GDPR CHARTER
PARIS RESIDENCE & CLUB (hereinafter “PRC”) attaches great importance to the protection and respect of the privacy and personal data (“Personal Data”) of users of its website (hereinafter the “Site”). ).
PRC undertakes to implement appropriate measures for the protection, confidentiality and security of Personal Data in accordance with the regulations in force in France and the European Union, in particular the General Regulation on the Protection of Personal Data EU 2016/679 of April 27, 2016 and the rules of national law adopted for its application.
Users are informed by this charter (the “Charter”) of the practices and processing inherent to the collection and use of Personal Data by PRC as data controller.
Consequently, PRC invites users to read this document carefully to know and understand the processing relating to Personal Data.
It is specified that by browsing the Site, users accept this Charter as well as the general conditions of use.
ARTICLE 1. PERSONAL DATA COLLECTED
Users are required to provide their Personal Data in digital format when using the Site.
1.1 Principles applicable to the collection of Personal Data
Generally speaking, users can browse the Site without it being necessarily necessary to communicate Personal Data to PRC.
PRC only collects the Personal Data necessary to carry out the processing it implements (“privacy by design”) and ensures a high level of protection (“privacy by default”). As such, the processing operations requiring the collection of data are as follows:
- Respond to inquiries about Maison Boissière;
- Execute a mandate given by users;
- Participate in surveys to improve the relationship and customer experience of Maison Boissière;
- Send information letters (“newsletters”), informative or commercial alert emails;
- Apply for job offers.
In this case, the personal information collected from users is at least: (i) Name(s), (ii) First name(s), (iii) Email address, (iv) Telephone number, (v) Address postal, (vi) Country.
This Personal Data is then kept for the time necessary to fulfill the users' request. In the absence of concrete implementation, they are deleted within the deadlines recommended by the CNIL, i.e. after three years from their collection by the Site subject to the possibilities and legal obligations in terms of archiving, conservation obligations of certain data and/or anonymization.
1.2 Navigation information of users of the Site
When using the Site or certain services linked to the Site, certain data is collected automatically such as: (i) IP address, (ii) reference of the navigation software used, (iii) navigation data (date, time, content viewed, search terms used, etc.), (iv) operating system references.
Among the technologies used to collect this information, Maison Boissière may use “php” sessions which store the data of each user using a unique session identifier. These php sessions keep data in memory only for the users browsing time.
The data collected during browsing is thus deleted when the user's browser closes, or, where applicable, within a maximum of thirteen months from their collection.
ARTICLE 2. LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA
Personal Data is processed by PRC in the cases authorized by the regulations in force and under the following conditions:
- Obtaining free, specific, informed and unequivocal consent from users to the processing of their Personal Data (it is specified that for minors under 18 years of age, consent must be given by the legal representative);
- Collection of Personal Data necessary for the execution of user requests;
- Compliance with legal and/or regulatory obligations imposed on PRC (such as the fight against fraud and corruption);
- Protection of PRC's legitimate interests (such as protecting the security of its computer network).
ARTICLE 3. RECIPIENTS OF COLLECTED PERSONAL DATA
Only authorized personnel of the group and PRC service providers may have access to the Personal Data collected and be required to process them, without prejudice to their possible transmission to the bodies responsible for a control or inspection mission in accordance with the legislation and/or or the regulations in force or for the purposes of responding to a judicial or administrative decision.
Authorized personnel are subject to an obligation of discretion.
PRC undertakes not to sell the Personal Data collected to third parties.
ARTICLE 4. TRANSFER OF PERSONAL DATA
Personal Data collected from users of the Site is exclusively stored in France and is not transferred outside the European Union.
In the event of use of affiliates or service providers located outside the European Union, PRC undertakes to verify that appropriate measures have been put in place so that users' Personal Data benefits from an adequate level of protection.
ARTICLE 5. DATA SECURITY
PRC collects and processes users' Personal Data with the greatest confidentiality and in compliance with applicable laws. Users are protected against unauthorized access, modification, disclosure or destruction of their Personal Data.
When the disclosure of Personal Data to third parties is necessary and authorized, PRC ensures that these third parties guarantee the Personal Data concerned the same level of protection as that offered to them by PRC, and requires contractual guarantees so that the Personal Data is exclusively processed for the purposes accepted by users, with the required confidentiality and security (in particular thanks to standard clauses of the European Commission, the Internal Company Rules (“BCR”) or the Data Protection Shield put in place between the European Union and the United States of America).
PRC puts in place technical and organizational measures to ensure that the storage of Personal Data is secure and for the period necessary to fulfill the purposes pursued.
Users' attention is drawn to the fact that no transmission or storage technology is completely infallible.
Also, in the event of a proven breach of Personal Data likely to create a high risk for the rights and freedoms of users, PRC will inform the competent supervisory authority of this violation in accordance with the terms provided for by the applicable regulations.
