GENERAL DATA PROTECTION REGULATION (GDPR)
- Processing and Role of SARL AUGAY
- Recipients
- Commitments of SARL AUGAY
- Exercise of Data Subjects’ Rights
- Duty of Cooperation with the Competent National Data Protection Authorities
- Service Continuity, Backups, and Integrity
- Retention Period, Reversibility, End of Contract and Fate of Personal Data
This Regulation defines the conditions under which SARL AUGAY receives, in the context of processing personal data (hereinafter “Personal Data”), information relating to natural persons using its Services (hereinafter “Users”).
For the purposes of this Regulation, it is agreed that: the “Personal Data Regulation” refers to the applicable personal data protection laws and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and French Law No. 78-17 of January 6, 1978 on Information Technology, Files, and Freedoms.
The provisions of this Annex shall remain in force until the expiration of the longest processing duration implemented.
1. Processing and Role of SARL AUGAY
Identification of processing and role:
SARL AUGAY acts as data controller with respect to the following processing: Customer management
Purpose of processing: The purpose of the processing covers customer management activities such as commercial relations, administrative management of reservations, invoicing, handling of technical incidents, management of complaints, etc.
Identification of the Personal Data concerned: The Personal Data concerned by this processing includes identity data: Name – First name – Postal address – Landline number – Mobile number – Email address – Age.
In addition to the above Personal Data, and for electronic communication services, the Personal Data concerned by this processing may include: connection data defined as:
information allowing the identification of the user; data relating to the communication terminal equipment used; technical characteristics as well as the date, time, and duration of each communication; data relating to additional services requested or used and their providers; data allowing the identification of the recipient(s) of the communication; data allowing the identification of the origin and location of the communication. In addition to identity data, for certain other Services or Additional Services, the Personal Data concerned by this processing may also include: data on Users’ use of the Services; authentication data: customer identifiers such as those used to log into the customer area.
2. Recipients
The Personal Data collected via the website www.chezmaurice-châteauroux.fr is processed by SARL AUGAY.
SARL AUGAY may freely use Users’ Personal Data for marketing purposes relating to similar products or services by email, unless the data subject objects. SARL AUGAY may freely use Users’ Personal Data for marketing purposes by fax, SMS, MMS, email, telephone, or postal mail, subject to having obtained the prior consent of the data subject. SARL AUGAY may also share the Personal Data with its partners in order to carry out joint or independent marketing and commercial operations directed at Users, subject to having obtained the prior consent of the data subject.
3. Commitments of SARL AUGAY
SARL AUGAY undertakes to:
– implement the necessary technical and organizational measures to ensure the security of Personal Data, in accordance with the requirements of the Personal Data Regulation;
– process Personal Data only for the purposes provided for in the Contract;
– notify the competent national data protection authority without delay, and in any case within a maximum of seventy-two (72) hours after becoming aware of it, of any Personal Data breach for which notification to the authority is required;
– notify the data subject without delay, and in any case within a maximum of forty-eight (48) hours after becoming aware of it, of any Personal Data breach for which notification to the data subjects is required.
4. Exercise of Data Subjects’ Rights
SARL AUGAY undertakes to:
– implement or have implemented a system for handling complaints by data subjects, to allow the exercise of their rights of access, modification, deletion, restriction, portability, or, where applicable, opposition or even withdrawal of consent;
– respond to requests to exercise the rights of data subjects: right of access, rectification, deletion, and opposition, right to restrict processing, right to data portability, right not to be subject to an automated individual decision (including profiling).
Data subjects exercise their rights with the administrative management of SARL AUGAY in charge of data protection, whose contact details are:
Mr. Jean-Luc Augay,
SARL AUGAY, 7 rue Ampere, 36000 Châteauroux,
Phone: 02 54 22 02
Email:
5. Duty of Cooperation with the Competent National Data Protection Authorities
SARL AUGAY undertakes to cooperate with the competent data protection authorities, particularly in the event of an information request or inspection.
6. Service Continuity, Backups, and Integrity
SARL AUGAY undertakes to take the necessary measures to ensure the preservation and integrity of Personal Data, as well as to use a system for backing up Personal Data.
7. Retention Period, Reversibility, End of Contract and Fate of Personal Data
Unless a longer retention period applies due to a legal obligation, SARL AUGAY undertakes to retain Personal Data only within the following limits:
– for connection data, one (1) year under the French Postal and Electronic Communications Code;
– for data necessary for invoicing, one (1) year under the French Postal and Electronic Communications Code;
– for data necessary for commercial relations, for the duration of the Contract and for an additional three (3) years from the end of the commercial relationship with the User. At the end of the retention periods specified in this article, SARL AUGAY undertakes to destroy, using a solution compliant with the applicable regulations, all Personal Data processed within the framework of the provision of Services under the Contract, and to provide proof of this upon the User’s request.