Privacy policy

Table of contents

Yncréa Méditerranée participates and complies with all the Specifications and Policies of the Transparency & Consent Framework of the IAB Europe. It uses the Consent Management Platform n°92.

You can change your choices at any time by click here.

PREAMBLE

Article 1. Parties to the present act

Between the undersigned : 1° L'association loi du 1er juillet 1901 YNCREA MEDITERRANEE, whose registered office is at Maison des Technologies, place Georges Pompidou, 83000 Toulon, and whose RNA number is W832007741. Hereinafter referred to as the " Person in charge of the treatment ", On the one hand, and 2°. Any natural person browsing the website of the Data Controller. Hereinafter referred to as the " Person concerned "on the other hand, It has been set out and agreed as follows:

Article 2. Object

Purpose This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller. Its purpose is to provide information concerning the manner in which the Data Controller may collect and process the Data of the Data Subject, in accordance with the legislation in force and in particular the European Regulation n°2016/679 and the law n°78-17 (hereinafter referred to as the "Legislation"), in connection with the website www.isen-mediterranee.fr (hereinafter referred to as the "Website"). This Privacy Policy does not apply to services that are not rendered by the Data Subject.

Article 3. Definitions

  • The person in charge of processing means the association YNCREA MEDITERRANEE, whose head office is located at the Maison des Technologies, place Georges Pompidou, 83000 Toulon, and whose RNA number is W832007741, which alone or jointly with others, determines the purposes and means of the Processing
  • Data subject means any natural person who navigates on the Site of the Data Controller, when he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity. 3
  • Browsing means consulting the Site.
  • Site means the infrastructure developed by the Data Controller in accordance with the computer formats usable on the Internet, comprising data of various kinds, and in particular text, sound, still or animated images, videos and databases, intended to be consulted by the Person concerned (www.isen-mediterranee.fr).
  • Data means any information relating to the Data Subject.
  • File means any structured set of Data accessible according to determined criteria, whether this set is centralized, decentralized or distributed in a functional or geographical way.
  • Processing means any operation or set of operations, whether or not carried out using automated processes and applied to the Data or sets of Data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, deletion or destruction
  • Legislation means any law and regulation relating to Data protection, and in particular the European Regulation n°2016/679 and the law n°78-17.
  • Processor means any natural or legal person, public authority, department or other body other than the Controller who processes Data on behalf of the Controller.
  • Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of the Data, in particular within the framework of an investigation mission, are not considered as Recipients within the meaning of the present definition.
  • Third party means any natural or legal person, public authority, department or other body other than the Controller, the Processor and those persons who, under the direct authority of the Controller or the Processor, are authorised to process the Data, and in particular tour operators, travel agencies and reservation systems.
  • Consent means any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or a clear positive act, that Data concerning him or her may be Processed by the Controller.
  • Supervisory Authority means the French National Commission for Information Technology and Civil Liberties (CNIL), an independent French public authority that regulates data protection.
  • DPO refers to the Data Protection Officer of the Data Controller, i.e. Cabinet Bouchara - Avocats (17 rue du colisée - 75008 Paris, info@cabinetbouchara.com).
AGREEMENT

Article 4. Principles relating to the Treatment

Principles relating to Processing In accordance with the Legislation, the Data Controller undertakes to comply with the following principles for each Processing:
  • Legality ;
  • Loyalty ;
  • Transparency ;
  • Purpose limitation ;
  • Data minimization ;
  • Accuracy ;
  • Limiting conservation ;
  • Integrity ;
  • Privacy policy ;
  • Responsibility.

Article 5. Processed data

Processed Data As part of browsing the Site, the Data Controller collects and processes a certain amount of Data, in particular :
  • Identification data (surname, first name, email address, telephone number, message);
  • Technical information (IP address, navigation data).

Article 6. Context of the Processing

The Data Subject's Data may be collected and processed by the Data Controller on various occasions, and in particular :
  • Site navigation ;
  • Request to exercise rights over Data ;
  • Dialogue with the virtual assistant ;
  • Request for contact.

