HomePersonal data

This privacy policy applies to all personal data collected and/or processed by the website publisher   Abbaye de Talloires ».

Definitions

  • Site”: means all pages accessible via a browser at the following address: https://www.abbaye-talloires.com/
  • Data”: within the meaning of this policy, refers to all personal data, as defined by applicable legislation and in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), relating to an identified or identifiable natural person;
  • Data Controller”: means the entity that collects and processes the Data, namely the publisher of the Site;
  • Processor”: means any natural or legal person who processes personal data on behalf of the Data Controller;
  • Data Subject”: means the natural person to whom the data subject to processing relates. A Data Subject is deemed to be any natural person who can be identified, directly or indirectly, within the meaning of applicable regulations, in particular by reference to a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity;
  • Processing”: means any operation or set of operations performed on Data.

1. Purpose

This personal data protection policy (hereinafter the “Policy”) aims to inform Data Subjects of how Data is collected and processed by the Publisher, and to inform them of their rights and the means of exercising those rights made available by the Publisher.



Data Controller

For any browsing and purchases on the Site, the Data Controller is Abbaye de Talloires.



2. Processing

Purposes of Processing

As part of the operation of the Site, the Publisher collects and processes Data in accordance with the purposes defined at the time of collection, namely:

  • Carrying out statistical studies on browsing activity,
  • Creating and properly managing personal accounts,
  • Managing orders placed through the Site,
  • Managing cookies,
  • Managing contacts made via the designated contact form.

 

Data Processed

As part of data collection, the Publisher may collect the following Data:
Identity data: surname, first name(s), email address, postal address, mobile phone number. Data that is mandatory for the Publisher’s services will be indicated as such.
Data is collected by entering information into fields provided for this purpose or via cookies that have been previously accepted.

In the context of online payment for purchases, the banking data transmitted is not collected by the Publisher and is not processed by it.
Such data is exclusively and directly processed securely by the secure payment service implemented by the Publisher, whose terms and conditions are available on its website:
https://www.abbaye-talloires.com/
The purpose of collecting Data is to ensure the proper operation of the Site and the monitoring of orders placed through it.
Only Data necessary for this purpose is collected and processed.

 



3. Data Security

The processed Data is stored securely, and access is strictly controlled and limited to persons who need to access it.
Any access to Data requires access to a specialized and secure module protected by technical measures and strong passwords.



4. Data Recipients

In accordance with applicable regulations, the Publisher has implemented state-of-the-art organizational and technical measures aimed at preserving the security, integrity and confidentiality of the Data and preventing unauthorized access.

The recipients are the Publisher and its employees who have a legitimate need to access the Data.



5. Data Transferred to Authorities and/or Public Bodies

In accordance with applicable regulations, Data may be transmitted to competent authorities upon justified request, including public bodies, exclusively to comply with legal obligations, as well as to legal auxiliaries, ministerial officers and debt recovery bodies.



6. Retention Periods

Data relating to accounts or orders is not retained beyond two years from the date of the last login to the Account or the last order placed.

By way of exception, in accordance with applicable regulations, accounting data, particularly invoicing data, will be retained in archive form for ten (10) years from the date of invoicing.



7. Rights of Data Subjects

Data Subjects have the right of access, the right to rectification, the right to erasure (right to be forgotten), the right to object, the right to restriction of processing, and the right to data portability.

These rights may be exercised in accordance with French Law No. 78-17 of 6 January 1978 as amended and the GDPR.

  • By simple request via email to the following address: abbaye@abbaye-talloires.com
  • By postal mail to the Publisher’s address
  • Via the contact page on the Site.

Proof of identity may be requested when processing any request.


Subject to any breach of the provisions set out above, the User has the right to lodge a complaint with the CNIL (https://www.cnil.fr).

 



8. Data Transfer

As a matter of principle, Data collected on the Site is exclusively reserved for the Publisher.

However, in the event of an order placed through the Site, Data Subjects’ Data may be transmitted to the Publisher’s logistics partners (delivery and shipping services). The legal basis for this transfer is the sales contract.

Before any transfer of Data to third parties, the consent of the Data Subject will be obtained.

However, the Publisher reserves the right to transmit Data in order to comply with its legal obligations, particularly if required by judicial requisition.

 



9. Security

The Publisher attaches particular importance to the protection of the personal data of its users and partners but relies on their active cooperation to ensure Data protection. The Publisher therefore recommends the systematic use of strong passwords. (For more information, refer to the guide: https://www.ssi.gouv.fr/guide/mot-de-passe).



10. Cookies

A cookie is a small file stored by a server on a user’s device (computer, phone, etc.) and associated with a web domain (that is, in most cases, all pages of the same website). This file is automatically returned during subsequent interactions with the same domain.

Cookies have multiple uses: they may store your customer ID on a merchant site, the current contents of your shopping cart, the display language of a webpage, an identifier used to track your browsing for statistical or advertising purposes, etc.

There are several types of cookies:

  • “Necessary” internal cookies record information between two visits to the same website on the same device. They store shopping cart contents, login credentials or interface personalization elements. They do not require user consent.
  • “Statistical” cookies track user actions on a website. When statistics are anonymized (i.e., do not allow identification of a person), user consent is not required.
  • “Internal” or “first-party” cookies are placed by the visited site. They may be placed in addition to necessary cookies and may be used to collect personal data, track user behavior and serve advertising purposes.



So-called “third-party” cookies are placed by (or for) a site B (often an advertising network) on site A. This allows site B to see which pages were visited on site A by a user and to collect information about them.
The information stored on the device is theoretically limited to the domain being visited. In practice, web pages may integrate content from other domains.
All non-essential cookies are subject to user acceptance when connecting to the Site.
Essential cookies are deleted at the end of browsing and are not used for Data collection.
Cookie retention periods vary depending on the type of cookie.
For the proper operation of the Website, BOONDOOA/Abbaye de Talloires may place cookies in the Visitor’s browser.
For statistical purposes, BOONDOOA/Abbaye de Talloires and your client’s name may collect browsing information through the use of cookies.
The Visitor is free to accept or refuse cookies by configuring their browser (disabling all or part of cookies – see the web browser manual or help function).
Disabling cookies may result in the unavailability of certain Site services.
The Visitor may also delete stored cookies at any time by adjusting their browser’s privacy settings.
The CNIL website also provides guidance on managing and deleting cookies.
These explanations are available at the following address: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
Cookies placed, where applicable, have a maximum duration of thirteen (13) months.
The maximum retention period for Data derived from their use is 25 months.