Privacy statement

Our customers’ privacy and personal data in the framework of our Services is very important to us. The following Privacy Statement aims at giving you information on our policy regarding personal data, more particularly how and why we process it and with whom we share it.

More precisely, this Statement describes how we use your personal data when you’re using our websites and/or booking portals, when you’re buying and using the Services provided by CTOUTVERT, or when you’re interacting with us via other channels (help desk, social media).

Using one of the Services provided by CTOUTVERT (hereby named « (the) Services ») confirms you have read and understood this Privacy Statement in its entirety and that you accept it.

In accordance with current legislation regarding protection of personal information, we consider CTOUTVERT acts as subcontractor for specific processes and purposes and as Processor for others.

It is reminded that personal data (hereby named « Data » or « Personal Data ») names « any information relating to an identified or identifiable individual, who can be identified, directly or indirectly in particular by reference to an identification number, a name, GPS data, or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity ».

Data processing (hereby named « Processing » or « Data Processing ») names « any operation or set of operations in relation to such data, whatever the mechanism used, especially the obtaining, recording, organisation, structuration, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction ».

• Information we collect

We declare that Personal Data has been obtained lawfully for specific, explicit and lawful purposes.

• Obtaining Personal Data from customer consumers

We collect Personal Data from customers who have made a booking at an Establishment thanks to the SecureHoliday Booking Interface when the booking is made and send them to the payment Subcontractor or to the Establishment (via its PMS software if a PMS bridge has been set up) via a technical device the Establishment selects and is responsible for, most particularly regarding Personal Data safety.

Then we enter this Personal Data in the SecureHoliday system’s data base.

The Data obtained are the customers’ names and surnames, date of birth, address (street, postcode, town, country), phone number, email address, location and dates of booking.

• Obtaining Personal Data from customer Establishments

We collect Personal Data from Establishments within the Services we provide them with, mostly when they order via the related Order Form.

The Data obtained are the name of the Establishment, address, company name, phone number, website, VAT number, email address, owner or signing person name and surname.

• How we use the information we collect

• Processing Personal Data from customer consumers

Personal Data is processed for the sole purposes of Service(s) execution for the Establishment, most particularly :

• Processing customers’ Bookings and management of Services ordered by the Establishment
• - Targeted communication only when the Booking was made via the SecureHoliday system from a Partner site owned by CTOUTVERT
• Statistics studies
• Profiling within « CRM / GRC Pack » Service

Personal Data shan’t be used for any other operation than the ones described above.

• Processing Personal Data from customer Establishments

Personal Data is processed for the execution of Services for the Establishment and for legal requirements, most particularly:

• Processing Orders of Services
• Complying legal requirements of June 21st, 2004 law on data conservation

We can also use the information described previously, including Data from customer consumers and Data from customer Establishments for the following purposes :

• Complying with legal requirements (including fraud prevention, anti-money laundering measures and sanctions filtering). This can include verification of information linked to Data coming from other sources.
• Applying any contract on our Services signed between you and us
• Warning all clients of the changes made to our Services, conditions or policies
• Improving user experience and quality of service
  
  

• Information we share

We can be led to share Personal Data with our partners, most particularly when the latter cash the amount of bookings directly, before they pay the concerned Establishment. In this case, sharing Data is made within the contract signed between said partners and the customer Establishment.

We can also be led to share personal data with subcontractors for our Services – mainly technical ones – among whom our servers’ host (Microsoft Azure).

When subcontractors intervene in Services provided by CTOUTVERT, all measures are taken to insure high level security in the protection of Personal Data and Processing is accomplished after our instructions. Subcontractors cannot use Personal Data any other way than the one expressly demanded nor transfer the Personal Data from CTOUTVERT’s customer Establishments or from the Establishments’ customer consumers who booked via SecureHoliday to any other party. More particularly, subcontractors are not allowed to use your data for their own market research purposes.

In any case, the only other occurrences Personal Data can be transferred to a third party are the following :

• You previously agreed to do so
• Information is processed via a trustworthy partner in accordance with the Privacy Statement, privacy and security requirements, within the contract signed between said partner and the customer Establishment
• We appeal to third party subcontractors, for technical subcontracting purposes
• We have gathered data, making it impossible to identify the concerned persons, for segmentation, statistics, general studies or trend analysis purposes
• • We have a duty to disclose or communicate Personal Data to comply legal requirements, apply conditions of sale and other agreements, and protect our rights, property or safety, our customers’ or other parties’. This includes exchange of information with other companies or organisms to prevent fraud and reduce credit risk.

• Storage of personal data

We store Personal Data as long as necessary for the purposes described above and comply with legal requirements.

• Accuracy of information

We endeavour to make sure stored Personal Data is accurate, up to date and complete. We answer our customers’ requests to correct inaccurate information in due time, which means any person whose Personal Data we are storing can tell us to do so.

• Safety

We have set up several technical and organization measures to insure safety and protection of processed Personal Data.

However, if the Personal Data are transferred to us via the Internet, we cannot guarantee their entire safety.

• Transfers outside the EEA

The Personal Data we process is exclusively hosted in the EEA. We transfer no Personal Data outside the EEA.

• Your rights and preferences

In accordance with current legislation regarding protection of personal data, you have a right to access, correct and delete it after request by mail at any moment :

CTOUTVERT SAS
10 Place Alfonse Jourdain
31000 Toulouse (France)
Email address : contact@ctoutvert.com

You also have a right to complain to the competent supervisory authority, the National Commission for Data Protection and Liberties (CNIL-France).

It is reminded that, should you exercise any of these rights, we might no longer be able to provide you with all or part of the Services.

• Update

The following Policy regarding protection of Personal Data is subject to change without prior notice. In order to be informed of the changes made, please read our Policy on a regular basis.

Updated: 18/05/2018