Privacy policy

1. PREAMBLE AND PURPOSE

Cévéo and its team are aware of the importance of respecting confidentiality in the eyes of their customers. That's why we take care to be as clear as possible about how we collect, use, disclose, transfer and store your personal information.

This Privacy and Personal Data Protection Policy (hereinafter the "Policy") applies to all communications, websites, customer service platforms and other applications that cite or link to it (collectively referred to as the "Services"). It applies regardless of whether you are using a computer, cell phone or tablet.

The principles set out below in the Cévéo Policy also apply to processing under Cévéo's responsibility, relating in particular to:

  • management of promotional offers
  • management of the website
  • management of Customer Service
  • commercial prospecting
  • use of behavioral and email-related data, for the purposes of customer knowledge and direct and indirect marketing

All operations on your Personal Data are carried out in compliance with the regulations in force and in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "Regulation" or "RGPD"), and any applicable national legislation on the protection of Personal Data

___________________________________________________________________________

If you disagree with this Policy, you are free not to use our services or not to provide certain Personal Data. Please note, however, that access to some of our Services is conditional upon the provision of certain personal data - indicated by an asterisk - and that certain functionalities (e.g. reservations) may be impaired in the absence of your personal data.

___________________________________________________________________________

2. DEFINITIONS

  • "Personal Data (or DCP)", "Process/Processing", "Data Controller", "Data Processor", "Data Subject" have the same meaning as in the Regulation;
  • "Company": refers to the legal entity of the Cévéo company, whose contact details appear in the legal notice in its capacity as publisher of the site.
  • "Partner": refers to a third-party company with which the company has concluded an agreement allowing the latter to send to its own database of prospects and customers, solicitations on its behalf.
  • "Service": refers to a service offered by the Cévéo company or one of its Partners;
  • "Site": refers to a Cévéo website
  • "EU": refers to the European Union

3. SCOPE OF APPLICATION

In addition to their main and traditional activities of tourism and real estate, or to enable the achievement of their objectives, Cévéo is likely to carry out an e-commerce activity.

4. IDENTITY OF THE DATA PROCESSOR

SAS Cévéo, with share capital of 300,000 euros, registered with the Registre du Commerce et des Sociétés de Clermont-Ferrand, under number B412 082 190, whose registered office is located at 27 route du Cendre, 63800 Cournon d'Auvergne, acts as Data Processor with regard to the processing of Customers, Prospects, Partners and Service Providers implemented within the scope of its activity.

Cévéo - Côté Vacances Organisation : 27, route du Cendre, 63800 Cournon d'Auvergne
Siret : 412082 190 00049 - Code APE : 5 520z - N° TVA intracommunautaire : fr12 412 082 190 00049 Immatriculation au registre des opérateurs de voyages et séjours : IM063100040

As part of the operation of its Site, the Data Controller collects personal Data concerning you with your consent.

5. CHARACTERISTICS OF PROCESSING

Prior to the collection of Personal Data, the User will be informed whether the Personal Data requested must be obligatorily filled in or whether it is optional.

The consequences of failing to transmit data considered obligatory will be specified at the time of collection.

Some data collected on the site, are strictly necessary for the establishment and follow-up of your contract (e.g. reservation of stay/service provision) or for browsing our website.

These purposes will be specified at the time of data collection. Mandatory Personal Data are identified by asterisks. Failure to provide them will make it impossible for the person concerned to access and use the Services or for a request linked to a form to be fulfilled.

  • Identity: title, surname, first names, address, telephone number (landline or mobile), e-mail address, date of birth, customer number, number of children, children's date of birth, children's first name;
  • Data relating to means of payment: postal or bank identity statement, transaction number, cheque number, bank card number, third-party financing; Bank data is not kept by the company;
  • Data relating to the commercial relationship: customer number, reservation number, requests for documentation, products and services reserved and purchased, quantity, amount, frequency, delivery address, purchase history, origin of the sale (seller, representative) or order, correspondence with the customer and after-sales service;
  • Data relating to invoice payments and history: payment terms, discounts granted, information on credit taken out (amount and duration, name of lending institution), receipts, outstanding payments, reminders, balances;
  • Contact data and corresponding (meta-)data: correspondence exchanged, date and time of messages;
  • Data relating to newsletter subscriptions: title, surname, first names, e-mail address, country of residence, date of birth, CE affiliation or professional entity.
  • Technical data required when using our website: When users visit the website, the web server automatically records data and information about the device and browser used by them. This information on the browser type and version used, the operating system, the Internet service provider, the IP address of their device, the date and time of access to the website from which users visit this website and the pages they visit on the website

The other data is optional and its non-provision will not affect the delivery of promised Services or responses to inquiries, although it may limit their relevance.

