A cookie is a small computer file. It is used to analyse user behaviour when visiting a website, reading an e-mail, installing or using software or a mobile application.
Publishers of websites or applications that use cookies must:
- Inform Internet users of the purpose of cookies,
- Obtain their consent,
- Provide Internet users with a means of refusing them,
- Consent given in this way is valid for a maximum of 13 months.
Information relating to the use of personal data on the website
The European regulation on the protection of personal data, abbreviated RGPD, is a European text that makes companies and public bodies more accountable.
The European regulation on the protection of personal data, abbreviated to RGPD, is a European text that makes companies and public bodies more accountable.
The legal basis for processing is what legally authorises its implementation, which gives an organisation the right to process personal data. It can also be referred to as the "legal basis" for processing.
Six legal bases are provided for by the RGPD:
- Consent,
- contract,
- Legal obligation,
- Safeguarding vital interests,
- Public interest,
- Legitimate interests.
Sites that use personal data must include the following information:
- Details of the organisation's Data Protection Officer (DPO), if one has been appointed, or of a contact point for questions relating to the protection of personal data.
- Purpose of the data processing.
- Recipients of the processing
- Where your data is stored.
- The storage periods applied.
- Your rights
- If necessary, transfers of personal data to a country outside the European Union.
- Rights of access, modification and rectification.
- Limits to the right of access
- Mandatory or optional nature of replies and possible consequences for the Internet user of failing to reply.
- Mention of the right to lodge a complaint with the CNIL.
Privacy policy
The Syndicat Mixte de la Toscane Occitane attaches great importance to the protection of privacy and personal data. In accordance with European Regulation 2016/679 of 26 April 2016 and the amended French Data Protection Act of 6 January 1978, the Syndicat Mixte de la Toscane Occitane makes strong commitments to the persons concerned.
By creating your private or professional account and placing an order on the la-toscane-occitane.com website, hereinafter referred to as "the Website", the Syndicat Mixte de la Toscane Occitane is required to record personal data concerning its internet users and customers. The Syndicat Mixte de la Toscane Occitane is entirely responsible for the collection and processing of this data. It is a public body, a mixed municipal syndicate, registered in the Register of Travel and Holiday Operators under number: IM081220001- RCP N°41846652X/0001 (GROUPAMA D'OC), with its registered office at 14 rue des Écoles 81140 Castelnau-de-Montmiral, hereinafter referred to as "the Company". The term "personal data" refers to all data that may allow a person to be identified.
Personal datas
The Syndicat Mixte de la Toscane Occitane collects several types of data, some of which are mandatory for the proper operation of the website and your order placement, while others are optional, allowing us to personalise your online experience. You can accept, refuse or configure the type of data that you wish to entrust to us, or not, when you arrive on our website thanks to the cookies that are proposed to you.
List of data used :
- Last name / First name
- Postal address
- Telephone number
- Connection data
- Browsing data
- IP address
- Bank transactions
- Booking history
- Newsletter subscriptions
The Syndicat Mixte de la Toscane Occitane reserves the right to create additional and/or complementary means of data collection. In this respect, the Syndicat Mixte de la Toscane Occitane will specify, in accordance with the regulations, the specific purposes of the processing concerned on the data collection page.
The Syndicat Mixte de la Toscane Occitane does not take any fully automated decisions on the basis of your personal data.
Uses of your data
The legal basis for data processing is the performance of a contract (Article 6.1.b of the European Regulation).
- Invoicing: preparation of administrative and financial documents in due and proper form.
- Customer service: responding to your requests, managing your opinions and questions
- Communication: implementation of targeted campaigns via social networks or the newsletter
- Promotion: development of games, competitions, events, etc.
- Continuous improvement: introduction of new functions based on statistics
- Fraud prevention: certain parts of your transactional information may be kept by the Company as part of the fight against payment fraud and for the management of any complaints. However, no bank card number, expiry date or cryptogram is kept. In case of doubt, the Company reserves the right to verify the identity of a buyer by any means whatsoever and to temporarily halt the ordering process.
Recipients of the data collected
Only our company and the external companies to which we are contractually linked for the management of your order or the sending of our newsletters have access to the personal data that you communicate to us. The categories of people who will have access to your personal data within the Company are, within the limits of their respective needs, the internal staff linked to the Financial, Accounting and Legal departments, the Human Resources department, the IT and Communications department and the Management.
