Chamrousse personal data - General Data Protection Regulation (GDRP)

Privacy policy

As part of the French General Data Protection Regulation (GDPR) which came into force in May 2018, the Tourist Office is carrying out ongoing compliance work, particularly with regard to personal data.
 

Who is the Chamrousse Tourist Office?

While promoting tourism in the Chamrousse resort, the Tourist Office undertakes to ensure the confidentiality of data and to ensure that the processing of personal data carried out in the context of its activity complies with European Regulation 2016/679, known as the General Data Protection Regulation (GDPR) and the French Data Protection Act of 6 January 1978.
Data Protection Officer: xDPO - contact via the DPO contact form.
 

Processing of personal data by Chamrousse Tourist Office

When you use our services, you are required to send us information, some of which may identify you and therefore constitute personal data.
In accordance with Article 4 of the RGPD, personal data means any information relating to an identified or identifiable natural person. A person is ‘identifiable’ if he or she can be identified, directly or indirectly, in particular by reference to one or more factors specific to him or her.
As the Data Controller, the Tourist Office determines the purposes and means of the processing operations within the meaning of the General Data Protection Regulation.
 
Goals Categories of personal data processed Legal basis Storage life
Communicating news, sending documentation to customers and managing competitions E-mail address Consent 5 years after the last contact (or on opposition)
Managing contact requests Identification and contact details Consent 5 years after the last contact (or on opposition)
Management of registrations for events and management of the booking office Identification and contact details Consent 5 years after the last contact (or on opposition)
Communication to economic actors Contact details Legitimate interest 5 years after the last contact (or on opposition)
Managing service bookings for customers Identification and contact details Execution of the contract

5 years from the last contact with the prospect
Management of commercial and private hosts Identification and contact data, bank details Execution of the contract 10 years (financial data)
Management of GDPR exercise requests Identification and contact details, proof of identity Legal obligation No time limit
Recruitment management Identification and contact details, photo Legitimate interest 10 years
Website activity and traffic management Connection data Legitimate interest 13 month

Transfer of data

The Tourist Office does not transfer your data outside the European Union.
The Office du Tourisme stores personal data for the purposes of managing its day-to-day business and for hosting purposes with OVH in France - European Union (EU).
 

Security of personal data

The Tourist Office ensures that your data is adequately protected and that technical and organisational security measures are put in place to protect your data and guarantee its availability, confidentiality and integrity.
Only authorised personnel whose activity justifies access to the information may access your data.
 

Exercise of individual rights

Pursuant to articles 12 to 22 of the RGPD, any individual whose personal data has been collected by the data controller has the right to exercise the following rights: 
  • Right of access: you have the right to obtain access to your information in a clear and comprehensible format. The aim is for you to be fully aware and to be able to check that we are using your information in accordance with data protection laws.
  • Right of rectification: you have the right to have your information corrected if it is inaccurate or incomplete.
  • Right to erasure: this right is also known as the ‘right to be forgotten’ and allows you to request the erasure or deletion of your data where there is no compelling reason for us to continue to use it. However, this right is not absolute and we reserve the right to refuse your request for legal or legitimate reasons.
  • Right to restrict processing: you have the right to ‘block’ or delete any further use of your information. Where processing is restricted, we may store your information, but may not continue to use it. We keep a list of people who have requested that further use of their data be blocked, to ensure that the restriction is complied with.
  • Right to data portability: you have the right to receive the data you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or to pass it on to a third party of your choice. This right applies only where the processing of your data is based on your consent or on a contract to which you are a party, and where the data relates to you.
  • Right to object: you may object at any time to the processing of your data if this is based on a task of public interest or the legitimate interest of the data controller. This right is not absolute, and we reserve the right not to respond favourably to your request in the event of the Data Controller's legitimate interest.
  • Right to withdraw your consent: if you have given your consent to the processing or use of your personal data, you may withdraw it at any time (although, if you do so, this does not mean that everything we have done with your consent up to that point has been unlawful). This includes your right to withdraw consent to the use of your personal data for marketing purposes.
  • Fate of your data: in accordance with article 40-1 of the French Data Protection Act of 6 January 1978, you may formulate instructions concerning the retention, deletion and communication of your personal data after your death.
Your rights may be exercised directly with the Tourist Office via the form dedicated to contacting the Data Protection Officer (DPO).
The Tourist Office undertakes to reply to you within 1 month of receipt of the request to exercise your rights.
If you do not receive a reply within the time limit set or if you are not satisfied with the reply you are given, you may submit a complaint to the data protection authority, i.e. the CNIL, via the link: https://www.cnil.fr/fr/plaintes.
 

Changes to this policy

We may occasionally modify this policy, in particular in order to comply with any regulatory, legal, editorial or technical developments.
Where appropriate, we will change the date on which the privacy policy was updated and indicate the date on which the changes were made. Where necessary, in particular but not exclusively in the event of a substantial modification or a particular event requiring modification of this policy, we will inform you and/or seek your agreement. We advise you to check this page regularly for any changes or updates to our policy.

Cookie policy

What is a cookie?

A cookie is a text file stored on the hard drive of your terminal (computer, tablet or any other mobile device connected to the Internet) that identifies the device on which it is stored. It may be used for a number of purposes, such as ensuring the operation and accessibility of the site, generating statistics and assessing the site's performance, measuring browsing activity on the site, or for commercial and marketing purposes.
 

What types of cookies are used?

As part of the commitment made by the Tourist Office to protect your personal data, the organisation details the use of data processed through cookies and tracers applied to this website:
  • Operating cookies
To ensure the operation and efficiency of the technical and visual components of the Site, the deposit of related Cookies is programmed into the user's terminal equipment as soon as he/she visits the Site. These cookies are used to ensure navigation on the Site and their non-application leads to malfunctions. These Cookies only identify the user's terminal equipment in order to recognise it among all the browsing sessions carried out on the Site, but are not capable of directly identifying the user or tracking the latter's activity on other Internet sites.
Technical cookies: list to come
  •  Experience cookies
These cookies ensure that the website functions properly. Unlike operating cookies, they can be refused, but if they are not applied, certain functions may no longer be available.
These cookies generate statistical data on how visitors use the site. They make it possible to track a visitor's actions on the website.
Content personalisation cookies: list to come
  • Audience measurement cookies
These cookies generate statistical data on how visitors use the site. Their purpose is to measure the audience for the site and its performance, to detect browsing problems, to optimise technical performance, to estimate the server power required or to analyse the content consulted, solely on behalf of the publisher.
Cookies: Google Analytics 4 (GA4)
  • Marketing cookies
These cookies aim to identify people individually in order to send them specific advertising messages based on their individual characteristics and preferences. They are not compulsory and users may refuse them if they wish.
Cookies: GA4, Meta (Faccebook and Messenger) and BonCoin
 

Placement of cookies

Users are free to accept or refuse the placement of cookies on their terminal. They can also choose their preferences for each type of cookie at the bottom of the page. This choice is retained for 6 months.
You can refuse, accept or remove cookies at any time using the settings on your Internet browser. You can configure your Internet browser to notify you as soon as a new cookie is about to be stored on your computer so that you can decide whether or not to accept it. Please consult the help section of your browser for further information.
If you have any other questions about the management of cookies and the use of data in this context, you can contact the Data Protection Officer (DPO) using the form provided.