In all circumstances, the Cévéo company proceeds with the processing of all your Personal Data collected in compliance with the regulations in force and in particular the Regulations.

6. RECIPIENTS OF PERSONAL DATA

Personal data collected on a Site or a form is intended for the publisher of the Site or the issuer of the Form (whose contact details appear in the Legal Notices or whose identity is specified on the collection form).

Where applicable, and under the conditions provided for by the RGPD, a transfer of your Personal Data is possible to third-party organizations.

In the context of its activities, Cévéo is likely to communicate the Personal Data of Customers, Prospects, Partners or Service Providers to Authorized Recipients subject to an appropriate obligation of confidentiality as well as to rules of access, use of Data and strict security.

These recipients include, but are not limited to, the following:

  • Internal recipients: Cévéo staff whose duties, functions and missions justify their processing the Personal Data of Customers, Prospects, Partners and Providers (the vacation villages, campsites and residences in which you have or will be staying, the holiday advisors or sales team, the team in charge of marketing and managing Customer and Prospect relations, Provider contracts, managing online services, IT, etc.).External recipients: Subcontractors, service providers where applicable (IT service providers, billing service providers, activities such as transport companies, insurance companies, etc.). Administrative or judicial authorities within the scope of their powers.

7. COOKIES

Cévéo uses Cookies on the Sites and informs anyone who accesses them of their presence by means of a banner that appears on their first connection. To find out more about Cévéo's use of Cookies and how to set their parameters, Customers, Prospects, Partners and Service Providers can consult our Cookie Policy.

8. RIGHTS OF CUSTOMERS, PROSPECTS PARTNERS AND PROVIDERS

In accordance with the Data Privacy Regulations, Customers, Prospects, Partners and Providers are vested with the following rights over their Personal Data.

  • A right to request confirmation from Cévéo that data concerning them is being processed, to obtain information on the characteristics of such Processing, to access such data and to request a copy thereof (right of access and copy);
  • A right to rectify or complete any data concerning them that is erroneous or obsolete (right of rectification) ;
  • A right to obtain the deletion of Data when they, are no longer necessary for the purposes for which they were collected, are based exclusively on consent, are the subject of a request for opposition (right to erasure) ;
  • A right to object to the Processing of their Personal Data for reasons relating to their particular situation, in which case Cévéo will grant this request unless the Processing is justified by legitimate and compelling reasons (right to object on legitimate grounds) ;
  • A discretionary right to object to the Processing of their Personal Data for commercial prospecting purposes, in which case Cévéo shall either delete the Personal Data (if the applicant is a Prospect), or may retain their Personal Data but no longer Process them for this purpose (if the applicant is a Customer or a Service Provider) (right to object to commercial prospecting) ;
  • A right to obtain the limitation of Processing temporarily in the event of a request for rectification or opposition on legitimate grounds for the time it takes Cévéo to analyze the request, which in practice means that the Personal Data is retained, but Cévéo cannot process it (right to limitation) ;
  • A right to Data portability, i.e. a right to obtain from Cévéo the return of the Personal Data they have communicated in a format of common use as soon as the Processing is automated and based on consent or on the performance of a contract (right to portability) ;
  • A right to formulate directives concerning the retention, deletion and communication of their Data post-mortem, it being specified that once Cévéo becomes aware of the death of a Prospect, Customer or Service Provider and, in the absence of instructions from them, it undertakes to destroy their Personal Data, unless their retention proves necessary for evidential purposes or to meet a legal obligation.

9. EXERCISE OF RIGHTS

In accordance with the RGPD, you have the right to request from the Data Controller access to your Personal Data (Art.15 RGPD), rectification (Art.16 RGPD) or erasure thereof (right to be forgotten, Art.17 RGPD), or a limitation of the processing of your personal data (Art.18 RGPD) and the right to portability of such data (Art.20 RGPD).

When we process your Personal Data, you may also object to such processing on grounds relating to your particular situation (Art. 6 (1). e) or f) RGPD). In the event of your objection, your data will no longer be processed, except in the case of legal constraints to the contrary, of use necessary for the performance of a contract to which you are a Party, of information necessary for the defense of a legal claim or of no risk to your fundamental rights and freedoms. You may object to the processing of your data for marketing purposes at any time.

In the case of data processed on the basis of your consent, you may withdraw your consent at any time. Please note that the withdrawal of your consent has no retroactive effect on the processing carried out on this basis, prior to the said withdrawal.

The request must emanate exclusively from the Customer, Prospect or Service Provider, unless mandated to a third party in due form or recourse to a successor in title) and be as clear and exhaustive as possible to enable Cévéo to respond as quickly as possible, ranging from one to three months depending on their level of complexity.

To enable your request to be processed quickly, and to enable us to guarantee the confidentiality of your data, please indicate your full name, address and customer number and/or file number if you have one. In the event of reasonable doubt as to your identity, we may ask you to provide valid proof of identity (in particular a national identity card, passport or residence permit, which must be sent by post).

These rights are described in greater detail on the Data Protection Authority website: https://www.cnil.fr.

If you request the deletion of personal information, you acknowledge that you may not be able to access or use the Services and that personal information will remain in Cévéo's records and archives for some time, in accordance with applicable law, but Cévéo will not use this information for commercial purposes. You understand that despite your request for deletion, Cévéo reserves the right to retain your personal information, or a relevant part thereof, in accordance with applicable law. Cévéo reserves the right to suspend, limit or terminate access to the Website due to non-compliance with the Terms of Use, if necessary to protect the rights, property or safety of Cévéo or any of our respective affiliates, business partners, employees or customers.

10. SECURITY

Given the evolution of technologies, the costs of implementation, the nature of the Personal Data to be protected as well as the risks to the rights and freedoms of individuals, Cévéo implements all the technical and organizational measures it deems appropriate in order to ensure the confidentiality of the Personal Data collected and processed as well as a level of security appropriate to the risk.

As an example, the following measures have been implemented by Cévéo:

  • Hosting of Personal Data on servers located in the U.E.;
  • Sensitization of Cévéo employees who are required to process the Personal Data of Customers, Prospects, Partners and Service Providers within the scope of their duties;
  • User authentication systems with personal and secure access via robust, confidential and frequently changed identifiers and passwords;
  • Implementation of the SSL (Secure Socket Layer) protocol, in particular to guarantee your security and ensure greater confidentiality. When information is transferred over the network, your credit card number and all the information entered in the various forms are automatically encrypted. The SSL encryption system automatically encrypts information before it is transmitted over the network. Once it reaches our server, banking data will be decrypted using a unique SSL key that enables your browser to establish a connection with our website and transparently negotiate a secure communication channel.

When Cévéo resorts to subcontractors, i.e. service providers to whom it has delegated all or part of a processing operation and who process the Personal Data of Customers, Prospects, Partners and Service Providers in accordance with its instructions, Cévéo plans to apply security guarantees similar to those used to protect Personal Data and to request the signature of an RGPD good practice certificate from its subcontractors and/or service providers concerned.

11. UPDATING THIS PRIVACY POLICY

The Privacy Policy may be modified, supplemented or updated at any time by Cévéo.

In the event of modification of this Policy, or if required by legal or regulatory texts, the modified version will be published on our websites and will be effective upon publication.

Therefore, we invite you to refer to it on each visit in order to be aware of the latest version, which is permanently available on our websites.

12. CONTACT CEVEO

Prospects, Customers, Partners or Service Providers may address any questions or complaints relating to this Privacy Policy to Cévéo, or make any recommendations or comments relating to it, in writing to the following contact details:

By post: Cévéo - Protection de mes données - 27 route du Cendre - 63800 Cournon d'Auvergne

By email: desabonnement@ceveo.com