Articles in this section

Personal data policy - Partners

Avatar
Ines de Ceetiz
  • Updated
Follow

PERSONAL DATA POLICY FOR BUSINESS PARTNERS

1 - What is the purpose of this document?

In accordance with the General Data Protection Regulations n°2016/679 and the French “Loi Informatique et Libertés” of 6th January 1978 in its latest version, this data protection policy is intended to inform you of all the processing on your personal data implemented on the Ceetiz website.

2- Who is responsible for processing?

The data controller responsible for the processing of personal data implemented on the Ceetiz website is CEETIZ, whose registered office is located at 13/15 rue des Sablons, 75116 PARIS.

3 – Definitions  

The following terms shall have the meaning, in the plural or singular, as follows:

"CEETIZ":  CEETIZ, registered under number B 529 957 482 at the Paris Registry of Commerce and Companies;

"Third party": a legal entity which has signed a commercial agreement with CEETIZ;

"Partner": a natural person or legal entity whose professional activity consists in offering services through the CEETIZ website, including in particular tourist activity providers, leisure and entertainment providers, certified guides, Ceetiz Spotters, travel agencies, air/rail/maritime companies, hotel entities, works councils.

 "RGPD": General Data Protection Regulation n°2016/679 of 27th April 2016.

4 - What personal data is processed?

The processing of personal data by Partners' employees carried out concerns the following categories of data:

  • data allowing your identification (title, surname, first name, date of birth, postal address, e-mail address, telephone number...);
  • data relating to your professional situation;
  • connection data (IP address, connection logs, cookies, pages views, etc.);
  • data relating to your commercial relationship with CEETIZ (data relating to the follow-up of the services you offer, messages exchanged with the CEETIZ website Help Centre);
  • data relating to the settlement and payment of transactions.

Personal data is obtained directly from you or results from your use of the website.

The personal data thus collected is processed under the same conditions as the data obtained directly from you.

In the event that your personal data is collected via a form, you will be informed of the mandatory nature of some information by an asterisk (*). On some forms, the fields to be completed are mandatory by default (unless otherwise stated). If you do not provide the required information, your request will not be taken into account and will not be processed.

The personal data that is processed is strictly necessary for the processing purposes described below.

5 - For what purposes are your personal data processed and for how long are they kept ?

The processing of your personal data is based on different legal bases depending on the purposes for processing as detailed below. The legal bases on which the processing can be carried out are as follows:

  • consent: the data subject gives his free, specific, informed and unambiguous consent to the processing of his personal data for one or more of the purposes described below;
  • steps prior to entering into a contract performance of a contract: the data subject is party to the contract or the steps are taken at the request of the data subject;
  • compliance with one or more legal obligations to which the controller is subject;
  • legitimate interests pursued by the data controller: the data subject’s personal data is processed for the purposes such as customer knowledge and retention, preventing fraud etc.

Your personal data is only kept for the time strictly necessary to fulfil the purposes for which it is processed, as described below. This duration may be increased for the establishment, exercise or defence of legal claims of the data controller.

MANAGEMENT OF THE RELATIONSHIP WITH PARTNERS

Purposes/ sub-purposes

Legal bases

Data retention durations

Creation of an online account by the Partners' employees

Consent

Until the account is deleted or 3 years in case of account inactivity

Communication and exchange of information to respond to contact requests

 

Commercial marketing by SMS

 

Data transmission for commercial marketing purposes to Third Parties

 

Consent

3 years from the data collection date

Management of reservations for the offered services

Commercial relationship management

Execution and monitoring of the offered services

Claims management, CEETIZ website Help center service and guarantees
Accounting management

Invoicing

Performance of a contract

5 years from the end of the contract

10 years from the end of the contract, for contracts entered into electronically and involving sums over 120 euros

10 years for accounting items (possibility of extending the retention period under the deficit carry-forward theory)

Development of statistics, analyses, commercial surveys, reporting, etc.

