top of page

Privacy Policy

Activities related to the website www.chateauduvot.com involve the processing of personal data.

 

WHAT DOES THE PERSONAL DATA USE POLICY COVER?

This policy informs you of the characteristics of this processing and your rights regarding your personal data. This privacy policy is drafted in accordance with Law No. 78-17 of January 6, 1978 (known as the "Data Protection Act" or "DPA") and the General Data Protection Regulation ("GDPR") No. 2016/679. The information collected about the user is necessary to process their request and is intended for the publisher and its subsidiaries to manage its tourism services. In accordance with the Data Protection Act No. 78-17 of January 6, 1978, amended by the Law on Confidence in the Digital Economy No. 2004-801 of August 6, 2004, the user has the right to access, rectify, and delete their personal data.

SAS Château du Vot undertakes not to transfer or sell any personal information about you to third parties or to use this information for purposes other than its intended purpose. The user's consent to the commercial use of their data is clearly stated when registering for one of our services.

​

WHO IS RESPONSIBLE FOR THIS POLICY?

The data controllers of SAS Château du Vot are its legal representatives, Claire SENAND and Joachim EVEN. contact@chateauduvot.com

 

WHO IS THIS POLICY ADDRESSED TO, WHAT ARE THE LEGAL BASIS FOR THE PROCESSING, WHAT IS THE DATA COLLECTED FOR, AND HOW LONG IS IT RETAINED?

This policy applies to website users. The purpose of the processing is to manage the website. The data processed is retained for a period not exceeding that necessary for the purposes for which it is recorded (principle of minimizing processing).

 

For online store customers:

-The legal basis is the order placed by these customers (the contract);

-The processing allows the management of customer orders on the online store;

-The data is retained for 5 years from the end of the contract;

-Data related to the management of online support or after-sales service is retained for 5 years from the date of the request.

For people to whom we have entrusted technical services (hosting, maintenance, site security providers):

-The legal basis is legitimate interest;

-The processing allows the technical management of the site (maintenance, hosting, site security);

For those with back-office access to administer the site: ​​

-The legal basis is legitimate interest;

-The processing allows the administration of the website;

-The data is retained for as long as the data subjects administer the site.

For individuals who write or are cited in content on the site:

-The legal basis is the consent of the individuals whose information is published;

-The processing allows the management of the site's editorial content;

-The data is retained for as long as the data subjects use the site.

For individuals who create an account on the site:

-The legal basis is legitimate interest or consent;

-The processing allows the management of online accounts;

-The data is retained for as long as the account is active.

For individuals who contact us using the website's contact form:

-The legal basis is legitimate interest (enabling online communication) or the execution of pre-contractual measures (creating quotes at the request of individuals, online recruitment, etc.);

-The processing allows the management of information requests via the contact form;

-The data is kept for 3 years from the request.

For individuals who post reviews and comments on our website:

-The legal basis is the consent of the individuals concerned;

-The processing allows the management of reviews and comments published on the website;

-The data is retained for 5 years from the date of publication.

For individuals we list on the website as partners:

-The legal basis is the consent of these individuals;

-The processing allows the listing of partner individuals on the website;

-The data is retained for 5 years from the date of publication.

 

DATA PROCESSED

The data controller processes the following categories of data:

Civil status, identity, identification data, images (last name, first name, address, photograph, date and place of birth, etc.);

Connection data (IP addresses, logs, terminal identifiers, login identifiers, timestamp information, etc.);

Economic and financial information (banking data, etc.).

​

MANDATORY OR OPTIONAL NATURE OF DATA COLLECTION

The data collected is mandatory to achieve the processing purposes.
For online orders, the data collected is required for the conclusion and execution of the order (contract).


DATA SOURCES

The data is transmitted directly by the data subject.

 

DATA RECIPIENTS

Depending on their respective needs, the following are recipients of all or part of the data:
Those responsible for technical services (hosting, maintenance, and website security);
Online payment service providers;
Our customer relationship management tools.

​

WHAT SECURITY MEASURES ARE IN PLACE?

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The data controller takes measures to ensure that any natural person acting under the authority of the data controller or processor who has access to personal data does not process it except on the instructions of the data controller, unless required to do so.
The website and its data are hosted on WIX servers.

 

WHETHER DATA IS TRANSFERRED TO A COUNTRY OUTSIDE THE EUROPEAN UNION AND ASSOCIATED GUARANTEES
​

The data controller does not transfer any personal data outside the European Union.
AUTOMATED DECISION-MAKING
The processing involves fully automated decision-making. The data controller undertakes to comply with the requirements of Article 22 of the GDPR.

FATE OF PERSONAL DATA AFTER DEATH – RIGHT OF ACCESS, RECTIFICATION, DELETION, AND DATA PORTABILITY
The data subject may define guidelines regarding the storage, deletion, and communication of their personal data after their death. These guidelines may be general or specific.
The data subject also has the right to access, object to, rectify, delete, and, under certain conditions, the portability of their personal data.

The data subject has the right to withdraw their consent at any time if consent constitutes the legal basis for the processing.

The request must include the person's first and last name, email address, or postal address, and be signed and accompanied by valid proof of identity. The person may exercise these rights by contacting contact@chateauduvot.com.

​

The person concerned by processing has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresse-une-plainte

 

​

bottom of page