Privacy policy
VACANCÉOLE VOYAGES PRIVACY POLICY
PREAMBLE
Vacancéole Voyages attaches great importance to protecting the privacy and Personal Data of its customers and visitors to its website (hereinafter the "website user", "customer", or "you").
This Personal Data protection policy (hereinafter the "Policy"):
- establishes what Personal Data Vacancéole Voyages and its Subcontractors may be required to collect from you, and for what purpose;
- informs you of your rights and how you can exercise these rights with Vacancéole Voyages in relation to your Personal Data.
DEFINITIONS
FRENCH DATA PROTECTION AUTHORITY (CNIL):
Independent administrative authority established in 1978, comprised of a committee of 17 members drawn from a range of backgrounds (four members of parliament, two members of the Economic and Social Committee, six representatives from the high courts, and five experts)
COOKIE:
A cookie is a small data file identified by name that can be sent to your browser from a website that you visit. Your browser will store a cookie for a given period of time, and send it back to the web server each time you visit. Cookies have a number of uses: they can be used to memorise your customer account credentials on an online retail website, the items in your basket, or as an identifier used to track your browsing activity for statistical or marketing purposes, etc.
DATA PROTECTION OFFICER (DPO):
The Data Protection Officer (DPO) is responsible for ensuring compliance with EU data protection regulations at its organisation in relation to all processing activity that the organisation carries out.
PERSONAL DATA:
An item of personal data is any information relating to an identified or identifiable individual. However, as these relate to people, they must be monitored and maintained. An individual may be identified directly (e.g. by name, address, etc.).
SENSITIVE DATA:
Sensitive data fall within a special category of personal data. Sensitive data include information that reveal an individual's reported racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership status. Vacancéole Voyages does not collect any sensitive data.
PURPOSE OF PROCESSING:
The purpose of processing is the main objective when using personal data. Data are collected for a well-defined and legitimate objective and are not subsequently processed in a manner incompatible with this initial objective.
DATA CONTROLLER: The data controller is the legal entity (e.g. business, local authority, etc.) or individual who determines the purpose and means of processing, i.e. the objective and method of the processing action. Generally and in practice, it is the legal entity represented by its legal representative.
SUBCONTRACTOR
The subcontractor is the individual or legal entity (e.g. business, local authority, etc.) who processes data on behalf of another organisation (the data processor), in the context of service delivery. Subcontractors are bound by obligations.
PROCESSING OF PERSONAL DATA:
Processing of personal data is an action, or series of actions, in relation to personal data, by means of any process (e.g. collection, recording, organisation, storage, adaptation, modification, extraction, consultation, utilisation)
SCOPE
Vacancéole Voyages is the data controller for the user's personal data and hereby informs the user that his/her data shall be processed in accordance with applicable data protection law and regulations, Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with respect to the processing of personal data and their free circulation.
Its partners are its subcontractors. The data processing opreations of subcontractors are carried out solely on a contractual basis.
PERSONAL DATA PROCESSING OPERATIONS
1. Vacancéole Voyages Register of Processing Operations
Personal data processing operations are logged in the processing register kept by Vacancéole Voyages' DPO. The privacy policy sets out the information required for customers and website visitors about processing operations and their rights in relation thereto. Detailed information on data processing is available from the DPO.
2. Legitimate grounds for processing
Under Article 6 of the EU General Data Protection Regulation (GDPR), the consent of the person whose data are recorded on a file is not required, where such data are collected:
- For the performance of an agreement or contract (e.g. sales contract, rental agreement, employment contract, etc.) or in pre-contractual steps (e.g. quotes, negotiations, etc.)
- Where some files are required under applicable legislation (e.g. INSEE population surveys/censuses, central staff registries, etc.)
- To fulfil a public service remit or comply with a public authority (e.g. police database, tax authorities, etc.)
- To safeguard a person's vital interests (e.g. during an epidemic, natural or man-made disasters, etc.)
- For a legitimate interest (e.g. fraud prevention, intra-group transfers, network security, etc.) except where the interests and basic freedoms of the person in question must take precedence.
