CHARTER RELATIVE TO THE PROTECTION OF PERSONAL DATA OF USERS OF THE SAINT-ÉMILION WEBSITE
This Charter applies to all Users of the Saint-Émilion website, accessible from the Internet address: vins-saint-emilion.com and supplements its general conditions of use.
- Definition and nature of personal data
When you use the Platform, we may ask you to provide us with personal data about you.
The term “personal data” refers to all data which make it possible to identify, directly or indirectly, an individual.
– Information you provide us with:
When you make a contact request, you are asked to provide us with the following data: surname, first name, e-mail address, country, wine lover or professional.
– Information that we automatically collect when you use the Platform
During your use of the site and for the proper performance of the services, we may also collect personal data about you automatically through the tools and services offered on the website. In particular, we collect the following data:
– Information on how to use the Platform’s tools and functionalities:
We collect information about your interactions with the Platform, including the pages and sections visited on the website, the links you clicked on;
– Connection information and information about the equipment and devices you use to connect to the site:
We collect connection data from the devices you use to connect to the site, including your IP address, connection dates and times, crash data, device identification data, and pages viewed.
- Purpose of this charter
The purpose of this charter is to inform you about the means we use to collect and process your personal data, in strict compliance with your rights. In this regard, we inform you that we comply, in the collection and management of your personal data, with French law no. 78-17 of 6 January 1978 on data processing, files and freedoms, in its current version, as well as the General Data Protection Regulations (RGPD).
- Identity of the person responsible for data collection and processing
The person responsible for the collection and processing of your personal data is the Conseil des Vins de Saint-Émilion, whose registered office is located at RUE GUADET – BP 15 – 33330 SAINT-EMILION represented by its Managing Director, Mr Franck Binard.
- Collection and processing of personal data
Your personal data are collected and processed for one or more of the following purposes:
– Send newsletters, solicitations and promotional messages. In the event that you do not wish to receive these kind of messages, we give you the opportunity to express your refusal to do so when collecting your data;
– Develop trade and service attendance statistics;
– Organize contests, lotteries and all promotional operations excluding online gambling subject to the approval of the Regulatory Authority for Online Games;
– Manage the management of people’s opinions on the Services;
– Comply with our legal and regulatory obligations.
When collecting your personal data, we inform you whether certain data must be provided or whether they are optional. We also inform you of the possible consequences of a failure to respond.
- Recipients of the data collected and processed
Only our consulting staff, the services in charge of control (auditor in particular) and our subcontractors will have access to your personal data.
Public bodies may also be recipients of your personal data, exclusively to meet our legal obligations, court officers, ministerial officers.
- Transfer of personal data
Your personal data may be transferred, rented or exchanged for the benefit of third parties. If you wish, we give you the option to tick a box indicating your agreement to this when collecting your data.
However, you are informed that we reserve the right to disclose your data to third parties in completely anonymous and aggregated form, i.e. in a form that does not allow you to be identified in any way.
- Storage period for personal data
– Concerning data relating to the management of Users:
Your personal data will not be stored for longer than is strictly necessary to manage our business relationship with you. However, the data used to establish proof of a right or contract, which must be kept in order to comply with a legal obligation, will be kept for the period provided for by the law in force, i.e. a period of 5 years.
Concerning possible prospecting operations for customers, their data may be kept for a period of 3 years from the end of the commercial relationship.
Personal data relating to a prospect who is not a customer may be kept for a period of 3 years from the time they are collected or the last contact made by the prospect.
At the end of this 3-year period, we will be able to contact you again to find out if you wish to continue to receive commercial solicitations.
– Concerning identity documents: In the event of exercise of the right of access or rectification, data relating to identity documents may be kept for the period provided for in Article 9 of the Code of Criminal Procedure, namely one year. In the event of exercise of the right of objection, this data may be archived during the limitation period provided for in Article 8 of the Code of Criminal Procedure, i.e. 3 years.
– Concerning the management of opposition lists to receive from prospecting: The information allowing your right of opposition to be taken into account is kept for a minimum of 3 years from the exercise of the right of opposition.
– Regarding audience measurement statistics: Information stored in the user terminal or any other element used to identify users and allowing their traceability or attendance will not be kept for more than 13 months.
