1. GDPR
The General Data Protection Regulation (GDPR), known as RGPD in French, has been applicable since May 25, 2018, in the 28 European Union countries.
It applies to all businesses (including Works Councils), public administrations, and associations that process personal data and provide services to users in the European Union, regardless of where these organizations are located in the world.
The objective of GDPR is to “give citizens back control of their personal data while simplifying the regulatory environment for organizations.”
It builds on the French “Informatique et Libertés” law of 1978 and strengthens its measures.
In France, the authority responsible for ensuring its application is the CNIL (National Commission for Information Technology and Civil Liberties).
For more information about GDPR, follow this link: https://www.cnil.fr/en/
2. Who are we?
The address of our website is: marie-maria.com
3. Use of Collected Personal Data
3.1 Purpose of Collected Personal Data
The collection of personal data through the various forms on the site is intended to:
- Recontact individuals who requested information.
- Enable the sending of newsletters by our services.
- Send promotional offers and event invitations via email.
By submitting the form and ticking the appropriate consent checkboxes, the user explicitly agrees that their personal data may be processed for the purpose of a commercial relationship.
The collection of personal data through the Google Analytics audience tracking tool used on the site is intended to:
- Analyze user behavior on the site to measure its audience and improve its performance.
Google Analytics uses third-party cookies to differentiate users. These cookies are text files installed on users’ devices. They do not contain any personally identifiable information, only randomly created identifiers.
By browsing the site, the user explicitly agrees that the personal data collected by Google Analytics may be processed for the purpose of analyzing user behavior to improve site performance.
3.2 Comments
When you leave a comment on our website, the data entered in the comment form, as well as your IP address and browser user agent, are collected to help us detect unwanted comments.
An anonymized string created from your email address (also called a hash) may be sent to the Gravatar service to verify if you are using it. The Gravatar service privacy policy is available here: http://automattic.com/privacy/. After your comment is approved, your profile picture will be publicly visible next to your comment.
3.3 Contact Forms
If you use a contact form on our site, your data will be stored to allow us to process your request. Data is kept for 24 months before being deleted.
3.4 Cookies
If you leave a comment on our site, you will be offered the option to save your name, email address, and website in cookies. This is for your convenience so that you do not have to enter this information again when you leave another comment. These cookies expire after one year.
If you visit the login page, a temporary cookie will be set to determine if your browser accepts cookies. It contains no personal data and will be deleted when you close your browser.
When you log in, we will also set up several cookies to save your login information and screen display preferences. The lifespan of a login cookie is two days, and the lifespan of a screen options cookie is one year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
When you edit or publish a post, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
3.5 Embedded Content from Other Sites
Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
4. Use and Transmission of Your Personal Data
4.1 Data Retention Periods
If you leave a comment, the comment and its metadata are retained indefinitely. This allows us to automatically recognize and approve any follow-up comments instead of holding them in a moderation queue.
For users who register on our site (if applicable), we also store the personal information they provide in their profile. All users can see, edit, or delete their personal information at any time (except for their username). Site administrators can also view and edit that information.
Data collected via forms is retained for 4 years from the date of submission.
The cookies used by the Google Analytics audience measurement tool have the following lifespans:
- _ga: 2 years
- _gid: 24 hours
- _gat: 1 minute
4.2 Your Rights Regarding Your Data
If you have an account or have left comments on the site, you can request to receive a file containing all the personal data we hold about you, including the data you have provided to us. You can also request the deletion of personal data concerning you. This does not include data retained for administrative, legal, or security purposes.
4.3 Transmission of Your Personal Data
Visitor comments may be checked through an automated spam detection service.
4.4 Contact Information / Data Protection Officer (DPO)
The Data Protection Officer (DPO) is the person within the company responsible for ensuring the company’s compliance with the new European legal framework of the GDPR, cooperating with the supervisory authority, and ensuring the security of collected data.
5. How We Protect Your Data
5.1 Location of Personal Data Storage
The site’s hosting servers are exclusively located in France, within the European Union.
CAVE DE CROUSEILLES commits not to transfer any personal data to a non-EU country.
5.2 Security of Personal Data
The site is hosted on a secure server.
All pages are secured using HTTPS, TLS 1.2 / RSA 2048 bits (SHA256withRSA). This is a security protocol that encrypts the content of exchanges between the browser and database servers. It prevents personal data entered and transmitted via forms from being easily read by third parties during transit.
However, no transmission or storage of personal data is ever completely infallible. As a result, we commit to implementing our crisis policy in the event of a critical data breach.
The personal data collected on this site is intended solely for CAVE DE CROUSEILLES and will only be used in relation to the request specified via the form.
Under no circumstances will personal data entered and transmitted via forms be shared, rented, or sold to third parties.
5.3 Procedures Implemented in Case of Data Breach
In the event of a data breach concerning you, the Data Protection Officer (DPO) will contact you as soon as possible using the information we have, to inform you and allow you to take any necessary protective measures.
6. Third-Party Services that Transmit Data to Us
No third-party services transmit data regarding users of this website.
7. Automated Marketing Operations and/or Profiling Using Personal Data
Not applicable.
8. Display of Information Related to Sectors Subject to Specific Regulations
Not applicable.
9. Right to Access, Rectify, or Delete Personal Data
In accordance with the French “Informatique et Libertés” law of January 6, 1978, as amended, and the General Data Protection Regulation (GDPR) 2016/679, you have the right to access, rectify, and delete your personal data. You can exercise these rights by using the contact form or by sending a letter to:
Vignerons du Madiran, CAVE DE CROUSEILLES – 64350 CROUSEILLES.
You also have the right to file a complaint with the CNIL: http://www.cnil.fr/.