Personal data

Privacy policy

 

Indre-et-Loire Departmental Council (CD37)

 

 

 

Purpose of the document: This policy sets out CD37's commitments for the collection and processing of personal data.

 

 

 

Contents

Foreword................................................................................................................ 3

What is the scope of this policy?........................................ 3

Who is/are the Controller(s) of your personal data?........................................................................................................................... 3

How does CD37 protect personal data?........................ 3

What processing operations are covered by this policy?..................................................................................................................... 4

For what purposes does CD37 collect personal data?........................................................................................................................... 5

What is the basis for the legitimacy of our data processing?......................................................................................... 5

What about the personal data of minors?.................. 5

To whom may your personal data be disclosed? 5

Can your personal data be transferred outside the European Union?............................................................................. 5

How long are your personal data kept?........................ 6

How are your personal data protected?........................ 6

What are your rights regarding your personal data?........................................................................................................................... 6

How can you exercise your rights regarding your personal data?................................................................................ 7

FORM TO BE SUBMITTED TO CD37 IF YOU WISH TO EXERCISE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA.............................. 8

 

Foreword

 

In the course of its activities to respond to your needs and requests, CD37 collects and processes your personal data in compliance with the amended French Data Protection Act (Loi Informatique et Libertés) and the General Data Protection Regulation (GDPR).

This document sets out to explain CD37's principles and commitments with regard to the protection of personal data.

In particular, it aims to inform you about:

 

  • The personal data that CD37 collects and the reasons for such collection,
  • How your personal data will be used,
  • Your rights as a subject of our data processing operations.

 

What is the scope of this policy?

 

This policy concerns all individuals who are in contact with CD37 via the ticketing website: billetterie-cite-royale-loches.departement-touraine.fr

 

Who is/are the Controller(s) of your personal data?

The person in charge of processing personal data is Ms Nadège ARNAULT - President of the Indre-et-Loire Departmental Council.

 

How does CD37 protect personal data?

 

CD37 meets the following requirements:

    • Upstream integration of personal data protection: "Privacy by Design."

CD37 is committed to taking the necessary measures in order to protect your personal data and privacy from the earliest stage of the services it offers, thereby minimising the risks of non-compliance with the principles of the GDPR and the amended French Data Protection Act.

In this way, appropriate technical and organisational measures proportionate to the processing of personal data can be taken with regard to the purposes sought by CD37.

Applying this principle means that preventive measures can be taken to limit the risks to personal data.

    • Ensuring the highest level of protection for personal data: "Privacy by default."

CD37 implements the appropriate technical and organisational measures to ensure that, by default, enhanced security of processing can be organised and implemented.

 

What processing operations are covered by this policy?

 

CD37 DATA PROCESSING REGISTER

Data subject categories

  • Last name

Users of the websites:

https://billetterie-musee-balzac.departement-touraine.fr

https://billetterie-demeure-ronsard.departement-touraine.fr

https://billetterie-musee-rabelais.departement-touraine.fr

https://billetterie-prehistoire-grand-pressigny.departement-touraine.fr

https://billetterie-cite-royale-loches.departement-touraine.fr

https://billetterie-domaine-cande.departement-touraine.fr

https://billetterie-forteresse-royale-chinon.departement-touraine.fr

https://billetterie-hotel-gouin.departement-touraine.fr

 

  • First name

Users of the websites:

https://billetterie-musee-balzac.departement-touraine.fr

https://billetterie-demeure-ronsard.departement-touraine.fr

https://billetterie-musee-rabelais.departement-touraine.fr

https://billetterie-prehistoire-grand-pressigny.departement-touraine.fr

https://billetterie-cite-royale-loches.departement-touraine.fr

https://billetterie-domaine-cande.departement-touraine.fr

https://billetterie-forteresse-royale-chinon.departement-touraine.fr

https://billetterie-hotel-gouin.departement-touraine.fr

 

  • Email

Users of the websites:

https://billetterie-musee-balzac.departement-touraine.fr

https://billetterie-demeure-ronsard.departement-touraine.fr

https://billetterie-musee-rabelais.departement-touraine.fr

https://billetterie-prehistoire-grand-pressigny.departement-touraine.fr

https://billetterie-cite-royale-loches.departement-touraine.fr

https://billetterie-domaine-cande.departement-touraine.fr

https://billetterie-forteresse-royale-chinon.departement-touraine.fr

https://billetterie-hotel-gouin.departement-touraine.fr

 

 

For what purposes does CD37 collect personal data?