Your personal data may also be sent to public bodies, exclusively to meet legal obligations, judicial officers, legal agents, tax authorities in the event of a tax audit, for example, and customs authorities. External companies that will have access to your personal data in order to process your orders are :
- Our payment service providers (Consonnance web, Alliance Réseau, DGFIP, COSOLUCE)
- Our external web service providers (Thuria and Roofline)
- Our subcontractors and hosting, storage, maintenance and site security services (Ethersys)
- Our traffic analysis services (Google Analytics, Google Search Console)
- Our advertising and retargeting services (Google Adwords, Facebook, Instagram)
- Our GRM and newsletter sending service provider whose head office is located in France (Proximit, Mailjet)
The transmission of personal data with recipients (whatever their legal nature, subcontractor, data controller or simple recipient) is carried out in a secure manner and in application of an agreement between the Syndicat Mixte de la Toscane Occitane and each recipient.
The Syndicat Mixte de la Toscane Occitane undertakes to ensure that each recipient is aware of the guiding principles of personal data protection and is subject to them in application of the law and/or a specific contract. No personal data will be transferred commercially to a third party. With regard to the personal data of our employees, our Health and Welfare management service providers may be required to process personal data.
Data retention
The date on which your account was created, the date on which you last logged on, the date on which you last made a purchase and the date on which you signed up for our newsletter constitute our last agreed commercial contact.
The date taken into account to define the retention period for the personal data we collect is the date of the last transaction you carried out on our site or the date of the last connection to your customer account.
The Syndicat Mixte de la Toscane Occitane complies with the regulations applicable on the date of the present document, namely : for data relating to the creation of the account on the site, a period of 36 months from the last connection to the account.
The personal data of our users and customers is kept for a period of 3 years from the last purchase or the last contact, in the absence of an online visit. In the event of an online purchase, data that is not useful to our financial and administrative services will be kept for a period of 3 years, unless you expressly request its deletion before the end of this period.
Place of data storage
The Syndicat Mixte de la Toscane Occitane takes care to store your personal data in a country that guarantees a level of protection adequate to the level of legal protection provided by European Union law. In this respect, the Syndicat Mixte de la Toscane Occitane has taken every precaution in terms of compliance with regulations protecting privacy and personal data by signing the European Commission's standard clauses with the subcontractor responsible for hosting your personal data in France. Your personal data is therefore stored by the Syndicat Mixte de la Toscane Occitane in a secure manner and in compliance with the regulations.
Data controllers and subcontractors may transfer data outside the European Union (EU) and the European Economic Area (EEA) provided that they ensure a sufficient and appropriate level of data protection. They must provide a framework for these transfers using the various legal tools defined in Chapter V of the RGPD.
Securing your data
Our IT service providers do their utmost to prevent theft, distortion and damage to data by various means of security:
- Automatic back-ups of the site and databases
- Restricted access to the back office
- Equipping IT equipment with firewalls, antivirus and other protection systems
- Regular maintenance and checking of workstations and IT tools
- Raising awareness of RGPD standards among staff and subcontractors
- SSL security for our payment protocol
- Encouraging the use of strong passwords for online customer accounts
Rights of access, rectification, portability and deletion of your data
1. Contact of the Data Protection Officer DPO/DPD
Please note that all information collected on the Website is recorded by the Syndicat Mixte de la Toscane Occitane, which is responsible for data processing. You may contact it at any time to assert your rights at our dedicated address: info@latoscaneoccitane.com.
2. Right of access to your personal data (in accordance with Article 15 "Data subject's right of access" of the RGPD).
3. Right of rectification of your personal data (in accordance with Article 16 "Right of rectification" of the GDPR), if they are inaccurate or incomplete. Right to restrict processing (in accordance with Article 18 "Right to restrict processing" of the GDPR).
4. Right to erasure of your personal data if:
- They are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent for processing subject to consent (e.g. commercial canvassing).
- You validly object to the processing.
- It has been processed unlawfully (for example, publication of pirated data).
- You are required to do so by law.
5. Right to object on legitimate grounds.
6. Right to the portability of your data.
7. Right to define directives concerning the fate of your personal data after your death.
8. Right to withdraw your consent at any time: for processing based on consent.
9. Right of access to modify/delete personal data can be exercised:
- By post, accompanied by your proof of identity. Ideally by recorded delivery with acknowledgement of receipt.
- By email, with your ID sent to info@latoscaneoccitane.com
10. Limits to the right of access
The controller of the file may :
- Refuse the request for access: in this case, he must give reasons for his decision and inform the applicant of the channels and time limits for appealing against it.
- Refuse to respond to requests that are manifestly abusive, particularly in terms of their number, repetitive or systematic nature (for example, a request for a full copy of a recording every week).
If the data controller does not have any data on the person exercising their right of access (for example, the data has been deleted or the organisation does not have any data on the person), it must nevertheless respond to the applicant within one month.
