PROTECTION OF PERSONAL DATA

Definitions:

  • « Professional » : refers to natural or legal persons offering accommodation (gîtes, campsites, bed and breakfast, etc.) and/or activities on the Site.
  • « IT service providers » : refers to the IT service providers with whom the Data Controller has contracted for the design, corrective and upgrade maintenance and hosting of the Site.
  • « Reservation » : means the booking made via the Site by the User with a Professional, for a holiday.
  • « Service » : refers to the matchmaking service offered by the CRTCVDL via the Site.
  • « Users » : refers to natural persons accessing and using the Site.

ARTICLE 1: GENERAL PROVISIONS AND ACCEPTANCE OF THE CONFIDENTIALITY POLICY

1.1 This privacy policy applies to the processing of personal data carried out by the COMITE REGIONAL DU TOURISME CENTRE-VAL DE LOIRE, an association registered under SIREN number 334 957 024 and declared as an association under number W452002524, whose registered office is located at 3 boulevard de Verdun 45000 ORLEANS (hereinafter referred to as the ‘Data Controller’), as part of the operation of the website accessible at www.loirevalley-france.co.uk (hereinafter referred to as the ‘Website’).

1.2 The purpose of this Privacy Policy is to define and inform Users of the manner in which the Data Controller collects, uses and protects Users‘ personal data (hereinafter “the Data”), in accordance with the French Data Protection Act of 16 January 1978 as amended and Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (’RGPD”). The Law and the RGPD are together referred to as the ‘Applicable Regulations’.

1.3 The Data Controller reserves the right to modify this Privacy Policy at its own discretion or in order to comply with changes in legislation, regulations, case law or technology.

In this case, the date of modification will appear clearly at the top of the confidentiality policy. It is therefore the User’s responsibility to consult this Privacy Policy regularly in order to take note of any changes.

The Comité Régional du Tourisme Centre-Val de Loire, whose identity and contact details are specified in the “Legal notices” section, as the data controller, processes personal data for the purpose of managing the https://www.loirevalley-france.co.uk/ website.

ARTICLE 2: DATA COLLECTED

2.1 The User is informed that it is possible to visit the Site without communicating any of his/her Data to the Data Controller. In any event, the User is not obliged to communicate his/her Data to the Data Controller.

However, in the event of refusal, the User may not be able to benefit from all the services offered by the Site, in particular the booking service.

As part of certain services (reservation, newsletter, etc.), the Data Controller may ask the User to provide certain Data as mentioned below.

2.2 The Data Controller collects various personal data from Users, namely :

2.2.1 The information required to use the Site and make Reservations

When using the Site, and in order to make a Reservation, the User must provide the following information:

  • Civility
  • surname and first name of the User ;
  • age of people taking part in the Stay ;
  • dates of stay ;
  • postal address ;
  • email address ;
  • telephone number ;
  • number of people for the stay.

By providing this information, the User acknowledges and expressly agrees that his/her Data may be processed in accordance with the provisions of this privacy policy.

2.2.2 Information collected automatically

When the User browses the Site, the Data Controller automatically collects certain Data, namely :

  • geolocation information: the Data Controller may collect information on the User’s precise or approximate location, in particular via the User’s IP address or the GPS data of his/her mobile device. However, Users are informed that they may deactivate the use of location services on their mobile device.
  • usage information: the Data Controller may collect information concerning the User’s interactions with the Site, and in particular see the pages consulted and the Reservations made.

Article 3 : PURPOSES OF PROCESSING

The Data Controller may process the Data in order to (i) improve, supply and develop the Site, (ii) create and maintain a more secure environment and (iii) provide, personalise and improve advertising on the services.

3.1 Concerning the improvement, maintenance and development of the Site

The Data Controller may use the Data to supply, improve and develop the Site, in particular to:

  • to enable the User to access and use the Site;
  • to manage, protect, improve and optimise the Site, for example by carrying out analyses and studies;
  • to enable the User to use the services;
  • to carry out internal analyses and statistics

The Data Controller processes this Data for the purposes listed above, given its legitimate interest in improving the Site and the experience of Users, and where this information is necessary for the proper performance of the services.

3.2 Maintaining a safe environment

The Data Controller may use the Data to create and maintain a secure environment, and in particular to:

  • detect and prevent fraud, spam, abuse, security incidents and other harmful activities ;
  • conduct security investigations and risk assessments;
  • to carry out checks with databases or other sources of information, including police or background checks, to the extent permitted by applicable laws and with the User’s consent, where applicable;
  • to comply with its legal obligations;
  • to resolve any disputes that the Data Controller may have with Users and to enforce its contracts with third parties;
  • apply the General Terms and Conditions of Use and any other policy,

The Data Controller processes this Data for the purposes listed in this section, given its legitimate interest in protecting the Site, to measure the proper performance of its agreement with the User and to comply with applicable laws.

3.3 Concerning the personalisation and improvement of services and advertising

The Data Controller may use the Data to personalise and improve its services and advertising, and in particular to :

  • to send Users promotional messages, commercial and advertising information and other information that may be of interest to them according to their preferences, in particular by sending them the newsletter;
  • personalise, evaluate and improve its advertising;
  • enable the promotion of Professionals and their offers,
  • collect and disseminate Users’ opinions on their stays with the Professionals.

