![Privacy Policy Abbaye des Vaux-de-Cernay](https://cdn.prod.website-files.com/6441ac0799d919b6440c4e84/64803d0ea283374745373403_Pages%20legales%20abbaye.webp)
Privacy policy
1. Introduction
In the course of its business, NOCTIS EVENT collects and processes personal data relating to visitors to the abbayedesvauxdecernay.com website.
The main purpose of this document is to provide you with concise, transparent, comprehensible and easily accessible information on the data processing operations we carry out, so that you can understand the conditions under which your data is processed.
2. Fair and transparent collection of your data
In the interests of fairness and transparency with regard to its visitors, NOCTIS EVENT takes care to inform the persons concerned of each processing operation it implements by means of information notices.
This data is collected fairly. No data is collected without the knowledge or consent of the individual concerned.
3. Legitimate and proportionate use of your data
When NOCTIS EVENT processes data, it does so for specific purposes: each data processing operation has a legitimate, specific and explicit purpose.
For each processing operation, it undertakes to collect and use only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
NOCTIS EVENT ensures that data is, if necessary, updated and implements procedures to enable the deletion or rectification of inaccurate data.
4. The personal data we process
NOCTIS EVENT collects and processes the following categories of personal data for the purposes described below:
Last name, first name,
E-mail, telephone
Date of arrival, date of departure, nature of request, information contained in a comments zone,
Date of arrival, date of departure, nature of request, information contained in a comments zone,
IP (not stored but appears in server logs)
Device user agent (IOS or Android + OS version)
Click here to access our cookie policy.
5. Legal basis and purposes of our data processing operations
The data processing carried out by NOCTIS EVENT pursues the purposes identified below and is based on the following legal grounds:
- Collect newsletter subscriptions
- Highlighting the location, services and news,
- Handling requests for information, e.g. on event organization, pavillon reservations,
- Access portal to the d-edge website for hotel reservations,
- Access portal to the SevenRooms website for restaurant reservations,
- Access portal to the Spa reservations site,
- Store website access portal ?
- Access to social networks such as Instagram and Facebook,
- Careers site access portal,
- Access portal to the paris-society.com website for other Group hotels,
6. Recipients of your data
The following are the recipients of your data, each for what concerns them:
- NOCTIS EVENT's subcontractors, suppliers and website service providers,
- Google, Axeptio, Facebook,
- Management of the hotel, restaurants, events organization and, in general, all those responsible for the services and activities on offer,
- Hotel management,
- Communications department,
- The information systems department,
- Other Paris Society group entities, where applicable.
We ensure that only authorized persons have access to this data.
7. Transferring your data
In connection with the use of Google's audience measurement and authentication services (Google connect), data (click here for further information) is transferred outside the European Union to the United States, a country which does not guarantee a level of data protection equivalent to that applied at European level.
When using the Facebook Pixel and Facebook connect, personal data is transferred outside the European Union to the United States, a country which does not guarantee a level of data protection equivalent to that applied at European level.
The European Commission's standard contractual clauses have been signed to provide a framework for this data transfer, and additional guarantees have been taken to ensure that the data transferred has a level of protection equivalent to that practiced in Europe.
8. How long we keep your data
NOCTIS EVENT ensures that data is only kept in a form that allows identification of the persons concerned for as long as is necessary for the purposes for which it is processed.
The retention periods we apply to your personal data are proportionate to the purposes for which they were collected.
Specifically, we organize our data retention policy as follows:
3 years from last incoming contact
25 months
Request processing time plus archiving for prescription and mandatory retention periods
Maximum 13 months for validity, consent 6 months, and data from cookies 25 months
9. Personal data security
NOCTIS EVENT has implemented technical and organizational measures adapted to the degree of sensitivity of personal data, in order to ensure the integrity and confidentiality of data and to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
Nevertheless, the security and confidentiality of personal data depend on everyone's good practices, so the person concerned is invited to remain vigilant in this area.
10. Subcontracting
When NOCTIS EVENT uses a service provider, it only communicates personal data to the latter after having obtained a commitment and guarantees on its ability to meet these security and confidentiality requirements.
In compliance with our legal and regulatory obligations, we enter into contracts with our subcontractors that precisely define the terms and conditions under which they process personal data.
11. Cookies
Cookies are subject to a Cookies policy. Please click here to access the cookies policy.
12. Your rights
NOCTIS EVENT is particularly concerned about respecting the rights granted to you in connection with the data processing it implements, in order to guarantee fair and transparent processing taking into account the particular circumstances and context in which your personal data is processed.
12.1 Your right of access
As such, you have confirmation that your personal data is or is not being processed, and where it is, you have the right to request a copy of your data and information concerning :
- the purposes of the processing ;
- the categories of personal data concerned;
- the recipients or categories of recipients and, where appropriate, if such communications are to be made, the international organizations to which the personal data have been or will be communicated, in particular recipients established in third countries;
- where possible, the intended retention period for personal data or, where this is not possible, the criteria used to determine this period ;
- the existence of the right to ask the data controller to rectify or erase your personal data, the right to request a restriction on the processing of your personal data, the right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- information on the source of the data when it is not collected directly from the data subjects;
- the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and expected consequences of this processing for the data subjects.
12.2 Your right to rectify your data
You may request that your personal data be corrected or completed if it is inaccurate, incomplete, ambiguous or out of date.
12.3 Your right to erase your data
You may ask us to delete your personal data in the cases provided for by legislation and regulations.
Please note that the right to data deletion is not a general right, and can only be exercised if one of the reasons provided for in the applicable regulations is present.
12.4 Your right to limit data processing
You may request the restriction of the processing of your personal data in the cases provided for by legislation and regulations.
12.5 Your right to object to data processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data for which the legal basis is the legitimate interest pursued by the data controller (see article above on the legal basis for processing).
If you exercise your right to object, we will no longer process your personal data in connection with the processing concerned, unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defense of legal claims. You have the right to object to personalized solicitation.
12.6 Your right to data portability
You have the right to the portability of your personal data. Please note that this is not a general right. In fact, not all data from all processing operations is portable, and this right only applies to automated processing, to the exclusion of manual or paper processing.
This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.
This right does not include derived or inferred data, which are personal data created by NOCTIS EVENT.
12.7 Your right to withdraw your consent
Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then cease to process your personal data, without affecting any previous operations for which you have given your consent.
12.8 Your right to appeal
You have the right to lodge a complaint with the Cnil (3 place de Fontenoy 75007 Paris) on French territory, without prejudice to any other administrative or legal remedy.
12.9 Your right to define post-mortem directives
You have the possibility of defining specific directives relating to the conservation, deletion and communication of your personal data after your death according to the methods defined below. These specific directives will only concern the processing carried out by us and will be limited to this scope.
Once this person has been appointed by the executive, you will also be able to define general guidelines for the same purposes.
12.10 How to exercise your rights
All the rights listed above may be exercised at the following e-mail address donnees.privees@paris-society.com or by post to NOCTIS EVENT 38 avenue des Champs Elysées 75008 PARIS, providing proof of identity by any means.
13. Modification of this document
We invite you to consult this policy regularly on our website. It may be updated from time to time.
Updated on 18/07/2023.