Personal data policy - Customers

1 - What is the purpose of this document?

In accordance with the General Data Protection Regulations n°2016/679 and the French “Loi Informatique et Libertés” of 6^th January 1978 in its latest version, this data protection policy is intended to inform you of all the processing on your personal data implemented on the Ceetiz website.

2- Who is responsible for processing?

The data controller for the processing of personal data on the Ceetiz website is CEETIZ, whose registered office is located at 158 ter Rue du Temple, 75003 PARIS. 

3 - Definitions

The following terms shall have the meaning, in the plural or singular, as follows:

"CEETIZ":  CEETIZ, registered under number B 529 957 482 at the Paris Registry of Commerce and Companies;

"Third party": a legal entity which has signed a commercial agreement with CEETIZ;

"Partner": a natural person or legal entity whose professional activity consists in offering services through the CEETIZ website, including in particular tourist activity providers, leisure and entertainment providers, certified guides, Ceetiz Spotters, travel agencies, air/rail/maritime companies, hotel entities, works councils.

 "RGPD": General Data Protection Regulation n°2016/679 of 27^th April 2016.

4 - What personal data is processed?

The processing of personal data concerns the following categories of data:

• data allowing your identification (title, surname, first name, date of birth, postal address, e-mail address, telephone number...);
• connection data (IP address, connection logs, cookies, pages visited, etc.);
• data relating to your commercial relationship with CEETIZ (data relating to your preferences, order history, invoice numbers, data collected through satisfaction surveys, messages exchanged with the CEETIZ website Help Centre);
• data relating to the settlement and payment of transactions;
• data relating to your reviews and comments on the services and products offered and purchased;
• for certain activities, data relating to your person (height, weight) or, with your express consent, your religious beliefs.

Personal data is obtained directly from you or from your use of the website.

It may also be obtained indirectly, through third parties, in particular to enable us to update and improve customer profiles and the quality of the services offered. The personal data collected in this way is processed under the same conditions as the data obtained directly from you.

In the event that your personal data is collected via a form, you will be informed of the mandatory nature of some information by an asterisk (*). On some forms, the fields to be completed are mandatory by default (unless otherwise stated). If you do not provide the required information, your request will not be taken into account and will not be processed.

The personal data that is processed is strictly necessary for the processing purposes described below.

5 - For what purposes are your personal data processed and how long is it kept?

The processing of your personal data is based on different legal bases depending on the purposes for processing as detailed below. The legal bases on which the processing can be carried out are as follows:

• consent: the data subject gives his free, specific, informed and unambiguous consent to the processing of his personal data for one or more of the purposes described below;
• steps prior to entering into a contract performance of a contract: the data subject is party to the contract or the steps are taken at the request of the data subject;
• compliance with one or more legal obligations to which the controller is subject;
• legitimate interests pursued by the data controller: the data subject’s personal data is processed for the purposes such as customer knowledge and retention, preventing fraud etc.

Your personal data is only kept for the time strictly necessary to fulfil the purposes for which it is processed, as described below. This duration may be increased for the establishment, exercise or defence of legal claims of the data controller.

6 - Who are the recipients of your personal data?

Your personal data may be shared, depending on their attributions and according to the purposes pursued, with the recipients listed below:

7 - Is your personal data being transferred outside the European Union?

Our international travel agency activity leads us, when you book a service provided by a Partner located outside the European Economic Area (EEA), to transfer your personal data to independent data controllers established:

• in states subject to a European Commission adequacy decision and ensuring an adequate level of protection of personal data;
• in states in which data protection laws may be less protective than those in the EEA. These transfers are carried out solely to provide you with the services requested and are therefore based on the provisions of Article 49(1)(b) of the PGRD, which provides for an exception to the principle of prohibition of international transfers where the transfer is necessary for the purposes of performance of a contract between the data controller and the data subject.

8 - What are your rights regarding your personal data? 

You have the following rights regarding your personal data:

Right of access: you can at any time obtain a copy of your personal data as well as information on the nature, origin and use of your personal data, the identity or categories of possible recipients of your data;

Right to rectification: you can request the rectification of inaccurate personal data which concerns you;

Right to erasure: you can request the erasure of your personal data, especially if it is no longer necessary in relation to the purposes for which it was collected, unless the data controller has a legal obligation to keep the data or if they are necessary for the establishment, exercise or defence of legal rights;

Right to limit one or more processing operations of your personal data: you may request that your personal data be temporarily made inaccessible in order to limit their future processing in the following situations:

• when you challenge the accuracy of your personal data, for a period of time allowing the controller to verify the accuracy of the data;
• when you believe that the processing is unlawful and you object to the deletion of your personal data;
• when your personal data is no longer required but you wish to retain it for the exercise or defence of your legal claims;
• when you have objected to the processing, during the period of verification as to whether the legitimate reasons pursued by the controller prevail over yours;

Right to portability: you may request to receive communication of the personal data concerning you that you have provided to the data controller and processed by automated means, in a structured and commonly used format. This right can only be exercised if the processing is based on your consent, is necessary for the performance of a contract or steps prior to entering into contract;

Right to object: you may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on the legitimate interests of the controller unless there are legitimate and compelling reasons for the processing which override your interests, rights and freedoms, or for establishing, exercising or defending your rights in legal proceedings;

In this respect, you have the right to object to the processing of your data for marketing purposes, including when this processing takes the form of profiling;

Right to issue instructions in the event of death: you can issue instructions regarding the storage, erasure and disclosure of your personal data. In the event of your death, your personal data will in principle be deleted, unless legal and regulatory obligations and/or statutory periods of limitation require their retention;

Right to withdraw consent: you may at any time withdraw your consent to the processing of your personal data which is based solely on your consent.

9 - How may you exercise your rights? 

You can make any request relating to the exercise of your rights concerning your personal data by contacting the CEETIZ Data Protection Officer's services at the following email address: dpo@ceetiz.com or at the following postal address: CEETIZ, Data Protection Delegate Service, 158 ter Rue du temple, 75003 PARIS.

You may be asked for proof of identity. The exercise of one of these rights may be denied if your application does not meet the conditions set out by the regulations. In this case, you will be duly informed.

10 - How do I file a complaint with the CNIL?

If you believe that the treatment of your personal data does not comply with the legal and regulatory provisions, you can file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at: 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

SPECIFIC PROVISIONS CONCERNING COOKIES ON THE CEETIZ WEBSITE

1 - What is a cookie?

A cookie is a tracker deposited and read during the visit of a website, the viewing of an e-mail, the installation or use of software, in your terminal's equipment.

2 - For what purposes are cookies deposited?

The depositing of cookies is based on different legal bases according to the purposes pursued, as detailed below. The legal bases on which the processing can be carried out are as follows:

• consent: the data subject gives his/her free, specific, informed and unambiguous consent to the processing of his/her personal data for one or more of the purposes described below;
• the legitimate interests pursued by the data controller: the processing of the data subject's personal data is carried out exclusively for the purpose of providing a service that you have expressly requested or for the purpose of providing a communication service by electronic means.

Cookies deposited via the website have several purposes:

• Technical cookies: these cookies enable the website to store your choices and preferences on your account, as well as to provide enhanced, more personal features. Some of them are indispensable for the proper functioning of the website and strictly necessary for the provision of a service that you have expressly requested.
• Audience Measurement Cookies: these are analysis and research cookies that enable us to count visits and measure traffic to improve the performance of the website. They make it possible to know which pages are most viewed and least popular, and to analyse your browsing on the website. Blocking these cookies does not affect the performance of the services provided.

• Third-party advertising and retargeting cookies: these cookies allow us to collect information when you browse our website, including the pages you visit, the links you follow and targeted information when you browse other websites such as Facebook and Google.

We use this information to make the displayed ads more relevant to what are deemed to be your preferences and interests. Blocking these cookies does not limit access to the services but does limit the targeted ads you see.

• Social Network Cookies: these cookies are deposited when you use the "Share" buttons and allow you to instantly share content from the CEETIZ website on social networks and enable them to track your navigation. This can have an impact on the content and messages you view on other websites you visit. Each of these social networks has a privacy policy, which can be accessed at the following addresses:
• Facebook: https://www.facebook.com/policies/cookies/
• Twitter: https://help.twitter.com/fr/rules-and-policies/twitter-cookies
• LinkedIn:  https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

3 - How long are cookies kept?

In accordance with the regulations in force, the period of validity of your consent for a cookie is a maximum of thirteen (13) months after the first placement of the cookie on your terminal.

4 - How to configure cookies?

You can set your cookie preferences at any time and go back to your choices using the cookie manager on the website, which can be accessed via the information banner when you first arrive on the website / via the "Cookie manager".