gift vouchers
gift vouchers
PRIVACY POLICY
This personal data protection policy is applicable to the processing carried out by the SAS du Dôme des Miages via its website https://almae-collection.com. The document outlines the purposes of the data processing activities, the legal bases for such processing, the recipients of the data, the data retention periods and the security measures in place (provided as a general and non-exhaustive description). It also addresses the potential transfer of personal data outside the European Union and the use of automated decision-making processes. In addition, the document provides a comprehensive overview of the use and management of cookies, individual data protection rights and the procedures for exercising those rights.
Who is responsible for processing your personal data?
The SAS du Dôme des Miages is responsible for processing your personal data. Hereinafter referred to as the Data Controller, the SAS du Dômes des Miages determines the purposes and means of processing your data. For more information about the SAS du Dôme des Miages, please refer to our legal notice.
What personal data do we collect?
The term “personal data” refers to any information relating, directly or indirectly, to an identified or identifiable person, as defined by Article 4.1of the General Data Protection Regulations (GDPR).
The data controller collects personal data via the contact form, the recruitment form and the email address: dpo-domedesmiages@agencergpd.eu.
Personal data collected is relevant and limited to the strictly necessary, including identification data (surname, first name, date of birth, identity documents for the exercise of data subject rights) and contact details (email address).
Fields marked with an asterisk (*) are mandatory, essential for the purposes of relevant processing activities.
Browsing our website involves the use of cookies. Please refer to our Cookie Policy for further information regarding the processing of personal data via cookies.
What personal data processing activities are carried out on this website and under what conditions?
This section describes the personal data processing activities carried out on the SAS du Dôme des Miages website. Each processing activity is set out in a dedicated table detailing the purposes, conditions and modalities of personal data processing.
Processing Activity
Management of the newsletter
Purpose(s)
To send the newsletter to subscribed individuals.
Legal Basis
Consent
Categories of Personal Data / Data Subjects
Email address
Subscribed individuals
Data Retention Period
Personal data is retained until the data subject withdraws their consent by unsubscribing.
Processing Activity
Management of reservations
Purpose(s)
To ensure the receipt of reservation requests by our service providers.
Legal Basis
Implementation of contractual measures
Categories of Personal Data / Data Subjects
Identification data (first name, last name, title)
Contact information (email, postal address)
Reservation information
Other data (special requests)
Bank/payment details
Data Retention Period
Personal data will be retained for a period of five (5) years from the end of the stay.
Bank/payment details will be retained for a period of ten (10) years.
Processing Activity
Website traffic management
Purpose(s)
Enhancing website features and navigation quality through testing, research, analysis,
studies and surveys.
Legal Basis
User consent
Categories of Personal Data / Data Subjects
Connection data (functions used, pages visited, selected settings, timestamps etc.)
Website visitors
Data Retention Period
The lifespan of cookies is thirteen (13) months.
The data collected will be retained for a period of twenty-five (25) months.
Processing Activity
Processing of requests to exercise rights
Purpose(s)
Processing and responding to requests relating to your rights pursuant to the GDPR
and the French Data Protection Act (Loi Informatique et Libertés).
Legal Basis
Legal obligation
Categories of Personal Data / Data Subjects
Identification data
Data subjects exercising their rights
Data Retention Period
5 years
For whom is your personal data intended?
Your personal data is intended for the SAS du Dôme des Miages as the website publisher and data controller. Data is handled by authorised personnel within the various departments, including the IT department, the communications department, the human resources department and the personal data protection service. Depending on the nature of your request, your personal data is shared with the relevant service.
In accordance with Article 4.8 of the GDPR, your personal data may be transferred to our technical service providers (webmaster and hosting provider), under strictly controlled conditions. In the event of such transfers, the data controller ensures that its service providers comply with the GDPR and implement appropriate technical and organisational measures to guarantee the security and protection of personal data, in accordance with Article 28 of the GDPR.
Is your personal data transferred outside the European Union?
The personal data collected via this website is, for the most part, within the European Union and other suitable countries. In the case of personal data transfer outside the European Union, appropriate safeguards are applied, either by standard contractual clauses adopted by the European Commission or based on an adequacy decision issued by the latter.
The SAS du Dôme des Miages is committed to ensuring the GDPR compliance of all its data recipients.
