Privacy Policy for omt-lessaintes.com
1. Introduction
At omt-lessaintes.com, we are committed to protecting the privacy and personal data of every individual who visits our website or interacts with our services. We value transparency, accountability, and user trust, and we take our legal obligations under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) seriously. This Privacy Policy outlines how we collect, process, store, and protect your data when you use our website and related services.
2. Scope of the Policy and Role of the Data Controller
This Privacy Policy applies to all users of omt-lessaintes.com and governs how personal data is handled across our website. “Personal Data” refers to any information relating to an identified or identifiable individual.
omt-lessaintes.com is operated by the Office Municipal du Tourisme des Saintes, which acts as the Data Controller for the purposes of data protection legislation. As the Data Controller, we determine the means and purposes of processing your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data, depending on your interactions with our website:
– Usage Data: Including IP addresses, browser types and versions, time zones, device identifiers, pages viewed, referring URLs, clickstream data, and browsing behavior.
– Account Data: Provided by users who register or contact us, including first and last names, postal and billing addresses, email addresses, and phone numbers.
– Profile Data: Preferences, interests, behavior on our site, purchase history, and selected personal settings.
– Communication Data: Records of correspondence and communication with us, such as customer service requests, email exchanges, and support content.
– Technical Data: Data about your device, such as type, operating system, device configuration, and unique device identifiers.
– Transaction Data: Information related to services purchased through our website, including payment method details (excluding full payment card numbers), order history, and delivery addresses.
– Preference Data: Data regarding your consents for marketing communications and areas of interest identified through your interactions.
4. Legal Bases for Data Processing
We process your data only when we have a lawful basis under GDPR or CCPA, including:
– Consent: Where you have given explicit consent to the processing (e.g., for marketing communications or optional data collection).
– Contractual Necessity: When processing is necessary for performing a contract or pre-contractual steps at your request.
– Legal Obligation: Where required to comply with legal and regulatory obligations.
– Legitimate Interests: When processing supports our legitimate business interests, provided your rights and freedoms do not override such interests (e.g., site security, performance optimization, fraud prevention).
5. Your Rights
As a data subject, you may exercise the following rights (subject to applicable law):
– Right of Access: Obtain confirmation of whether we process your data and access to that data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data when processing is no longer necessary or lawful (“right to be forgotten”).
– Right to Restriction: Request limitation of data processing under certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
– Right to Object: Object to processing where based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time without affecting lawfulness prior to withdrawal.
Users from California may have additional rights under the CCPA, including:
– Right to Know: The categories and specific pieces of personal data we have collected.
– Right to Delete: The right to request deletion of personal data.
– Right to Opt-Out: The right to opt out of the sale of personal data (note: we do not sell your data).
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement robust administrative, technical, and organizational measures to protect personal data, including:
– Data encryption in transit and at rest.
– Access control protocols and user authentication.
– Regular backups and disaster recovery processes.
– Security training and awareness programs for staff.
– Ongoing monitoring and security testing.
Although we strive to use commercially acceptable means of protecting your data, no method of transmission over the Internet or storage system can be guaranteed 100% secure.
7. International Transfers
Some of the personal data we collect may be transferred to, and stored or processed in, countries outside your location. In such cases, we ensure that appropriate safeguards are in place, including:
– European Commission Standard Contractual Clauses (SCCs).
– Adequacy decisions by relevant authorities.
– Binding corporate rules or other appropriate mechanisms.
Transfers are conducted in full compliance with GDPR and CCPA provisions.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to comply with legal obligations. Typical retention periods include:
– Account Data & Profile Data: Maintained for the duration of the user’s active relationship with omt-lessaintes.com and up to 3 years after account closure or inactivity.
– Transaction Data: Retained for tax, regulatory, and customer service purposes for up to 7 years.
– Communication Data: Held for up to 3 years to allow historical reference and quality control.
– Technical and Usage Data: Anonymized aggregate insights may be retained indefinitely; user-identifiable data is typically held for up to 24 months.
– Preference Data: Maintained until updated or withdrawn by the user.
9. Cookie Policy
omt-lessaintes.com uses cookies and similar technologies to enhance functionality, analyze user behavior, and personalize content. Cookies may include:
– Essential Cookies: Necessary for core functions, such as account access and navigation.
– Functional Cookies: Allow customization of user experience based on preferences.
– Analytics Cookies: Collect aggregated data to help us understand user activity and improve the website.
– Performance Cookies: Monitor website performance and detect errors or slowdowns.
10. Cookie Management and Regulatory Compliance
Users are presented with a cookie banner upon first visit, allowing them to:
– Accept or reject non-essential cookies.
– Customize cookie preferences by category.
– Access the full Cookie Policy.
We honor Do Not Track (DNT) signals and provide opt-out mechanisms consistent with both GDPR and CCPA, ensuring all required consents are obtained and recorded before cookies are deployed.
11. Children’s Privacy
omt-lessaintes.com does not knowingly collect or process data relating to children under the age of 13. If you believe that a child has provided us with personal data in violation of this policy, please contact us immediately at [email protected], and we will take appropriate steps to delete such data.
12. Policy Updates and Notifications
We may revise this Privacy Policy from time to time to address changes in legal requirements, business practices, or technology. Users are encouraged to review this policy periodically. Where changes materially affect your rights or the way we process data, we will provide prominent notice on omt-lessaintes.com and, where required, obtain renewed consent.
13. Contact
For all privacy-related queries, data access requests, or to exercise your data protection rights, please contact us using the details below:
Office Municipal du Tourisme des Saintes
Email: [email protected]
Website: https://omt-lessaintes.com
We are committed to upholding the highest standards of privacy compliance. If you have any concerns regarding the use of your personal data, please do not hesitate to reach out.