Who we are
Office de Tourisme
49 avenue de la Méditerranée
66140 Canet-en-Roussillon
+33 (0)4.68.86.72.00
infos@canet-tourisme.com
https://www.canet-tourisme.com
Use of personal data collected
Our principles and commitments for the protection of your Personal Data
It aims to inform you about :
- The Personal Data collected by the Tourist Office and its departments and the reasons for this collection
- How the Personal Data will be used
- Your rights as a data subject of our data processing operations
This Policy applies to all services provided by the Office de Tourisme de Canet-en-Roussillon, regardless of their nature (websites, applications, services, etc.).
The person responsible for processing your data
The data controller is the Office de Tourisme de Canet-en-Roussillon represented by Jean SERRÉ, its President.
The contact details are as follows:
Postal address: 49 avenue de la Méditerranée - 66140 Canet-en-Roussillon
Telephone: 04 68 86 72 00
E-mail: infos@canet-tourisme.com
How the Office de Tourisme de Canet-en-Roussillon protects your personal data
The Office de Tourisme de Canet-en-Roussillon is committed to taking into account the protection of your Personal Data right from the conception of the processing operations that are implemented and for the services that are offered to you(Privacy by design). To ensure security and guarantee the respect and proper exercise of your rights, measures to ensure the protection of your Personal Data are also implemented for all processing.(Privacy by default).
What Personal Data is processed by the Office de Tourisme de Canet-en-Roussillon?
The Tourist Office collects the data required to provide the services it offers. In the event that optional data is requested, the operational managers (of the requesting department) will clearly inform you which Personal Data is necessary for the provision of the service and which is optional. Personal Data is collected directly from you and indirectly, for the use of the services offered by the Tourist Office, and is only used for the purposes for which you have been or will be informed.
Your data (name/first name/telephone/email/city) may be passed on to our partner guides in the context of product sales, and will be systematically destroyed by our partner after the event.
Your data such as name/first name/telephone/email/address/postal code/city may be passed on to our partners solely in connection with the booking of tourist services (shows, leisure activities, excursions, events) produced by these same service providers, who undertake to comply with the applicable legislation on RGPD.
What are the foundations of the legitimacy of our treatments?
The Office de Tourisme de Canet-en-Roussillon relies on the following legitimate bases in order to be able to process Personal Data:
- Contract performance
This is the legal basis for the processing of customer Personal Data collected for the purpose of or in connection with the performance of a contract (online purchase). In this respect, the user is obliged to provide the data necessary for its execution. Failure to provide such data, possibly to the online payment provider, will result in the inability to carry out the provisions relating to the products sold by the Tourist Office. - Consent
The basis for the processing of Personal Data shall be the explicit consent of the user, visitor, user, customer.
This may involve, for example:
- Booking products
- Requesting tourist information
- Subscribing to an information newsletter, for example
Withdrawal of consent for processing may be made at any time subject to regulatory provisions and by contacting the DPO, see below. - Legitimate interest
The processing of your Personal Data may be based on legitimate interest in the event that certain processing operations do not fall within the scope of its reception and information missions: these are the processing operations linked to the communication of information on events/entertainments/concerts/visits similar to those ordered by customers; the legitimate interest pursued is the promotion of its "entertainments" to its customers.
To whom may your Personal Data be communicated?
Your data may, in the context of the services provided, be transmitted to :
- To internal departments of the Tourist Office responsible for carrying out the subscribed services
- External service providers, in particular subcontractors, who undertake to comply with applicable legislation
- To external private or public service providers who design and carry out the service previously reserved/bought/ordered from the Tourist Office or on the Tourist Office website, and who undertake to comply with applicable legislation.
- To authorized third parties in compliance with applicable regulations.
Can your Personal Data be transferred outside the European Union?
The Office de Tourisme de Canet-en-Roussillon processes all your Personal Data within the European Union (EU).
How long does the Office de Tourisme de Canet-en-Roussillon keep your Personal Data?
The Office de Tourisme de Canet-en-Roussillon undertakes not to keep your Personal Data beyond the archiving period:
- Personal data archived for three years.
- Transaction data retained for the period imposed by the applicable legal statute of limitations.
Where applicable, information on the duration will be provided as part of the information obligations linked to the specific implementation of each processing operation.
Are your personal data protected?
The Office de Tourisme de Canet-en-Roussillon undertakes to take the necessary measures to ensure the security and confidentiality of Personal Data and in particular to prevent it from being damaged, deleted or accessed by unauthorized third parties.
