Privacy Policy
We have adopted this privacy policy, which determines the way in which we treat information collected by the Departmental Tourism Agency of the Vienne, which also provides the reasons why we need to collect certain personal data about you. Therefore, you should read this privacy policy before using the website https://www.tourisme-vienne.yata.fr.
The website https://www.tourisme-vienne.com is held by the Departmental Tourism Agency of the Vienne.
We take care of your personal data and are committed to ensuring its confidentiality and security.
1. General provisions
Preamble
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on data protection (hereinafter GDPR), sets the legal framework applicable to the processing of personal data. This text reinforces the rights and obligations of data controllers, subcontractors, data subjects and data recipients.
Subsequently, and to implement the modifications of the RGPD, the law n ° 78-17 of January 6, 1978 known as Data processing and freedoms was the subject of a modification by the law n ° 2018-493 of June 20, 2018 by the Ordinance No. 2018-1125 of December 12, 2018 relating to data protection.
This policy is implemented by the Departmental Tourism Agency of the Vienne, hereinafter called "the organization", whose main activities are the development of the tourist offer, the promotion of tourist destinations and the marketing of the tourist offer of the territory of the Vienne.
As part of our activity, we implement personal data processing relating to the data of our customers, partners and prospects. For a good understanding of this policy, it is specified that:
- clients are understood as all natural or legal persons engaged under a contract of any nature whatsoever with our organization, it being specified that it is intended to work with professional clients in tourism or the general public;
- partners are understood as all natural or legal persons involved in the tourism sector and as such maintaining relationships with our organization, such as in particular tourism professionals in the department, project leaders and internal and external investors, holiday distributors, communities territorial authorities and their groups or even institutional partners;
- prospects are understood as any potential customer or any contact recipient of promotional messages from our organization whose data has been collected directly via contact forms, events or indirectly via any partner of the organization.
Purpose and scope
This personal data protection policy is intended to apply in the context of the implementation of the processing of the personal data of our customers, partners and prospects.
As such, the purpose of this policy is to satisfy the information obligation of our organization and thus to formalize the rights and obligations of customers, partners and prospects with regard to the processing of their data.
This policy only covers the processing for which we are responsible as well as data qualified as “structured”.
The processing of personal data can be managed directly by our organization or through a subcontractor specifically appointed by it.
This policy is independent of any other document that may apply within the contractual relationship that binds us to our customers, partners and prospects. We do not implement any processing of the data of our customers, partners and prospects if it does not relate to personal data collected by or for our services or processed in connection with our services and if it does not meet the principles GDPR Generals.
Any new processing, modification or deletion of an existing processing will be brought to the attention of customers, partners and prospects through a modification of this policy.
1.1 Customer data
Types of data collected
Non-technical data (depending on the use case):
- identity and identification (surname, first name, date of birth, nickname, customer number)
- contact details (email, postal address, telephone number)
- professional life / personal life when necessary
Technical data (according to use cases)
- identification data (IP address)
- connection data (logs, token in particular)
- acceptance data (click)
- location data
Origin of data
We collect customer data from:
- data provided by the customer (paper form, order form, contract, business card);
- electronic forms or forms completed by the customer;
- data entered online (website, social networks, etc.);
- registration for events we organize;
- databases shared between several partners, supplied and operated by all of these partners;
- exceptional rental or acquisition of databases;
- communication of contacts through specialized companies or partners of our organization.
Purpose
Depending on the case, we process our customers' data for the following purposes:
- customer relationship management ;
- sale of tourist stays directly or via distribution partners;
- management of organized events that we organize;
- sending newsletters or information feeds;
- customer account management;
- improvement of our services;
- response to our administrative obligations;
- community management;
- production of statistics.
Shelf life
The retention period for our customers' data is defined with regard to the legal and contractual constraints that weigh on us and, failing that, according to our needs and in particular according to the following principles:
- Data relating to customers: for the duration of contractual relations, increased by 3 years for animation and prospecting purposes, without prejudice to retention obligations or limitation periods.
- Technical data: 1 year from collection
- Cookies: 13 months
After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Customers are reminded that deletion or anonymization are irreversible operations and we are no longer, thereafter, able to restore them.
Legal basis
The processing that we implement under this policy is all legally based on the implementation of contractual or pre-contractual measures or, in certain cases, the customer's consent (e.g. sending commercial prospecting messages).
