Privacy policy

1. GENERAL PROVISIONS

1.1. BACKGROUND AND DEFINITIONS

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter referred to as the GDPR) sets out the legal framework applicable to the processing of personal data.
The GDPR strengthens the rights and obligations of data controllers, data processors, data subjects and data recipients.
The present policy is implemented by the Office de Tourisme de Brest métropole, whose main activities are the development of the tourism offer, the promotion of tourist destinations and the marketing of the tourism offer of the Office de Tourisme de Brest métropole.
As part of its activity, the Office de Tourisme de Brest métropole implements personal data processing relating to the data of its customers, partners and prospects.
For a proper understanding of the present policy it is specified that:

customers are understood to be any natural or legal person who has entered into a contract of any kind with the Office de Tourisme de Brest métropole, it being specified that the latter's vocation is to work with tourism professionals, departments or the general public;
partners are defined as any natural or legal persons involved in the tourism sector and maintaining relations with the Brest Metropole Tourist Office, such as local tourism professionals, internal and external project developers and investors, holiday distributors, local authorities and their associations, and institutional partners;
Prospects are understood to be any potential customer or any contact recipient of promotional messages from the Office de Tourisme de Brest métropole whose data has been collected directly via contact forms, events or indirectly via any partner of the Office de Tourisme de Brest métropole.

1.2. PURPOSE AND SCOPE

This personal data protection policy is intended to apply to the processing of personal data of customers, partners and prospects of the Office de Tourisme de Brest métropole.
The purpose of this policy is to meet the obligation of information of the Office de Tourisme de Brest métropole and thus to formalize the rights and obligations of customers, partners and prospects with regard to the processing of their data.
This policy applies only to processing for which the Office de Tourisme de Brest métropole is responsible, and to data described as "structured".
The processing of personal data may be managed directly by the Office de Tourisme de Brest métropole or by a subcontractor specifically appointed by it.
This policy is independent of any other document that may apply within the contractual relationship between the Office de Tourisme de Brest métropole and its customers, partners and prospects.
No processing is implemented by the Office de Tourisme de Brest métropole concerning customer, partner and prospect data if it does not concern personal data collected by or for its services or processed in relation to its services and if it does not comply with the general principles of the RGPD.
Any new processing, modification or deletion of existing processing will be brought to the attention of customers, partners and prospects by means of an amendment to this policy.

2. CUSTOMER DATA

2.1. TYPES OF DATA COLLECTED

Non-technical data

(as applicable) Identity and identification (surname, first name, date of birth, pseudonym, customer number)
Contact details (e-mail, postal address, telephone number)
Work-life balance when necessary

Technical data

(depending on use) Identification data (IP address)
Connection data (logs, tokens, etc.)
Acceptance data (click)
Location data.

2.2. DATA ORIGIN

Brest Metropole Tourist Office collects customer data from :

data supplied by the customer (paper form, order form, contract, business card);
electronic forms completed by the customer ;
data entered online (website, social networks, etc.) ;
registration for events organized by the Brest Métropole Tourist Office (e.g. trade fairs, workshops, etc.);
rental or acquisition of databases on an exceptional basis ;
communication of contacts through specialized companies or partners of the Brest métropole Tourist Office.

2.3 PURPOSE

Depending on the case, the Office de Tourisme de Brest métropole processes customer data for the following purposes:

customer relationship management (CRM) ;
sale of tourist stays directly or through distribution partners;
management of events organized by the Brest Métropole Tourist Office (trade shows, workshops, etc.);
sending newsletters or information feeds;
customer account management ;
answers to questions that may be asked by telephone or online ;
improved services from the Brest Métropole Tourist Office;
to meet the administrative obligations of the Brest Métropole Tourist Office;
community management ;
statistics.

2.4. SHELF LIFE

The retention period for customer data is defined by the Office de Tourisme de Brest métropole in the light of the legal and contractual constraints applicable to it, and otherwise according to its needs, and in particular in accordance with the following principles:
Processing Retention period
Customer data For the duration of the contractual relationship with the Office de Tourisme de Brest métropole, plus 3 years for promotional and canvassing purposes, without prejudice to retention obligations or limitation periods
Technical data 1 year from collection
Cookies 13 months

Once this period has elapsed, the data is either deleted or kept after being anonymized, notably for statistical purposes. They may be kept for pre-litigation and litigation purposes.
Customers are reminded that deletion or anonymization are irreversible operations, and that the Office de Tourisme de Brest métropole is subsequently unable to restore them.

