In the frame of the use of its services and in particular the services accessible on its website, its mobile site, its online store and its mobile apps, SAS GP, as data processing manager, may collect and process your personal data.
We are devoted to complying with privacy rules of potential customers and visitors to our website, mobile site, online store and mobile apps. All the data processing implemented in the frame of the accessible services comply with local regulations that apply for the protection of personal data and in particular, the provisions of the modified “Data Freedom Act” of 6 January 1978 and the General Data Protection Regulation (Regulation EU 2016/679) or “GDPR”.
1 - WHAT ARE OUR UNDERTAKINGS ON DATA PROTECTION?
SAS GP undertakes to guarantee a high level of protection of the data of its customers, potential customers, website, mobile site, and online store, and mobile app users, and any other person for which it processes data.
SAS GP undertakes to comply with the regulations which apply to all the data processing it implements:
- Your data is treated in a licit, loyal and transparent manner;
- Your data is collected for defined, explicit and legitimate purposes and is not processed at a later date in a way which is incompatible with these purposes;
- Your data is kept in an appropriate and pertinent manner and is limited to what is necessary with regard to the purposes for which it is processed;
- Your data is accurate, up-to-date and all reasonable measures are taken to ensure that any data that is incorrect with regard to the purposes for which it is processed is deleted or corrected as soon as possible.
SAS GP implements the appropriate technical and organisational measures to guarantee a level of security that is adapted to the inherent risk of its processing operations, comply with regulatory requirements and protect the rights and data of the people concerned when designing processing operations.
Furthermore, SAS GP contractually imposes the same level of protection of data protection on its subcontractors (service providers, suppliers, etc.).
2 - WHAT DATA DO WE COLLECT?
A - According to the purpose of the collection
The personal data we collect varies according to the purpose of the collection and the Service we provide. In general, we may be required to directly collect the following categories of data:
a) personal contact details such as your surname, first name, email address, postal address and telephone number(s);
b) the login details used to access your online account, or the username and password. We require this to create an account for your personal use;
c) exchanges with you, which may include details of conversations via chat, the consumer service;
d) demographic data, such as your age, gender and lifestyle preferences (among other things your favourite products and your interest in them);
e) browsing history, such as pages visited, date of visit, location when visiting, and IP address;
f) data concerning payment when a purchase or a booking is made on one of our websites or online stores, or one of our apps. In general, the invoice in your name, your billing address and payment data such as your credit card or bank account;
We may also collect personal data about you indirectly when you share content on social media, websites, stores or apps about our products and services, or when you reply to our posts and our promotional advertisements on social media.
B - Data concerning minors
SAS GP does not collect or process the data of children under 18 years without the prior consent of parents or persons with parental authority
If data concerning children is collected via our website, mobile site, online store and mobile apps, parents or persons with parental authority have the possibility of opposing this by contacting us at the address indicated at the bottom of this page.
3 - HOW IS DATA COLLECTED?
A - Methods used to collect your data
In the frame of our relationship, you may be required to send us your data using different methods and, in particular, our website, mobile site, online store and mobile apps while you are browsing the Internet, making purchases, bookings, completing various data collection forms, subscribing to the e-newsletter, creating an account, submitting an application, posting your comments on our social media pages, making any form of contact with our establishment, or sending us your data in any way.
B - IP address
The IP address is a series of numbers that is assigned automatically to your computer by your Internet access provider each time you log in. Every time you send a request to the website, our servers make a record of your visit. We collect IP addresses with a view to analysing trends on the website. We do not send any data that allows you to be identified, which means that your session will be saved but will remain anonymous for us.
We may use your IP address in cooperation with your Internet access provider in order to identify you in the case of having to apply conditions of use to protect our services and clients, or in order to comply with laws in force.
C - Cookies
In order to constantly improve the quality of our services proposed on our website, mobile site, online store and mobile apps, and their suitability with your needs, SAS GP may use “cookies”, text files that serve to identify your terminal when you log in to one of our services.
The deposit of cookies or tracers on your terminal (computer, tablet, smartphone, etc.) allows établissement] to collect information and personal data according to how you configure your terminal.
Types of cookies used:
a) Cookies essential for using the website They allow you to use the main functions of the website, such as the purchase or reservation of services for example. If you deactivate cookies, you will no longer benefit from these functions.
The data stored cannot be used for commercial purposes.
b) Site performance cookies Performance cookies allow us to optimise our website and detect any technical problems that you may encounter.
They allow us to collect data about the way in which you use the website, in particular the number of visits per page, the number of error messages displayed, the time spent on a page, or the number of clicks on a zone on the website.
c) Functional cookies
These cookies allow the website to memorise the choices that you made (such as your username, the language or the region where you are located) and provide more precise and personal characteristics. These cookies can also be used to memorise the changes made by the user, such as the size of the text or the font. They may also be used to provide the services that you have requested, such as watching a video or leaving a comment on a blog. The data collected by these cookies may be made anonymous and cannot track your browsing activity on other sites.
By using our website, you agree to receive this type of cookie on your device.
d) Advertising marketing cookies
These cookies collect data about your Internet browsing habits in order to offer you adverts that are adapted to you and your centres of interest. They also allow you to limit the number of times that you see an advert and help us to assess the effectiveness of our advertising campaigns. In general, they are installed by advertising networks with the website operator’s authorisation. They memorise visits made on a website and share this information with other companies (advertisers for example). Targeted or advertising cookies are often linked to the functions of the site provided by the partner company.