Article 7. Purpose of the Processing and storage of the Data

Purpose of the ProcessingData concernedLegal basis of the processingDuration of
retention of
Data
Contact managementFirst name, last name, email address, phone number, messageConsent of the Person concerned3 years from the last contact by the Person concerned
Securing and improving the SiteIP address, Browsing dataLegitimate interest of the Data Controller to manage the Site, secure and administer the Site, prevent fraud and malicious acts13 month
Site statistics and personalized advertisingIP Address, Browsing Data, ConsentConsent of the Person concerned6 month
Management of requests for the exercise of data rightsEmail address, phone number, copy of IDLegal obligation1 month
The Data Controller reserves the right to anonymize the data being processed before deleting it.

Article 8. Recipients of the Data

The Data Controller, any Subcontractors and, where applicable, the franchised agencies of the Data Controller, are the only Data Recipients. The Data Controller undertakes to require from its Subcontractors sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the Processing complies with legal and regulatory requirements, and guarantees the protection of the Data Subject's rights, particularly in the event of transfer of the Data outside the European Union. The Data Controller may communicate to any Third Party the Data that is the subject of a Processing when a legal obligation to do so exists, or if you expressly consent in advance, or when the Data Controller considers in good faith that this is necessary in order to:
  • Respond to any claims against it;
  • Comply with judicial and/or administrative requirements;
  • To enforce any contract to which the Person concerned is a party;
  • Safeguarding the vital interests of all natural persons;
  • The execution of a public interest mission.
In the event that the Data Processor is purchased by a Third Party, the Data Processor reserves the right to share the Data with the purchasing Third Party subject to the Third Party's compliance with this Privacy Policy.

Article 9. Transfer of Data outside the European Union

Transfer of Data outside the European Union The Data Controller keeps all Data on secure servers located within the European Union. 6 No transfer of Data outside the European Union will be made by the Data Controller without the express prior consent of the Data Subject.

Article 10. Data subject's right to the Data

The Data Subject has a number of rights in respect of the Data, as set out below, which he or she may assert, except in the case of applicable legislative or regulatory exceptions, by making a request to the Data Controller at the following e-mail address: dpo-mediterranee@yncrea.fr. In the event of difficulty in exercising his or her rights with regard to the Data, the Data Subject may contact the DPO, who will assist him or her in contacting the Data Controller. If there is reasonable doubt about your identity, the Data Controller may ask you to attach a copy of an official identity document in support of your request. Requests will be processed as quickly as possible, and at the latest within the time limits set by law. Article 10.1. Right of access The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Data are being processed and, where they are, access to said Data as well as the following information:
  • Purposes of processing ;
  • Data categories ;
  • The Recipients or categories of Recipients to whom the Data have been or will be communicated, in particular Recipients established in third countries or international organizations;
  • Where possible, the length of time the Data will be kept or, where this is not possible, the criteria used to determine this length of time;
  • The existence of the right to request from the Data Controller the rectification or erasure of Data, or a limitation of the processing of Data, or the right to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • Where Data is not collected from the Data Subject, any available information as to its source ;
  • The existence of automated decision-making, including profiling, and, at least in such cases, relevant information about the underlying logic and the significance and intended consequences of such processing for the Data Subject.
The Processor shall provide a copy of the Data being Processed and reserves the right, in consideration of the provision of such copy, to the payment of a reasonable fee based on administrative costs for any additional copies requested by the Data Subject. Article 10.2. Right of deletion and rectification The Data Subject shall have the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or obsolete Data as soon as possible unless otherwise prevented from exercising this right, and in particular:
  • Exercising the right to freedom of expression and information ;
  • Compliance with a legal obligation;
  • Public interest in public health, archives, scientific, historical or statistical research;
  • The establishment, exercise or defense of legal rights.
Article 10.3 Right of objection The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to Data Processing based on the performance of a task of public interest or the need for the legitimate interest of the Data Controller. The Data Controller undertakes not to process the Data any further, unless he/she can demonstrate compelling legitimate grounds for the Processing that override the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims. Furthermore, the Data Subject has the right to object at any time to the Processing of Data carried out for the purpose of canvassing by the Data Controller, insofar as the Data Subject is linked to such canvassing. Finally, where Data is processed for scientific or historical research or statistical purposes, the Data Subject has the right to object, on grounds relating to his or her particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a task in the public interest. Article 10.4. Right to limitation The Data Subject has the right to obtain from the Data Controller the limitation of Data Processing where:
  • The accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the Data;
  • The processing is unlawful and the Data Subject objects to their erasure and demands instead that their use be restricted;
  • The Data Controller no longer requires the Data for the purposes of Processing, but the Data is still necessary for the Data Subject to establish, exercise or defend legal claims;
  • The Data Subject has objected to the Processing in accordance with Article 10.3, during the verification as to whether the legitimate grounds pursued by the Controller prevail over those of the Data Subject.
The Data Subject who has obtained the limitation of Data Processing shall be informed by the Controller before the limitation of processing is lifted. Article 10.5. Right to Data Portability The Data Subject has the right to receive the Data he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit such Data to another Data Controller without the Data Controller's hindrance, where:
  • Processing is based on the Data Subject's Consent or on the performance of a contract to which the Data Subject is a party;
  • The Processing is carried out using automated processes.
The Data Subject, when exercising his/her right to Data portability, has the right to have the Data transmitted directly from the Data Controller to another Data Controller, where technically possible. Article 10.6 Right to lodge a complaint with the Control Authority The Data Subject has the right to lodge a complaint with the Supervisory Authority if he/she considers that he/she has been subjected to unlawful Processing of Data by the Data Controller. Article 10.7 Right to define directives on the fate of the Data The Person concerned has the right to define directives on the fate of the Data after his/her death with the Data Controller who will use all technical means to ensure that this wish is respected. Article 10.8. Right to register on the Do Not Call List The Person concerned has the right to register on the telephone opposition list, in accordance with Article L 223-1 of the Consumer Code, insofar as his or her data are collected by the Data Controller.

