Alpes Isère

Privacybeleid

ISERE TOURISM DEPARTMENTAL COMMITTEE - ISERE ATTRACTIVITY PRIVACY POLICY PROTECTION OF PERSONAL DATA Applicable from July 1, 2021

DEFINITIONS :

"IT Service Providers": refers to IT service providers with whom the Data Controller has contracted for the design, corrective and progressive maintenance and hosting of the Site.
"Users": refers to the persons accessing and using the Site.

ARTICLE 1: GENERAL TERMS AND CONDITIONS

1.1 This privacy policy applies to personal data processing carried out by the COMMITE DEPARTEMENTAL DU TOURISME DE L'ISERE, a public industrial and commercial establishment registered under number 533 096 541, whose head office is located at 7 rue Fantin Latour - 38000 Grenoble (postal address: 44 quai de France- 38000 Grenoble - France), represented by its current President, Christophe SUSZYLO, duly authorized for the purposes hereof, (hereinafter "the Data Controller"), within the framework of the operation of the website accessible at the address https://www.isere-tourism.com (hereinafter “the Site”).

1.2 The purpose of this privacy policy is to define and inform Users of the way in which the Data Controller collects, uses and protects Users' personal data (hereinafter “the Data”) within the framework of the operation of the Site, in accordance with the French law “Informatique et Libertés” as amended and EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 relating to the protection of personal data ("GDPR"). The Law and the GDPR are together referred to as “the Applicable Regulations”.

1.3 The Data Controller reserves the right to modify this Privacy Policy, at its discretion or in order to comply with legislative, regulatory, jurisprudential or technological developments.
In this case, the date of modification will appear clearly at the top of the Privacy Policy.
It is therefore up to the User to regularly consult this Privacy Policy in order to be aware of any changes.

ARTICLE 2: DATA COLLECTED

2.1 The User is informed that it is possible for him to visit the Site without communicating any of his Data to the Data Controller. In any event, the User is not obliged to communicate his Data to the Data Controller.
However, if he refuses, the User may not be able to benefit from all the services offered by the Site, concerning the downloading of e-book and subscription to the newsletter.
Indeed, in the context of certain services, the Data Controller may be required to ask the User to provide certain Data as mentioned below.

2.2 The Data Controller collects various personal data from Users:
  • 2.2.1 Information required for downloading e-book
    As part of the use of the Site, and in order to download (e-book) available on the Site, the User must provide the following data:
    - civility
    - surname and first name of the User
    - E-mail
By providing this information, the User expressly acknowledges and accepts that their Data will be processed, in accordance with the provisions of this privacy policy.
 
  • 2.2.2 The information required to subscribe to the newsletter
    As part of using the Site, and in order to register via the Site for the newsletter available on the Site, the User must provide the following data:
    - civility
    - surname and first name of the Use
    - E-mail
  • 2.2.3 The information required for the contact form
    As part of using the Site, the User can contact the Data Controller via a contact form, in which the User agrees to inform:
    - civility
    - name and first name of the User
    - E-mail adress
    - Postal code
 
  • 2.2.4 Automatically information collected
    When the User uses the Site, the Data Controller will automatically collect certain Data:
    - geolocation information: the Data Controller can collect information on the precise or approximate location of the User, in particular by the IP address of the User or by the GPS data of his mobile device. The User is however informed of the fact that he can deactivate the use of the location services of his mobile device.
    - usage information: the Data Controller may collect information concerning the User's interactions with the Site, and in particular see the pages viewed.

ARTICLE 3: PURPOSE OF THE PROCESSING OPERATIONS

The Data Controller can process the Data to (i) improve, feed and develop the Site, (ii) create and maintain a more secure environment and (iii) to provide, personalize and improve advertising.

3.1 Concerning the improvement, supply and development of the Site
The Data Controller may use the Data to improve and develop the Site, in particular to:
  • allow the User to access and use the Site
  • manage, protect, improve and optimize the Site
  • allow the User to use the services (downloading e-book, subscribing to the newsletter);
  • carry out internal analyzes and statistics
The Data Controller processes this Data for the purposes listed above given its legitimate interest in improving the Site and the Users' experience, and when this information is necessary for the proper performance of the services.

3.2 Concerning the preservation of a secure environment
The Data Controller may use the Data to preserve a secure environment, and in particular to:
  • detect and prevent fraud, spam, abuse, security incidents and other harmful activities
  • conduct safety investigations
  • checks against databases or other sources of information, including a police or background check, to the extent permitted by applicable laws and with the consent of the User, if applicable
  • respect its legal obligations.
The Data Controller processes this Data for the purposes listed for this section given its legitimate interest in protecting the Site, to measure the proper execution of its agreement with the User and to comply with applicable laws.

3.3 Concerning the personalization and improvement of services and advertising

The Data Controller may use the Data to personalize and improve its services and advertising, and in particular to:
  • send Users promotional messages, commercial, advertising and other information that may be of interest to them according to their preferences, and in particular by sending the newsletter and e-book
  • personalize, evaluate and improve its advertising and its Site;
  • allow the promotion of the Isère territory.
The Data Controller processes this Data for the purposes listed in this section, given its legitimate interest in undertaking marketing activities to offer Users products or services that may be of interest to them.


