About
Recruitment
Press
Partners
Frequently Asked Questions
Contact us
Receive our newsletter...
Prepare your visit!
I discover the application!
Follow us on social networks!

Menu
Tickets
Stays

 

 

I. Name and address of the Data Controller

The Data Controller within the meaning of EU General Regulation n ° 2016/679 on the protection of personal data and national laws on the protection of personal data in force in the member states is:

Le PAL
CS 60001 St POURCAIN SUR BESBRE
03290 DOMPIERRE SUR BESBRE
 
Phone. : +33 (0)4 70 42 68 10
E-mail: info@lepal.com
Website: https://www.lepal.com


II. Name and address of the Personal Data Protection Officer

The Referent mandated by the Processing Manager is:
Pauline LEMAÎTRE - Digital communications officer
Phone. : +33 (0)4 70 42 68 10
E-mail: webmaster@lepal.com
Website: https://www.lepal.com

 

III. General information on the processing of personal data

1. Scope of processing of personal data

We process users' personal data only to the extent that this is necessary to give them access to our website, as well as to functional content and services. The processing of personal data of our users takes place in principle only with the consent of the latter. An exception applies to cases where prior consent cannot be obtained for factual reasons and where the processing of data meets a legal obligation.

2. Legal basis for processing personal data

Insofar as we obtain the consent of users for the processing of their personal data, Article 6 (1) (a) of the General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract of which the User is a party, article 6, paragraph 1, point b of the General Data Protection Regulation (GDPR) serves as the legal basis . This also applies to the processing operations necessary for carrying out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) of the General Data Protection Regulation (GDPR) serves as the legal basis .
In the event that vital interests of the User or another natural person require the processing of personal data, article 6, paragraph 1, point d of the General Data Protection Regulation (GDPR) serves as legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or of a third party, and if the interests, fundamental rights and freedoms of the User do not prevail over this legitimate interest, article 6, paragraph 1, point f of the General Data Protection Regulation (GDPR) serves as the legal basis for the processing.

3. Data erasure and retention period

The personal data of Users are kept for a period not exceeding that necessary with regard to the purpose for which they were collected. Beyond that, they will be deleted, anonymized or their access will be blocked. In addition, data retention may be provided by the European or national legislator in the regulations, laws or other regulations of the EU to which the Data Controller is subject. The blocking of access to data, the deletion of data, or their anonymization also occurs at the expiration of the retention period prescribed by the standards mentioned, unless it is necessary to keep the data for the conclusion or the performance of a contract.

 

IV. Provision of the website and creation of log files

1. Description and scope of the processing of personal data

Each time we access our website, our system automatically collects data and information from the computer system of the calling computer.

The following data are collected:

  • Information on the type of browser and the version used
  • User operating system
  • User Internet Service Provider
  • Date and time of access
  • Websites from which the User's system goes to our website
  • Websites accessible by the User's system via our website

Data is also stored in our system's log files. The IP addresses of the User or other data allowing the allocation of data to a given User are not concerned. In addition, we do not store this data with other personal data of the User does not take place.

 

2. Legal basis for processing personal data

The legal basis for the temporary storage of data is the legitimate interest provided for in Article 6 (1) (f) of the GDPR.

3. Purpose of processing personal data

The temporary storage of the IP address by the system is necessary to allow access to the website by the User's computer. To do this, the User's IP address must be kept for the duration of the session. This purpose is also justified by our legitimate interest, within the meaning of Article 6 (1) (f) of the GDPR.

4. Shelf life

Personal data is deleted as soon as it is no longer necessary to achieve the purpose that motivated its collection. When collecting personal data, access to our website is the case when the session is over.

5. Right of opposition and cancellation

The collection of the User's personal data for access to the website and the storage of your data in log files is essential for the proper functioning of the website.

In the event that the User requests the deletion of such data or objects to their processing, we will no longer be able to give them access to our website.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the Internet browser or the Internet browser of the user's computer system. When a user visits a website, a cookie may be stored on their operating system. This cookie contains a characteristic character string allowing the User to be clearly identified in the event of subsequent consultation of the website i.

We use cookies to make our website more user-friendly. Certain elements of our site require that the calling User be identified even after a page change.

The following data is stored and transmitted in cookies:

  • The set language
  • Items in the basket
  • Connection information
  • In addition, we use cookies on our website to analyze the browsing behavior of Users.

