Privacy policy
Updated on 08/01/2023
PREAMBLE
This Personal Data Protection Policy (hereafter, the “Policy”) has for its purpose to provide Users with concise and comprehensive information on the collection and Processing of Personal Data by the website, www.catamarans-lagoon.com (hereafter, the “Website”), by CONSTRUCTION NAVALE BORDEAUX, a limited company with a capital of 3,487,500 euros, registered under the number, 342 012 390, with the Trade and Companies Registry of Bordeaux, headquartered at 162 Quai de Brazza, 33072 BORDEAUX, France, (the “Company”), in accordance with the EU ruling 2016/679 by the European Parliament and by the Council on April 27th, 2016, relative to the protection of individuals regarding the processing of their personal data and the free flow of this data, and which repeals the directive 95/46/CE (the “GDPR”).
The currently applicable Policy is the one in effect on the date of the visit to the Website and until a new version replaces it.
The current Policy may be modified by the Company at any moment and without notice.
By visiting the Website, the User acknowledges having taken account of the current Policy and agrees to conform with it, without reservations.
Article 1 – Definitions
The terms used in the current Policy and beginning with a capital letter, if they are not defined in the current article, have the meaning that is provided for them in the General Conditions of Use (GCU) of the Website.
“Personal Data”: this designates any information referring to an identified or identifiable individual person; is reputed to be an “identifiable individual person,” a physical person who can be identified, directly or indirectly, notably by reference to an identifier, such as a name, an identification number, location data, an online ID, or to one or more specific elements belonging to their individual identity, whether physiological, genetic, psychological, economic, cultural, or social.
“Policy”: designates the current personal data protection policy, applicable to personal Data Processing for Users of the Site.
“Processing”: designates any operation, or set of operations, concerning such data, whatever process is used (collecting, saving, organizing, retaining, adapting, modifying, extracting, consulting, using, communicating – by transmission, diffusion, or any other form of provision – reconciling or linking, blocking, erasing, destroying, etc.).
“Data Controller”: designates the person who determines the purposes and the means of personal Data Processing.
Article 2 – Data Controller
The Data Controller for Data Processing put into place via the Site is: the Company.
Article 3 – Collection and Origin of Personal Data
The Company may collect the User’s personal data directly (notably via data collection forms available on the Site).
The Company commits to gaining the consent of the User and/or enabling them to oppose the use of Personal Data for certain purposes, whenever necessary.
In all cases, the User is informed of the purposes for which this Personal Data is collected via various forms of Personal Data collection.
Article 4 – Personal Data Collected
The User’s Personal Data may be collected on the Website and processed by the Data Controller, including the following:
- Last Name and First Name(s);
- Mailing Address;
- Email Address;
- Telephone Number;
- Any other Personal Data communicated by the User to the Company.
Personal Data identified by an asterisk in the data collection forms is required because it is necessary to carry out the formulated request. Without entering this required information, these operations cannot be carried out.
Personal Data relative to Users that is made accessible on the Website cannot be collected for Processing without the prior written accord of the concerned person, in compliance with the current Policy.
Article 5 – Purposes for Personal Data Processing
The Company uses the Personal Data of the Users of the Website, notably for the following purposes:
- To respond to requests by Users, such as for information, searches, the newsletter, or other content;
- To offer Users relative content about products sold by the Company and/or by their partners;
- To personalize and improve the User’s experience on the Website;
- Any other purpose that the Company may specify, if need be, at the moment of the User’s Personal Data collection.
Article 6 – Legal Basis for Personal Data Processing
The Company Processes the User’s Personal Data within the framework of handling and fulfillment of their contractual relationship, with the legitimate goal of improving the operational quality and excellence of services offered by the Website, or in accordance with certain legal obligations.
Personal Data Processing can also be carried out on the basis of prior consent by the User in the situation where, in certain situations, it may be requested.
Article 7 – Communication of Personal Data
The Company restricts access to Personal Data uniquely to members of personnel who have a need to know in order to address the request of the User or to provide the requested Service.
The Company does not divulge Personal Data to unauthorized third parties.
The Company can, nonetheless, share the Personal Data with its subsidiaries and/or its holding company, as well as with its authorized service providers (for example: providers of technical services (Website publishing, hosting, maintenance), advice, etc.) which the Company calls upon for the sole purpose of providing Website services.
The Company does not authorize these service providers to use or to divulge Personal Data, except within the measure that it is necessary to perform User’s account Services or to respect legal obligations. Furthermore, the Company can share Personal Data (i) if the law or a judicial procedure requires it to do so, (ii) in response to a request by public authorities or other officials, or (iii) if the Company considers the transmission of this Personal Data necessary or appropriate to prevent a physical harm or a financial loss, or in connection with an investigation concerning a suspected or confirmed illicit activity.
Article 8 – Transfer of Personal Data
Because of the international nature of our organization and our Services, Personal Data may be stored and/or processed in a country other than that in which the User resides.
Certain countries outside of the European Economic Area (EEA) are recognized by the European Commission as offering an adequate level of data protection according to the standards of the EEA (the complete list of these countries is available here).
