Privacy policy
As part of the French General Data Protection Regulation (GDPR) which came into force in May 2018, the Tourist Office is carrying out ongoing compliance work, particularly with regard to personal data.Who is the Chamrousse Tourist Office?
While promoting tourism in the Chamrousse resort, the Tourist Office undertakes to ensure the confidentiality of data and to ensure that the processing of personal data carried out in the context of its activity complies with European Regulation 2016/679, known as the General Data Protection Regulation (GDPR) and the French Data Protection Act of 6 January 1978.Data Protection Officer: xDPO - contact via the DPO contact form.
Processing of personal data by Chamrousse Tourist Office
When you use our services, you are required to send us information, some of which may identify you and therefore constitute personal data.In accordance with Article 4 of the RGPD, personal data means any information relating to an identified or identifiable natural person. A person is ‘identifiable’ if he or she can be identified, directly or indirectly, in particular by reference to one or more factors specific to him or her.
As the Data Controller, the Tourist Office determines the purposes and means of the processing operations within the meaning of the General Data Protection Regulation.
Goals | Categories of personal data processed | Legal basis | Storage life |
---|---|---|---|
Communicating news, sending documentation to customers and managing competitions | E-mail address | Consent | 5 years after the last contact (or on opposition) |
Managing contact requests | Identification and contact details | Consent | 5 years after the last contact (or on opposition) |
Management of registrations for events and management of the booking office | Identification and contact details | Consent | 5 years after the last contact (or on opposition) |
Communication to economic actors | Contact details | Legitimate interest | 5 years after the last contact (or on opposition) |
Managing service bookings for customers | Identification and contact details | Execution of the contract |
5 years from the last contact with the prospect |
Management of commercial and private hosts | Identification and contact data, bank details | Execution of the contract | 10 years (financial data) |
Management of GDPR exercise requests | Identification and contact details, proof of identity | Legal obligation | No time limit |
Recruitment management | Identification and contact details, photo | Legitimate interest | 10 years |
Website activity and traffic management | Connection data | Legitimate interest | 13 month |