- Safety and security
We inform you to take all appropriate precautions, organisational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular to prevent them from being distorted, damaged or accessed by unauthorised third parties.
We inform you that your data is stored, for the entire duration of their storage on the servers of the company Cognix Systems, located in France, at 50 Rue Paul Langevin, 35200 Rennes, in the European Union.
Your data will not be transferred outside the European Union in connection with the use of the services we offer you.
Cookies are text files, often encrypted, stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website server.
There are three types of cookies, which do not have the same purposes: technical cookies, social network cookies and advertising cookies:
– Technical cookies are used throughout your browsing experience to make it easier and to perform certain functions. For example, a technical cookie can be used to store the answers provided in a form or the user’s preferences regarding the language or presentation of a website, when such options are available.
– Social network cookies can be created by social platforms to allow website designers to share the content of their site on those platforms. In particular, these cookies may be used by social platforms to track the navigation of Internet users on the website concerned, whether or not they use these cookies.
– Advertising cookies can be created not only by the website on which the user navigates, but also by other websites displaying ads, announcements, widgets or other elements on the page displayed. In particular, these cookies can be used to carry out targeted advertising, i.e. advertising determined according to the user’s navigation.
We use technical cookies. These are stored in your browser for a period of 13 months. We do not use advertising cookies. However, if we were to use them in the future, we would inform you in advance and you would have the option to disable these cookies if necessary. We also do not use social network cookies. If we were to use them, we would inform you in advance, and give you any information on their nature, the means of accepting or refusing them. We use Google Analytics which is a statistical audience analysis tool that generates a cookie to measure the number of visits to the Platform or Application, the number of pages viewed and visitor activity. Your IP address is also collected to determine the city from which you are connecting. The storage period of this cookie is mentioned in Article 7 of this charter. We remind you for all intents and purposes that it is possible for you to prevent the deposit of cookies by configuring your browser. However, such a refusal could prevent the Platform or Application from functioning properly.
- Access to your personal data
In accordance with the law n° 78-17 of 6 January 1978 relating to data processing, files and freedoms, as well as the RGPD, you have the right to access your data to obtain communication and, if necessary, rectification or deletion of data concerning you, by sending a request to us at the following address:
– e-mail address: email@example.com
– postal address: BP 15, Rue Guadet, 33330 Saint-Émilion
It is recalled that any person may, for legitimate reasons, request a limitation to the processing of data concerning him or her or oppose such processing.
We inform you that in the event of rectification or deletion of your personal data, as well as the limitation of processing, carried out following a request from you, we will notify the persons to whom we have communicated your data of the said modifications, unless such communication is impossible.
- Portability of your personal data
You have a right to the portability of the personal data you have provided to us, understood as the data you have actively and consciously declared in connection with the use of the services, as well as the data generated by your activity in connection with the use of the services. We remind you that this right does not apply to data collected and processed on a legal basis other than the consent or performance of the contract binding us. This right can be exercised free of charge, at any time, in order to retrieve and store your personal data. In this context, we will send you your personal data, by any means deemed necessary, in an open standard format commonly used and machine-readable, in accordance with the state of the art.
- Making a complaint to a supervisory authority
You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the Commission Nationale Informatique et Libertés pour la France), in the Member State in which your habitual residence, workplace or place where the violation of your rights would have been committed, if you consider that the processing of your personal data covered by this Charter constitutes a violation of the applicable texts. This remedy may be exercised without prejudice to any other remedy before an administrative or judicial court. You also have the right to an effective administrative or judicial remedy if you consider that the processing of your personal data covered by this Charter constitutes a violation of the applicable texts.
- Communication relating to a violation of personal data
If we notice a security breach in the processing of your data that could lead to a high risk to your rights and freedoms, we will inform you as soon as possible. We will detail to you on this occasion the nature of the violation encountered and the measures put in place to put an end to it.
- Amendments to the Regulations
We reserve the right, at our sole discretion, to modify this policy in whole or in part at any time. These amendments will come into force as of the publication of the new charter. Your use of the Platform following the entry into force of these changes will constitute recognition and acceptance of the new charter. Failing this, and if this new charter does not suit you, you will no longer have to access the Platform.
- Entry into force
This charter came into force on February 4, 2019.