The data is collected and shared with third parties in order to offer audience targeting and optimisation solutions for advertisers and editors. No personal data is collected and an individual cannot be identified using the data collected.
e) Cookies from third-party websites and social media Our website contains links and/or content that transfer users to other websites and social media and we do not know what cookies are used by these. To find out more, please consult the information provided by these thirdparty websites and social media about their own cookies.
D - Respect for your privacy
We undertake to protect your privacy by complying with the two following principles:
- We do not associate your cookies with any data that allows you to be identified directly and personally. Under no circumstances do cookies allow your address, date of birth, telephone number or any other information that can be used to identify you to be known.
- We do not provide any personal information to advertisers or third-party websites that display our advertisements based on your centres of interest.
If your computer or your mobile is used by several people, or if it has several Internet browsers, it is possible that the content displayed to other users matches your preferences. If you want, you can modify your browser’s settings.
For further information about how cookies work and targeted advertising, consult the CNIL (French Data Protection Agency) website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
E - Links to third-party websites
Our website, mobile site, online store and mobile apps may contain links redirecting users to third-party websites. We decline any responsibility for the collection, use, management sharing, or disclosure of data and information by these third-parties.
4 - FOR WHAT PURPOSE MIGHT THE DATA COLLECTED BE USED ?
Your data is used mainly for the purpose of making reservations and purchases (provision of services, specific services and products), canvassing, loyalty creation, activity organisation, information, sales, satisfaction surveys, organisation of competitions, new services and products designed to improve your customer experience in our establishment, statistical studies, recruitment, after-sales services, processing your requests and/or complaints. Apart from cases in which your consent has been obtained (in particular for communicating personalised offers), the processing of your data for purposes other than those mentioned above is necessary, in particular:
- For ensuring the implementation of the service contract;
- For complying with a legal obligation;
- For the purpose of legitimate purposes pursued by our establishment in particular developing new services and offers, improving the customer service, etc.).
More specifically, your data is used:
- To allow you to benefit from all the services available on our establishment’s website, mobile site, store and mobile apps: creation of a user account, e-newsletter, management of bookings, support and complaints, management of loyalty programmes, etc.
- In order to allow you to browse our websites;
- To match our information, notifications, offers and other forms of services to your interests as best as possible;
- To facilitate the completion of administrative formalities concerning the booking and purchase.
5 - HOW LONG IS YOUR DATA STORED ?
SAS GP undertakes to store your data for a period that does not exceed that required for the purposes for which they are processed.
The storage periods are defined according to the processing purposes implemented by SAS GP and, in particular, take account of the legal provisions which apply imposing a precise storage period for certain categories of data, any limitation periods that apply, as well as the CNIL’s recommendations concerning certain categories of data processing.
6 - WHO IS LIKELY TO ACCESS YOUR DATA ?
A - Recipients of your data
The data collected on our website, mobile site, online store and mobile apps are likely to be communicated to our internal staff or to its ancillary service providers (sub-contractors, service providers, banks), in the frame of the completion of all or some of the services listed above. We remind you that in this context, SAS GP asks its providers to set up strict privacy and protection measures for this data.
B - Transfer of data outside the European Union
Data may be processed outside the European Economic Area (EEA). If this is the case, SAS GP will do everything to ensure that this international transfer of data benefits from the required level of security and guarantees.
7 - HOW DO YOU EXERCISE YOUR RIGHTS ?
In accordance with the regulations which apply in the field of data protection, you may, at any time, exercise your right to access, rectify and delete your personal data as well as your right of limit and oppose processing and the portability of your personal data.
Furthermore, you have the legal right to define directives concerning the management of your data after your death.
Also, any person who is a minor at the time when the data was collected may obtain the deletion of it as soon as possible.
These rights may be exercised by writing to the following address:
18 Rue de Citeaux
In this frame, we ask you to accompany your request with the elements needed to identify you (surname, first name, email) as well as any other information needed to confirm your identity.
You also have a right of appeal to the Commission Nationale de l'Informatique et des Libertés (French Data Protection Agency) in the event of a breach of the regulation that applies concerning the Data Protection and the GDPR in particular.
8 - COMPUPTER SAFETY/SECURITY OF TRANSACTIONS
Ensuring the security and confidentiality of personal data that you entrust to us is a priority for SAS GP. Thus, we implement all the technical and organisational measures needed concerning the nature, scope and context of the personal data that you communicate to us and the risks presented by their processing in order to preserve the security of your data and, in particular, prevent the destruction, loss, alteration, disclosure, intrusion or unauthorised access to it in an accidental or illicit manner.
We offer you a secure online payment system based on the latest technologies in force.
SAS GP does its utmost to combat identity theft on the Internet. That is why, for example, we use a detection system for fraudulent payments made by credit card. This system protects you in the case of the loss or theft of your credit card.
The security and confidentiality of personal data is based on the good practices of all. That is why we ask you to avoid communicating your password to third parties, to systematically log out of your social media accounts (especially in the case of linked accounts), and to close your browser window after your work session, especially if you access the Internet from a computer station shared with other people. In this way, you will prevent other users from access your personal data.
9 - CONTACT US
For any further questions about this policy or the way in which SAS GP processes your personal data, please contact us at the following address: firstname.lastname@example.org
10 - MODIFICATIONS TO THE DECLARATION
SAS GP reserves the right to adapt the data protection policy. When we make substantial changes to this Declaration, we publish a link to the Declaration on the home page of our website.