Privacy Policy

At Carcassonne Croisière, accessible at carcassonne-croisiere.com, we are committed to safeguarding the privacy, integrity, and security of our users’ personal data. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We maintain a privacy-first approach, ensuring that your personal data is handled with the highest standards of care and responsibility.

1. Commitment to Privacy and Data Protection

Your privacy is important to us. We understand the sensitivity of the personal information we collect and are dedicated to ensuring that your data is collected lawfully, used responsibly, and stored securely. This policy provides transparency about our data collection practices and your rights as a user of carcassonne-croisiere.com.

2. Scope of Policy and Role of the Data Controller

This Privacy Policy applies to all users, visitors, and customers who access our website, carcassonne-croisiere.com, and any related digital platforms or services. Carcassonne Croisière acts as the data controller for the personal data collected through our site. As the data controller, we determine the purposes and means by which your personal information is processed. If you have any questions regarding our role or practices, we encourage you to contact us at [email protected].

3. Categories of Data Processed

We process a variety of data categories to support your use of carcassonne-croisiere.com:

– Usage Data: Includes data such as your IP address, browser type and version, access dates and times, pages viewed, referring URLs, and clickstream behavior.
– Account Data: Includes your name, billing and delivery address, email address, and phone number that you provide during registration or checkout.
– Profile Data: Includes information regarding your preferences, past purchases, chosen tours or experiences, and feedback.
– Communication Data: Includes correspondence sent to our support team, inquiries submitted through forms, reviews, and communication records.
– Technical Data: Includes device identifiers, operating system details, system configurations, and diagnostic data collected through your interaction with our website.
– Transaction Data: Includes records of payments made, selected cruise packages or additional services, and delivery information.
– Preference Data: Includes your marketing communication preferences, opt-in statuses, and product interests inferred or provided directly.

4. Legal Bases for Processing

We process your personal data in accordance with the lawful bases established under GDPR and, to the extent applicable, CCPA:

– Contract Performance: To fulfill our contractual obligations, including providing booked services and processing transactions.
– Consent: Where you have given clear, unambiguous consent for specific purposes (e.g., receiving newsletters or marketing communications).
– Legitimate Interests: To enhance our services, ensure website security, manage customer relationships, and improve user experience, except where overridden by your rights and interests.
– Legal Obligation: Where processing is necessary for compliance with a legal duty (e.g., regulatory reporting or accounting obligations).

5. Your Rights

As a data subject under GDPR and/or CCPA, you may exercise the following rights at any time:

– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request corrections to inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data, subject to legal or contractual constraints.
– Right to Restriction: Request that we restrict the processing of all or part of your personal data.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right Not to Be Subject to Automated Decision-Making: We do not conduct automated profiling or decision-making without your explicit consent.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement a robust combination of technical and organizational measures to ensure a high level of data protection:

– Use of encryption technologies for data in transit and at rest.
– Role-based access controls and user authentication protocols.
– Regular security audits, penetration testing, and vulnerability assessments.
– Secure backup mechanisms and disaster recovery plans.
– Comprehensive data protection training for staff.

7. International Data Transfers

Data collected via carcassonne-croisiere.com may be stored and processed outside of your country of residence, including in jurisdictions outside of the EU/EEA. When such transfers occur, we ensure adequate protection through the use of standard contractual clauses and other legally recognized safeguards in accordance with GDPR and local data transfer laws.

8. Data Retention

We retain personal data only for as long as necessary to achieve the purposes outlined in this policy or as required by law:

– Usage Data and Technical Logs: Retained for up to 12 months for security and analytics purposes.
– Account and Profile Data: Retained as long as your account remains active and for up to 6 years after cancellation for legal and compliance reasons.
– Transaction Data: Retained for 7 years to meet financial and legal obligations.
– Communication Data: Retained for up to 3 years to manage customer service inquiries.
– Preference Data: Retained until consent is withdrawn or the data becomes irrelevant.

9. Cookie Policy

Carcassonne Croisière uses cookies and similar tracking technologies to enhance your experience on carcassonne-croisiere.com. Types of cookies used:

– Essential Cookies: Necessary for the functioning of the website, such as login authentication and transaction processing.
– Functional Cookies: Remember user preferences like language and booking selections.
– Analytics Cookies: Collect aggregated usage data to help us improve website performance and understand visitor interactions.
– Performance Cookies: Monitor load times, responsiveness, and browser compatibility.

10. Cookie Management and Compliance

You have full control over your cookie preferences. Upon your first visit to carcassonne-croisiere.com, you will be presented with an option to accept or reject non-essential cookies. You may also modify these settings at any time through our cookie consent manager or in your browser settings.

In accordance with GDPR and CCPA, we honor users’ rights to opt-out of non-essential cookies, including those used for behavioral advertising, and offer Do Not Track compatibility where supported.

11. Special Protections for Children Under 13

Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from individuals under 13. If we become aware that we have inadvertently collected such data, we will promptly delete it. Parents or legal guardians who believe their child has submitted personal data may contact us at [email protected] to request its removal.

12. Policy Updates and Notifications

We reserve the right to update this Privacy Policy from time to time in accordance with changes in legal requirements or operational needs. Where material changes occur, we will notify users through prominent notices on carcassonne-croisiere.com or via email correspondence, where appropriate.

We encourage regular review of this policy to stay informed about our data handling practices and corresponding rights.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us at:

Email: [email protected]

We strive to handle all inquiries promptly and professionally and are dedicated to resolving any privacy-related concerns you may have.

This Privacy Policy reflects our deep commitment to transparency, regulatory compliance, and the protection of your personal data. If you believe your data rights have been infringed upon, we encourage you to contact us or lodge a complaint with your local data protection authority.