2.5. LEGAL BASIS

The purposes of processing presented above are based on the following conditions of lawfulness:
Customers Pre-contractual or contractual performance

3. PARTNER DATA

3.1. TYPES OF DATA COLLECTED

Non-technical data

(as applicable) Identity and identification (surname, first name, date of birth, pseudonym, customer number)
Contact details (e-mail, postal address, telephone number)
Personal/professional life when necessary

Technical data

(depending on use) Identification data (IP address)
Connection data (logs)
Acceptance data (click)
Location data

3.2. DATA ORIGIN

Brest métropole Tourist Office collects data from its partners using :

information gathered directly from partners;
electronic forms completed by partners;
registrations or subscriptions to our online services (newsletter, social networks, etc.);

3.3. PURPOSE

Depending on the case, the Office de Tourisme de Brest métropole processes the data of its partners for the following purposes:

partner relationship management ;
labeling of sites and facilities for the sectors entrusted by the Brest Métropole Tourist Office;
tourism engineering operations (diagnostics and feasibility studies, support in setting up projects and grant applications);
networking and consultation operations involving the various partners ;
marketing support operations for partner service providers ;
management of events organized by the Brest Métropole Tourist Office (trade shows, workshops, etc.);
answers to questions that may be asked by telephone or online ;
training operations for partner service providers ;
operations to find distribution partners ;
statistics.

3.4. SHELF LIFE

The retention period for partner data is defined by the Office de Tourisme de Brest métropole in the light of its legal and contractual obligations and, failing that, according to its needs, and in particular in accordance with the following principles:
Processing Retention period
Data relating to partners For the duration of contractual relations with the Office de Tourisme de Brest métropole, plus 3 years for the purposes of monitoring the relationship, without prejudice to retention obligations or limitation periods
Cookies 13 months
Technical data 1 year from collection

Once this period has elapsed, the data is either deleted or kept after being anonymized, notably for statistical purposes. They may be kept for pre-litigation and litigation purposes.
Partners are reminded that deletion or anonymization are irreversible operations, and that the Office de Tourisme de Brest métropole is no longer able to restore them.

3.5. LEGAL BASIS

The purposes of processing presented above are based on the following conditions of lawfulness:
Partners Pre-contractual or contractual performance

4. PROSPECT DATA

4.1. TYPES OF DATA COLLECTED

Non-technical data

(as applicable) Identity and identification (surname, first name, date of birth, pseudonym, customer number)
Contact details (e-mail, postal address, telephone number): in particular for sending newsletters and delivering newspapers.
Professional life (function) when necessary

Technical data

(depending on use) Identification data (IP address)
Connection data (logs)
Acceptance data (click)
Location data

4.2. DATA ORIGIN

Office de Tourisme de Brest métropole collects data from its prospects from :

data supplied by the prospect (paper form, business card, etc.) ;
electronic forms completed by the prospect ;
data entered online (website, social networks, etc.) ;
registration or subscription to our online services (website, social networks, ...) ;
registration for events organized by the Office de Tourisme de Brest métropole (e.g. trade fairs, workshops, etc.);
list provided by the organizers of events or conferences in which we participate;
database rental by the Brest Métropole Tourist Office on an exceptional basis;
communication of contacts through specialized companies or partners of the Brest métropole Tourist Office.

4.3. PURPOSE

Depending on the case, the Office de Tourisme de Brest métropole processes the data of its prospective customers for the following purposes:

prospect relationship management (PRM) ;
management of events organized by the Brest Métropole Tourist Office (trade shows, workshops, etc.);
sending our newsletters or information feeds;
answers to the questions we receive (by telephone or online) ;
animation of websites in partnership with our partners ;
operation to promote Brest Metropole Tourist Office and tourism in the Landerneau-Daoulas region on social networks (Facebook, Twitter, YouTube, Instagram, etc.);
behavioral analysis of prospects ;
community management ;
statistics.

4.4. SHELF LIFE

The retention period for prospective customers' data is defined by the Office de Tourisme de Brest métropole in the light of the legal and contractual constraints applicable to it and, failing that, according to its needs, and in particular in accordance with the following principles:
Processing Retention period
Data relating to contacts and prospective customers 3 years from the date of their collection by the Office de Tourisme de Brest métropole or from the last contact from the prospective customer/contact
Cookies 13 months
Technical data 1 year from the date of their collection

After the set deadlines, data is either deleted or kept after being anonymized, notably for statistical purposes. They may be kept for pre-litigation and litigation purposes.
Prospects are reminded that deletion or anonymization are irreversible operations, and that Brest Metropole Tourist Office is subsequently unable to restore them
4.5. LEGAL BASIS
The processing purposes described above are based on the following conditions of lawfulness:
Prospects - Pre-contractual measures

Legitimate interest
Consent when required by law (e.g. newsletter)

5. DATA RECIPIENTS

l'Office de Tourisme de Brest métropole ensures that data is only accessible to authorized internal or external recipients.
Recipients of personal data relating to customers, partners and prospects within l'Office de Tourisme de Brest métropole are bound by an obligation of confidentiality.
l'Office de Tourisme de Brest métropole decides which recipients may have access to which data, based on an authorization policy.
The Tourist Office of Brest Metropole is in no way responsible for damage of any kind that may result from illicit access to personal data.
All accesses concerning processing of personal data of customers, partners and prospects are subject to a traceability measure.
In addition, personal data may be communicated to any authority legally empowered to know. In this case, Brest Metropole Tourist Office is not responsible for the conditions under which the staff of these authorities have access to and use the data.

Internal recipients External recipients

Authorized Brest Metropole Tourist Office staff (marketing, customer relationship management, service providers and prospects, administrative staff, IT staff) and their line managers;
Service providers or support services (e.g. IT service provider, etc.) ;
Authorized personnel from auditing departments (statutory auditors, departments responsible for internal audit procedures, etc.);
Administration, court officer where applicable.
Fédération Nationale des Gîtes de France
Clévacances France

6. PERSONAL RIGHTS MANAGEMENT

6.1. RIGHT OF ACCESS (RIGHT TO COPY)

Customers, partners and prospects traditionally have the right to request confirmation from the Office de Tourisme de Brest métropole as to whether or not data concerning them is being processed.
Customers, partners and prospects also have a right of access, which may be exercised provided that the request is made by the person concerned, is accompanied by a copy of an up-to-date identity document and is sent in writing to the following address: Office de Tourisme de Brest métropole, 16 Place de la liberté, 29200 Brest or to the following email address Office de Tourisme de Brest métropole, 16 Place de la liberté, 29200 Brest or at contact@brest-metropole-tourisme.fr.
Customers, partners and prospects have the right to request a copy of their personal data processed by the Office de Tourisme de Brest métropole. However, in the event of a request for an additional copy, the Office de Tourisme de Brest métropole may require customers, partners and prospects to bear the cost of this.
If customers, partners and prospects submit their request for a copy of the data electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.
Customers, partners and prospective customers are informed that this right of access may not relate to confidential information or data, or data for which communication is not authorized by law.
The right of access must not be exercised in an abusive manner, i.e. on a regular basis with the sole aim of destabilizing the Office de Tourisme de Brest métropole.

6.2. UPDATES AND CORRECTIONS

The Brest Metropole Tourist Office satisfies requests for updates:

automatically for online changes to fields that can be technically or legally updated;
upon written request from the person concerned, who must provide proof of identity.

6.3. RIGHT TO ERASURE

The right to erasure of customers, partners and prospects will not be applicable in cases where the processing is implemented to meet a legal obligation.
Apart from this situation, customers, partners and prospects may request the erasure of their data in the following limited cases:

the personal data is no longer required for the purposes for which it was collected or otherwise processed;
when the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
the data subject objects to processing that is necessary for the purposes of the legitimate interests pursued by the Office de Tourisme de Brest métropole, and there is no compelling legitimate reason for the processing;
the data subject objects to the processing of his/her personal data for canvassing purposes, including profiling;
the personal data has been processed unlawfully.
In accordance with legislation on the protection of personal data, customers, partners and prospects are informed that this is an individual right that can only be exercised by the person concerned in relation to his or her own information: for security reasons, the department concerned will therefore need to verify your identity in order to avoid any communication of confidential information about you to anyone other than yourself.

6.4. RIGHT TO LIMITATION

Customers, partners and prospects are informed that this right is not intended to apply insofar as the processing carried out by the Office de Tourisme de Brest métropole is lawful and that all personal data collected is necessary for the implementation of the purposes of the processing thereof.

6.5. RIGHT TO PORTABILITY

Office de Tourisme de Brest métropole grants the right to data portability in the specific case of data communicated by customers, partners and prospects themselves, on online services offered by Office de Tourisme de Brest métropole and for purposes based solely on the consent of individuals and the performance of a contract. In this case, data will be communicated in a structured, commonly used and machine-readable format.