Furthermore, in the event of a security breach affecting your Personal Data (destruction, loss, alteration or disclosure), the Tourist Office undertakes to comply with the obligation to notify the CNIL of any Personal Data breaches within 72 hours.
Does the Office de tourisme de Canet-en-Roussillon use a tool to analyze the browsing and use of the canet-tourisme.com website?
The Tourist Office website uses Matomo as a tool for analyzing the navigation and use of the www.canet-tourisme.com website by its users. This service is open source (a decentralized, participatory development model whose code can be consulted by all) and is hosted on the server of a service provider chosen by us.
The data collected by cookies is anonymous. The purpose of this data collection is to facilitate subsequent navigation on this website and to supply our traffic measurement tools with a view to constantly improving the website.
In order to measure advertising campaigns, we will also use google Analytics 4.
What are your rights regarding your Personal Data?
At any time, you have the right to exercise the rights provided for by the regulations in force and applicable to the Office de Tourisme de Canet-en-Roussillon with regard to Personal Data:
- Right of access: you can have access to your Personal Data processed by the Office de Tourisme de Canet-en-Roussillon.
- Right of rectification: you may update your Personal Data or have them rectified by the Office de Tourisme de Canet-en-Roussillon.
- Right to object: you may express your wish not to receive any further protocol communications from the Office de Tourisme de Canet-en-Roussillon or to request that your Personal Data no longer be processed.
- Right to deletion: you may request the deletion of your Personal Data;
- Right to limitation: you may request the suspension of the processing of your Personal Data.
When you subscribe to a public service or collect your Personal Data, you will be given the address (postal and/or e-mail) to which you can send your request to exercise your rights.
All requests must be accompanied by proof of identity.
The Office de Tourisme de Canet-en-Roussillon undertakes to respond to your requests to exercise your rights as quickly as possible, in any event within the legal time limits and insofar as the exercise of this right does not hinder the performance of the contract or compliance with legal and regulatory obligations.
Who is the Data Protection Officer at the Office de Tourisme de Canet-en-Roussillon?
The appointment of a Data Protection Officer demonstrates the commitment of the Office de Tourisme de Canet-en-Roussillon to the protection, security and confidentiality of the Personal Data of its citizens.
You can contact the Data Protection Officer at the following e-mail address: infos@canet-tourisme.com:
Or to the following postal address: Monsieur le Délégué à la Protection des Données, Office de Tourisme de Canet-en-Roussillon, 49 avenue de la Méditerranée - 66140 Canet-en-Roussillon.
Reminder of the basic definitions under the RGPD
The processing of personal data can be any operation or set of operations involving this type of data. It may involve collecting, recording, storing, adapting, etc. Simple consultation or even deletion is data processing.
The data controller is the person, public authority, department or organization that determines the purposes and means of data processing. So, by default, it's the head of the company, the head of the local authority or the president of the association. The drafting of delegations of authority will be one of the key issues.
The data subject is the person to whom the data belongs, an identifiable natural person. To be able to justify the compliance of processing operations, the new Regulation introduces a radically different logic: accountability.
Accountability = from now on, the data controller will have to create the elements needed to verify that he is complying with his obligations. We're moving away from a logic in which control is carried out in the form of an investigation, and moving towards a logic of self-control. At all times, you must be able to present documentation, produced internally, by yourself and with the utmost formalism.
Accountability therefore consists in documenting and keeping up to date what will enable you, at any time, to justify compliance with the obligations arising from the Regulations.
Privacy by Design
This can be translated as the protection of privacy from the very conception of processing. In the context of the RGPD, this refers to the protection of privacy, in the French sense of the term; as protected by the European Convention on Human Rights. Privacy, which includes personal data, must therefore be protected right from the design stage of technological tools.
Privacy by default
In French, it's best to avoid a literal translation and instead understand "security by default" for personal data processing. For each collection, this means systematically enabling the highest possible level of security in the protection of personal data processing.
Minimization
This means that only personal data that is adequate, relevant and limited to what is necessary should be used for processing.
Personal data should only be processed if it is relevant to the purpose for which it is being processed: if you want to wish a list of people a happy birthday, you don't need to know their weight!
Only the information that is strictly necessary should be collected, processed with care, limited to the number of people or organizations that will have access to it, and only processed or stored for the time strictly necessary for the purpose of the processing.
Anonymization
This involves removing all identifying features from the data.
All identifiers are removed or modified, making it impossible to re-identify individuals.
Pseudonymization
This involves replacing an identifier with a pseudonym. This technique allows re-identification.
Rights of the person concerned
Attached is a link to the CNIL to help you understand your rights: https://cnil.fr/reglement-europeen-protection-donnees/chapitre3