It is up to users to exercise caution to prevent any unauthorized access to their Personal Data and in particular to their computer and digital terminals (computer, smartphone, tablet in particular).
ARTICLE 6. LINKS TO OTHER INTERNET SITES
The Site may occasionally contain links to partner sites or third-party companies which have their own data protection charter.
PRC has no control over the content of these sites and declines all responsibility for the use made of the information collected when users click on these links.
PRC therefore invites users to read the data protection policies implemented by the publishers of these sites before sending them any personal information concerning them.
ARTICLE 7. USER RIGHTS
Please note that users have the following rights, subject to the limitations provided for by current legislation:
7.1. Right of information on the processing of Personal Data
PRC undertakes to make its best efforts to provide concise, transparent and accessible information on the conditions of processing of users' Personal Data.
7.2. Right of access to Personal Data
Each user can access the Personal Data processed by PRC and has the right to receive a copy in electronic form (for any additional copy, PRC will be entitled to require payment of fees based on the administrative costs incurred).
7.3. Right to erasure (“right to be forgotten”) and rectification of Personal Data
Each user has the right to request the deletion and/or rectification of Personal Data concerning them when it is erroneous or obsolete.
It is specified that PRC may retain certain Personal Data when the law requires it to do so or in the event of a legitimate reason.
7.4. Right to object
Users may object at any time for legitimate reasons:
- to the use of their Personal Data for direct marketing purposes or
- to the reuse of their Personal Data for processing different from that granted, except in the event of execution by PRC of one of its legal obligations.
7.5. Right to limit processing of Personal Data
Users have the right to request that the processing carried out on their Personal Data be limited to what is necessary. This right is applicable only:
- if the user disputes the accuracy of their Personal Data;
- if the user can establish that the processing of their Personal Data is unlawful and requests a limitation of their use rather than erasure;
- if PRC no longer needs the user's Personal Data but it is still necessary for the user to establish, exercise or defend legal rights;
- if the user objects to the processing based on the legitimate interest of the controller, during the verification whether the legitimate grounds pursued by the controller prevail over those of the user.
7.6. Right to complain to a supervisory authority
If users believe that the efforts implemented by PRC to preserve the confidentiality of Personal Data do not guarantee respect for their rights, they have the possibility of submitting a complaint to the competent supervisory authority (CNIL or any other authority mentioned on the list available from the European Commission).
7.7. Right to portability of Personal Data
Users have a right to portability of their data, authorizing them to obtain from PRC their Personal Data in a structured, commonly used and machine-readable format and to request that this Personal Data be transmitted to another person responsible for the data. treatment.
7.8. Right to decide the fate of Personal Data after death
Users also have the right to organize the fate of their Personal Data after their death by adopting general or specific directives that PRC undertakes to respect.
In the absence of such directives, PRC recognizes the possibility for heirs to exercise certain rights, in particular the right of access if it is necessary for the settlement of the deceased's estate and the right of opposition.
7.9. Conditions for exercising rights
To exercise their rights, users are invited to contact the PRC Personal Data Protection Officer in accordance with the procedures described in article 10.
It is specified that to help them exercise their rights, the CNIL makes model letters available to them on its website (www.cnil.fr).
Before processing the user's request(s), PRC may verify their identity by asking them for proof of identity.
The Personal Data Protection Officer will respond to their request(s) as soon as possible and in any event one (1) month from proof of identity.
If necessary, this period may be extended by two (2) additional months taking into account the complexity and number of requests, PRC then committing to inform users of the extension and the reasons for the postponement.
ARTICLE 8. MODIFICATION OF THE PERSONAL DATA PROTECTION CHARTER
PRC reserves the right to make, at any time, modifications to this Personal Data Protection Charter in order to comply with legislative and regulatory developments and/or to improve its Personal Data processing and protection policy.
In the event of modification, a new version will be updated and put online with the “Last updated” date.
ARTICLE 9. APPLICABLE LAW AND COMPETENT COURT
This Charter is subject to French law, including the provisions applicable to the rules of private international law.
IN THE FAILURE OF AN AMICABLE AGREEMENT, JURISDICTION IS GIVEN TO THE COURTS OF THE PARIS COURT OF APPEAL NOTWITHSTANDING PLURALITY OF DEFENDANTS AND/OR CALL FOR GUARANTEE TO ADDRESS ANY DISPUTE RELATING TO THE USE OF THE SITE AND/OR THE VALIDITY, EXECUTION AND INTERPRETATION OF THIS CHARTER.
ARTICLE 10. CONTACT
For any questions relating to this Charter for the purposes of rectification, addition or updating, users are invited to contact PRC:
- by sending an email to the Data Protection Officer at dpo@barnes-international.com;
- or by completing the following online contact form:
- or by sending a letter to the following address: BARNES – For the attention of the Data Protection Officer – 22 rue de l’hotel de ville – 92200 NEUILLY.