PRIVACY POLICY

As part of its activity, the company “Les Cœurs de Marie” hereinafter referred to as CM is required to process Personal Data. This Privacy Policy informs you of how CM collects and processes your personal data. Please read it carefully. The Policy applies to all individuals whose personal data is collected by CM. These are mainly customers, and more generally any person who may come into contact with CM (hereinafter the “Holders”) on the manner and purposes for which CM collects, uses and communicates their personal data. Personal data (the “Data”) means any information relating to an identified or identifiable natural or legal person. any natural or legal person whose Data is collected.Giving particular importance to the protection of the Data that the Holders entrust to it, CM undertakes to respect the privacy of the latter.

This Policy is designed to comply with the requirements of the privacy laws in force, in particular Law no. 78-17 of 6 January 1978 on data processing, files and freedoms as amended; the General Data Protection Regulation n°2016/679, which came into force on 25 May 2018, the French laws and decrees transposing the Regulation.The controller of the processing mentioned in this document is the company “Les Cœurs de Marie”, whose head office is located at 43, rue du four de Philibert, 73350 Champagny-en-Vanoise and whose current president is the legal representative.

The latter is also CM’s data protection officer.

Article 1. Acceptance of the policy

All Data provided by the Holder to CM is treated with the utmost confidentiality.

The Data collected is for internal use within CM and strictly limited to teams that have to know about it. In any case, we limit ourselves to collecting and processing data that is relevant, adequate, not excessive and strictly necessary for the fulfilment of the purposes determined below.Beyond the storage periods mentioned belowafter, the Data may be anonymized and stored for exclusively statistical purposes and will not give rise to any exploitation of any nature whatsoever.

The operations described above are not used to establish profiles likely to reveal sensitive personal data such as racial or ethnic origins, philosophical, political, union, religious, sexual life or health.

Article 2. Processing of personal data

All Data provided by the Holder to CM is treated with the utmost confidentiality.

The Data collected is for internal use within CM and strictly limited to teams that have to know about it. In any case, we limit ourselves to collecting and processing data that is relevant, adequate, not excessive and strictly necessary for the fulfilment of the purposes determined below.Beyond the storage periods mentioned belowafter, the Data may be anonymized and stored for exclusively statistical purposes and will not give rise to any exploitation of any nature whatsoever.

The operations described above are not used to establish profiles likely to reveal sensitive personal data such as racial or ethnic origins, philosophical, political, union, religious, sexual life or health.

2.1. Nature of the Data collected, purpose and retention period

a) Data collected from CM customers

When booking, the following Datas are collected:

• Last name, first name, civility, date of birth, nationality
• Mailing address, email address, phone number
• CNI or passport number

This Data is particularly necessary to identify the customers. These Data are necessary for the performance of CM’s services towards its customers in that they allow in particular to communicate with them.The Customer Data is hosted by CM on a dedicated server as well as if it is necessary for reasons of security at a hosting provider. In any case, the data are hosted within the European Union.

b) Data collected spontaneously from Holders when sending an email or during spontaneous application

CM may be made the recipient of a certain amount of personal data, without this being a request on its part.

These data will not be further processed. These Data are archived within 3 years of the end of the calendar year in which they are collected.

Archived Data will be accessible only to CM’s legal representatives.

c) Video surveillance data

CM has placed its buildings under video surveillance (cameras placed outside the buildings) to ensure the security of its customers and its property.

Images recorded in this device are not used for personnel monitoring purposes. Anyone present on CM buildings is likely to be filmed by the device.The images can be viewed, in the event of an incident, by CM’s legal representatives and by law enforcement authorities in accordance with the declaration made in the prefecture.The images are kept for three weeks.

In the event of an incident related to the safety of people and property, video surveillance images may nevertheless be extracted from the device. They are then kept on another medium during the settlement of the procedures related to this incident and accessible only to persons authorized in this context.

2.2. Minor

The Data relating to minors are provided by their legal representatives exclusively, the information collected is as follows :

As part of the reservation file, by one of their parents :

• Last name, first name, civility, date of birth, nationality
• Mailing address, email address, phone number
• CNI or passport number

2.3. Legal basis of the processing

Execution of the contract
This is the legal basis claimed by CM when the data collected is necessary for the provision of its services and any assistance that customers may need.

Legitimate interest
CM may also collect personal data for purposes of legitimate interest such as improving its services and security. Data subjects may at any time object to the processing of their data on this basis.

Consent
In certain circumstances, and in particular when the legal bases mentioned above are not applicable, CM is required to obtain the consent of the data controller necessary for the processing of such data. In this case, the holder may withdraw his consent at any time.

2.4. Information shared with third parties

The processing of personal data collected is strictly confidential.

CM does not transmit any personal data to third parties who may use them for their own purposes, for commercial or advertising purposes in particular, It is possible that CM may transfer certain personal data to third party partners temporarily and securely to ensure the proper performance of the services it offers.

As such, the partners concerned may have access to the Data Controller’s personal data and process it on behalf of CM, according to the instructions of the latter and in compliance with this Policy as well as any appropriate security and confidentiality measures.CM will put in place procedures ensuring that the third parties it authorizes to access personal data, including any subcontractors, respect and maintain the confidentiality and security of the Personal Data. To this end, CM undertakes to place at the charge of its subcontractor(s) the same obligations as those set out herein for the confidentiality, security and integrity of the data, and that such data may not be transferred or rented to a third party free of charge or not, nor used for purposes other than those defined in this Policy.

When these partners are located outside the European Union or in a country that does not have an adequate regulation to the requirements of the privacy laws in force, notably the General Data Protection Regulation and the French laws transposing it, CM frames its contractual relationship with this partner by adopting an appropriate contractual framework.

2.5. Datas hosting

The data collected is stored on secure servers located in Switzerland or in another member country of the European Union.

It is possible that CM may have to forward the data collected through its servers or to those of its partners in countries whose legislation provides a level of data protection may be different from those of the European Union.

In this case, CM will take all necessary measures to maintain a level of security of the collected data at least equal to the level required by the European regulation on personal data.

Article 3. Rights of holders

3.1. Nature of Rights of Holders

In accordance with the laws relating to the protection of personal data in force, in particular the General Data Protection Regulation and the French laws transposing it, any Holder has the following rights:

The Data Controller may object to the processing of his personal data for legitimate reasons

The Holder has a right of access to the data concerning him

It may rectify, update and/or delete data concerning it

He can request the portability of his data

It may request a limitation of the processing of its data carried out by CM

He may communicate guidelines on the retention, erasure and communication of personal data after his death (post-mortem directive)

3.2. Exercise of the rights of the Holders

At any time, the Holder may exercise his rights by sending his request, which includes his name, first name, postal and electronic address and copy front/back of his identity card, namely :

• By email at : info@lescoeursdemarie.com
• By mail to :
Les Cœurs de Marie
43, rue du four de Philibert
73350 Champagny-en-Vanoise

A response will be provided within one month of receipt of the request. The Holder may also at any time ask the Golf to no longer receive information by email.Finally, the Holder may lodge a complaint with the competent authority, namely the CNIL for the French territory.

Article 4. Use of cookies

The Owner is invited to refer to the conditions of use of the website.

Article 5. Applicable Law – Jurisdiction

These terms and conditions of use are governed by French law.

In case of dispute concerning the validity, interpretation and/or performance of these conditions, the French courts will have jurisdiction regardless of the location and nationality of the Holder.