Privacy Policy
This Privacy Policy is intended to inform users of this website www.bordeaux-citytours.com (hereinafter the “Site”) and the services provided by Bordeaux City Tours (hereinafter referred to as “you” or “users”) of the manner in which personal data is collected and processed by Bordeaux City Tours.
It also aims to inform users of their rights as well as the exercise of these rights in accordance with the national regulations in force and Regulation 2016/679 of 27 April 2016 on the protection of personal data.
The controller is SAS Tourism & City Tours, with a share capital of € 5,000, whose registered office is located at 7 rue Caroline Aigle 33185 Le Haillan and registered in the Bordeaux Trade and Companies Register under number 497 634 923.
The Company has appointed a Data Protection Officer (hereinafter referred to as the “DPO”) whom you may contact at the following e-mail address: visite@bordeaux-citytours.com or by post at the following postal address
TOURISM & CITY TOURS
Délégué à la protection des données
7 rue Caroline Aigle 33185 Le Haillan
(ci-après dénommée la « Société »).
The persons concerned by this privacy policy
The Company offers road and tourism services. You are affected by this Privacy Policy when you subscribe to the services offered by the Company.
The type of data collected
The data collected by the Company within the framework of the services it offers are the following:
- Contact data (first and last name, e-mail address, nationality)
- Navigation data (searches, number of visits, date of last visit…)
- Geolocation data and navigation data (searches, number of visits, date of last visit…).
The goals
The Company processes the data of the users of this Site within the framework of the execution of the services that the Company proposes, of legitimate interests necessary to the good functioning of the services as well as under legal obligations.
First of all, it is about the management of customer relations, the realization of satisfaction surveys, the execution of the proposed service and the sending of information on the modification or the evolution of the Company’s services. The Company also processes certain data for statistical purposes, audience measurement, sending offers, promotions and news about the Company, as well as optimization of advertising targeting using data similar to those of its existing customers, in order to reach potential new customers.
Shelf life
The period of time during which the Company keeps the users’ personal data includes the period of the contractual relationship as well as the legal prescription periods.
Recipients of personal data
- The Company
The Company collects data necessary for the proper functioning of its services.
- Subcontractors
The Company may use subcontractors to perform its services.
Subcontractors process personal data only for the performance of the services offered by the Company.
The Company contractually requires its subcontractors to respect security and confidentiality obligations and to implement appropriate technical and organizational measures so that the processing carried out complies with all applicable regulations and guarantees the protection of users’ rights.
- The competent authorities
The Company may be required to transmit the personal data collected to the competent authorities, such as the public authorities, the Commission Nationale de l’Informatique et des Libertés (hereinafter referred to as the “CNIL”) or the Direction Générale de la Concurrence, de la Consommation et de la Répression des Fraudes.
Users’ rights on personal data
- Right of access
Users have the right to access their personal data. Users have the right to obtain confirmation as to whether or not their data are being processed. If users exercise this right, the Company will provide them with a copy of the characteristics of the processing carried out on their personal data (the purposes of the processing, the categories of data concerned, etc.).
The information will be provided either electronically or in paper format. Users may obtain a copy of their personal data subject to respect for the rights of others.
- Right of rectification
Users who find that their personal data is incorrect or incomplete have the right to request the correction or completion of such information.
- Right to limit processing
Users have the right to obtain the limitation of the processing of their personal data in particular when they contest the accuracy of the data, when the processing is unlawful and they wish to obtain the limitation and not the erasure of their data, or when the data controller no longer needs the personal data but they are still necessary for the establishment, exercise or defense of a legal claim.
- Right to object to processing
Users may object to their personal data being processed if they have a legitimate reason and if the processing is based on their consent.
Once you exercise your right to object, your personal data will no longer be processed. Where the processing is based on a legal obligation, the right to object is not applicable.
The Company informs you that the modification or deletion will take place as soon as possible.
Right to be forgotten
Users may request the deletion of their personal data in the cases listed in Article 17 of the RGPD: when it is no longer necessary for the purposes for which it was processed or collected, when it must be deleted under a legal obligation, when it has been processed unlawfully or when you withdraw your consent for the purpose in question.
However, the data may not be erased when the processing is necessary, among other things, for the exercise of the right to freedom of expression and information, for compliance with a legal obligation incumbent on the Company, or for the establishment, exercise or defense of legal claims.
- Right to data portability
Users have the right to the portability of the personal data they have transmitted. You will be able to access it in a structured, commonly used and machine-readable format. You may also request that this data be transferred to another data controller where technically possible.
The exercise of rights
You may exercise your rights by contacting the DPO designated by the Company at the following e-mail address: visite@bordeaux-citytours.com or by mail at the following postal address
TOURISM & CITY TOURS
Délégué à la protection des données
7 rue Caroline Aigle 33185 Le Haillan
For any request to exercise your rights, the Company may ask you to provide an official identity document (identity card, passport, driver’s license, etc.) in order to verify that you are the person concerned by the personal data that is the subject of the request.
Responses to your requests will be sent to you electronically or on paper.
The Company undertakes to respond to any request as soon as possible and within a maximum of one month from the receipt of your request.
However, this period may be extended by two months when the request is complex or because of the number of requests received.
If the Company cannot comply with your request, you will be informed within one month of receipt of your request. The reasons for the refusal will be clearly indicated. You will then have the possibility to lodge a complaint with the CNIL and to take legal action.
You are informed that in the event of manifestly unfounded or excessive requests, in particular because of their repetitive nature, the Company may refuse to follow up on your requests or require payment of a fee to compensate for the administrative costs incurred in responding to your requests.
Security of personal data
The Company implements all appropriate security measures to ensure the protection of personal data collected, including preventing the destruction, loss, alteration, disclosure or unauthorized access of data.
To this end, security measures such as anonymization or encryption of data will be implemented. Measures to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services will also be taken.
You will be notified as soon as possible of any security breach affecting your data that may pose a high risk to your rights and freedoms.
Storage of personal data
The servers used by the Company to store your personal data are located in France.
The Company transmits certain personal data to its subcontractors providing services necessary for the performance of the services. Some subcontractors host personal data on servers located outside the European Union. Therefore, the Company ensures that they are able to guarantee the same level of data protection as that required by the RGPD within the European Union.
Changes to the Privacy Policy
When this Privacy Policy changes, the update will be posted on the Company’s website or via e-mail with the date of the update. We encourage users to review it regularly.