How is your Personal Data protected?
The data controller is committed to protecting your personal data in accordance with General Data Protection Regulations (GDPR). We take appropriate technical and organisational measures to protect your data and to prevent against destruction, loss, alteration or modification as well as unauthorised access or disclosure, of accidental or unlawful nature. The main security measures adopted include, but are not limited to:
Access control: Access to personal data is strictly limited to authorised personnel, bound by a clause of confidentiality.
Technical protection measures: Information systems are protected by a range of measures, including firewalls, antivirus software, regular updates and, where appropriate, encryption.
. All pages of our website respect the HTTPS protocol.
. Only authorised personnel with the appropriate access rights assigned to their roles are granted access to your data.
. Personal data is deleted upon request by the data subject or upon the expiration of the retention period.
. Your personal data is stored on a secure server
What are your rights and how can you exercise them?
Under the General Data Protection Regulation (GDPR), which came into force on 25th May 2018, and in accordance with Law No. 2018-493 of 20th June 2018 relative to the protection of personal data (also known as ‘LIL3’), as well as Ordinance No. 2018-1125 of 12th December 2018, adopted under Article 32 of Law No. 2018-493 of 28th June 2018 relative to the protection of personal data and amending Law No. 78-17 of 6th January 1978 relative to information technology, data files and civil liberties, you are granted the following rights:
– Right of access
– Right to rectification
– Right of erasure
– Right to restriction of processing
– Right to objection
– Right to data portability
Requests may be submitted as stipulated below:
- By email to dpo-domedesmiages@agencergpd.eu;
- By registered post to SAS du Dôme des Miages – 4088 route de Saint-Nicolas de Veroce, 74170 Saint-Gervais-les-Bains ;
- Via an authorised representative, who shall submit the request using one of the above alternatives.
All requests must always be accompanied by a valid form of identification. Verification of identity is necessary to protect your personal data. Once completed, your identification document will be immediately deleted.
Request to exercise the right of access:
It is imperative that the request clearly specifies the relevant data or processing operations. Your data will be communicated electronically or by registered post with acknowledgment of receipt. In accordance with Article 15.3 of the GDPR, reasonable fees based on administrative costs may be charged for any additional copies requested.
In the event of a clearly unfounded or excessive request, you may be liable for reasonable fees, in accordance with Article 12.5 of the GDPR. Such fees are calculated to cover the administrative costs incurred in providing the requested information or in refusing to act on such requests.
Request to exercise the right to rectification:
Should you believe that information concerning you is inaccurate and thus requires rectification, please specify the inaccurate or incomplete data that concerns you and provide the necessary information to correct or complete it (Article 15 of the GDPR).
Request to exercise the right of erasure:
Please specify the precise personal data that you wish to be erased, together with the reasons for your request (Article 17 of the GDPR).
Please note: Your right to erasure is not absolute. We may be required to retain certain information that concerns you, in particular for the purposes of commercial relationship management (invoice management, dispute management) and for the purposes of documenting and providing evidence relating to the exercise of your rights.
Request to exercise the right to restriction:
Please specify exactly what personal data you request to be restricted together with the reasons for your request.
Please note: Your right to restriction is not absolute. We may decide to continue processing your data in accordance with Article 18.3 of the GDPR. Should a restriction be applied, it may result in the suspension of certain services (e.g. access to work and deliverables, receipt of information etc.). These implications will be outlined in a receipt of request email.
Request to exercise the right to objection:
If you wish to object to the processing of your personal data, please provide full details of the data concerned together with the reasons for your request.
Please note: Your right to object is not absolute. Please specify the processing to which you object for the management of your personal data together with the reasons for your request (Article 21 of the GDPR).
Request to exercise the right to data portability:
Any user may, at any time, request the portability of their personal data in order to retrieve personal data previously collected under processing based on consent or under contract. If you wish for the data to be transferred to another data controller in a standard format, please specify this and provide the contact details of the intended recipent.
Have we designated a Data Protection Officer (DPO)?
In order to comply with the GDPR, the SAS du Dôme des Miages is assisted by Agence RGPD (8 rue du Pré-Médard, 86280 SAINT-BENOIT), an organisation specialised in personal data protection and GDPR compliance.
