Privacy Policy

Website privacy policy

 

Personal data - Website management

The activities related to the website https://panoramic-village.com/ entail the processing of personal data.

 

What is the policy on the use of personal data about?

This policy informs you of the characteristics of this processing and of your rights regarding your personal data.

 

This privacy policy is written in accordance with the French law n°78-17 of January 6, 1978 (known as "Loi informatique et libertés" or "LIL") and the General Regulation on the Protection of Personal Data ("RGDP") n°2016/679.

 

Who is responsible for this policy?

 

The person in charge of treatment is the company LES CHALETS DE LA MEIJE, represented by its legal representative Teyras Philippe.

The coordinates of the person in charge of the treatment are the following ones: PANORAMIC VILLAGE LA GRAVE, LIEU DIT DERRIERE L'EGLISE 05320 LA GRAVE.

The person in charge can be reached at the following number: 33 4 76 79 97 97.

The contact email address is: contact@panoramic-village.com.

 

Who is this policy for?

 

This policy is intended for the users of the site: the Internet users who browse the site.

It also concerns :

-the people to whom we have entrusted technical services (hosting provider, maintenance, site security)

-the people who have access to the back office of the site for its administration

 

Purposes (what the data is collected for)

 

The purpose of the processing is to manage the website.

 

This treatment allows:

-technical management of the site (maintenance, hosting, site security)

-the administration of the website

-management of information requests through the contact form

 

Legal basis for processing: what gives us the right to process the data

The legal bases for the processing are as follows:

-for the technical management of the site (maintenance, hosting, site security), the legal basis is the legitimate interest

-for the administration of the website, the legal basis is the legitimate interest

for the management of requests for information through the contact form, the legal basis is the legitimate interest (to allow online communication) or the execution of pre-contractual measures (realization of estimates at the request of the persons)

 

Duration of data retention

The data being processed are kept for a period not exceeding that necessary for the purposes for which they are recorded (principle of minimization of processing).

 

The maximum retention periods are as follows:

-for the technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs

-for the administration of the website: as long as the persons concerned administer the site

-for the management of information requests via the contact form: 3 years from the date of the request

 

Processed data

The data controller processes the following categories of data:

-Civil status, identity, identification data, images (name, first name, address, photograph, date and place of birth, etc.)

-Connection data (IP addresses, logs, terminal identifiers, login credentials, timestamp information, etc.)

 

 

Mandatory or optional nature of data collection

The data collected is mandatory in order to achieve the purposes of the treatment.

 

Data sources

The data is transmitted directly by the data subject.

 

The recipients of the data

 

Depending on their respective needs, the following are recipients of all or part of the data:

 

-people in charge of technical services (hosting provider, maintenance, site security)

-online payment service providers (paypal, stripe, etc)

 

What security measures are in place?

 

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

 

The controller shall take measures to ensure that any natural person acting under the authority of the controller or under that of the processor, who has access to personal data, shall not process them unless instructed to do so by the controller.

 

 

The existence or not of a transfer of data to a country outside the European Union and associated guarantees

 

The data controller does not transfer personal data outside the European Union.

 

Automated decision making

 

The processing involves fully automated decision-making.

The data controller undertakes to comply with the requirements of Article 22 of the GDPR.

 

 

Fate of personal data after death - Right of access, rectification, deletion and portability of data

 

The person concerned by a processing operation can define directives concerning the conservation, deletion and communication of his or her personal data after his or her death. These directives can be general or specific.

 

The data subject also has the right to access, object to, rectify, delete and, under certain conditions, port his or her personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for the processing.

 

The request must indicate the name and surname, e-mail or postal address of the person concerned, and be signed and accompanied by a valid proof of identity.

 

She can exercise these rights by contacting :

Philippe Teyras

 

 

Claim

 

The person concerned by a processing operation has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte