1. GENERAL PROVISIONS

Generalities

This charter ("CHARTER") aims to inform users of our website
accessible at the following address: https://www.albi-tourisme.fr/ (“SITE”) and, more generally,
of the services of the Albi Tourist Office, of the commitments and measures taken by the Office of
Tourism in order to ensure the protection of their personal data (“DATA
PERSONAL”).

By using the SITE, users agree to the collection and use of their DATA
PERSONAL in the manner described in this CHARTER.

Respect for privacy and personal data is a priority for us.
The ALBI Tourist Office undertakes to process the PERSONAL DATA collected
in compliance with applicable laws and regulations, and in particular law n° 78-17 of January 6
1978 amended relating to data processing, files and freedoms (“COMPUTER LAW
AND FREEDOMS”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of individuals with regard to the processing of personal data
personal nature and the free movement of such data (“GDPR”).

This policy is implemented by the Albi Tourist Office (hereinafter referred to as "
organization"), whose main activities are the development of the tourist offer, the
promotion of tourist destinations and marketing of the tourist offer of the Tarn.
As part of our activity, we implement data processing
personnel relating to the data of our customers, partners and prospects.

Detail:

  • Customers are natural or legal persons engaged under a contract
    with our organization, these are professional customers of tourism or the great
    public.
  • The partners are natural or legal persons involved in the sector of
    tourism (tourism professionals from the department, project leaders and investors
    internal and external, distributors of stays, local authorities and their
    groups or institutional partners)
  • Prospects represent any potential customer or contact receiving messages
    promotional products from our organization whose data has been collected directly via
    contact forms, events or indirectly via any partner of
    the body.

Application fields

This personal data protection policy is intended to apply
as part of the implementation of the processing of the personal data of our customers,
partners and prospects.
The purpose of this policy is to satisfy our organization's obligation to inform and thus
to formalize the rights and obligations of customers, partners and prospects
regarding the processing of their data. It relates only to the treatments which we
are responsible as well as on data qualified as "structured".
The processing of personal data can be managed directly by our organization
or through a subcontractor specifically appointed by him.
This policy is independent of any other document that may apply within the
contractual relationship that binds us to our customers, partners and prospects. Brand new
processing, modification or deletion of an existing processing will be brought to the attention of the
customers, partners and prospects through a modification of this policy.

2. Customer data

Types of data collected

Non-technical data
Civility,
Last name,
First name,
Address,
Postal code,
Villas,
Country,
Phone
E-mail adress,
Name of the structure, association or company
Technical Data
Identification data (IP address)
Connection data (logs)
Acceptance data (click/opt-in)
Location data

Origin of data

The data of our customers is collected from:

  • Information transmitted by the customer himself either by paper or electronic form completed by himself
  • Data transmitted on the website, social networks, etc.
  • Databases shared between several partners, fed and operated by all of these partners
  • Information transmitted by the customer himself during an online purchase on the booking site

Purpose

Depending on the case, we process our customers' data for the following purposes:

  • Respond to contact requests
  • Send tourist documentation
  • Manage customer relationship
  • Send satisfaction questionnaires
  • Sell ​​products through the online store
  • Sell ​​tickets to shows
  • Sell ​​tourist stays
  • Manage events
  • Set up commercial prospecting actions
  • Send newsletters
  • Meet our administrative obligations
  • Perform statistics

Retention periods

The retention period for our customers' data is defined in the light of legal constraints.
and contractual obligations that weigh on us and, failing that, according to our needs and in particular according to
the following principles

TreatmentShelf life
Customer dataFor the duration of the contractual relations, increased by 3 years for the purposes of animation and prospecting, without prejudice to the obligations of conservation or the limitation periods
Technical Data1 year from collection
CookiesSee cookies policy

After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Customers are reminded that deletion or anonymization are irreversible operations and we are no longer, thereafter, able to restore them.

