THE GENERAL INTEREST ASSOCIATION (AIG) and the GDPR

It is an association which carries out missions of general interest, without having been recognized as ARUP;

The general interest association (AIG) is aimed at associations that meet certain criteria specified by law, namely that they must have an exclusive and disinterested purpose of general interest. Unlike associations under the 1901 law, general interest associations have a special tax regime that allows them to benefit from tax advantages (exemption from certain taxes and duties, the possibility of receiving tax-free donations and legacies, etc.).

To be considered a general interest association, the association must meet several criteria, including:

    • Have a disinterested and exclusive goal of general interest;

    • Not to distribute profits to its members;

    • Have disinterested and transparent management;

    • Not be created for profit;

    • Do not operate for the benefit of a restricted circle of people.

General interest associations can be created by individuals, businesses, local authorities, administrations, etc. However, not all associations can claim the status of general interest association, as this depends on their purpose and operation.

General interest associations (AIG) may process different categories of personal data depending on their missions and activities. Generally, this data is collected as part of the achievement of their corporate purpose, which may concern various areas such as social action, culture, education, the environment, health, etc.

Personal data that may be processed by the AIGs may include:

    • Identification data: surname, first name, address, telephone number, email address, etc.

    • Economic and financial data: banking data, invoices, etc.

    • Data relating to professional life: training, career path, etc.

    • Health data: if the AIG carries out activities related to health or disability

    • Data concerning volunteers: identity, contact details, skills, etc.

Non-profit organizations must comply with the principles of the French Data Protection Act and the General Data Protection Regulation (GDPR) regarding the processing of personal data. In particular, they must ensure the security and confidentiality of data, inform data subjects of their rights, and obtain their consent for processing requiring such authorization.