1. Personal Data Protection Policy
1.2. Purposes of processing
The legal basis for the personal data processing performed is as follows:
⁃ the execution of pre-contractual or contractual measures when Bateaux Nantais carries out data processing for the purposes of the production, management and tracking of its customer records, as well as collections;
⁃ compliance with legal and regulatory obligations when Bateaux Nantais carries out data processing for the purposes of billing and accounting;
⁃ the legitimate interests pursued by Bateaux Nantais for the purposes of marketing and coordination, management of relations with prospective and existing customers, and the organisation of, registration for and invitation to events organised by Bateaux Nantais.
Bateaux Nantais carries out personal data processing and consequently has the capacity of “Controller”, as defined by Article 4(7) of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).
In this respect, Bateaux Nantais guarantees it has the necessary technical and organisational skills to perform personal data processing operations in accordance with the obligations incumbent upon it.
1.4. Compliance with current regulations
Bateaux Nantais guarantees that it will comply with:
⁃ Law 78-17 of 6 January 1978, the French Data Protection Act, as amended;
⁃ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”);
⁃ any other applicable national legislative or regulatory provisions.
The processed data will be addressed to authorised individuals at Bateaux Nantais, its subcontractors and its IT service providers.
1.6. Data retention period
Bateaux Nantais will only retain the data for a period not to exceed the time which is necessary for the purposes for which they will be processed, in accordance with Article 5(1)(e) of the GDPR.
To that end, customer data will be stored for the duration of their contractual relations with Bateaux Nantais, plus three years, for purposes of marketing and coordination, without prejudice to any legal data retention obligations or the applicable statutory limitation periods.
As concerns accounting, customer data will be kept for 10 years from closing of the financial year.
Cookies are stored for a maximum of 13 months.
Prospective customers’ data are usually retained for a maximum of three years, if there is no participation in or registration for the events organised by Bateaux Nantais.
In any case, a user’s personal data will only be stored for a maximum of 36 months from the date of their last activity.
1.7. Compliance measures
Bateaux Nantais undertakes as follows, under the conditions outlined below:
⁃ to incorporate the principles of data protection by design and data protection by default into its tools, products, applications and services;
⁃ to only retain processed personal data in a form that allows for the data subjects’ identification for the period of time that is necessary for the execution of the planned services;
⁃ to immediately inform users and customers of any incidents which might affect the processing of their personal data;
⁃ to protect the confidentiality of the processed personal data;
⁃ to ensure that the individuals authorised to process the personal data for the purposes of the business:
· undertake to respect the confidentiality of the personal data or are subject to an appropriate legal obligation of confidentiality,
· receive the necessary personal data protection training.
1.8. Security measures
Bateaux Nantais will take all the necessary measures to preserve the integrity, availability and confidentiality of the personal data which it collects.
Bateaux Nantais identifies and implements the necessary means to protect its personal data processing systems, such as to prevent any malicious intrusions and any loss, alteration or disclosure of the data to any unauthorised persons.
For that purpose, Bateaux Nantais has developed and regularly updates its personal data processing logs, which list all technical and operational security measures taken.
Bateaux Nantais identifies and implements measures to ensure data confidentiality, namely through awareness actions for its employees and recommended good practices regarding the use of their computer workstations.
Bateaux Nantais requires that its IT service providers offer sufficient guarantees to ensure the security and confidentiality of all personal data.
Bateaux Nantais makes sure that its IT service providers take all applicable measures to prevent the disclosure or alteration of the data, do not perform remote maintenance without its verification, and return all data at the end of their contracts.
1.9. Data transfers and storage
Bateaux Nantais undertakes to process all personal data exclusively within the territory of European Union Member States.
1.10. Rights of data subjects
Pursuant to the provisions of the French Data Protection Act of 6 January 1978, as amended, and the General Data Protection Regulation, users have the following rights:
- right of access, as per the terms and conditions laid down in Article 15 of the GDPR;
- right to rectification, as per the terms and conditions laid down in Article 16 of the GDPR;
- right to the erasure of their information for any of the grounds and as per the terms and conditions laid down in Article 17 of the GDPR;
- right to restriction of processing, as per the terms and conditions laid down in Article 18 of the GDPR;
- right to data portability, as per the terms and conditions laid down in Article 20 of the GDPR;
- right to object, as per the terms and conditions laid down in Articles 6 and 21 of the GDPR;
which they may exercise by writing to the Bateaux Nantais Data Protection Officers at firstname.lastname@example.org or by post sent to the Convivio group, to which Bateaux Nantais belongs, at 12 rue du Domaine, 35137 Bédée, France, specifying the reason for the correspondence and attaching a copy of proof of their identity.
Lastly, if necessary, data subjects can lodge a complaint with the CNIL (French Data Protection Agency), by post or by telephone.
2. Cookie Management Policy
A cookie is a block of data that does not identify users but instead saves information about their browsing history on the website www.bateaux-nantais.fr. A user’s browser settings can provide information about the presence of cookies and allows the user to reject them, by following the procedure outlined below.
2.2. Cookies used by the website
Depending on the types of services offered, different kinds of cookies may be used:
> analytical cookies, which are used to identify how the users utilise the website and trace their navigation on it in order to generate reports on their interactions;
> functional cookies, which are essential to the optimal usage of the proposed services.
2.3. Deletion of cookies
At any time, a user may choose to block all cookies on the website www.bateaux-nantais.fr.
However, if the user rejects certain cookies, some of the website’s features may no longer function correctly.