Legal basis

The processing that we implement under this policy has, depending on the case, the following legal bases:

  • For the management and follow-up of your contracts, orders, deliveries and invoices :
    Legal basis: Contractual, processing is necessary for the performance of a contract or pre-contractual measures
  • To improve our knowledge of the tourist clientele :
    Legal bases: Our legitimate interest and your consent when required.
  • To respond to questions and requests for information :
    Legal basis: Your consent
  • To send you newsletters, invitations to events, commercial offers, surveys :
    Legal basis: Your consent
  • To ensure the proper functioning of the SITE, to improve its content and operation and to adapt it to requests :
    Legal bases: Our legitimate interest and your consent when required
  • Pto perform anonymized statistical calculations :
    Legal bases: Our legitimate interest, your consent when required.
    Legal obligation: public service mission of the Tourist Office.
  • To manage and respond to your requests for the exercise of “Informatique & Libertés” rights
    Legal bases: Legal obligation (IT AND FREEDOMS LAW and GDPR)

3. PROVIDER DATA

Types of data collected

Non-technical data
Civility,
Last name,
First name,
Address,
Postal code,
Villas,
Country,
Phone
E-mail adress,
Name of the structure, association or company
Bank details (RIB)
Technical Data
Identification data (IP address)
Connection data (logs)
Acceptance data (click/opt-in)
Location data

Origin of data

We collect data from our partners from:

  • Information collected directly via partners,
  • Information collected via shared databases
  • Electronic forms completed by partners
  • Registrations or subscriptions to our online services (newsletter, social networks).

Purpose

Depending on the case, we process our customers' data for the following purposes:

  • Partner relationship management
  • Display of qualified information on our service providers on the web and in our publications
  • Labeling of sites and equipment for the sectors entrusted by the organization
  • Tourism engineering operations (diagnostics and feasibility studies, support for setting up projects and grant application files)
  • Networking and consultation operations between the various partners
  • Support operations for the marketing of partner service providers
  • Management of the events we organize
  • Training operations for partner service providers
  • Search operations for distributor partners
  • Creation of a database of local tourism stakeholders
  • Sharing this database at departmental, regional and national level

Retention periods

The retention period for the data of our partners is defined with regard to the legal and contractual constraints that weigh on us and, failing that, according to our needs and in particular according to the following principles:

TreatmentShelf life
Customer dataFor the duration of the contractual relationship, increased by 3 years for the purposes of monitoring the relationship, without prejudice to retention obligations or limitation periods
Technical Data1 year from their collection
CookiesSee cookies policy

After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Partners are reminded that deletion or anonymization are irreversible operations and that we are no longer, thereafter, able to restore them.

Legal basis

The processing that we implement under this policy is all legally based on the implementation of contractual or pre-contractual measures.

4. PROSPECTS DATA

Types of data collected

Non-technical data
Civility,
Last name,
First name,
Address,
Postal code,
Villas,
Country,
Phone
E-mail adress,
Name of the structure, association or company
Bank details (RIB)
Technical Data
Identification data (IP address)
Acceptance data (click/opt-in)
Location data

Origin of data

We collect our prospect data from:

  • Data provided by the prospect (paper form, business card, etc.)
  • Electronic forms completed by the prospect
  • Data entered online (website, social networks, etc.)
  • Data provided by the prospect during an online purchase or reservation of a free service
  • Data provided by the prospect during an online chat
  • Registration or subscription to our online services (website, social networks)
  • Registration for events
  • Databases shared between several partners, fed and operated by all of these partners
  • List communicated by the organizers of events or conferences in which we participate
  • Exceptional database rental
  • Communication of contacts through specialized companies or partners.

Purpose

Depending on the case, we process our customers' data for the following purposes:

  • Respond to contact requests
  • Send tourist documentation
  • Manage customer relationship
  • Send satisfaction questionnaires
  • Sell ​​products through the online store
  • Sell ​​tourist stays
  • Manage events
  • Set up commercial prospecting actions
  • Send newsletters
  • Meet our administrative obligations
  • Perform statistics

Retention periods

The retention period for the data of our prospects is defined with regard to the legal and contractual constraints that weigh on us and, failing that, according to our needs and in particular according to the following principles:

TreatmentShelf life
Customer dataFor 3 years from their collection or the last contact from the prospect
Technical Data1 year from their collection
CookiesSee cookies policy

After the fixed deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation and litigation.
Prospects are reminded that deletion or anonymization are irreversible operations and that we are no longer, thereafter, able to restore them.

