille, France,

  • Infomaniak Network SA (data hosting), located at 25 rue Eugène-Marziano, 1227 Geneva, Switzerland.

#### How long do we keep this information?

By default, no personal data is retained after the simulation. If you choose to transmit the results or create an account, the data may be stored according to the associated purposes (see the relevant processing activities in this policy).

Is your data sent outside Europe?

Data may be hosted in Switzerland by Infomaniak Network SA, a country recognized by the European Union as offering an adequate level of data protection. Contractual safeguards are put in place to ensure the security of your information.

1.9. Making medical or paramedical appointments with the health service

1.9.1. Online appointment booking with CPSU

To facilitate access to gynecology or psychology consultations with professionals of the Centre Polyvalent de Santé Universitaire, AEU provides you with an online appointment booking system via the Maiia Agenda platform, published by CEGEDIM SANTÉ. Here are the details of this processing:

Why do we collect this information?

This processing makes it possible to:

  • Offer you simple and secure access to booking medical or paramedical appointments,
  • Efficiently organize consultations with partner healthcare professionals,
  • Transmit to the practitioner the information necessary for the consultation.
  • Carry out follow-up of consultations in the patient’s medical record.

Information collected

When using Maiia Agenda, the following data may be collected as part of managing your account and your appointments:

  • Identity: last name, first name, birth name, sex as per civil status,

  • Contact details: mobile phone number, email address, postal address,

  • Personal and administrative data: date, place and city of birth, social security number,

  • Appointment-related information: reason for consultation, appointment date and time, consultation location, selected practitioner.

Who manages this processing?

The processing is carried out via Maiia Agenda, a secure platform published by CEGEDIM SANTÉ, AEU’s service provider.

How long is this data retained?

Data relating to appointment booking is retained only for the time necessary to perform it, and cannot be retained beyond the existence of your Maiia account.
However, certain information, such as the reason for consultation, may be integrated into the patient’s medical record. This data is retained for 20 years from the last consultation, in accordance with the regulations applicable to health data.

Where is the data hosted?

Data processed via Maiia Agenda is hosted within the European Union, in centers approved for hosting health data (HDS), guaranteeing a high level of security and confidentiality.

1.10. Sending newsletters by email

AEU may send you emails promoting its Services, or information regarding them, in two different cases:

  • if you are customers of its services, which is in particular the case if you have a Moneweb User Account
  • or if you have a User Account

Part 2 - Description of the conditions under which processing is carried out

2.1. Data security measures

  • Technical and organizational measures
  • Data hosting
  • Safeguards for transfers outside the EEA

2.2. Your rights regarding processing

  • Right of access, rectification, erasure, restriction, portability, objection
  • How to exercise your rights
  • Right to lodge a complaint with the CNIL

The website all-lacatho.fr uses cookies to help you navigate efficiently, perform certain features, ensure session security, and improve your user experience. These cookies are classified by category according to their purpose. Only cookies that are strictly necessary for the Website to operate are enabled by default, in accordance with applicable regulations (GDPR and the ePrivacy Directive).

🔒 Necessary cookies (always active)

These cookies are essential to guarantee the proper functioning of the Website, the security of connections, and the management of payments. They do not store directly identifiable data.

Cookie Lifespan Purpose
__Host-next-auth.csrf-token Session Secures authentication requests (protection against CSRF attacks).
__Secure-next-auth.callback-url Session Stores the post-authentication redirect URL.
route Session Manages load distribution between servers.
SRVGROUP Session Ensures traffic distribution between servers (load balancing).

These cookies are used by the third-party service Stripe for fraud prevention, payment session management, and device identification.

Cookie Domain Lifespan Purpose
__stripe_mid .all-lacatho.fr 1 year Identifies the user and device for fraud prevention purposes.
__stripe_sid .all-lacatho.fr 30 minutes to 1 hour Temporarily identifies the user during payment.
__stripe_orig_props .stripe.com 3 months Stores the origin and destination URL for Stripe.
cid .stripe.com About 1 month Customer identifier for fraud prevention.
machine_identifier .stripe.com About 4 months Identifies the device used to access the Website.
private_machine_identifier .stripe.com About 4 months Securely identifies a Stripe device.

🧾 Other cookies (functional, analytics, or unclassified)

Some cookies are used to track user sessions or are in the process of being categorized. Their use is subject to your prior consent.

Cookie Lifespan Purpose
uid Until 20/10/2025 Anonymous user identifier used for session management.
route (duplicate with another) Session Traffic distribution on application servers.

Preference management

During your first visit, a consent banner allows you to manage your cookie preferences. You can also change them at any time. Disabling certain cookies may limit the proper functioning of the Website.

For more information about the use of cookies, you can consult the details under each category in the preference manager available at the bottom of the page.

Legal notice

  • Terms of use
  • Privacy policy
  • Contact