1.2 Partner data
Types of data collected
Non-technical data (according to use cases)
- identity and identification (surname, first name, date of birth, nickname)
- contact details (email, postal address, telephone number)
- professional life (function, job title, etc.)
Technical data (according to use cases)
- identification data (IP address)
- connection data (logs, token in particular)
- acceptance data (click)
- location data
Origin of data
We collect data from our partners from:
- information collected directly via partners;
- electronic forms or forms completed by partners;
- registrations or subscriptions to our online services (newsletter, social networks).
Purpose
Depending on the case, we process our customers' data for the following purposes:
- partner relationship management;
- labeling of sites and equipment for the sectors entrusted by the organization
- tourism engineering operations (diagnostics and feasibility studies, support for setting up projects and grant application files);
- networking and consultation operations between different partners;
- marketing support operations for partner service providers;
- management of the events we organize (trade fairs, workshops, etc.);
- training operations for partner service providers;
- search operations for distribution partners;
- production of statistics.
Shelf life
The retention period for the data of our partners is defined with regard to the legal and contractual constraints that weigh on us and, failing that, according to our needs and in particular according to the following principles:
- Data relating to customers: for the duration of the contractual relationship, increased by 3 years for the purposes of monitoring the relationship, without prejudice to retention obligations or limitation periods
- Technical data: 1 year from collection
- Cookies: 13 months
After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Partners are reminded that deletion or anonymization are irreversible operations and that we are no longer, thereafter, able to restore them.
Legal basis
The processing that we implement under this policy is all legally based on the implementation of contractual or pre-contractual measures.
1.3 Prospect data
Types of data collected
Non-technical data (according to use cases)
- identity and identification (surname, first name, date of birth, nickname)
- contact details (email, postal address, telephone number)
- professional life (function, job title, etc.)
Technical data (according to use cases)
- identification data (IP address)
- connection data (logs, token in particular)
- acceptance data (click)
- location data
Origin of data
We collect our prospect data from:
- data provided by the prospect (paper form, business card, etc.);
- electronic forms or forms completed by the prospect;
- data entered online (website, social networks, etc.);
- registration or subscription to our online services (website, social networks);
- registration for events we organize;
- databases shared between several partners, supplied and operated by all of these partners;
- list communicated by the organizers of events or conferences in which we participate;
- exceptional rental of databases;
- communication of contacts through specialized companies or partners.
Purpose
Depending on the case, we process the data of our prospects for the following purposes:
- prospect relationship management;
- management of the events we organize;
- sending our newsletters or information feeds;
- animation of websites in partnership with our partners;
- operation to promote our organization and tourism in (to be completed) on social networks (Facebook, Twitter, YouTube, Instagram, etc.);
- behavioral analysis of prospects;
- community management;
- production of statistics.
Shelf life
The retention period for the data of our prospects is defined with regard to the legal and contractual constraints that weigh on us and, failing that, according to our needs and in particular according to the following principles:
- Customer data: for 3 years from their collection or the last contact from the prospect
- Technical data: 1 year from collection
- Cookies: 13 months
After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Prospects are reminded that deletion or anonymization are irreversible operations and that we are no longer, thereafter, able to restore them.
Legal basis
The purposes of processing prospects presented above are based on the following conditions of lawfulness:
- execution of pre-contractual measures;
- legitimate interest of our organization;
- consent of the prospect when the law requires it (example regarding the sending of commercial prospecting messages).
1.4 Data recipients
We ensure that the data is only accessible to authorized internal or external recipients and subject to an appropriate obligation of confidentiality.
Internally, we decide which recipient will have access to which data according to an authorization policy.
All access concerning processing relating to the personal data of customers, partners and prospects is subject to a traceability measure.
In addition, personal data may be communicated to any authority legally authorized to know it. In this case, we are not responsible for the conditions under which the personnel of these authorities have access to and use the data.
Internal recipients:
Authorized staff within our structure (staff in charge of marketing, customer relationship management, service provider and prospect, administrative staff, staff in charge of IT) and their line managers.
External recipients
- tourist partners who access the shared file in which the data may appear;
- service providers or support services;
- authorized personnel from the services responsible for control (auditor, services responsible for internal control procedures, etc.);
- administration, judicial officer if necessary.
1.5 Personal rights
Right of access and copy
Customers, partners and prospects traditionally have the right to request confirmation that data concerning them is or is not being processed.
They also have a right to access their data, i.e. the right to obtain communication of all information relating to the processing of their personal data.