11. Right to lodge a complaint
You may assert your rights regarding your data, and request that it be modified or rectified, by using the contact form or by writing to the following address: info@latoscaneoccitane.com
In the event of a complaint, you may contact the CNIL (www.cnil.fr )
Obligations of the Company
If, despite all the precautions taken, an intrusion or security breach directly affecting your data is discovered by our services, "the Company" undertakes to inform the CNIL and to inform you within 72 hours with the following details:
- the nature of the personal data breach including, if possible, the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records affected for the purposes of informing the CNIL;
- the name and contact details of the Data Protection Officer (DPO), or any contact from whom further information may be obtained;
- the likely consequences of the personal data breach;
- the measures taken or proposed to be taken by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative consequences.
This charter may be amended at any time to take account of changes in our business and processes and to comply with regulatory developments. Its various versions will be kept as they evolve within the Company.
Date of this Charter: 29/08/2023
Information on the use of personal data in the EnQuête(s) application
La Toscane Occitane undertakes, within the framework of its activities and in accordance with the legislation in force in France and Europe, to ensure the protection, confidentiality and security of the personal data of the users of its services, as well as to respect their privacy.
This notice informs you of the way in which La Toscane Occitane, its subcontractors and its possible partners process your personal data in the context of the use of the mobile application "Enquête(s)" (the "Application") and the service accessible via this mobile application (the "Service").
Why does La Toscane Occitane process your data?
La Toscane Occitane only processes personal data for specific, explicit and legitimate purposes. La Toscane Occitane does not process this data in a way that is incompatible with these purposes.
La Toscane Occitane processes your data as part of the execution of a contract (the general conditions of use ("GCU") of the Application and the Service that you accept prior to any use). To this end, the purposes pursued by La Toscane Occitane are as follows:
- Provide access to the Application and the Service
- To manage the functionalities of the Application and the Service
- As part of its legitimate interests, La Toscane Occitane also processes data as part of the provision of the Service, for the following purposes:
- Evaluating the audience for the Service and the content consulted on the Application
- To improve the Service and the Application
La Toscane Occitane may also need to process your data in order to meet its legal or regulatory obligations.
What data is processed?
Depending on the case, La Toscane Occitane processes your personal data, collected directly from you or resulting from the use of the Application and the Service. La Toscane Occitane may also receive data collected from you by a third party for the use of the Service.
La Toscane Occitane only processes data or a category of data if it is strictly necessary for the purpose for which it was collected.
La Toscane Occitane processes the following categories of data in the context of the use of the Application and the Service:
- Identification data: technical identification data
- Geolocation data
How long is your data kept?
Your personal data is kept strictly confidential for as long as is necessary to fulfil the above-mentioned purposes.
Who receives your data?
The data collected is intended for the internal departments of La Toscane Occitane and its subcontractors.
Finally, the data processed may be transmitted to the competent authorities, at their request, as part of legal proceedings, as part of legal investigations and requests for information or in order to comply with other legal obligations.
Is your data processed outside the European Union?
In order to provide you with a quality service, La Toscane Occitane relies on the expertise of its subcontractors, some of whom perform their services outside the European Union. In this case, La Toscane Occitane takes the necessary steps with its sub-contractors to guarantee an adequate level of protection for your data, in full compliance with the applicable regulations.
If the processors concerned are not located in a country whose legislation is considered to offer adequate protection, they will have signed the European Commission's "standard contractual clauses" or will be subject to binding internal rules approved by the authorities.
What are your rights?
You have the right to access, rectify and delete your personal data. You may request that your data be ported. You also have the right to object to the processing carried out or to request that it be restricted.
You may issue instructions concerning the retention, deletion or communication of your personal data after your death.
How can you exercise your rights?
You can exercise your rights at any time and contact La Toscane Occitane at the following address: SM La Toscane Occitane, 42 GR RAIMOND VII 81170 CORDES-SUR-CIEL.
A reply will be sent to you within one month of receipt of your request.
Possibility of referring to the CNIL: if your exchanges with La Toscane Occitane have not been satisfactory, you have the possibility of lodging a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the supervisory authority responsible for compliance with obligations in terms of personal data in France.
How is your data secured?
La Toscane Occitane ensures that your data is treated with the utmost security and confidentiality, including when certain operations are carried out by subcontractors.
To this end, appropriate technical and organisational measures are put in place to prevent the loss, misuse, alteration and deletion of your personal data. These measures are adapted according to the level of sensitivity of the data processed and the level of risk presented by the processing or its implementation.
Use of tracking technology.
La Toscane Occitane uses a software development kit ("SDK") allowing the implementation of analysis necessary for the functioning of the Service and giving rise to the production of anonymous statistics. In accordance with the regulations in force and the use of the SDK, this mechanism is not subject to your prior consent.
Modification of the personal data protection policy.
This personal data protection policy may change from time to time.
Date of this Charter: 27/04/2024