Legitimate interests of the data controller: improving customer knowledge and the quality of services offered

3 years from the data collection date

Fraud management, unpaid debts and litigation

Legitimate interests of the data controller: preventing fraud

Duration of the statutory limitation period

If legal action is taken, retention of data for up to 5 years after the end of legal proceedings

Commercial marketing by email  

Legitimate interests of the data controller: improving the quality of the services offered to Partners

Until the exercise of the right to object or 3 years from the data collection date or the last contact with the person

Consent management

Storing proof of consent

Compliance with legal obligations

Until consent is withdrawn or

3 years from data collection date or last contact with the person

 

DATA SUBJECT RIGHTS MANAGEMENT FOR PARTNERS

Purposes /sub-purposes

Legal bases

Data retention durations

Management of requests from Partners’ employees to exercise their rights on the processing of their personal data (access rights, right to object, right to limit processing, etc.).

Compliance with legal obligations

1 year for access, rectification, erasure and the right to limit processing


6 years for the exercise of the right to object to processing

Processing fraud cases

Legitimate interest: limiting fraud

6 years after the fraud was discovered

 

6 - Who are the recipients of your personal data?

Your personal data may be shared, depending on their attributions and according to the purposes pursued, with the recipients listed below:

Category of data recipients

Data recipients

Recipients within CEETIZ

Staff in charge of marketing, commercial, administrative and IT services.

 

External recipients

Third parties if you have consented, for marketing purposes

 

Subcontractors in charge of the implementation of personal data processing or within the framework of consultancy and assistance assignments

 

Those involved in operations relating to the life of the data controller (sale, mergers and acquisitions, universal transfers of assets, etc.)

 

 

7 - Is your personal data being transferred outside the European Union?

Our international travel agency activity leads us to transferring personal data relating to Partners’ employees throughout the world and in particular to Third Parties of CEETIZ established in non-European Union (EU) Member States whose legislation may be less protective. These transfers of personal data to autonomous data controllers - such as Third Parties - established outside the EU occur only in order to carry out our obligations, in compliance with article 49.1.b) of the GDPR.

8 - What are your rights regarding your personal data?

You have the following rights regarding your personal data:

Right of access: you can at any time obtain a copy of your personal data as well as information on the nature, origin and use of your personal data, the identity or categories of possible recipients of your data;

Right to rectification: you can request the rectification of inaccurate personal data which concerns you;

Right to erasure: you can request the erasure of your personal data, especially if it is no longer necessary in relation to the purposes for which it was collected, unless the data controller has a legal obligation to keep the data or if they are necessary for the establishment, exercise or defence of legal rights;

Right to limit one or more processing operations of your personal data: you may request that your personal data be temporarily made inaccessible in order to limit their future processing in the following situations:

  • when you challenge the accuracy of your personal data, for a period of time allowing the controller to verify the accuracy of the data;
  • when you believe that the processing is unlawful and you object to the deletion of your personal data;
  • when your personal data is no longer required but you wish to retain it for the exercise or defence of your legal claims;
  • when you have objected to the processing, during the period of verification as to whether the legitimate reasons pursued by the controller prevail over yours;

Right to portability: you may request to receive communication of the personal data concerning you that you have provided to the data controller and processed by automated means, in a structured and commonly used format. This right can only be exercised if the processing is based on your consent, is necessary for the performance of a contract or steps prior to entering into contract;

Right to object: you may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on the legitimate interests of the controller unless there are legitimate and compelling reasons for the processing which override your interests, rights and freedoms, or for establishing, exercising or defending your rights in legal proceedings;

In this respect, you have the right to object to the processing of your data for marketing purposes, including when this processing takes the form of profiling;

Right to issue instructions in the event of death: you can issue instructions regarding the storage, erasure and disclosure of your personal data. In the event of your death, your personal data will in principle be deleted, unless legal and regulatory obligations and/or statutory periods of limitation require their retention;

Right to withdraw consent: you may at any time withdraw your consent to the processing of your personal data which is based solely on your consent.

9 - How may you exercise your rights?

 You can make any request relating to the exercise of your rights concerning your personal data by contacting the CEETIZ Data Protection Officer's services at the following email address: dpo@ceetiz.com or at the following postal address: CEETIZ, Data Protection Delegate Service, 13/15 Rue des Sablons, 75116 PARIS.

You may be asked for proof of identity. The exercise of one of these rights may be denied if your application does not meet the conditions set out by the regulations. In this case, you will be duly informed.

10 - How do I file a complaint with the CNIL?

If you believe that the treatment of your personal data does not comply with the legal and regulatory provisions, you can file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at: 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

Related articles

Comments

0 comments

Article is closed for comments.