For further questions regarding the General Data Protection Regulation (GDPR) and our compliance process, please contact Agence RGPD via email at dpo-domedesmiages@agencergpd.eu.
Cookie Policy
Purpose
Our Cookie Policy aims to provide you with clear and precise information about how your personal data is processed via cookies on the SAS du Dôme des Miages website: https://almae-collection.com
Definitions
“Cookie”: A Cookie is a small text file placed on the User’s device when browsing a website (computer, tablet, smartphone etc.). A Cookie enables its issuer to identify the device on which it is stored for the duration of the relevant Cookie’s period of validity. Please note that only the issuer of the cookie is able to read or modify the information contained therein.
“Web beacon”: A web beacon, also referred to as a web tag, is a small piece of text or an invisible image embedded on a website to monitor traffic. To do so, a variety of data relating to you is stored using web beacons.
“Content”: This term refers to all the elements and information that make up the Website.
“Publisher” or “we”: This term refers to the SAS du Dôme des Miages who supply the website with content and update it regularly.
“The site”: This term refers to the SAS du Dôme des Miages website https://almae-collection.com
“The User” or “you”: This term refers to an internet user browsing the Website.
“Scripts”: A script is a piece of code that ensures the correct functioning and interactive nature of our website. This code is run either on our server or on your device.
1.Which cookies are issued on the SAS du Dôme des Miages website? What data is collected? What purpose do these cookies serve and on what legal basis?
The publisher uses two categories of cookie for the purposes described below:
– Functional Cookies
These cookies facilitate the use of the website’s various functions and do not require your consent.
| Third-Party Providers | Cookies | Data Collected | Purpose | Legal Basis | Duration of Retention |
| YouTube | VISITOR_INFO1_LIVE ytidb:: LAST_RESULT_ENTRY_KEY |
Bandwidth information Last clicked YouTube search result |
Determine new or old player interface based on bandwidth Improve relevance of YouTube search results in embedded content |
No consent required | 6 months Persistent |
– Analytical Cookies
These cookies facilitate the measurement of visitor numbers, enhance the site’s functionality and improve its use. This entails the periodic analysis of activity reports that record pertinent information, server traffic, page views, demand for specific pages and interest generated by various topics.
Provided that the collection of data is anonymous, no consent is required for these cookies. Consequently, such processing poses no risk to fundamental rights and freedoms.
| Third-Party Providers | Cookies | Data Collected | Purpose | Legal Basis | Duration of Retention |
| Google Analytics | _ga _ga_* |
Anonymized visitor ID Page views |
Track unique visitors and site usage Count page views |
No consent required | 1 year 1 month 4 days |
| YouTube | YSC | Embedded video views | Track views of embedded YouTube videos | No consent required | Session |
2 – What are my rights regarding the processing of my data collected via cookies?
Upon your initial visit to our website, an information banner will appear on the homepage. You are invited to either accept, explicitly refuse the use of cookies for which your consent is required or customise your preferences.
You also have the option to modify your preferences at any time by clicking on the cookie-shaped icon on the bottom of our website page.
Regarding the processing of personal data that occurs via the website by means other than cookies, the relevant rights and the procedures for exercising them are outlined in our Privacy Policy. The means by which one can exercise such rights are provided at the foot of the Privacy Policy.
3 – How is my personal data protected?
The Publisher has adopted and regularly updates the technical and organisational measures necessary to ensure the confidentiality, integrity and security of your personal data.
List of measures adopted:
- Access control management: Each person is granted the access rights necessary to perform their specific duties.
- Procedures in the event of a security breach or data breach: Each member of the SAS du Dôme des Miages is aware of the measures to be taken in order to rectify the former quicky and efficiently, thereby minimising the harmful consequences of the latter.
- Identification and authentication: Passwords are used to grant access to the information system. They are specific and unique to each user.
- Physical Access to Premises: Access to the premises of the SAS du Dôme des Miages is controlled. A video surveillance system provides optimal protection.
- Data storage: All data collected by the SAS Dôme des Miages is stored on a secure server.
4 – How to configure my cookie preferences?
Please note that the settings you choose may affect your internet browsing experience as well as the conditions under which you access and use those services on our website that require the use of cookies.
You can configure the placement of cookies via your Internet browser. All settings configured in this manner can be modified at any time.