Vacancéole Voyages carries out most of its processing activities based on the legitimacy of a processing action linked to a holiday or between companies, or pre-contractual measures used to prepare an order.
In all other cases, the individual's consent is required. The lawfulness of a proposed file is underpinned by this consent. For the newsletter and some website cookies, it is therefore necessary to secure the individual's consent.
Withdrawing consent is possible at any time and has no retrospective effect on the lawfulness of processing actions completed on those grounds, prior to the withdrawal.
3. Purpose of processing operations
The purpose of processing is the main objective when using personal data.
Data are collected for a well-defined and legitimate objective and are not subsequently processed in a manner incompatible with this initial objective. The purpose principle limits the ways in which data controllers can use or reuse such data in the future.
a) Purpose in the performance of a contract or entering into a contract
- presenting holiday offers
- holiday searches and bookings and other activities offered by Vacancéole Voyages on the website or via our call centre;
- setting up and using your customer account in order to take actions, update your personal data, view, amend or cancel your holiday;
- staying in contact with a customer relationship manager in relation to a booking in progress or confirmed over the telephone;
- reminding you of the contents in your basket not yet confirmed and as yet unpaid;
- Monitoring the performance of the holiday agreement;
- conducting post-holiday customer satisfaction surveys to develop a service follow-up database;
- maintaining a commercial relationship with customers and website visitors;
- creating billing and account tracking facilities for the "Customer" account.
- secure payment for orders.
- ensuring ongoing compliance with the booking agreement and monitoring the account.
- recruitment, by posting job vacancies and receiving applications.
b) Purposes aimed at legitimately furthering Vacancéole Voyages business development
- development of statistical analyses to personalise the customer experience.
- instructions to book holidays, information requests or any approach made by the customer or website user or using an available contact method (email, telephone, chat).
- Use of website user and customer data to develop a commercial profile based on their revealed holiday preferences. Creation of the profile does not mean taking automated decisions, rather to gain better understanding of the customer's needs and to offer personalised deals; unlikely to cause harm to the user.
- the assignment of email to contracting partners for communications purposes.
c) Purposes requiring the individual's consent
- sending marketing communications, subject to the consent of prospective and existing customers, by email or through social media. Communications of this nature by Vacancéole Voyages shall relate to its holidays or those of partners with which it has signed a promotional agreement.
- securing consent to send newsletters by email;
- accessing a Vacancéole Voyages service through a social media platform equates to granting consent for Vacancéole Voyages to collect and store all personal data shared with the social media platform, on condition of agreeing to such transfers via the platform.
d) Purposes involving compliance with statutory obligations
- storing personal tax data;
- storing and sharing personal data with court authorities as and when requested
4. Period of storage of personal data
Personal data cannot be stored indefinitely: the duration of storage must be commensurate with the objectives of the processing action. Once this objective has been fulfilled, the data should be archived, deleted or anonymised (e.g. to produce statistics).
The storage of personal data by Vacancéole Voyages meets the storage criteria for personal data: they shall be kept for as long as there is a mutual benefit to maintaining the purpose of processing and when such a benefit no longer fits this purpose, the data shall be deleted by employing adequate safety measures to ensure that they are fully anonymised or completely destroyed.
Vacancéole Voyages may store data for between six months and two, three or five years in most instances.
The duration of processing is recorded on the registry of processing actions kept by the Vacancéole Voyages DPO.
5. Personal data transfers
Personal data may be shared between different Vacancéole Voyages departments, but also with public auditing bodies and partner businesses if required for the data processing operation.
Vacancéole Voyages' commercial partners are bound by agreements in which the terms and conditions for processing personal data are set out in a GDPR addendum.
These movements are identified in Vacancéole Voyages registry of processing actions, monitored by the DPO.
6. Rights of persons whose data are processed
Under the GDPR, persons whose data are processed by Vacancéole have the right to request access to their Personal Data from the DPO; the rectification or erasure of their personal data, or a restriction to the processing of their personal data and the right of portability of their data.