ARTICLE 4: DATA RECIPIENTS

For the proper provision and execution of the services, and for the proper navigation of the Site by the User, the Data Controller may be required to transmit the Data collected to its partners, and in particular to its IT Service Providers.
In this regard, the Data Controller undertakes to ensure that its partners present the necessary guarantees about protection of personal data to protect the security and confidentiality of the Data.


ARTICLE 5: DURATION OF DATA CONSERVATION

The Data are conserved by the Data Controller only for the time corresponding to the purposes specified above.
connection data (IP address, date and time of connection, pages viewed) are kept for a maximum period of 6 months.
At the end of these periods, they are then archived, anonymized or deleted.


ARTICLE 6: USER’S RIGHTS

In accordance with the applicable Regulations, the User benefits from the rights expressed below concerning his Data.

6.1 Right of access and communication of Data
Each User could ask the Data Controller for confirmation whether or not personal data concerning him are processed, and when it is, access to his personal data and to a certain number of information (purposes processing, categories of data concerned, recipient of the data, existence of a transfer outside the EU, retention period, etc.).
The Data Controller must then respond to the User within one month from the date of the request (two-month extension possible "given the complexity and number of requests" and if the User was informed within the initial period of one month).
If the response is free by principle, the Data Controller reserves the right to request the payment of reasonable costs if the request generates administrative costs and if the request is manifestly unfounded or excessive.
As such, the Data Controller is not required to respond if:
  • the request is manifestly abusive, in particular its repeated or systematic nature
  • the Data is not kept.
6.2 Right to rectify User’s Data
Each User has the right to obtain from the Data Controller, as soon as possible, the rectification of personal data concerning him which is inaccurate.
Furthermore, considering the purposes of the processing, each User also has the right to obtain that the incomplete Data be completed, including by providing an additional declaration.

6.3 Oversight and deletion
Each User has the right to obtain from the Data Controller the deletion, as soon as possible, of personal data concerning him.
The right to deletion includes the right to delist and delete the Data collected.
However, this right is not general and only applies for the exhaustively enumerated reasons:
  • the Data are no longer necessary for the purposes for which they were collected or processed
  • the User withdraws his consent on which the processing is based and there is no other legal basis for the processing
  • the User objects to the processing and there are no compelling and legitimate reasons for the processing
  • the Data have been the subject of unlawful processing
  • the Data must be erased to comply with a legal obligation.
In addition, exemptions from the right to erasure are provided for insofar as the processing is necessary:
  • the exercise of the right to freedom of expression and information
  • to comply with a legal obligation which requires processing, or to perform a task of public interest or falling within the exercise of public authority vested in the controller
  • for reasons of public interest in the field of public health,
  • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes insofar as the right concerned is likely to make impossible or seriously compromise the achievement of the objectives of said processing
  • the establishment, exercise or defense of legal claims.
Also, in the event that the User would like the Data Controller to erase some of his Data, he must send him a written request.
The Data Controller will let him know if his request is admissible or not, giving reasons for his decision.

6.4 Right to restriction of data processing
The right to limitation means that the User has the right to obtain from the Data Controller that he limits the processing. This limitation is defined as "the marking of stored personal data, with a view to limiting their future processing."
However, this right can only be implemented in certain cases:
  • the User disputes the accuracy of the Data
  • when the processing is unlawful, the User opposes the deletion of the Data and instead demand a limitation of their use
  • the Data Controller no longer needs the Data for the purposes of processing but the data is still necessary for you to establish, exercise or defend your legal rights
  • the User has objected to the processing.
Only the retention of data is then authorized, without any further processing.

6.5 Right to object to data processing
In accordance with the Regulations, the User has the right to object at any time, for reasons relating to his particular situation, to the processing of personal data concerning him.
It should be noted that this right is not absolute and that the User must have a legitimate reason to benefit from this right.
In the event that the User wishes to oppose the processing of all or part of his Data processed by the Data Controller, he must study if there are legitimate and compelling reasons for the processing which prevail over the User’s interests, rights and freedoms, or for the establishment, exercise or defense of legal rights.
Also, it is possible that the User's opposition request will be refused, in accordance with the applicable rules of law.
In this case, the User may appeal either to the services of the Data Controller or to the CNIL.

6.6 The Data Controller informs the User that he can download from the website of the French National Commission for Information Technology and Freedoms (CNIL) request forms relating to the rights set out above.


ARTICLE 7: WITHDRAWAL OF CONSENT

If the Data is processed by the Data Controller on the basis of the User's consent, the User may withdraw their consent at any time by indicating it to the Data Controller, by email or letter to the addresses indicated below.


ARTICLE 8: SECURITY

The Data Controller implements and continuously updates the administrative, technical and physical security measures to protect the Data against unauthorized access, loss, destruction or alteration.
If the User has reason to believe that their Data has been stolen, lost or misappropriated, he must report it immediately to the Data Controller.


ARTICLE 9: CONTACT

The User can exercise its rights or make any request to the Data Controller at the following contact details:
- email : info@isere-attractivite.com
- adress : 44 quai de France- 38000 Grenoble - France