Data protection policy
The data controller is the Anjou Departmental Tourism Agency (GIP Anjou Tourisme) located at 48B Boulevard Foch, 49000 Angers. With its head office in France, Anjou Tourisme is exclusively subject to French and European regulations on personal data. As such, GIP Anjou Tourisme is committed to ensuring that the processing of personal data carried out under its responsibility complies with Regulation (EU) 2016/679 on data protection (RGPD) and the Data Protection Act.
The missions of Anjou Tourisme, from which the processing of personal data derives, revolve around four axes:
• A “development” axis, with a view to improving the tourist offer to meet the needs of customers and to promote access to a wider public.
• A “promotion” axis, by organizing marketing actions with targeted and affinity tourist clienteles.
• An “environment” axis, in favor of the development of sustainable and eco-responsible tourism.
• An “innovation and digital” axis, by stimulating the spirit of innovation and making a success of the digital transition of tourism players.
This policy demonstrates the organization's involvement in the protection of personal data, in particular in the context of its daily activities for responsible use of the personal data entrusted to it. GIP Anjou Tourisme is a signatory to the AFCDP's code of ethics.
Our data processing
1. Persons concerned
The processing of personal data mainly concerns 3 categories of people: partners (institutional, private, commercial), tourism professionals, Anjou Tourisme staff and anyone who comes into spontaneous contact with Anjou Tourisme (internet user, tourist, candidate, etc.). ).
2. Purposes, retention periods and fate of data
We process the personal data of these individuals for the purpose of:
• Provide digital tools for tourism professionals
• Promote the Anjou destination on print, web, social networks and media
• Accompany project leaders in a process of labeling and development of the tourist offer
• Organize events for the general public and tourism professionals
• Prospect and seek investors
• Facilitate online booking of tourist services for the general public
• Carry out the administrative and financial management of personnel
• Provide professional tools
Appointment of a Data Protection Officer
In order to comply with the regulatory obligations of public bodies, the GIP Anjou Tourisme has appointed a Data Protection Officer (DPO). It carries out its missions in complete independence from all the agents of the GIP Anjou Tourisme.
Anjou Tourisme has informed the CNIL of the appointment of the company OPT-ON as Data Protection Officer (DPO). This designation bears the reference DPO-109970.
The DPO is an interlocutor specialized in the protection of personal data, responsible for ensuring the proper application of data protection rules, privileged interlocutor of the Commission Nationale de l'Informatique et des Libertés (CNIL) and of any person concerned by a collection or processing of personal data.
Transparency of the GIP Anjou Tourisme
We strive on a daily basis to inform the persons concerned before our processing by means of easy-to-understand notices.
1. The legal bases of our processing
• Contractual measures
• Legitimate interest
• Regulatory obligations
Personal data is collected for specific purposes (purposes), brought to the attention of the persons concerned. These data may not be used subsequently in a manner incompatible with these purposes in the absence of the free and informed consent of the persons concerned. These data are collected fairly, no data is collected without the knowledge of the people and without their being informed.
2. How do we collect personal data?
The personal data collected is strictly necessary for the purpose pursued by the collection. The agents of the GIP Anjou Tourisme strive to minimize the data collected, to keep them accurate and up to date, by facilitating the rights of the persons concerned.
The collection is generally carried out directly from the persons concerned who benefit from the appropriate information before the collection, but it may happen that we indirectly collect certain information concerning you, this is the case for example: when we are looking for potential investors to take over tourist activity.
When we obtain personal data through a third party (“indirect collection”) we undertake to inform the person concerned within a maximum period of 1 month (and to communicate to him the information required by Art. 14 GDPR)
In the event of indirect collection, we limit our collection to the following data: surname, first name, email, telephone, address
3. Data Sharing
Anjou Tourisme is required to share your data with our subcontractors within the framework of the defined purposes (eg: software suppliers), the authorities within the framework of our regulatory obligations.
Sharing outside the EU
Anjou Tourisme strives not to export personal data outside the European Union, and at least to select service providers located in countries benefiting from a CNIL adequacy decision.
As part of the use of certain non-European digital solutions, Anjou Tourisme requires the signing of the Standard Contractual Clauses (model contracts) adopted by the European Commission.
By way of exception, personal data may be transferred to countries located in the European Union or outside the European Union. If this is the case, the persons concerned are precisely informed, and specific measures are taken to regulate these transfers.
Requirements vis-à-vis subcontractors
The GIP Anjou Tourisme also requires all its subcontractors to present appropriate guarantees to ensure the security and confidentiality of personal data.
4. Automated Decisions and Individual Rights
When you interact with Anjou Tourisme, you are not subject to any profiling or automated decision-making.
The persons concerned have:
• A right to information (articles 13 and 14 GDPR);
• The right to access and copy their personal data (article 15 GDPR);
• A right of rectification (article 16 GDPR);
• A right to erasure or “right to be forgotten” (article 17 GDPR);
• A right to limit processing (article 18 GDPR);
• A right to data portability (article 20 GDPR);
• A right of opposition (article 21 GDPR)
5. Technical and organizational measures to protect privacy
Appropriate physical, logical and organizational security measures are provided to guarantee the confidentiality of the data, and in particular to prevent any unauthorized access.
Information systems protection policies are implemented by the Department of Maine-et-Loire, owner of the infrastructures hosting the GIP Anjou Tourisme, or by the IT service providers with which the GIP Anjou Tourisme has contracted for the provision specific tools. They are adapted to the nature of the data processed and the activities concerned.
This policy is made available to everyone on the website of the Anjou Departmental Tourism Agency. It is regularly updated to take into account legislative and regulatory changes, and any change in its organization or in its activities, either directly or with its partners.
This general personal data protection policy is supplemented by specific information at the time of data collection, as well as a notice relating to the management of cookies accessible when connecting to the organization's website.
For any information or exercise of your IT rights and Freedoms on the processing of personal data managed by the Anjou Departmental Tourism Agency, you can contact the Data Protection Officer:
- Electronically to the address email@example.com
- By post by sending a letter to:
Departmental Tourism Agency of Anjou
Data Protection Officer
48B Boulevard Foch
49021 Angers Cedex 02
If you believe that your rights have not been respected, you may, at any time, file a complaint with the competent data protection authority, without prejudice to other existing administrative or judicial remedies. The competent data protection supervisory authority for France is the Commission Nationale de l'Informatique et des Libertés (CNIL) - 3 place de Fontenoy - 75007 Paris - cnil.fr.
Version updated on 13/12/2022.