Legal basis

The purposes of processing prospects presented above are based on the following conditions of lawfulness:

  • Execution of pre-contractual measures
  • Legitimate interest of our organization
  • Consent of the prospect when the law requires it (example with regard to the sending of commercial prospecting messages)

5. DATA RECIPIENTS

The data is accessible to authorized internal or external recipients and subject to an obligation of confidentiality. Internally, we decide which recipient will have access to which data according to an authorization policy.

Internal recipientsExternal recipients
Authorized personnel within our structure (staff in charge of marketing, management of customer relations/quality service, service provider and prospect, administrative staff, accounting department, equipment department, personnel in charge of IT).Tourism partners
Technical service providers
Accounting staff
Banking institutions
Administration

6. RIGHTS OF PERSONS

Exercise of rights

In accordance with the COMPUTER AND FREEDOMS LAW and the GDPR, you have the
following rights:
Permission to access (article 15 GDPR), rectification (article 16 GDPR), update,
completeness of your data (More information)
Right to block or erase your personal data (article 17 GDPR),
when they are inaccurate, incomplete, ambiguous, outdated, or whose collection, use,
communication or storage is prohibited (More information)
Right to withdraw your consent at any time (article 13-2c GDPR)
Right to limit the processing of your data (article 18 GDPR)
Right to oppose the processing of your data (article 21 GDPR) (find out more)
Right to portability of the data you have provided to us, when your data is subject to
automated processing based on your consent or on a contract (article 20 GDPR)
In the event of death and in the absence of instructions from you, we undertake to destroy your
data, unless their retention proves necessary for probative purposes or to respond to a
legal obligation.

These rights can be exercised with the Data Protection Officer of the Office du
Tourism.
Postal address: Françoise LEPAIN Tourist Office, Berbie Palace, Place Sainte
Cecile 81000 Albi
Mail address : [email protected]
In addition, a complaint to the CNIL can be made at any time (3 Place de Fontenoy,
75007 Paris).

7. SECURITY MEASURES

The Tourist Office implements measures to ensure the protection of the confidentiality and security of PERSONAL DATA collected as part of its activities.
In particular, the Tourist Office takes all useful precautions to prevent unauthorized third parties from having access to PERSONAL DATA (physical protection of the premises, authentication process for our customers with confidential passwords.
We ensure that its technical service providers likely to have knowledge of PERSONAL DATA respect the same confidentiality and have sufficient guarantees as to the implementation of appropriate technical and organizational measures.
In the event of subcontracting of part or all of the processing of personal data, we undertake to contractually impose security guarantees on our subcontractors by means of technical measures for the protection of this data. and the appropriate human resources.

8. DATA BREACH

In the event of a personal data breach, we undertake to notify the Cnil under the conditions prescribed by the GDPR.
If the breach poses a high risk to customers, partners and prospects and the data has not been protected, we will notify the persons concerned and provide them with the necessary information and recommendations.

9. CONTACTS

Data Protection Officer

We have appointed a data protection officer whose contact details are as follows: Françoise LEPAIN
Tourist Office, Berbie Palace, Place Sainte Cécile 81000 Albi
Mail address : [email protected]
In the event of new processing of personal data, we will contact the data protection officer beforehand.
If you wish to obtain specific information or ask a specific question, you can contact the data protection officer who will give you an answer within a reasonable time with regard to the question asked or the information required.
In the event of a problem encountered with the processing of your personal data, you can contact the designated data protection officer.

Right to lodge a complaint with the CNIL

Customers, partners and prospects concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the Cnil, if they consider that the processing of personal data personal data concerning them does not comply with European data protection regulations, at the following address:
Cnil – Complaints department
3 Place de Fontenoy - TSA 80715 – 75334 PARIS CEDEX 07
Tel: +01 53 73 22 22

Was this content useful to you?

Save

Share this content