Protection of personal data as communicated by our customers for our Services is of the utmost importance to us. This Privacy Statement aims at informing you of our policy regarding personal data, most particularly the data we collect, the way we treat and process it, for which purposes and with whom we share it.
More specifically, this Statement describes the way we use your personal data when you use our websites and/or booking portals, when you order or use the Services provided by CTOUTVERT, or interact with us via other channels (help desk, social network).
The simple fact of using one of the services provided by CTOUTVERT (hereby named « the Services ») confirms you have read and agreed to the following Privacy Statement in its entirety.
In accordance with current legislation regarding protection of privacy, we consider CTOUTVERT acts as a provider for some processes and purposes, and as responsible party for others.
Please remind personal data (hereby name « Data » or « Personal Data ») means « any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person».
Data treatment or processing (hereby named « Processing » or « Data Processing ») means « any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction ».
Data we collect
We hereby declare the Personal Data has been collected in accordance with the law for specific, explicit and rightful purposes.
o Collect of consumer customers Personal Data
During the customers’ booking processes at the Establishment via Secureholiday booking interface, we collect Personal Data that is communicated to the payment operator or to the Establishment (via its PMS software or PMS bridge), via a technical device the Establishment has determined and is responsible for, particularly regarding Personal Data safety.
Then Personal Data is integrated in the Secureholiday data base. Collected Data feature customers name and surname, date of birth, address (street, postcode, town, country), phone number, email address, booking location and dates.
o Collect of Personal Data from customer Establishments
In the context of the Services provided to the Establishment, we collect Personal Data from the Establishment, mostly when the order is made via the corresponding Order Form.
Collected Data feature name of the Establishment, address, company name, phone number, website URL, VAT number, email address, director or signing person name and surname.
How we use the data we collect
o Treatment of customer client Personal Data
We only treat Personal Data for the execution of the Establishment’s Services, more particularly for the following purposes :
- Custumers Bookings process and management of Establishment ordered Services
- Later commercial communication, only if the booking is made via the SecureHoliday system from a Partner site owned by CTOUTVERT
- Statistics studies
- Profiling for « CRM / GRC Pack» service
Personal Data can in no way be used otherwise nor for any purpose other than the ones described here.
o Processing Customer Establishment Personal Data
Personal Data is treated for the execution of the Establishment’s Services and legal requirements, more particularly for the following purposes :
- Treatment of Services Order Forms
- Complying with law from June 21st, 2004 regarding Publishers Data storage
We can also use the information detailed previously, including Data related to Customer clients and Customer Establishments for the following purposes:
- Complying with legal obligations, including on fraud prevention and fighting money laundering and « smart » sanctions. This can include verification of information transmitted and related to the Data from other sources.
- Enforcing any agreement between us, on our Services
- Warning all clients of the changes made to our Services or to our conditions and policies.
- Improving user experience and quality of service
Information we share
We can be led to share Personal Data with our commercial partners, particularly when these partners cash the amount of bookings directly, before paying the concerned Establishment. In this case, data sharing is operated exclusively according to the agreement signed between the partners and the customer Establishment.
We can also be led to share Personal Data with technical providers we contract for technical work linked to our services – this includes our servers host (Microsoft Azure).
When technical providers are sollicited for the Services provided by CTOUTVERT, all measures are taken to ensure high level protection of Personal Data and everything is processed after our instructions. They can not use the Personal Data transmitted any way other than the one expressly required, nor communicate the Personal Data related to CTOUTVERT’s customer Establishments or to the Establishment’s consumer customers who booked via SecureHoliday to a third party. More particularly, technical providers are not allowed to use your data for their own commercial targeting operations.
In any case, the only occurencies Personal Data can be communicated to a third party are the following :
- You previously agreed to that
- Data is treated via a trusted commercial partner in accordance with the Privacy Statement and level of security, based on the agreement signed between said commercial partner and customer
- We contract technical providers for technical work
- Data is aggregated in order not to identify persons, and for segmentation, statistics, general studies or trend analysis purposes
- It is our duty to disclose or communicate Personal Data to comply with legal obligations, apply our conditions of sales or other agreements, and to protect our rights, property or safety, our clients’ or other parties’. This means information might be shared with other companies or agencies to prevent fraud and reduce credit risk.
Storage of personal data
We store Personal Data as long as necessary to execute the operations as described above and comply with legal requirements.
Accuracy of the information
We strive to make sure stored Personal Data is accurate, recent and complete. We answer our customers requests to correct inaccurate information as soon as possible. Any person whose Personal Data is stored by us can inform us of any error.
We set up several technical and structure measures in order to ensure safety and protection of Personal Data.
However, if said Personal Data is transmitted via the Internet, we can't guarantee it is perfectly secured.
Transfers outside the EEA
The personal data we process is exclusively stored in the EU and we don't transfer any Personal Data outside the EU.
Your rights and preferences
At any moment and in accordance with current legislation regarding protection of personal data, you have a right to access, rectify, delete, limit and to portability on simple demand at :
10 Place Alfonse Jourdain
31000 Toulouse (France)
Email address: firstname.lastname@example.org
You also have a right to make a complaint to the competent authority, in this case the CNIL i.e. the French Data Protection Authority, at any moment.
Please be aware that in exercising one of these rights, we might not be able to provide you with part or all of the Services.
This Policy regarding protection of Personal Data might be changed without notice. In order to be informed of the changes made, please read our Policy on a regular basis.
Last update : 18/05/2018