Contents
1. What is GDPR ?
2. Who are we ?
3. Use of personal data collected
3.1 Purpose of personal data collection
3.2 Comments
3.3 Media
3.4 Contact forms
3.5 Cookies
3.6 mbedded content from other sites
4. Use and transmission of personal data
4.1 Storage period of personal data
4.2 Your personal data rights
4.3 Transmission of personal data
4.4 Contact information / Data Protection Officer (DPO)
5. How we protect your data
5.1 Personal data storage location
5.2 Security of personal data
5.3 Procedures implemented in the event of a data breach
6. Third party services that transmit data to us
7. Automated marketing and/or profiling operations performed using personal data
8. Displaying information related to sectors subject to specific regulations
9. The right to access, rectify and erase personal data
1. What is GDPR ?
The General Data Protection Regulation (GDPR) is applicable since May 25, 2018 in the 28 countries of the European Union.
It applies to all companies (including works councils), administrations and associations that process personal data and provide services to users in the European Union, regardless of where these organisations are located in the world.
The aim of GDPR is to “restore citizens’ control over their personal data, while simplifying the regulatory environment of organisations”.
It is based on the French Data Protection Law of 1978 and extends its measures.
In France, the reference body for monitoring its application is the French Data Protection Authority, CNIL.
To find out more about GDPR, please click on the following link: http://www.cnil.fr/cnil-direct/question/reglement-europeen-sur-la-protection-des-donnees-que-faut-il-savoir (in French).
2. About us ?
Our website address is: chateaudecassaigne.com
3. Use of personal data collected
3.1 Purpose of personal data collection
Personal data are collected via the various forms on the website in order to:
- Contact people that have requested information or ordered a product on the website;
- Manage orders (payment, parcel delivery, complaints and dispute management, recall procedures, order-related issues);
- Enable our services to send newsletters;
- Create an online account;
- Send promotional offers and event invitations by email.
- By submitting the form and checking the form’s boxes for appropriate consent, internet users expressly agree to their personal data being processed for the purpose of the commercial relationship.
Personal data are collected via the Google Analytics traffic monitoring tool used on the website in order to:
Analyse the behaviour of internet users on the site to measure traffic and improve performance.
Google Analytics uses third-party cookies to make a distinction between users. Cookies are text files saved on the device used by internet users. They contain only randomly generated identifiers and no nominative information.
By browsing the website, internet users expressly agree to their personal data collected by Google Analytics being processed with the purpose of analysing their internet behaviour in order to improve site performance.
3.2 Comments
When you leave a comment on our website, not only the data entered in the comment form, but also your IP address and your browser’s user agent are collected to help us detect unwanted comments.
An anonymous string created from your email address (also called hash) can be sent to the Gravatar service to check if you are using it. The Gravatar service’s confidentiality clauses are available here: http://automattic.com/privacy/. After validating your comment, your profile picture will be publicly visible next to your comment.
3.3 Medias
If you are a registered user and are uploading images to the website, we recommend that you avoid uploading images containing EXIF GPS coordinate data. Visitors to the website can download and extract location data from these images.
3.4 Contact forms
If you use a contact form on our site, your data will be saved to enable us to process your request. Data are stored for 24 months before being deleted.
3.5 Cookies
If you leave a comment on our site, you will be asked to save your name, e-mail address and website in cookies. This is for your convenience only, so that you do not have to enter this information if you leave another comment later. These cookies will expire after a year.
If you go to the login page, a temporary cookie will be created to determine whether your browser accepts cookies. It does not contain any personal data and will be automatically deleted when you close your browser.
When you log in, we will set a number of cookies to save your login information and screen preferences. The lifespan of a login cookie is two days, while a screen option cookie lasts one year. If you tick “Remember me”, your login cookie will be stored for two weeks. If you log out of your account, the login cookie will be deleted.
When editing or publishing a post, an additional cookie will be stored in your browser. This cookie does not contain any personal data. It simply indicates the ID of the post you have just modified and expires after one day.
3.6 Embedded content from other sites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Content integrated from other sites behaves in the same way as if the visitor were visiting the other site.
These websites may collect data about you, use cookies, embed third-party tracking tools or track your interactions with this embedded content if you have an account connected to their website.
4. Use and transmission of personal data
4.1 Storage period of personal data
If you leave a comment, the comment and its metadata are stored indefinitely. This makes it possible to automatically recognise and approve the following comments instead of leaving them in the moderation queue.
For users who register on our site (if possible), we also store the personal data indicated in their profile. All users can view, modify or delete their personal data at any time (with the exception of their username). Site managers can also view and modify this information.
The data collected via the forms are stored for a period of 4 years from the date on which the form is sent.
The cookies used by the Google Analytics traffic measurement tool have the following lifespan:
- _ga: 2 years
- _gid: 24 hours
- _gat: 1 minute
4.2 Your personal data rights
If you have an account or if you have left comments on the site, you can request to receive a file containing all the personal data we hold about you, including those you have provided. You can also request the deletion of your personal data. This does not include data stored for administrative, legal or security purposes.
4.3 Transmission of personal data
Visitors’ comments can be verified using an automated service to detect unwanted comments.
4.4 Contact information / Data Protection Officer (DPO)
The Data Protection Officer (DPO) is the person within the company in charge of ensuring the compliance of the company’s activities with the new European legal framework of the GDPR, cooperating with the supervisory authority and ensuring the security of the data collected.
You can contact them using the contact form or by writing to:
CHÂTEAU DE CASSAIGNE, Service communication, 32100 CASSAIGNE
5. How we protect your data
5.1 Personal data storage location
The site’s hosting servers are located exclusively in France, within the European Union.
SARL CHÂTEAU DE CASSAIGNE undertakes to carry out no transfers of personal data to any state that is not a member of the European Union.
5.2 Security of personal data
The site is hosted on a secure server.
All of the pages are in a HTTPS, TLS 1.2/RSA 2048-bit secure mode (SHA256withRSA). This is a secure protocol enabling the encryption of the content of exchanges between the browser and the database server. This prevents the personal data entered and sent via forms to be read easily by third parties during transit.
Nonetheless, no transmission or storage of personal data is ever completely infallible. Consequently, SARL CHÂTEAU DE CASSAIGNE undertakes to implement its crisis policy in the event of a critical data breach.
Your personal data collected by the website are intended only for the SARL CHÂTEAU DE CASSAIGNE company and will only be used in relation to the request made via the form.
In no event will the personal data entered and sent on forms be sent, rented or sold to third parties, with the exception of carriers delivering orders where applicable.
Employees and subcontractors of SARL CHÂTEAU DE CASSAIGNE are required to sign a confidentiality agreement obliging them to respect the confidentiality of data or face a penalty.
5.3 Procedures implemented in the event of a data breach
In the event of a breach of your data, the Data Protection Officer will contact you as soon as possible, using the information provided to us, to inform you so that you can take protective measures if necessary.
6. Third party services that transmit data to us
No third-party service transmits any data concerning the users of this website to us.
7. Automated marketing and/or profiling operations performed using personal data
Not applicable.
8. Displaying information related to sectors subject to specific regulations
Not applicable.
9. The right to access, rectify and erase personal data
In accordance with the amended French Data Protection Law of 6 January 1978 and the General Data Protection Regulation 2016/679 (GDPR), you have the right to access, rectify and erase any personal data concerning you, which you can exercise using the contact form or by writing to SARL CHÂTEAU DE CASSAIGNE, 32100 Cassaigne, SIRET (French business identification number): 31647316400010.
Users also have the right to lodge a complaint with the CNIL at https://www.cnil.fr/