The persons concerned may exercise their right of objection for reasons that concern them. In the event of an objection, data will no longer be processed, except in connection with statutory obligations by which Vacancéole Voyages are bound.
To exercise these rights, users and/or customers are advised to contact the Vacancéoles Voyages DPO.
DPO, Vacancéoles Voyages:
Address:
Tel: Fax:
Email:
7. Personal data processed by Vacancéole Voyages
Personal data are categorised by type, in particular their source and objectives (e.g. location, civil status, bank account information, professional status, social and medical information). Vacancéole Voyages processes data in accordance with the following guidelines:
a) Limitation of processing
Companies must only collect personal data for specific purposes, clearly stating their objective and only storing data for the length of time necessary to achieve that objective.
More allowances are made for processing actions carried out for the purposes of archiving in the public interest or for scientific, historic or statistical purposes.
b) Minimisation
Companies must only process personal data required to achieve the initial objective. This offers two key benefits. Firstly, in the event of a data breach, the unauthorised person will only be able to access a limited volume of data. Secondly, minimising data makes it possible to store accurate and up-to-date information.
c) Types of personal data processed
- Vacancéole Voyages processes the following types of personal data:
- Identification data: civil status, surname, first name(s), age, children, etc.;
- Address data: place of residence, etc.;
- Professional data: employer details, etc.;
- Bank account data: basic bank account number, cheque account number, credit/debit card number, etc.;
- Commercial data: customer number, booking number, document requests, etc.;
- Accounting data: invoices, payment methods, etc.;
- Contact data;
- Digital data: email address, IP address, telephone number, fax number, logins, cookies, etc.;
MANDATORY OR OPTIONAL INFORMATION
By checking the appropriate boxes and entering data in the corresponding fields on the contact form or on downloaded forms, the user expressly accepts, freely and unequivocally, that his/her data are necessary for the service provider to deal with his/her request; for all other fields, data entry is optional. The user provides a guarantee that personal data shared with Vacancéole Voyages are authentic and takes responsibility for communicating any change thereto.
Vacancéole Voyages informs the user and provides an explicit guarantee that the user's personal data will not be assigned to third parties outside the Vacancéole Voyages Group, or its partners engaged in data processing, under any circumstances. On each occasion that some form of assignment of personal data takes place for reasons not linked to performance of the agreement, users will be asked beforehand for their express, informed and unequivocal consent. All data requested from users via the website or by a provided contact method are mandatory as they are necessary for the delivery of an optimal service to the user and/or customer. If all data is not provided, Vacancéole Voyages cannot guarantee that the information and services that it provides will be entirely suited to the needs of the user or customer.
SECURITY MEASURES
In accordance with applicable data protection law and regulations, Vacancéole Voyages enforces all provisions in the GDPR in the processing of personal data under its responsibility, and demonstrably adheres to the guidelines set out in Article 5 of the GDPR, under which data are processed lawfully, fairly and transparently in respect of the interested party and are adequate, relevant and limited to those actions strictly necessary for the purposes of the processing.
Vacancéole Voyages provides an assurance that it has implemented appropriate technical and organisational policies aimed at enforcing security measures under the GDPR to protect the rights and liberties of customers and users of the website, and has provided sufficient information to ensure that they can exercise these rights.
MANAGEMENT OF COOKIES
Vacancéole Voyages uses local shared objects (also known as Flash cookies) (referred to collectively as "cookies"). More detailed information on how cookies work, how they are used and for what purpose, is set out below. You are advised to contact the Vacancéole Voyages DPO for more information on the management of personal data in cookies.
HOW COOKIES WORK AND HOW THEY ARE USED
1. Definitions
Cookies are small files stored by a website that a user browses on his/her desktop or laptop computer, or mobile device. They enable Vacancéole Voyages to detect if a link has already been established between your device and the Vacancéole Voyages website, take account of your language preference and other settings, offer a number of functionalities (e.g. online shops, vehicle configuration) or to identify your interests based on your usage patterns. Cookies may also contain personal data.
