This Confidentiality Charter/Policy applies to the Saint-Etienne Métropole Tourist Office – 16 avenue de la Libération – 42000 SAINT ETIENNE.
The Data Controller is Anne-France DECROIX- Director
DPO contact: Franck LAVASTRE
We consider data confidentiality as one of the fundamental elements in our relations. Our confidentiality charter and our practices in this domain are focused on processing personal data in an appropriate way and in accordance with current legislation, whilst ensuring their confidentiality, integrity and availability.
This confidentiality charter sets out the entire online confidentiality policy applicable to our activities. It sets out the type of information that we collect and the way we use, share and secure the information you provide to us. It also describes the choices you have with regard to the use, access and correction of your personal data.
We process personal data within the European Union (EU). Our activities are subject to the General Data Protection Regulation (the “GDPR”). This is a directly binding law. The RGPD protects individuals’ fundamental liberties and rights and in particular their personal data.
Personal data includes all types of information directly or indirectly attributable to a person, such as their name, date of birth, address, e-mail address, telephone number, etc.
Our confidentiality charter is based on the following data protection principles:
- personal data will be processed in total compliance with the law, clearly and transparently;
- personal data will only be collected for specified, explicit, legitimate purposes and data will not subsequently be processed in any way that is not compatible with these principles;
- the collection of personal data must be appropriate, relevant and limited to what is necessary in collection with the aim of the data processing;
- the personal data must be accurate and, if necessary, updated;
- all reasonable measures must be taken to ensure that data that is found to be irrelevant to the aim of the processing is deleted or rectified without delay;
- personal data must be kept for the identification of their subject, but only for as long as it is necessary to the aim of the processing;
- all personal data must remain confidential and be stored in such a way as to guarantee appropriate security;
- personal data must not be shared with any third parties, unless it is necessary for Saint-Etienne Métropole Tourist Office to be able to provide the services stipulated in the agreement;
- you have a right to ask to consult, rectify or delete your personal data as well to restrict or oppose their processing, as well as to transfer the data.
DATA COLLECTION AND USE
Collection of data via our website:
The geographical area from where you connect to our website, from your computer or mobile device, such as that provided by an IP address is one item of information that we collect anonymously, as is the type of device used to connect to the site. Collecting such data enables us to orient our communication strategy and adapt the site. The Google Analytics tool is used.
The data collected from your contact with us via the website enables us to meet your needs. These data are not used for any purposes other than to provide you with an answer.
You are offered the possibility of receiving our newsletter and our commercial offers in the contact form. These options must be expressly chosen.
Newsletters and information e-mails:
Your surname, first names, e-mail address and postcode are collected in order to be able to share tourism-related news with you and to inform you of our individual or group commercial offers.
Booking on the open system platform:
The Saint-Etienne Métropole Tourist Office processes personal data for the purpose of providing online booking services. The legal basis for this processing is the execution of an Open System contract. The data processed are indispensable to this treatment and they are used by us and, where appropriate, by our service providers. Your details are also passed on to the provider with which you are making a booking so that it can process and handle that booking.
Other forms of communication: we may also contact you by par e-mail, letter, telephone or text message, depending on the contact details you have given us.
- These are the reasons why we may contact you:
- It is possible that we may need to contact you about the enquiries you have made.
- When you use our services, we may send you a questionnaire or invite you to leave a comment on your experience. We believe that this extra service is useful to you and us as it enables us to make improvements to our services based on your comments.
Management of cookies
DATA COLLECTION FOR BOOKING GROUP TOURS:
Saint-Etienne Métropole Tourist Office organises tours for groups (group bookings or individuals joining a group).
The person signing a contract with Saint-Etienne Métropole Tourist Office agrees to transmit their data for the purpose of its performance and guarantees that they have the consent of the other travellers for the same aims.
The data are retained for a period that does not exceed the period necessary to the following purposes:
- Ordering a stay: the data necessary to the processing of your order are kept for the time it takes to establish a right or draw up a contract.
- Managing the commercial relationship: the data will be retained (at the most) for 5 years after the end of the commercial relationship.
ACCESS AND DISSEMINATION OF INFORMATION
Access to personal data is strictly restricted to the staff of Saint-Etienne Métropole Tourist Office, and only the relevant internal departments will have access to the your data within the strict framework of the processing described in this charter.
All the staff are bound by a Charter on the use of IT resources.
We only share personal data with third parties under the conditions listed below:
- if you have given your agreement;
- if it is directly connected to the initial reason for collecting your personal data;
- if it is necessary for the preparation, negotiation and implementation of the agreement between us;
- if it is required by the law, the authorities or a court;
- if it required for the filing or protection of complaints or in connection with the defence of a legal action;
- if it is required in response to a judicial investigation, including for reasons connected with national security or other legal requirements;
- if it is necessary to avoid any abuse or illegal activity, such as a deliberate attack, in order to guarantee the protection of data.
Saint-Etienne Métropole Tourist Office uses service providers to operate its site and provide you with the services and products offered.
For all these data transfers, we also ensure that we work only with trustworthy companies. Subcontractors are bound by specific obligations concerning data confidentiality.
DATA PROTECTION AND SECURITY
Saint-Etienne Métropole Tourist Office applies reasonable procedures to prevent any unauthorised access and misuse of your information, including your personal data. In order to guarantee the protection and confidentiality of the information provided to us, including your personal data, we use appropriate professional procedures and systems.
Only approved personnel are authorised, for the purposes of their work, to access your personal data. Subcontractors are bound by specific obligations concerning data security. They take measures to ensure optimum protection of data.
The Saint-Etienne Métropole Tourist and Congress Office has an SSL certificate (Comodo Wildcard SSL).
Data are only retained for the length of time strictly necessary and in line with the recommendations of the CNIL (French data protection agency) and/or the legal requirements:
Saint-Etienne Métropole Tourist Office’s general data retention policy is as follows:
Identification data: 3 years after the last date of visiting the site;
Purchasing data: 5 years after the last activity;
Prospects’ data: 3 years after the date of the last activity on the site or the last opening of the newsletter or e-mails;
Cookies: 13 months maximum from the date they are deposited on your computer or terminal;
Geolocation data: only for the duration of the browsing session.
Renewal of consent
- Concerning visits to the website, your consent will be considered as renewed for 3 years each time you reconnect to our site;
- Concerning the newsletters and e-mails, your consent will be considered as renewed for 3 years each time you open a newsletter or e-mail;
- Concerning group and open system bookings, your consent will be considered as renewed for 5 years each time you place an order.
Your choices and your rights
We want to you to remain in control of the use of your personal data. To do so, you can exercise your right of access to the data concerning you or have them rectified or deleted at any time. You can also exercise your right to limit processing and your right to data portability by contacting us and sending a copy of your identity document by e-mail to email@example.com or by letter to this address:
Office de Tourisme et des Congrès de Saint-Etienne Métropole
Mes données personnelles
16 Avenue de la Libération – BP 20031
42001 Saint-Etienne cedex 1.