In such a case, the customer, partner or prospect must formulate his request himself and there must be no doubt as to his identity. Failing this, we reserve the right to request the communication of any element allowing its identification, such as in particular the copy of an identity document.
Customers, partners and prospects have the right to request a copy of their personal data being processed. However, in the event of a request for an additional copy, we may require the financial support of this cost by customers, partners and prospects.
If customers, partners and prospects submit their request for a copy of the data electronically, the information requested will be provided to them in a commonly used electronic form, unless otherwise requested.
Customers, partners and prospects are informed that this right of access cannot relate to confidential information or data or for which the law does not authorize communication.
The right of access must not be exercised abusively, that is to say carried out on a regular basis for the sole purpose of destabilizing the service concerned.
Updating – updating and rectification
We respond to update requests:
- automatically for inline changes to fields that technically or legally can be updated;
- upon written request from the person themselves who must prove their identity.
Right to erasure
The right to erasure of customers, partners and prospects will not be applicable in cases where the processing is implemented to meet a legal obligation. Apart from this situation, customers, partners and prospects may request the erasure of their data in the following limited cases:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- where the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- the data subject objects to processing which is necessary for the purposes of the legitimate interests pursued by us and there are no overriding legitimate grounds for the processing;
- the data subject objects to the processing of their personal data for marketing purposes, including profiling;
- the personal data has been the subject of unlawful processing.
Right to limitation
Customers, partners and prospects are informed that this right is not intended to apply insofar as the processing that we implement is lawful and that all the personal data collected is necessary for the implementation of the purposes of processing them.
Right to portability
We grant requests for data portability in the particular case of data communicated by customers, partners and prospects themselves, on our online services and for purposes based solely on the consent of individuals and performance of a contract. In this case, the data is communicated to the applicant in a structured, commonly used and machine-readable format.
Automated individual decision
We do not make any automated individual decisions.
The tools offered on our website are only help tools for customers and prospects and cannot be considered otherwise.
Post-mortem law
Customers, partners and prospects are informed that they have the right to formulate directives concerning the storage, erasure and communication of their post-mortem data.
Exercise of rights
The exercise of the aforementioned rights is carried out, at the choice of the interested party, by e-mail or by post to the following coordinates: dpo-poitou.tourisme@racine.eu ou Me Eric BARBRY, of Cabinet Racine located at 40, rue de Courcelles in Paris 75008 FRANCE.
2. Additional provisions
Optional or mandatory nature of answers
Customers, partners and prospects are informed of the mandatory or optional nature of the answers by the presence of an asterisk on each personal data collection form submitted to them. In the case where answers are mandatory, we explain to them the consequences of a lack of answer.
Right of use
Our organization is granted by its customers, prospects and partners a right to use and process their personal data for the purposes set out above.
However, the enriched data which is the result of processing and analysis work on our part, otherwise known as enriched data, remains our exclusive property (usage analysis, statistics, etc.).
Subcontracting
We inform you that we may involve any subcontractor of our choice in the processing of your personal data. In this case, we ensure that the subcontractor complies with its obligations under the GDPR.
We are committed to signing a written contract with all our subcontractors and imposes on the subcontractors the same obligations in terms of data protection as itself. In addition, we reserve the right to carry out an audit with our subcontractors in order to ensure compliance with the provisions of the GDPR.
Cross-border flows
Our organization alone reserves the choice of whether or not to have cross-border flows for the personal data it processes.
In the event of transfer of personal data to a country outside the European Union or to an international organization, we will inform you and ensure that your rights are respected. We undertake, if necessary, to sign one or more contracts to regulate cross-border data flows.
The provisions relating to cross-border flows are binding on us, except in the exceptional cases provided for in Article 49 of the GDPR.
Processing register
As a controller, we undertake to maintain an up-to-date record of all processing activities carried out.
This register is a document or application making it possible to identify all the processing that we implement as the controller.
We undertake to provide the supervisory authority, on first request, with the information enabling the said authority to verify the compliance of the processing with the data protection regulations in force.
3. Security
Security measures
It is our responsibility to define and implement the technical security measures, physical or logical, that we consider appropriate to fight against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.
To do this, we can be assisted by any third party of our choice to carry out, at the frequencies that we deem necessary, vulnerability audits or intrusion tests.
In any case, we undertake, in the event of a change in the means aimed at ensuring the security and confidentiality of personal data, to replace them with means of superior performance. No change can lead to a regression in the level of security.