2. Personalisation of cookies
By using the Vacancéole Voyages website, you agree to the use of cookies – with the exception of cookies for Google marketing products. Cookies for Google marketing products (e.g. Google Search Ads, Google Display and Video 360) will only be used with your express consent.
You may also browse the Vacancéole Voyages website without agreeing to the use of cookies. In other words, you may object to the use of cookies and delete them at any time by adjusting the settings on your device. To do so, you must complete the following steps:
- i. Most browsers are configured to automatically accept cookies, but you can usually adjust this setting. You can delete cookies already on your device at any time. To find out how to do this on your browser or device, please refer to the manufacturer's user manual.
- ii. You may delete Web/DOM Storage content at any time. To find out how to do this on your browser or device, please refer to the manufacturer's user manual.
- iii. You will find more information on how to disable local shared objects via the following link: Information about cookies
- iv. Objecting to the use of cookies or deleting cookies is linked to the device and browser used. You should therefore refuse cookies or delete them on all of your devices and, if you use more than one browser, on each browser.
3. Limitation of services
If you decide to refuse or delete cookies, some functions available on the Vacancéole Voyages website may not be enabled or are only partially available.
4. Cookies used by Vacancéole Voyages
- i. Essential cookies (type 1)
Essential cookies are required to ensure the availability of all functions on web pages. Without them, Vacancéole Voyages could not offer services such as holidays tailored to your preferences.
- ii. Functional cookies (type 2)
Functional cookies enable the use of web pages and improve their functions. They may record your language preferences for example.
- iii. Performance cookies (type 3)
Performance cookies collect information about your usage patterns on the Vacancéole Voyages website. They help Vacancéole Voyages to identify particularly popular online holiday offers and by doing so, improve communication on holidays that might interest you (known as Tracking).
- iv. Third-party cookies (type 4)
Third-party cookies are generated by third parties, including social media platforms such as Facebook, Twitter and Google+, from which you can integrate content using "social plug-ins" provided on Vacancéole web pages and its targeting and (re-)targeting partners, which enable Vacancéole Voyages to focus our online marketing more closely on your needs and preferences.
5. COOKIES USED
Analytical cookies: marketing
Social cookies: marketing
Targeting cookies and advertising cookies: marketing
Technical and functional cookies: these are cookies strictly necessary for use of the Website and delivery of the service covered by an agreement.
6. WITHDRAWING CONSENT TO THE INSTALLATION OF COOKIES:
HOW DO I DELETE COOKIES FROM MY BROWSER?
1. Chrome:
- Select "Tools"
- Click on "Settings"
- Click on "Show Advanced Options"
- In the "Privacy and Security" section, click on "Content Settings". To delete cookies: click on "All cookies and all website data". Do not allow cookies to be stored.
- Click on "Clear Browsing History" (clear Cache).
- Close and reopen the browser.
For more information about Chrome, click on the following link: http://support.google.com/chrome/answer/95647?hl=es
2. Internet Explorer. Version 11:
- Select "Tools | Internet Options"
- Click on "General"
- In the "Browsing History" section, click on "Delete Browsing History and Quit"
- Select "Delete Files"
- Select "Delete Cookies"
- Click on "Delete"
- Click on "OK"
- Close and reopen the browser.
For more information about Internet Explorer, click on the following link: https://support.microsoft.com/es-es/kb/278835
3. Firefox. Version 18:
- Select "Firefox | History | Clear Recent History"
- Next to "Details", click on the downward arrow
- Select the following check boxes: "Cookies", "Cache", "Active Logins"
- Using "Time Range to Clear" in the drop-down menu, select "All"
- Click on "Clear Now"
- Close and reopen the browser.
You may accept or refuse cookies individually in "Firefox Preferences", in the History section in "Tools > Options > Privacy".
For more information about Mozilla Firefox, click on the following link:
https://www.mozilla.org/en-GB/privacy/websites/#cookies
Other browsers:
Please refer to the documentation installed on the browser.