Your cart is empty
Privacy policy
Indre-et-Loire Departmental Council (CD37)
Purpose of the document: This policy sets out CD37's commitments for the collection and processing of personal data.
|
Contents
What is the scope of this policy?........................................ 3
How does CD37 protect personal data?........................ 3
What about the personal data of minors?.................. 5
To whom may your personal data be disclosed? 5
How long are your personal data kept?........................ 6
How are your personal data protected?........................ 6
Foreword
In the course of its activities to respond to your needs and requests, CD37 collects and processes your personal data in compliance with the amended French Data Protection Act (Loi Informatique et Libertés) and the General Data Protection Regulation (GDPR).
This document sets out to explain CD37's principles and commitments with regard to the protection of personal data.
In particular, it aims to inform you about:
What is the scope of this policy?
This policy concerns all individuals who are in contact with CD37 via the ticketing website: billetterie-cite-royale-loches.departement-touraine.fr
Who is/are the Controller(s) of your personal data?
The person in charge of processing personal data is Ms Nadège ARNAULT - President of the Indre-et-Loire Departmental Council.
How does CD37 protect personal data?
CD37 meets the following requirements:
CD37 is committed to taking the necessary measures in order to protect your personal data and privacy from the earliest stage of the services it offers, thereby minimising the risks of non-compliance with the principles of the GDPR and the amended French Data Protection Act.
In this way, appropriate technical and organisational measures proportionate to the processing of personal data can be taken with regard to the purposes sought by CD37.
Applying this principle means that preventive measures can be taken to limit the risks to personal data.
CD37 implements the appropriate technical and organisational measures to ensure that, by default, enhanced security of processing can be organised and implemented.
What processing operations are covered by this policy?
CD37 DATA PROCESSING REGISTER |
Data subject categories |
|
Users of the websites:
|
|
Users of the websites:
|
|
Users of the websites:
|
For what purposes does CD37 collect personal data?
CD37 undertakes to collect only data that are strictly necessary for processing and not to use these data for purposes other than the following:
● Managing your ticket purchase and regulatory traceability
● Issuing your ticket
● Sending information to our newsletter subscribers
● Conducting customer satisfaction surveys
● Conducting statistical studies
● Handling complaints
What is the basis for the legitimacy of our data processing?
CD37 relies on consent as the legal basis for processing personal data.
What about the personal data of minors?
If you intend to send us personal data relating to minors over whom you do not have parental authority, please ensure that you have obtained the explicit consent of the person(s) with parental authority. In the absence of these guarantees, CD37 declines all liability.
To whom may your personal data be disclosed?
Data collected are intended for CD37.
They may be disclosed to our service provider DIPTICK, as part of the development and maintenance of our ticketing system. Our service provider undertakes to comply with our data protection policy and, in particular, not to sell, lease or share your data.
Can your personal data be transferred outside the European Union?
CD37 processes all your personal data within the territory of the European Union (EU).
How long are your personal data kept?
The length of time your personal data are kept depends on the processing carried out.
CD37 undertakes not to retain your personal data beyond the period necessary for the provision of the service, and therefore for your use of the service, in addition to the conservation period imposed by the rules with regard to limitation periods.
● identification data are kept for three (3) years from the last contact
● billing data are kept for ten (10) years in accordance with the provisions of Article L123-22 of the French Commercial Code.
How are your personal data protected?
CD37 endeavours to take all measures to ensure the security and confidentiality of your personal data and, in particular, to prevent them from being damaged, deleted or accessed by unauthorised third parties.
Only authorised persons may access the data. Any subcontractor's employees are always accompanied and supervised by a CD37 and/or IT Department employee when they access the data servers.
We are constantly improving our security procedures as technologies evolve in order to maintain the highest level of protection. Our employees and those of our subcontractors who have access to personal data are contractually bound by an obligation of confidentiality.
Organisational measures include allowing access to personal data only to those authorised persons who have a legitimate reason for consulting them.
Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), CD37 ensures that it complies with the obligation to notify violations of personal data, in particular to the French Data Protection Agency (CNIL).
What are your rights regarding your personal data?
At any time, you may contact CD37 to exercise the rights provided for by current regulations on personal data, subject to complying with the conditions and depending on the grounds for processing the data concerned:
How can you exercise your rights regarding your personal data?
CD37 undertakes to reply to your requests to exercise your rights as soon as possible and at the latest within one month of receipt of your request and insofar as the exercise of these rights does not hinder the performance of the contract or compliance with legal and regulatory obligations. If necessary, this deadline may be extended by two (2) months in the event of complexity and/or a large number of requests.
CD37 complies with its obligations to protect the security and confidentiality of users' personal data and has appointed a Data Protection Officer to this end.
For CD37:
You may also file a complaint with the French Data Protection Agency (CNIL) at: www.cnil.fr/fr.plaintes/internet
Any request that does not fully confirm the applicant's identity must be accompanied by a copy of proof of identity.
Annex 1 |
In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, "GDPR"), you have certain rights regarding the retention and processing of your personal data.
In order to exercise all the rights granted to you by the GDPR, please complete the form below:
Last name:
……………………………………………………………………………………………………………………….
First name:
………………………………………………………………………….......................................................................
Postal address:
………………………………………………………………………………………………………...............................E-mail:
……………………………………………………………………………………………………………………………..
In accordance with Articles 39 I and 40 I of Law no. 78-17 of 6 January 1978 referred to as the "Data Protection and Civil Liberties" Act, in order for your request for access to and/or rectification of your personal data to be taken into account, you must send the supporting documents required to prove your identity, i.e. a copy of a valid proof of identity.
You are reminded that the exercise of these rights is limited depending on the purpose of the data processing. For example, the right to erasure is limited if the data are required for the performance of a contract or to comply with a legal obligation.
For more information on how to exercise your rights, please read the section of our privacy policy entitled "What are your rights regarding your personal data?"
Where applicable, please specify the data concerned by the request for rectification:
………………………………………………………………………………………………………...............................................................................................................................................................................................................
Where applicable, please specify the data concerned by the request for erasure: ………………………………………………………………………………………………………...............................................................................................................................................................................................................
Request to restrict processing, i.e. if you wish to restrict the processing carried out by the controller so that the personal data in question may, with the exception of storage, only be processed with your consent (in accordance with Article 18 "Right to restriction of processing" of the GDPR). This request can only be made when:
Where applicable, please specify the data concerned by the request for restriction: ………………………………………………………………………………………………………...............................................................................................................................................................................................................
If applicable, please check the following boxes if:
……………………………………………...............................................................................................................………………………………………………………………………………………………………………………………………………………
Where applicable, please specify the data concerned by the request to object to data processing:
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….
Done at ………………….…, on ……………………..
Signature
We use cookies on the site to improve its interactivity and security.
Cookies are small files stored on your browser or device by our server. Cookies are used to store status information when a browser accesses different pages on a website or when the browser returns to the website at a later date. This information is retained for the duration of the cookie's validity.
The billetterie-cite-royale-loches.departement-touraine.fr website only uses mandatory technical cookies, which are required for the site to function correctly. There is no banner to allow you to deactivate them.
You can, nevertheless, delete them from your browser if you wish but the site may no longer function correctly.
Last name |
Purpose |
Lifespan |
sessionid |
This cookie stores a single session identifier to authenticate connections. |
The session |
csrftoken |
This cookie is used for security purposes to prevent cross-site hacking. |
1 year |