For transfers from the EEA to countries which are not considered adequate by the European Commission, the Company has put adequate measures into place, notably through contractual deals established with third parties.
Article 9 – Duration of Personal Data Retention
The Company retains Personal Data for a duration that does not exceed that necessary for the purposes for which it was collected and processed, a duration that is extended, if need be, from the durations prescribed by law or applicable regulations.
Thus, CNB retains the Personal Data of the User for a duration of:
- three (3) years, counting from the date of its communication to the Company by the User;
- thirteen (13) months, counting from storage date, concerning the cookies.
The duration of retention may be interrupted in the case exercising rights, such as those foreseen within the current Policy.
Article 9 – Rights of Users Concerning Their Personal Data
In accordance with the RGPD, the User has certain rights relating to their Personal Data. In the event of exercise of one or more rights relative to Personal Data Processing, the User is informed that they may lose access to the Website and to the use of its Services.
Access rights: the User can request access to their Personal Data and request correction of their Personal Data should it be incorrect, or that incomplete Personal Data be completed.
The User also has the right to know the sources of their Personal Data.
Right to deletion: the “right to be forgotten” authorizes the User to request the deletion of their Personal Data when:
(i) Personal Data is no longer necessary to achieve the purposes for which it was collected and processed;
(ii) The User chooses to withdraw their consent (when their consent has been collected as legal basis for processing) this withdrawal will not impact the legality of Data Processing prior to this action;
(iii) The User opposes Data Processing;
(iv) Personal Data is processed in an unlawful manner;
(v) Personal Data must be deleted to respect a legal obligation; or
(vi) its deletion is required to guarantee accordance with the GDPR.
Right to limitation: The User may also request the limitation of Personal Data Processing if:
(i) The User contests the exactitude of the Personal Data;
(ii) The Company no longer has need of Personal Data for Processing purposes; and
(iii) the User opposes Personal Data Processing.
The right to oppose direct marketing messages: The User may, at any moment, make the request in writing to no longer receive direct marketing messages or offers from the Company, directly and freely, or via the link included in all prospect materials that the Company may send to the User by email, or by sending an email to the address indicated below. This opposition is without prejudice to the legality of messages sent before the request has been received and taken effect.
The right not to be subject to a decision based exclusively upon automated Personal Data Processing: The User has the option of not being subject to a decision based exclusively upon automated Personal Data Processing leading to legal actions concerning or significantly affecting them.
The right to data portability: The User may request that the Company provide them with their Personal Data in a commonly used, structured format that is legible by a machine.
The right to give anticipated directives for Personal Data Processing after death: The user may define directives for the use of their Personal Data after death (notably for the duration of its retention, its deletion, and/or communication), as well as designate a person responsible for exercising this right.
The right to introduce a claim with a supervisory authority: if the User has concerns, or business occupations, or claims which concern the protection of their Personal Data, they have a right to introduce a claim with the National Commission for National Data Protection and Liberties (CNIL) via the following link: www.cnil.fr.
The User is nonetheless requested to address CNB prior to making any request, contacting the address indicated here-after, in order to process the request of the User and to find an amiable solution.
To exercise these rights, the User can formulate their request by sending an email to the following address: contact.rgpd@beneteau-group.com. Each request must be accompanied by a photocopy of an official proof of identity bearing the User’s signature, and it must specify the address to which CNB should reply. The response to the request may be addressed to the User within a maximum period of two (2) months, counting from the date of reception by the Company of the request.
Article 10 – Safety
The Company puts every technical and organizational measure into place to ensure the safety and the confidentiality of the User’s Personal Data in Processing.
For this reason, the Company takes all useful precautions, with regard to the nature of Personal Data and the risks presented by Processing, in order to preserve data safety and, notably, to prevent it from being distorted, damaged, or that any non-authorized third party have access (physical protection of the premises, authentication procedure with safe, personal access via user IDs and confidential passwords, logging connections, encryption of certain data, etc.).
Article 11 – Contact
With any questions or requests for information concerning the current Policy, the User can contact the Company at the following address: contact.rgpd@beneteau-group.com.
Article 12 – Cookies
When consulting the current Website, certain information relative to the User’s navigation on the site is susceptible to be saved in files, called “cookies,” onto their terminal (computer, tablet, mobile phone, or any other device capable of using the Internet). These cookies are issued by the Company with the goal of better meeting the User’s needs and facilitating their navigation on the Website.
12.1. What Is a Cookie?
A cookie is a text file that, through your web browser, is deposited in a dedicated place on the hard drive of the User’s terminal when visiting a website or viewing an ad. It contains multiple pieces of data, notably the name of the server that issued it (server of the website that you visit), a unique identifier in numeric form, and eventually, an expiration date for the cookie.
Cookies enable the issuer to recognize the terminal of a User on which it is saved, to collect information relative to their navigation on websites, and to offer personalized services. Cookies do not contain any information that personally identifies the User, and only the issuer of the cookie can read or modify the information contained there.
12.2. Cookies Issued on the Website