Website personal data protection policy
Personal data – Website management
The activities relating to the website https://panoramic-village.com/ involve the processing of personal data.
What is the policy on the use of personal data?
This policy informs you of the characteristics of this processing and of your rights over the personal data concerning you.
This confidentiality policy is drafted in accordance with Law n ° 78-17 of January 6, 1978 (known as the “Data Protection Act” or “LIL”) and the General Regulations on the Protection of Personal Data (“RGDP”) n ° 2016 / 679.
Who is responsible for this policy?
The data controller is LES CHALETS DE LA MEIJE, represented by its legal representative Teyras Philippe.
The contact details of the data controller are as follows: PANORAMIC VILLAGE LA GRAVE, PLACE DERRIERE L’EGLISE 05320 LA GRAVE.
The manager can be reached at the following number: 33 4 76 79 97 97.
The contact email address is: contact@panoramic-village.com.
Who is this policy for?
This policy is intended for users of the site: Internet users who browse the site.
It also concerns :
- the people to whom we have entrusted technical services (hosting provider, maintenance, site security)
- people who have access to the back office of the site for its administration
Purposes (what is the data collected for)
The purpose of the processing is to manage the website.
This treatment allows :
- technical management of the site (maintenance, hosting, site security)
- the administration of the website
- management of requests for information through the contact form
Legal basis for processing: which gives us the right to process data
The legal bases for processing are as follows :
- for the technical management of the site (maintenance, hosting, site security), the legal basis is the legitimate interest
- for the administration of the website, the legal basis is the legitimate interest
- for the management of requests for information via the contact form, the legal basis is the legitimate interest (allowing online communication) or the execution of pre-contractual measures (production of quotes at the request of people)
Data retention period
The data being processed are kept for a period not exceeding that necessary for the purposes for which they are recorded (principle of minimization of processing).
The maximum retention periods are as follows:
- for the technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs
- for the administration of the website: as long as the persons concerned administer the site
- for the management of information requests using the contact form: 3 years from the request
Data processed
The data controller processes the following categories of data:
- Marital status, identity, identification data, images (name, first name, address, photograph, date and place of birth, etc.)
- Connection data (IP addresses, logs, terminal identifiers, connection identifiers, timestamp information, etc.)
Mandatory or optional nature of data collection
The data collected is mandatory to achieve the processing purposes.
Data sources
The data is transmitted directly by the data subject.
Data recipients
Depending on their respective needs, the following are recipients of all or part of the data:
- people in charge of technical services (hosting provider, maintenance, site security)
- online payment service providers (paypal, stripe, etc.)
What security measures are in place?
The data controller implements the appropriate technical and organizational measures to guarantee a level of security adapted to the risk.
The controller takes measures to ensure that any natural person acting under the authority of the controller or the processor, who has access to personal data, does not process it, except on the instructions of the controller, unless required to do so.
The existence or not of a transfer of data to a country outside the European Union and associated guarantees
The data controller does not transfer personal data outside the European Union.
Automated decision making
The processing provides for fully automated decision-making.
The data controller undertakes to comply with the conditions of article 22 of the GDPR.
Fate of personal data after death – Right of access, rectification, deletion and portability of data
The person concerned by a processing can define directives relating to the conservation, the erasure and the communication of his personal data after his death. These guidelines can be general or specific.
The person concerned by a processing also benefits from a right of access, opposition, rectification, deletion and, under certain conditions, portability of his personal data. The data subject has the right to withdraw his consent at any time if the consent constitutes the legal basis for the processing.
The request must indicate the surname and first name, e-mail or postal address of the person concerned, and be signed and accompanied by a valid proof of identity.
It can exercise these rights by contacting:
Philippe Teyras
Claim
The person concerned by processing has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte