Privacy Policy for omt-lessaintes.com

1. Introduction

At omt-lessaintes.com, we are committed to upholding the highest standards of data privacy and protection. We recognize the importance of your personal information and are dedicated to processing it in a transparent, responsible, and secure manner in accordance with global data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, and safeguard your data when you interact with our website and services.

2. Scope of This Policy and Our Role as Data Controller

This Privacy Policy applies to all users of omt-lessaintes.com and covers all personal data collected through our website and related communications. For users in the European Economic Area (EEA), omt-lessaintes.com acts as the Data Controller for personal information collected via the website, meaning we determine the purposes and means of processing your personal data.

3. Categories of Data We Process

We collect and process various categories of personal data, which may include:

– Usage Data: Includes information about your interactions with our site such as IP address, browser type, language preferences, time zone, referring pages, and session durations.
– Account Data: Comprises personal identifiers such as your full name, postal address, email address, and telephone number you may provide when creating an account or making a booking or enquiry.
– Profile Data: Includes your travel preferences, past purchases, behavioral patterns on the site, and feedback you provide.
– Communication Data: Includes any correspondence you send to us, such as support requests, website feedback, or general inquiries, including contact history and notes.
– Technical Data: Covers device identifiers, internet connection details, operating systems, and browser configurations.
– Transaction Data: Includes billing details, payment confirmations, delivery addresses, and transaction history related to purchases or bookings.
– Preference Data: Involves your explicit consents to marketing, product preferences, subscription choices, and engagement with promotional communications.

4. Legal Bases for Processing

We rely on the following lawful bases when processing your personal data:

– Consent: Where you have explicitly consented to processing (e.g., receiving newsletters or marketing).
– Contract Performance: When processing is necessary to fulfill a contract or process bookings and services requested by you.
– Legitimate Interests: Where processing is necessary for our or a third party’s legitimate interests, such as improving website performance or customer service, provided those interests are not overridden by your rights.
– Legal Obligation: Where necessary to comply with the law or regulatory requirements.

5. Your Data Protection Rights

Depending on the jurisdiction you are in, and subject to certain conditions and exceptions, you may have the following rights:

– Right of Access: To request access to personal data we hold about you.
– Right of Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data where lawful.
– Right to Restrict Processing: To request limitation of the use of your data.
– Right to Data Portability: To receive your data in a machine-readable format and transmit it to another controller.
– Right to Withdraw Consent: At any time where processing is based on consent.
– Right to Object: To object to processing based on legitimate interest or for direct marketing.

To make a data request, please contact us at [email protected]. We respond to all valid requests in accordance with applicable legal requirements.

6. Security Measures

We implement a range of technical and organizational safeguards to ensure the protection of your data:

– Data encryption using TLS protocols
– Access restrictions to systems and data repositories
– Regular data backups and secure storage protocols
– Employee privacy training and confidentiality agreements
– Routine audits and security monitoring of our infrastructure

7. International Data Transfers

Where we transfer personal data outside your jurisdiction (including transfers from the EEA or the UK to countries not deemed to offer adequate protection under applicable law), we ensure adequate safeguards are put in place, such as the European Commission’s Standard Contractual Clauses or reliance on appropriate legal frameworks.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected:

– Account and Profile Data: Retained until account closure, and for up to 24 months thereafter.
– Transactional Data: Maintained for the duration required by tax and financial regulations, typically seven years.
– Communication Data: Retained for 36 months for quality assurance and legal reference.
– Technical and Usage Data: Stored for performance analytics for up to 12 months.
– Marketing Preferences: Maintained until consent is withdrawn.

We periodically review retention schedules to ensure timely deletion or anonymization.

9. Cookie Policy

We use cookies and similar technologies to collect information about your use of the website. Cookies are categorized as follows:

– Essential Cookies: Necessary for the basic operation of omt-lessaintes.com.
– Functional Cookies: Enable personalization features such as language preferences.
– Analytics Cookies: Collect data on user behavior to help improve website content and functionality.
– Performance Cookies: Monitor page loading times, user flows, and general website health.

10. Cookie Management and Legal Compliance

In compliance with GDPR and CCPA, we request your consent before placing non-essential cookies. A cookie management banner is provided on omt-lessaintes.com to allow you to accept or decline specific cookie categories. You may also configure your browser settings to manage cookies. Under CCPA, California residents have the right to know what cookies are being used and opt-out of any sale of personal data derived from cookie activity.

11. Special Protections for Children

The services offered on omt-lessaintes.com are not directed to children under the age of 13. We do not knowingly collect personal information from individuals under 13 years of age. If we discover that we have inadvertently collected data from a minor, we will take immediate steps to delete such data in compliance with applicable laws.

12. Policy Updates and Modifications

This Privacy Policy may be amended periodically to reflect changes in legal, regulatory, or operational requirements. Any significant changes will be communicated through the website or via direct contact if appropriate. We encourage regular review of this page to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]

We are committed to complying fully with our obligations under the GDPR, CCPA, and other applicable privacy frameworks. Your trust is important to us, and we are here to help protect your data and empower your rights as a user of omt-lessaintes.com.