Data Protection
GITES DE FRANCE PRIVACY POLICY
Introduction
Gites de France attaches particular importance to protecting the personal information of its customers and collaborators, as well as that of its website users : gites-de-france.com
This privacy statement has been drawn up to set out data protection measures. Its aim is to detail how Gites de France collects, handles and processes the personal information of all its users (customers, collaborators, site users).
Please note that our personal data protection measures comply with the amended French Data Protection and Freedom of Information Law (Loi Informatique et Liberté) n°78-17 of 6 January 1978 and the Confidence in the Digital Economy Act (Loi pour la confiance dans l’économie numérique) n°2004-575 of 21 June 2004 in accordance with the requirements of the “General Data Protection Regulation” n°2016/679 of 27 April 2016.
Article 1 : Collected information
1.1 Type of information collected
Gites de France ensures the relevance of personal information collected. It only collects acceptable information limited to what is needed for the purposes defined by Gites de France.
Some information collected on the website is needed to draw up and follow up your property rental agreement or to browse our website.
Other information is optional and its non-provision will not jeopardise the creation of the property rental agreement.
1.2 Handling collected information
Gites de France uses personal information of the people concerned notably in order to authenticate them (surname, first name, address, phone number, etc.), to provide them with the service and/or product required (bank details) and to offer information relevant to their interest (sales information, special offers).
Gîtes de France is liable to use the information collected about people concerned, irreversibly anonymised beforehand, for statistical purposes.
a. Information required in order to use the Gites de France website
We collect personal information about you when you use the Gites de France website. This information is necessary for the creation of the agreement and includes :
- Information given when you create a user account. Your title, first name, surname, telephone number, postal address and email address.
- Information given when you reserve accommodation. Your title, first name, surname, telephone number, postal address, email address, the number of people in your party, children’s date of birth, bank details.
b. Information you choose to give us
Some information is complementary and optional :
- Complementary information for the customer account. For example, profile picture.
c. Data collected automatically during use of the Gites de France website
This information may include :
- Geolocation information. Precise or approximate localisation determined by your IP address or by the GPS of your mobile phone depending on its settings.
- Usage information. The pages and content you consult, searches, bookings you have made and other actions taken on the Gites de France website. When users visit the Gites de France website, the server automatically records the data and information relevant to the device and browser used by them. This information can be the type of browser and version used, the exploitation system, the Internet access provider, IP address, date and time of access to the website.
d. Personal information made available to third parties.
Your personal information may be transferred to third party bodies, and in particular : courts, administrative bodies, legal representatives, within the context of legal obligation.
Where operations are sub-contracted, the service providers act on behalf of and in accordance with the instructions of Gites de France, in compliance with GDPR.
Article 2 : Controllers of personal data
2.1 Data controllers
When Gites de France acts as a data controller, it undertakes only to pass on personal information to authorised service providers/sub-contractors.
This is an up-to-date list of the Gites de France group of companies : SAS GITES DE FRANCE – RESERVIT – DALENYS – CLOUDSPIRE – FERATEL – ITEA - CLEVERAGE - CLARANET
2.2 Obligations of data controllers
Gites de France is forbidden from passing on personal information to third parties without informing the people concerned and without offering them the opportunity to exercise their right of opposition.
Where the integrity, privacy or security of the user’s personal information is compromised, the data controller undertakes to inform the user by all methods.
Article 3 : How long your data is kept
Information is kept for a length of time suitable for the purpose of processing it in accordance with current legislation and regulations.
Customer information is kept for the duration of the contract, and may be kept for ten years after its termination to comply with financial and fiscal obligations.
Information concerning prospective customers may be kept for up to three years after the final contact made by the prospective customer.
Article 4 : General principles concerning the collecting and processing of data
In accordance with the requirements set out in Article 5 of European Regulation 2016/679 (GDPR), the collecting and processing of information concerning website users respects the following principles :
1. Legality, good faith and transparency: data may only be collected and processed with the consent of the user who owns it. Each time personal data is collected, the user will be informed that their data is being collected and why.
2. Limited purposes: the data is collected and processed to meet one or more objectives determined in these general usage conditions;
3 Minimization of data collection and processing: only the data needed to meet the site's objectives is collected;
4. Reduced data conservation over time: the data is kept for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the data retention period.
5. Integrity and confidentiality of the data collected and processed: the data processing manager undertakes to guarantee the integrity and confidentiality of the data collected.
Article 5 : The legal basis for processing personal information
In order to be legal, and in accordance with the requirements in article 6 of European Regulation 2016/679 (GDPR), your personal information is processed according to the following basis in law :
- Legitimate interest : we are allowed to process your personal information according to requirements to protect our legitimate commercial interests (on condition that the interests or rights of individuals do not take precedence), in particular to manage, develop and improve our ptorducts and services ; for customer support and marketing support ; to ensure the protection of our staff and assets ; to communicate information concerning our products and services and ensure the respect of laws and regulations.
- Execution of a contract : we are allowed to process your personal information in order to enter into and execute contracts with you or your organisation, notably for the provision and management of our products and services and to permit our customers to use our products, services and support tools.