The Data Controller processes this Data for the purposes listed in this section, given its legitimate interest in undertaking marketing activities to offer Users products or services that may be of interest to them.

Article 4 : addressees

For the proper provision and execution of services, and for the User to be able to browse the Site properly, the Data Controller may transmit the Data collected to its partners, and in particular to Professionals and its IT Service Providers.

In this respect, the Data Controller undertakes to ensure that the said partners provide the necessary guarantees with regard to the protection of personal data in order to protect the security and confidentiality of the Data.

Article 5 : CONSERVATION PERIOD

The Data Controller retains the Data only for the time required to fulfil the purposes set out above.

Article 6 : USER RIGHTS

In accordance with the applicable Regulations, the User benefits from the rights set out below with regard to his/her Data.

6.1 Right of access and communication of Data

Users may request confirmation from the Data Controller as to whether or not personal data concerning them is being processed and, if so, access to said personal data as well as a certain amount of information (purposes of the processing, categories of data concerned, recipient of the data, existence of a transfer outside the EU, retention period, etc.).

The Data Controller must then reply to the User within one month of the date of the request (this period may be extended by two months ‘in view of the complexity and number of requests’ and if the User has been informed within the initial one-month period).

Although the response is in principle free of charge, the Data Controller reserves the right to request payment of a reasonable fee if the request gives rise to administrative costs and the request is manifestly unfounded or excessive.

In this respect, it should be noted that the Data Controller is not obliged to respond if :

  • the request is manifestly abusive, in particular its repeated or systematic nature;
  • the Data is not kept.

6.2 Right to rectify Data

Each User has the right to obtain from the Data Controller, as soon as possible, the rectification of any personal data concerning him/her that is inaccurate.

Furthermore, given the purposes of the processing, each User also has the right to have incomplete Data completed, including by providing an additional declaration.

6.3 Right to be forgotten and erased

Each User has the right to obtain from the Data Controller the deletion, as soon as possible, of personal data concerning them.

The right to erasure includes the right to dereference and deletion of the Data collected.

However, this right is not general and applies only on the grounds listed below:

  • the Data is no longer necessary for the purposes for which it was collected or processed;
  • the User withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • the User objects to the processing and there are no compelling and legitimate grounds for the processing;
  • the Data has been processed unlawfully;
  • the Data must be deleted to comply with a legal obligation.

In addition, derogations from the right to erasure are provided for insofar as processing is necessary:

  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation which requires processing, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health,
  • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes insofar as the right in question is likely to render impossible or seriously compromise the achievement of the objectives of the said processing;
  • for the establishment, exercise or defence of legal claims.

Therefore, should the User wish the Data Controller to delete some of his/her Data, he/she must send a written request.

The Data Controller will then inform you whether or not your request is admissible, giving reasons for its decision.

6.4 Right to limit data processing

The right to limitation means that the User has the right to obtain that the Controller limits the processing, this limitation being defined as ‘the marking of retained personal data with a view to limiting their future processing’.

However, this right can only be exercised in certain circumstances:

  • the User disputes the accuracy of the Data;
  • where the processing is unlawful, the User objects to the erasure of the Data and demands instead that its use be restricted;
  • the Data Controller no longer needs the Data for the purposes of processing, but the Data is still necessary for you to establish, exercise or defend your legal rights;
  • the User has objected to the processing.

In this case, only the storage of the data is authorised, and no other processing may be carried out.

6.5 Right to object to the processing of Data

In accordance with Applicable Regulations, Users have the right to object at any time, for reasons relating to their particular situation, to the processing of personal data concerning them.

It should be noted that this right is not absolute and that the User must put forward a legitimate reason in order to benefit from this right.

In the event that the User wishes to object to the processing of all or part of his/her Data by the Data Controller, the latter shall consider whether there are legitimate and compelling grounds for the processing which override the interests of the User, rights and freedoms, or for the establishment, exercise or defence of legal claims.

It is therefore possible that the User’s request for opposition may be refused, in accordance with the applicable legal rules.

In this case, the User may appeal either to the Data Controller or to the CNIL.

6.6 The Data Controller informs the User that he/she may download from the website of the Commission Nationale Informatique et Libertés (CNIL) request forms relating to the rights set out above.

Article 7 : WITHDRAWAL OF CONSENT

If the Data is processed by the Data Controller on the basis of the User’s consent, the User may withdraw his/her consent at any time by indicating this to the Data Controller by e-mail or post to the addresses given below.

Article 8 : SECURITY

The Data Controller implements and continuously updates administrative, technical and physical security measures to protect Data against unauthorised access, loss, destruction or alteration.

If the User has reason to believe that his/her Data has been stolen, lost or misappropriated, it is his/her responsibility to notify the Data Controller immediately.

Article 9 : Contact

Users may exercise their rights or make any request to the Data Controller at the following address:

  • e-mail address: [email protected]
  • postal address: CRT CENTRE VAL DE LOIRE – 3, boulevard de Verdun 45000 Orléans, France

Did you find this content useful?

Thank you

Thank you for taking the time to let us know that you found this content useful. Your encouragement is important to us, and your feedback helps us to improve.

Thank you

Thank you for taking the time to let us know that this content was not useful to you. We apologise for any inconvenience.

Contact général EN