Evian Resort knows that you care how your personal data is used and we recognize the importance of protecting your privacy.
This Privacy Statement explains how Evian Resort collects and manages your personal data. It contains information on what data we collect, how we use it, why we need it and how it can benefit you.
Contact us firstname.lastname@example.org if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.
For the requirements of this privacy statement, the following terms are defined as follows: ·
“Service(s)”: all the services and products available online or via the customer service or Mobile Applications, etc., whether they are charged for or not; ·
“Mobile application(s)”: refers to any software, application, widget or plug-in downloaded on a mobile device (smartphone, tablet, laptop computer as well as any device with an operating system enabling the download, installation, use and updating of the aforementioned applications). If the Mobile Application includes notification or localisation functions, please refer to articles 3.6 and 3.7 below. ·
“Us” and “Our”: refers to any company owned or operated, directly or indirectly, by any company in which BLEDINA is a shareholder and can collect or process your personal data and cookies, as well as their respective service providers located in France or abroad. ·
“You” and “Your”: refers to any Service user who accesses one of the fee-paying or free Services.
This privacy statement was updated on 23 February 2018.
Basic principles and our privacy commitment
At Evian Resort we are committed to processing your personal data in accordance with the applicable legislation, in particular in accordance with UE regulation 2016/679 passed on 27 April 2016, the General Data Protection Regulation. We have committed ourselves to the following basic principles: ·
You have no obligation to provide any personal data requested by us. However, if you choose not to, we may not be able to provide you with some services or products; · We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to; · We aim to collect, process and use as little personal data as possible; this means collecting personal data required for planned uses and purposes, without collecting data in a unnecessary manner; · If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
What personal data do we collect?
The personal data we collect varies depending upon the purpose of the collection and the service we are providing you.
Generally, we may collect the following types of personal data from you directly:
a) Personal contact data, such as your name, email address, physical address and telephone numbers;
b) Account login details, such as your user ID, e-mail username and password. This is necessary to create a personal user account on one of our online communities accessible via our websites and applications;
c) Communications with us, which may include details of our conversations via chat, care lines and/or customer service lines;
d) Demographic information, such as your age and gender and lifestyle preferences. Lifestyle preferences may include your preference for some of the products we offer, and your interests related to those products;
e) Browser history, such as pages accessed, date of access, location when accessed, and IP address;
f) Payment information for purchases made on one of our online shops or one of our applications. Payment information generally relates to your billing name, billing address and payment data, such as your credit card details or bank account number.
We may also collect personal data about you indirectly when:
a) you share content on social media pages, websites or applications related to our products or when you respond to our posts and promotional material on social media;
Why do we collect and use your personal data?
We collect your personal data so we can provide you with the best online experience and to provide you with a high quality service and navigation. In particular we may collect, hold, use and disclose your personal data for the following purposes:
a) To process your payments, if you purchase our products, to provide you with your order status, deal with your enquiries and requests, and assess and handle any complaints; b) To process and answer your inquiries or to contact you in order to answer your questions and/or requests;
c) To develop and improve our products, services, communication methods and the functionality of our websites, applications, services;
d) To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications;
e) To provide personalized products and communications as well as product recommendations to you a customer;
We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.
When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.
Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time.
Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you.
The right to access your personal data and correction
It is important to us that the personal data we hold about you is correct, up-to-date, complete, relevant and not misleading. To ensure that this commitment is respected, you have the right to access, correct or update your personal data at any time.
The right to data portability
You have the right to receive your personal data in a commonly used structured format that can be machine-read, subject to us having processed your personal data based on the following:
a) The processing is based on your consent further to us providing details to you of why we were collecting the information
b) The processing takes place to facilitate a business transaction; such as providing you with products or services ordered by you
c) The processing takes place by automated means, such as profiling
The right to deletion of your personal data
You have right to request that we delete your data if:
a) your personal data is no longer necessary in relation to the purposes for which we collected it; or
b) you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
c) you object to us processing your personal data for direct marketing purposes; or
d) you object to us processing your personal data for Danone’s legitimate interests (such as improving overall user experience on websites);
e) the personal data is not being processed lawfully; or
f) your personal data needs to be deleted to comply with the law.
If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
The right to restriction of processing
You have the right to restrict the processing of your personal data if
a) you do not believe the personal data we have about you is accurate; or
b) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
c) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
d) you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.
The right to object
You have the right to object to the processing of your personal data at any time.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint directly with supervisory authority about how we process personal data.
How we protect your personal data
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
Sharing of your personal data
When we share your personal data with affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and its storage and that comply with applicable privacy laws in the same or similar way that we do. Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. We may, however, share your data when required by law and/or government authorities.
Sharing data internationally
Personal data may be processed outside the European Economic Area (EEA). When processed outside the EEA, Evian Resort will make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing include:
a) Model Contractual Clauses approved by European Commission. These standardized contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation; or
b) certifications which demonstrate that third parties outside of the EEA process personal data in a way that is consistent with the European General Data Protection Regulation. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
Automated decision-making and profiling
For some services including profiling we may process your personal data using automated means. We will inform you of our intention to use these methods and will give you the opportunity to object to them in advance. You can also contact email@example.com for further information on this type of processing.
Cookies and other technologies
a) Information about your device browser and operating system;
b) The IP address of the device you are using;
c) the web pages that you view;
d) Links that you click while interactive with our services.
Please see our cookie statement for more information on this [insert hyperlink to cookie statement]
Further information on data collection via the website or application
Notifications on our mobile applications
Localization on our Mobile Applications
How to contact us
If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us firstname.lastname@example.org