In the event of subcontracting of part or all of the processing of personal data, we undertake to contractually impose security guarantees on our subcontractors by means of technical measures for the protection of this data. and the appropriate human resources.
Data Breach
In the event of a personal data breach, we undertake to notify the Cnil under the conditions prescribed by the GDPR.
If said violation poses a high risk to customers, partners and prospects and the data has not been protected, we will notify the persons concerned and provide them with the necessary information and recommendations.
4.Contacts
Data Protection Officer
We have appointed as Data Protection Officer, Me Eric BARBRY, from Cabinet Racine located at 40, rue de Courcelles in Paris 75008 FRANCE. If you have a question about your rights, you can write to: dpo-poitou.tourisme@racine.eu
In the event of new processing of personal data, we will contact the data protection officer beforehand.
If you wish to obtain specific information or ask a specific question, you can contact the data protection officer who will give you an answer within a reasonable time with regard to the question asked or the information required.
In the event of a problem encountered with the processing of your personal data, you can contact the data protection officer.
Right to lodge a complaint with the CNIL
Customers, partners and prospects concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the Cnil, if they consider that the processing of personal data personal data concerning them does not comply with European data protection regulations, at the following address:
Cnil – Complaints department
3 Place de Fontenoy - TSA 80715 – 75334 PARIS CEDEX 07
Tel: +01 53 73 22 22
Evolution
This policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations of the Cnil or practices.
Any new version of this policy will be brought to the attention of customers, prospects and partners by any means that we define, including electronically (dissemination by e-mail or online for example).
For more information
For any additional information, you can contact the DPO at the above address, in this case: dpo-poitou.tourisme@racine.eu
For any other more general information on the protection of personal data, you can consult the CNIL website www.cnil.fr.
5. Use of cookies
What is a Cookie ?
A Cookie is a file that records information about your browsing on this site. It does not make it possible to obtain information recorded on your hard disk, but makes it possible to recognize you when you return to our site.
How to accept, configure or refuse a cookie?
You can configure your browser so that cookies are saved or rejected.
For Microsoft Internet Explorer:
- Choose the "Tools" menu then "Internet Options"
- Click on the "Confidentiality" tab
- Select the desired level using the cursor
For Mozilla Firefox:
- Choose the menu "Tools"> "Options"
- Click on the option "Privacy"
- "Cookies" section
For Chrome:
- Choose the menu "Edit"> "Preferences"
- Click on the option "Personal data"
- "Cookies" section
For Safari:
- Choose the menu "Edit"> "Preferences"
- Click on the option "Personal data"
- "Cookies" section
Consequences of your choice
The activation of cookies results in the memorization of your identifiers in a form, in a comment, or possibly stores your navigation data. It is important for you to know that if you decide to refuse or delete cookies on your browser, this will not prevent the display of advertising. The only difference is that they will no longer be adapted to your centers of interest.
Cookies that can be installed via this website
When you connect to this site, we may install several cookies on your computer or smartphone/tablet. The validity of the cookies concerned will be a maximum of 13 months.
These cookies allow:
- to establish statistics of frequentation and use of the elements composing the site (headings and contents visited, routes;
- to adapt the presentation of the site to the display preferences of your terminal (language used, display resolution, operating system used);
- to memorize information relating to a form that you have completed;
- to implement security measures, for example when you are asked to log in again to content or a service after a certain period of time.
- Cookies exempt from consent
- In accordance with the recommendations of the Commission Nationale de l'Informatique et des Libertés (CNIL), some cookies are exempt from the prior collection of your consent insofar as they are strictly necessary for the operation of the website or have the exclusive purpose of allowing or facilitating electronic communication. These include session identifier cookies, authentication cookies, load balancing session cookies as well as cookies for customizing your interface.
Possible cookies
Cookies called “social networks”: the pages and articles present on the site are likely to be accompanied by a third-party computer application allowing the sharing of this content on social networks.
We have no control over the process used by the social networks concerned (Facebook, Twitter, Google+, Pinterest, Instagram, YouTube, etc.) to collect this information and invite you to consult their privacy policies.
For example for Facebook: https://fr-fr.facebook.com/privacy/explanation
6. Use of personal data
We may use your personal data to send information related to your request. We undertake not to transmit your data to a third party. You can exercise your right to consult, modify or delete data concerning you by using the attached form or by contacting us by e-mail: