Table of contents
Yncréa Méditerranée participates and complies with all the Specifications and Policies of the Transparency & Consent Framework of the IAB Europe. It uses the Consent Management Platform n°92.
You can change your choices at any time by click here.
The Data Controller reserves the right to anonymize the data being processed before deleting it.
You can change your choices at any time by click here.
PREAMBLE
Article 1. Parties to the present act
Between the undersigned : 1° L'association loi du 1er juillet 1901 YNCREA MEDITERRANEE, whose registered office is at Maison des Technologies, place Georges Pompidou, 83000 Toulon, and whose RNA number is W832007741. Hereinafter referred to as the " Person in charge of the treatment ", On the one hand, and 2°. Any natural person browsing the website of the Data Controller. Hereinafter referred to as the " Person concerned "on the other hand, It has been set out and agreed as follows:Article 2. Object
Purpose This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller. Its purpose is to provide information concerning the manner in which the Data Controller may collect and process the Data of the Data Subject, in accordance with the legislation in force and in particular the European Regulation n°2016/679 and the law n°78-17 (hereinafter referred to as the "Legislation"), in connection with the website www.isen-mediterranee.fr (hereinafter referred to as the "Website"). This Privacy Policy does not apply to services that are not rendered by the Data Subject.Article 3. Definitions
- The person in charge of processing means the association YNCREA MEDITERRANEE, whose head office is located at the Maison des Technologies, place Georges Pompidou, 83000 Toulon, and whose RNA number is W832007741, which alone or jointly with others, determines the purposes and means of the Processing
- Data subject means any natural person who navigates on the Site of the Data Controller, when he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity. 3
- Browsing means consulting the Site.
- Site means the infrastructure developed by the Data Controller in accordance with the computer formats usable on the Internet, comprising data of various kinds, and in particular text, sound, still or animated images, videos and databases, intended to be consulted by the Person concerned (www.isen-mediterranee.fr).
- Data means any information relating to the Data Subject.
- File means any structured set of Data accessible according to determined criteria, whether this set is centralized, decentralized or distributed in a functional or geographical way.
- Processing means any operation or set of operations, whether or not carried out using automated processes and applied to the Data or sets of Data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, deletion or destruction
- Legislation means any law and regulation relating to Data protection, and in particular the European Regulation n°2016/679 and the law n°78-17.
- Processor means any natural or legal person, public authority, department or other body other than the Controller who processes Data on behalf of the Controller.
- Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of the Data, in particular within the framework of an investigation mission, are not considered as Recipients within the meaning of the present definition.
- Third party means any natural or legal person, public authority, department or other body other than the Controller, the Processor and those persons who, under the direct authority of the Controller or the Processor, are authorised to process the Data, and in particular tour operators, travel agencies and reservation systems.
- Consent means any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or a clear positive act, that Data concerning him or her may be Processed by the Controller.
- Supervisory Authority means the French National Commission for Information Technology and Civil Liberties (CNIL), an independent French public authority that regulates data protection.
- DPO refers to the Data Protection Officer of the Data Controller, i.e. Cabinet Bouchara - Avocats (17 rue du colisée - 75008 Paris, info@cabinetbouchara.com).
Article 4. Principles relating to the Treatment
Principles relating to Processing In accordance with the Legislation, the Data Controller undertakes to comply with the following principles for each Processing:- Legality ;
- Loyalty ;
- Transparency ;
- Purpose limitation ;
- Data minimization ;
- Accuracy ;
- Limiting conservation ;
- Integrity ;
- Privacy policy ;
- Responsibility.
Article 5. Processed data
Processed Data As part of browsing the Site, the Data Controller collects and processes a certain amount of Data, in particular :- Identification data (surname, first name, email address, telephone number, message);
- Technical information (IP address, navigation data).
Article 6. Context of the Processing
The Data Subject's Data may be collected and processed by the Data Controller on various occasions, and in particular :- Site navigation ;
- Request to exercise rights over Data ;
- Dialogue with the virtual assistant ;
- Request for contact.
Article 7. Purpose of the Processing and storage of the Data
Purpose of the Processing | Data concerned | Legal basis of the processing | Duration of retention of Data |
---|---|---|---|
Contact management | First name, last name, email address, phone number, message | Consent of the Person concerned | 3 years from the last contact by the Person concerned |
Securing and improving the Site | IP address, Browsing data | Legitimate interest of the Data Controller to manage the Site, secure and administer the Site, prevent fraud and malicious acts | 13 month |
Site statistics and personalized advertising | IP Address, Browsing Data, Consent | Consent of the Person concerned | 6 month |
Management of requests for the exercise of data rights | Email address, phone number, copy of ID | Legal obligation | 1 month |
Article 8. Recipients of the Data
The Data Controller, any Subcontractors and, where applicable, the franchised agencies of the Data Controller, are the only Data Recipients. The Data Controller undertakes to require from its Subcontractors sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the Processing complies with legal and regulatory requirements, and guarantees the protection of the Data Subject's rights, particularly in the event of transfer of the Data outside the European Union. The Data Controller may communicate to any Third Party the Data that is the subject of a Processing when a legal obligation to do so exists, or if you expressly consent in advance, or when the Data Controller considers in good faith that this is necessary in order to:- Respond to any claims against it;
- Comply with judicial and/or administrative requirements;
- To enforce any contract to which the Person concerned is a party;
- Safeguarding the vital interests of all natural persons;
- The execution of a public interest mission.
Article 9. Transfer of Data outside the European Union
Transfer of Data outside the European Union The Data Controller keeps all Data on secure servers located within the European Union. 6 No transfer of Data outside the European Union will be made by the Data Controller without the express prior consent of the Data Subject.Article 10. Data subject's right to the Data
The Data Subject has a number of rights in respect of the Data, as set out below, which he or she may assert, except in the case of applicable legislative or regulatory exceptions, by making a request to the Data Controller at the following e-mail address: dpo-mediterranee@yncrea.fr. In the event of difficulty in exercising his or her rights with regard to the Data, the Data Subject may contact the DPO, who will assist him or her in contacting the Data Controller. If there is reasonable doubt about your identity, the Data Controller may ask you to attach a copy of an official identity document in support of your request. Requests will be processed as quickly as possible, and at the latest within the time limits set by law. Article 10.1. Right of access The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Data are being processed and, where they are, access to said Data as well as the following information:- Purposes of processing ;
- Data categories ;
- The Recipients or categories of Recipients to whom the Data have been or will be communicated, in particular Recipients established in third countries or international organizations;
- Where possible, the length of time the Data will be kept or, where this is not possible, the criteria used to determine this length of time;
- The existence of the right to request from the Data Controller the rectification or erasure of Data, or a limitation of the processing of Data, or the right to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where Data is not collected from the Data Subject, any available information as to its source ;
- The existence of automated decision-making, including profiling, and, at least in such cases, relevant information about the underlying logic and the significance and intended consequences of such processing for the Data Subject.
- Exercising the right to freedom of expression and information ;
- Compliance with a legal obligation;
- Public interest in public health, archives, scientific, historical or statistical research;
- The establishment, exercise or defense of legal rights.
- The accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the Data;
- The processing is unlawful and the Data Subject objects to their erasure and demands instead that their use be restricted;
- The Data Controller no longer requires the Data for the purposes of Processing, but the Data is still necessary for the Data Subject to establish, exercise or defend legal claims;
- The Data Subject has objected to the Processing in accordance with Article 10.3, during the verification as to whether the legitimate grounds pursued by the Controller prevail over those of the Data Subject.
- Processing is based on the Data Subject's Consent or on the performance of a contract to which the Data Subject is a party;
- The Processing is carried out using automated processes.
Article 11. Data Security
The Data Controller takes appropriate technical and organizational measures to protect the Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether such actions are intentional or accidental. The purpose of these technical and organizational measures is to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.Section 12. Modification of the Privacy Policy
The Data Controller reserves the right to modify this Privacy Policy from time to time. 9 In the event of substantial modification of the present Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy. The Data Subject is invited to consult this Privacy Policy regularly to take note of any changes. Any questions concerning this Privacy Policy may be sent to the following e-mail address: dpo-mediterranee@yncrea.fr.Article 13. Nullity of the Privacy Policy
If any provision of this Privacy Policy is found to be invalid by any applicable law or court decision, it shall be deemed unwritten, but this shall not invalidate the entire Privacy Policy or affect the validity of the remaining provisions.Article 14. Cookie management
When browsing the Site, the Person concerned may consent to or refuse the installation of Cookies on his/her computer terminal. Generally speaking, Cookies record information relating to the browsing of computers on the Site (pages consulted, date and time of consultation, etc.), information which may be read during subsequent visits by the Person concerned to the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Person concerned. Some Cookies are essential to the proper operation of the Site and do not require the consent of the Person concerned before installation. These are referred to as Functional Cookies. In accordance with Article 7 of this Privacy Policy, Cookies are automatically deleted within six (6) months of their installation if the Person concerned does not renew his/her consent before the expiry of this period. The Person concerned may refuse to give his/her consent to the installation of non-functional Cookies, withdraw his/her consent and/or set the parameters of the Cookies at any time by using the Data Controller's Cookies manager below or by configuring his/her browser as follows: For Mozilla Firefox :- Choose the "Tools" menu and then "Options".
- Click on the "privacy" icon
- Locate the "cookie" menu and select the options that suit you
- Select the "Tools" menu, then "Internet Options".
- Click on the "Confidentiality" tab
- Select the desired level with the cursor.
- Choose the "Tools" menu, then "Internet Options".
- Click on the "Privacy" tab
- Customize the level" with the slider
- Choose the "Edit" menu > "Preferences
- Privacy and Security
- Cookies
- Choose the menu "File" > "Preferences
- Privacy Policy