Protection of personal data as communicated by our customers for our Services is of the utmost importance to us. This Privacy Statement aims at informing you of our policy regarding personal data, most particularly the data we collect, the way we treat and process it, for which purposes and with whom we share it.
More specifically, this Statement describes the way we use your personal data when you use our websites and/or booking portals, when you order or use the Services provided by CTOUTVERT, or interact with us via other channels (help desk, social network).
The simple fact of using one of the services provided by CTOUTVERT (hereby named « the Services ») confirms you have read and agreed to the following Privacy Statement in its entirety.
In accordance with current legislation regarding protection of privacy, we consider CTOUTVERT acts as a third-party provider for some processes and purposes, and as responsible party for others.
Please note personal data (hereby name « Data » or « Personal Data ») means « any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person».
Data treatment or processing (hereby named « Processing » or « Data Processing ») means « any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction ».
Data we collect
We hereby declare the Personal Data has been collected in accordance with the law for specific, explicit and rightful purposes.
o Collection of consumer customer Personal Data
During the customers’ booking processes at the Establishment via Secureholiday booking interface, we collect Personal Data that is communicated to the payment operator or to the Establishment (via its PMS software or PMS bridge), via a technical device the Establishment has determined and is responsible for, particularly regarding Personal Data safety.
Then Personal Data is integrated in the Secureholiday data base. Collected Data feature customer's name and surname, date of birth, address (street, postcode, town, country), phone number, email address, booking location and dates.
o Collection of Personal Data from customer Establishments
In the context of the Services provided to the Establishment, we collect Personal Data from the Establishment, mostly when the order is made via the corresponding Order Form.
Collected Data feature name of the Establishment, address, company name, phone number, website URL, VAT number, email address, director or signing person name and surname.
How we use the data we collect
o Treatment of customer client Personal Data
We only treat Personal Data for the execution of the Establishment’s Services, more particularly for the following purposes :
- Customers Bookings process and management of Establishment ordered Services
- Later commercial communication, only if the booking is made via the SecureHoliday system from a Partner site owned by CTOUTVERT
- Statistics studies
- Profiling for « CRM / GRC Pack» service
Personal Data can in no way be used otherwise nor for any purpose other than the ones described here.
o Processing Customer Establishment Personal Data
Personal Data is treated for the execution of the Establishment’s Services and legal requirements, more particularly for the following purposes :
- Treatment of Services Order Forms
- Complying with law from June 21st, 2004 regarding Publishers Data storage
We can also use the information detailed previously, including Data related to Customer clients and Customer Establishments for the following purposes:
- Complying with legal obligations, including on fraud prevention and fighting money laundering and « smart » sanctions. This can include verification of information transmitted and related to the Data from other sources.
- Enforcing any agreement between us, on our Services
- Warning all clients of the changes made to our Services or to our conditions and policies.
- Improving user experience and quality of service
Information we share
We may be required to share Personal Data with our business partners, and in particular when these partners collect the payment for the reservations, before transferring it to the Establishment in question. In this case, this sharing of data falls exclusively within what is strictly agreed in the contract concluded between the said commercial partners and the Client Establishment.
We may also share Personal Data with service providers that we use to assist us for essential technical support, including the host of our servers (Microsoft Azure).
Finally, we may use service providers companies that collect Personal Data of Website users, such as Google Ads, whose purpose it is to provide users with targeted advertising. More information about this collection of data is available on the following page: https://policies.google.com/technologies/partner-sites
When Service providers intervene within the framework of the Services provided or offered by CTOUTVERT, all measures are taken to ensure a high level of security of protection of Personal Data and all Processing is done according to our directives. They may not, under any circumstances, make use of the Personal Data transmitted to them other than expressly required, nor disclose to any other third party the Personal Data concerning the Establishments customers of CTOUTVERT or the customers of Establishments who book via SecureHoliday. In particular, technical service providers are not authorized to use your data for commercial purposes.
In any case, the only occurencies where Personal Data can be communicated to a third party are the following :
- You previously agreed to that
- Data is treated via a trusted commercial partner in accordance with the Privacy Statement and level of security, based on the agreement signed between said commercial partner and customer
- We contract technical providers for technical work
- Data is aggregated in order not to identify persons, and for segmentation, statistics, general studies or trend analysis purposes
- It is our duty to disclose or communicate Personal Data to comply with legal obligations, apply our conditions of sales or other agreements, and to protect our rights, property or safety, our clients’ or other parties’. This means information might be shared with other companies or agencies to prevent fraud and reduce credit risk.
Storage of personal data
We store Personal Data as long as necessary to execute the operations as described above and comply with legal requirements.
Accuracy of the information
We strive to make sure stored Personal Data is accurate, up to date and complete. We answer our customers' requests to correct inaccurate information as soon as possible. Any person whose Personal Data is stored by us can inform us of any error.
We set up several technical and structural measures in order to ensure safety and protection of Personal Data.
However, if said Personal Data is transmitted via the Internet, we can't guarantee it is perfectly secured.
Transfers outside the EEA
The personal data we process is exclusively stored in the EU and we don't transfer any Personal Data outside the EU.
Your rights and preferences
At any moment and in accordance with current legislation regarding protection of personal data, you have a right to access, rectify, delete, limit and to portability on simple demand at :
10 Place Alfonse Jourdain
31000 Toulouse (France)
Email address: firstname.lastname@example.org
You also have a right to make a complaint to the competent authority, in this case the CNIL i.e. the French Data Protection Authority, at any moment.
Please be aware that in exercising one of these rights, we might not be able to provide you with part or all of the Services
This Policy regarding protection of Personal Data might be changed without notice. In order to be informed of the changes made, please read our Policy on a regular basis.
Last update : 23/03/2023