- Legal obligation: we are allowed to process your personal information in order to comply with current laws and regulations, to establish and exercise our rights. For example, notably in the case of complaints or for compliance, regulatory and investigative purposes.
- Consent : we are allowed to process your personal information when you have given your consent. In particular, when no other legal basis is available or if the law requires that we obtain your consent in relation to certain sales and marketing activities, data collection tools or online surveys.
Article 6 : Security of collected personal information
Gites de France applies appropriate security measures in order to protect personal information collected against any malicious intrusion, any loss or divulgation to unauthorized third parties.
Gites de France also guarantees the security of information exchanged during acts of payment.
Finally, Gites de France makes its collaborators aware of the protection of the personal data made available to them within the context of their functions.
Article 7 : User rights
7.1 Different user rights
In accordance with the requirements in article 6 of European Regulation 2016/679 (GDPR), the user has the following rights listed below.
- Right of access : you may demand access to your personal information processed by Gîtes de France relating to you, or demand copies;
- Right of rectification : you may correct your personal information, if it is inexact or incomplete ;
- Right of erasure : you have the right to demand that your personal information be deleted, subject to exceptions provided for. For example, we may be required to keep your personal information to comply with legal requirements.
- Right of limitation : you may limit the processing of your personal information in certain circumstances. For example, if you contest the accuracy of your personal information, you may ask us to limit its processing until we have been able to check its accuracy ;
- Right of portability : you have the right to demand the portability of your personal data under certain circumstances. For example, you may ask us to send some of your personal information to another organisation if the processing is based on your consent or a contract;
- Right to oppose the processing of data : you can oppose the processing of your personal information, under certain circumstances. For example, you can refuse direct marketing, including the use of your personal information for profiling purposes for direct marketing, or when we process your personal information for our own legitimate interests.
These rights may however be limited in certain situations, for example if Gites de France is able to demonstrate the existence of a legal requirement or a legitimate interest in processing your personal information.
- Right to contact the relevant inspection authority : if you consider that the processing of your personal information infringes the GDPR, you may make a complaint to the ‘Commission Nationale de l’Informatique et des Libertés’ or to the inspection authority of the European Union state in which you are resident.
7.2 Data Protection Officer (DPO)
To monitor the correct application of current legislation, Gites de France has appointed a Data Protection Officer (DPO).
If you wish to exercise your right, please contact us using the form available here or by writing to the DPO at the following address : rgpd@gitesdefrancefede.com
If you wish to delete your Gîtes de France customer account. You must connect to your account and go to the "My Account" section, then "My Profile" and click on "Delete your account" at the bottom of the page.
Article 8 : Modifications to privacy policy
Gîtes de France may modify this privacy policy at any time, mainly because of :
- the introduction of new services or new technology
- evolution of the legislative and regulatory framework
In the interest of transparency, Gites de France will publish the latest version of the privacy policy on this page. We invite those concerned to consult this page as often as they wish to take note of any possible changes.
Article 9 : Cookie management
When you visit our website, information concerning the browser used on our website from your terminal (computer, tablet, smartphone, etc.) is likely to be recorded in ‘Cookie’ files installed on your terminal.
Cookies are mainly used to store your choices and preferences or to recognize you when you return to browse our website.
You can update your consent to manage these cookies via the button "Cookie Settings" in the footer of the page.
The majority of browsers accept cookies, but you can configure your browser settings to refuse or delete them at any time. To do this, refer to the information and support section of the browser you use.
Please note that only the sender of a cookie may read or modify information contained within it.
9.2 Duration of cookie storage
Cookies stored on your terminal have a maximum lifespan of thirteen months. When the storage duration expires, personal information collected via cookies will be deleted.
9.3 Refusing cookies
If you refuse that the cookies we emit be recorded on your computer, or if you delete the ones which we have recorded there, you may not be able to benefit from a certain number of functions which are nonetheless necessary to browse certain parts of our website. This would be the case if you tried to access our content or services which require you to identify yourself. It would also be the case if we were unable to recognise for reasons of technical compatibility the type of browser used by your computer, its language and display settings or the country from which your computer appears to be connected to the internet.
If this is the case, we decline all responsibility for the consequences linked to the reduced functionality mode of our services which result from our being unable to record or consult the cookies necessary for their functioning which you have refused or deleted.
How to manage cookies, depending on the browser software you use
To manage cookies and your choices, all browser software is configured differently. The help menu of your browser describes how to modify your wishes in terms of cookies.
- For Internet Explorer™ : open the Tools menu, then select Internet options ; click on Privacy tab then choose the level you require
- For Firefox™ : open the Tools menu, then select Options ; click on private life tab then choose the options required
- For Chrome™ : open set-up menu (spanner logo), then select Settings ; click on Advanced Settings, then on Content Settings, then choose the options required
- For Safari™ : choose Safari > Preferences then click on Security ; click on Show cookies then select the options required
- For Opera™ : open Tools menu, then select Preferences ; click on Advanced tab, then click on Manage cookies in Cookies section ; choose the options required
Updated 31/03/2021