Article 11. Data Security

The Data Controller takes appropriate technical and organizational measures to protect the Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether such actions are intentional or accidental. The purpose of these technical and organizational measures is to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.

Section 12. Modification of the Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy from time to time. 9 In the event of substantial modification of the present Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy. The Data Subject is invited to consult this Privacy Policy regularly to take note of any changes. Any questions concerning this Privacy Policy may be sent to the following e-mail address: dpo-mediterranee@yncrea.fr.

Article 13. Nullity of the Privacy Policy

If any provision of this Privacy Policy is found to be invalid by any applicable law or court decision, it shall be deemed unwritten, but this shall not invalidate the entire Privacy Policy or affect the validity of the remaining provisions.

Article 14. Cookie management

When browsing the Site, the Person concerned may consent to or refuse the installation of Cookies on his/her computer terminal. Generally speaking, Cookies record information relating to the browsing of computers on the Site (pages consulted, date and time of consultation, etc.), information which may be read during subsequent visits by the Person concerned to the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Person concerned. Some Cookies are essential to the proper operation of the Site and do not require the consent of the Person concerned before installation. These are referred to as Functional Cookies. In accordance with Article 7 of this Privacy Policy, Cookies are automatically deleted within six (6) months of their installation if the Person concerned does not renew his/her consent before the expiry of this period. The Person concerned may refuse to give his/her consent to the installation of non-functional Cookies, withdraw his/her consent and/or set the parameters of the Cookies at any time by using the Data Controller's Cookies manager below or by configuring his/her browser as follows: For Mozilla Firefox :
  • Choose the "Tools" menu and then "Options".
  • Click on the "privacy" icon
  • Locate the "cookie" menu and select the options that suit you
For Microsoft Internet Explorer 6.0 :
  • Select the "Tools" menu, then "Internet Options".
  • Click on the "Confidentiality" tab
  • Select the desired level with the cursor.
For Microsoft Internet Explorer 5 :
  • Choose the "Tools" menu, then "Internet Options".
  • Click on the "Privacy" tab
  • Customize the level" with the slider
For Netscape 6.X and 7. X :
  • Choose the "Edit" menu > "Preferences
  • Privacy and Security
  • Cookies
For Opera 6.0 and above :
  • Choose the menu "File" > "Preferences
  • Privacy Policy