6.6. AUTOMATED INDIVIDUAL DECISION

The Office de Tourisme de Brest métropole does not make automated individual decisions.
The tools offered on the Office de Tourisme de Brest métropole website are only tools to help customers and prospects and should not be considered otherwise.

6.7. POST-MORTEM RIGHTS

Customers, partners and prospects are informed that they have the right to formulate directives concerning the conservation, deletion and communication of their post-mortem data. The communication of specific post-mortem directives and the exercise of their rights can be made by e-mail to contact@brest-metropole-tourisme.fr or by post to the following address: Office de Tourisme de Brest métropole, Place de la liberté, 29200 Brest, accompanied by a copy of a signed identity document.

7. ADDITIONAL PROVISIONS

7.1. OPTIONAL OR MANDATORY RESPONSES

Customers, partners and prospects are informed on each personal data collection form of the compulsory or optional nature of their responses by the presence of an asterisk. Where answers are compulsory, Brest Metropole Tourist Office will explain to customers, partners and prospects the consequences of not answering.

7.2. RIGHT OF USE

Customers, partners and prospects grant the Office de Tourisme de Brest métropole the right to use and process their personal data for the purposes set out above.
However, enhanced data resulting from processing and analysis by the Office de Tourisme de Brest métropole, otherwise known as enhanced data, remains the exclusive property of the Office de Tourisme de Brest métropole (analysis of usage, statistics, etc.).

7.3. SUBCONTRACTING

l'Office de Tourisme de Brest métropole informs its customers, partners and prospects that it may involve any subcontractor of its choice in the processing of their personal data.
In this case, l'Office de Tourisme de Brest métropole ensures that the subcontractor complies with its obligations under the RGPD.
l'Office de Tourisme de Brest métropole undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on subcontractors as it does. In addition, the Office de Tourisme de Brest métropole reserves the right to audit its subcontractors to ensure compliance with the provisions of the RGPD.

7.4. TREATMENT REGISTER

Brest Metropole Tourist Office is implementing a data processing register.

8. SAFETY

8.1. SAFETY MEASURES

It is the responsibility of the Office de Tourisme de Brest métropole to define and implement the physical or logical technical security measures it deems appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data.

These measures include the following:

data access authorization management ;
internal and external safeguards with our subcontractors
identification process for access to the building and data
In any event, in the event of a change in the means used to ensure the security and confidentiality of personal data, the Office de Tourisme de Brest métropole undertakes to replace them with means of superior performance. No change may lead to a reduction in the level of security.
In the event of subcontracting all or part of the processing of personal data, the Office de Tourisme de Brest métropole undertakes to contractually impose security guarantees on its subcontractors by means of technical data protection measures and the appropriate human resources.

8.2. DATA BREACH

In the event of a personal data breach, the Office de Tourisme de Brest métropole undertakes to notify the Cnil under the conditions prescribed by the RGPD.
If the said breach poses a high risk to customers, partners and prospects and the data has not been protected, the Office de Tourisme de Brest métropole:

will notify the customers, partners and prospects concerned;
communicate the necessary information and recommendations to the customers, partners and prospects concerned.

9. CONTACTS

9.1. Office de Tourisme de Brest métropole CONTACT

The contact details of our personal data referent are as follows:

Name: Office de Tourisme de Brest métropole
E-mail address: contact@brest-metropole-tourisme.fr

9.2. DPO CONTACT

Office de Tourisme de Brest métropole has appointed a data protection officer whose contact details are as follows:

Name: Office de Tourisme de Brest métropole
E-mail address: contact@brest-metropole-tourisme.fr
Address: Brest métropole Tourist Office
16 Place de la liberté, 29200 Brest

9.3. RIGHT TO LODGE A COMPLAINT WITH CNIL

Customers, partners and prospects concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely Cnil in France, if they consider that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:
Cnil - Service des plaintes
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Tél : 01 53 73 22 22

10. EVOLUTION

The present policy may be modified or amended at any time in the event of changes in legislation, case law, decisions and recommendations of the Cnil or usage.
Any new version of the present policy will be brought to the attention of customers, partners and prospective customers by any means chosen by the Office de Tourisme de Brest métropole, including electronic means (distribution by e-mail or online, for example).

11. FOR FURTHER INFORMATION

For further information, please contact us at the following e-mail address: contact@brest-metropole-tourisme.fr.
For more general information on the protection of personal data, please consult the Cnil website www.cnil.fr.