 

CD37 undertakes to collect only data that are strictly necessary for processing and not to use these data for purposes other than the following:

●          Managing your ticket purchase and regulatory traceability

●          Issuing your ticket

●          Sending information to our newsletter subscribers

●          Conducting customer satisfaction surveys

●          Conducting statistical studies

●          Handling complaints

 

What is the basis for the legitimacy of our data processing?

 

CD37 relies on consent as the legal basis for processing personal data.

 

What about the personal data of minors?

If you intend to send us personal data relating to minors over whom you do not have parental authority, please ensure that you have obtained the explicit consent of the person(s) with parental authority. In the absence of these guarantees, CD37 declines all liability.

 

To whom may your personal data be disclosed?

Data collected are intended for CD37.

They may be disclosed to our service provider DIPTICK, as part of the development and maintenance of our ticketing system. Our service provider undertakes to comply with our data protection policy and, in particular, not to sell, lease or share your data.

 

Can your personal data be transferred outside the European Union?

CD37 processes all your personal data within the territory of the European Union (EU).

 

How long are your personal data kept?

The length of time your personal data are kept depends on the processing carried out.

CD37 undertakes not to retain your personal data beyond the period necessary for the provision of the service, and therefore for your use of the service, in addition to the conservation period imposed by the rules with regard to limitation periods.

●          identification data are kept for three (3) years from the last contact

●          billing data are kept for ten (10) years in accordance with the provisions of Article L123-22 of the French Commercial Code.

 

How are your personal data protected?

CD37 endeavours to take all measures to ensure the security and confidentiality of your personal data and, in particular, to prevent them from being damaged, deleted or accessed by unauthorised third parties.

Only authorised persons may access the data. Any subcontractor's employees are always accompanied and supervised by a CD37 and/or IT Department employee when they access the data servers.

We are constantly improving our security procedures as technologies evolve in order to maintain the highest level of protection. Our employees and those of our subcontractors who have access to personal data are contractually bound by an obligation of confidentiality.

Organisational measures include allowing access to personal data only to those authorised persons who have a legitimate reason for consulting them.

Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), CD37 ensures that it complies with the obligation to notify violations of personal data, in particular to the French Data Protection Agency (CNIL).

 

What are your rights regarding your personal data?

 

At any time, you may contact CD37 to exercise the rights provided for by current regulations on personal data, subject to complying with the conditions and depending on the grounds for processing the data concerned:

  • The right of access: you may be informed that your personal data are being processed by CD37;
  • The right to rectification: you may update your personal data or ask CD37 to rectify your personal data it processes;
  • The right to object: you may request that your personal data no longer be processed if the processing is based on your consent (i.e. you withdraw your consent);
  • The right to erasure (the right to be forgotten): you may request the deletion of your personal data, subject to the legal retention period; 
  • The right to restriction of processing: you may request the suspension of the processing of your personal data if you have a pending request for rectification, erasure or objection, or if you believe that the processing is unlawful but CD37 objects to the erasure of your data;
  • The right to data portability: you may ask CD37 to retrieve your personal data in order to use them only if the processing is based on your consent.

 

How can you exercise your rights regarding your personal data?


CD37 undertakes to reply to your requests to exercise your rights as soon as possible and at the latest within one month of receipt of your request and insofar as the exercise of these rights does not hinder the performance of the contract or compliance with legal and regulatory obligations. If necessary, this deadline may be extended by two (2) months in the event of complexity and/or a large number of requests.

CD37 complies with its obligations to protect the security and confidentiality of users' personal data and has appointed a Data Protection Officer to this end.

  • You may contact our Data Protection Officer as follows:

For CD37:

  • By post: CONSEIL DÉPARTEMENTAL D'INDRE-ET-LOIRE
    PLACE DE LA PRÉFECTURE
    37000 TOURS
  • Email:

             dpo@departement-touraine.fr

You may also file a complaint with the French Data Protection Agency (CNIL) at: www.cnil.fr/fr.plaintes/internet

Any request that does not fully confirm the applicant's identity must be accompanied by a copy of proof of identity.

 

 

Annex 1

FORM TO BE SUBMITTED TO CD37 IF YOU WISH TO EXERCISE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, "GDPR"), you have certain rights regarding the retention and processing of your personal data.

In order to exercise all the rights granted to you by the GDPR, please complete the form below:

  • APPLICANT'S IDENTITY

Last name:

……………………………………………………………………………………………………………………….

First name:

………………………………………………………………………….......................................................................

Postal address:

………………………………………………………………………………………………………...............................E-mail:

……………………………………………………………………………………………………………………………..

 

  • RECIPIENT'S IDENTITY

 

  1.  Indre-et-Loire Departmental Council (CD37)

 

In accordance with Articles 39 I and 40 I of Law no. 78-17 of 6 January 1978 referred to as the "Data Protection and Civil Liberties" Act, in order for your request for access to and/or rectification of your personal data to be taken into account, you must send the supporting documents required to prove your identity, i.e. a copy of a valid proof of identity.

 

You are reminded that the exercise of these rights is limited depending on the purpose of the data processing. For example, the right to erasure is limited if the data are required for the performance of a contract or to comply with a legal obligation.

 

For more information on how to exercise your rights, please read the section of our privacy policy entitled "What are your rights regarding your personal data?"

 

  • PURPOSE OF THE REQUEST

 

  1. Request for access to your personal data, i.e. if you wish to know whether or not CD37 is processing your personal data and, if so, you wish to obtain a copy (in accordance with Article 15 "Right of access by the data subject" of the GDPR).
     
  2. Request to rectify your personal data, i.e. if you believe that certain personal data concerning you are inaccurate or incomplete (in accordance with Article 16 "Right to rectification" of the GDPR).

 

Where applicable, please specify the data concerned by the request for rectification:
………………………………………………………………………………………………………...............................................................................................................................................................................................................

 

  1. Request to erase your personal data, i.e. if you no longer wish your personal data to be processed by CD37 (in accordance with Article 17 "Right to erasure ("right to be forgotten") of the GDPR).
     

Where applicable, please specify the data concerned by the request for erasure: ………………………………………………………………………………………………………...............................................................................................................................................................................................................

 

Request to restrict processing, i.e. if you wish to restrict the processing carried out by the controller so that the personal data in question may, with the exception of storage, only be processed with your consent (in accordance with Article 18 "Right to restriction of processing" of the GDPR). This request can only be made when:

 

    • You challenge the accuracy of your personal data for a period of time that allows the data controller to verify the accuracy of the data;
    • The processing of data is unlawful and you object to their deletion and demand instead that their use be restricted;
    • The data controller no longer needs your personal data for the purposes of processing, but they are still necessary for you to establish, exercise or protect your legal rights;
    • You objected to the processing under Article 21(1) of the GDPR during the verification as to whether the legitimate grounds pursued by the controller override your own.

 

Where applicable, please specify the data concerned by the request for restriction: ………………………………………………………………………………………………………...............................................................................................................................................................................................................

 

  1. Request for data portability, i.e. if you wish to recover your personal data provided to a data controller and you wish to transfer them to another data controller (in accordance with Article 20 "Right to data portability" of the GDPR).

 

If applicable, please check the following boxes if:

 

  1. You wish to recover your personal data;
  2. You would like CD37 to transfer your personal data to another organisation responsible for data processing (please provide us with supporting documents from the said organisation):

……………………………………………...............................................................................................................………………………………………………………………………………………………………………………………………………………

 

  1. Request to object to data processing, i.e. if you object to the processing of your personal data referred to in Article 6 § 1 e) or f) of the GDPR in cases of processing necessary for the performance of a public service task by the controller, or processing necessary for the purposes of the legitimate interests pursued by the controller or by a processor, or if you no longer wish your personal data to be processed for the purposes of direct marketing (in accordance with Article 21 "Right to object" of the GDPR).

 

Where applicable, please specify the data concerned by the request to object to data processing:

……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….

 

Done at ………………….…, on ……………………..

 

Signature

 

 

 

 

  1. Cookies 

We use cookies on the site to improve its interactivity and security.

Cookies are small files stored on your browser or device by our server. Cookies are used to store status information when a browser accesses different pages on a website or when the browser returns to the website at a later date. This information is retained for the duration of the cookie's validity.

The billetterie-cite-royale-loches.departement-touraine.fr website only uses mandatory technical cookies, which are required for the site to function correctly. There is no banner to allow you to deactivate them.

You can, nevertheless, delete them from your browser if you wish but the site may no longer function correctly.

 

Last name

Purpose

Lifespan

sessionid

This cookie stores a single session identifier to authenticate connections.

The session

csrftoken

This cookie is used for security purposes to prevent cross-site hacking.

1 year

 

 

0
My cart

Your cart is empty

Explore the catalogue Confirm my cart
0
Cart total : 0.00 €