The following data can therefore also be transmitted:

  • Search criteria entered
  • Frequency of opening pages

Use of website features

User data thus collected is pseudonymized by technical measures. Consequently, identification of the calling User is no longer possible. The data will not be stored with other personal data of Users.

When accessing our website, a banner informs the User of the use of cookies for analytical purposes; his consent to the processing of his data is expressly collected by a check box I ACCEPT and refers him to detailed content on cookies and their management. It is particularly indicated how the storage of cookies in the browser settings can be avoided.

A link also makes it possible to refer to this data protection charter.

2. Legal basis for processing personal data

The legal basis for the processing of personal data using cookies is the consent of the user provided for in Article 6 paragraph 1 point a of the GDPR.

3. Purpose of processing personal data

The purpose of using technically necessary cookies is to facilitate the use of websites by Users. Certain features of our website cannot be offered without the use of cookies. To be able to use them, the browser must be recognized even after a page change.

We need cookies for the following applications:

  • Basket
  • Language settings transfer
  • Storage of search criteria

User data collected via technically necessary cookies is not used to create User profiles.

The purpose of using analysis cookies is to improve the quality of our website and its content. Thanks to analytical cookies, we learn how our website is used and allow us to continuously optimize our offer.

4. Period of conservation, right of opposition and deletion

Cookies are kept for a maximum of 13 months.

Cookies are stored on the User's computer, from where they are transmitted to us. Therefore, as a User, you have full control over the use of cookies. By modifying the parameters of your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. It can also be done automatically. However, if cookies are disabled for our website, it may not be possible to use all the functions of the website in full.

 

VI. Newsletter

1. Description and scope of the processing of personal data

You can subscribe to our free newsletter on our website. The data of the input mask are transmitted to us when registering for the newsletter:

  • First name
  • E-mail adress
  • Type of person (Individual, Group Manager, CE Manager, School Manager, Journalist, Other)

 

In addition, the following data is collected during registration:

  • IP address of the calling computer
  • Date and time of registration

Data processing is authorized with your consent obtained during the registration process, with a link to access this data protection charter.

In the context of data processing for sending newsletters, no data is transmitted to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for processing personal data

The legal basis for the processing of data after the User's registration for the newsletter is the User's consent in accordance with article 6 paragraph 1 point a of the GDPR.

3. Purpose of processing personal data

The collection of the first name, e-mail address and type of the User's person is used for the distribution of the newsletter.

4. Shelf life

The data are deleted as soon as they are no longer necessary with regard to the purpose for which they were collected. The first name, e-mail address and type of the User's person are therefore stored as long as the subscription to the newsletter is active.

5. Right of opposition and cancellation

The subscription to the newsletter can be terminated at any time by the User concerned. A link is placed for this purpose in each newsletter allowing unsubscription. The user can also withdraw his consent and request the deletion of his personal data collected during the registration process.

VII. Registration for online ticketing purchase and creation of a user account

1. Description and scope of the processing of personal data

On our website we offer the possibility of purchasing tickets online, on this occasion the buyer / user must create an account to finalize their purchase to secure access to these purchased e-tickets.

The data is entered in an input mask, then it is transmitted to us and stored. No transfer of data to third parties is carried out. The following data is collected during the registration process:

  • Last name First Name
  • Postal address data
  • E-mail adress

At the time of registration, the following data is also collected:

  • User's IP address
  • Date and time of registration

The User's consent to the processing of their personal data is expressly collected as part of the registration process.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR.

If the registration is used for the execution of a contract of which the User is a party or for the implementation of pre-contractual measures, the additional legal basis for the processing of data is the execution of the contract provided for in article 6 (1) point b GDPR.

3. Purpose of data processing

User registration is required for the provision of certain content and services on our website:

  • Information retrieval
  • Invoice request
  • Access to the customer account for retrieving e-tickets. A User registration is necessary to regularize a contract with him or to implement pre-contractual measures:
  • Ordering e-tickets

 

4. Shelf life

Data is deleted as soon as it is no longer necessary with regard to the purpose for which it was collected: - This is the case of data collected during the registration process and creation of an account when registration on our site is canceled or changed.

This is the case when regularizing a contract with the User or when implementing pre-contractual measures if the data is no longer necessary for the execution of said contract or the implementation of said pre-contractual measures.

After the conclusion of the contract, it may be necessary to keep the User's personal data in order to comply with contractual or legal obligations:

  • Successive performance contracts
  • Tax data retention periods
  • Warranty periods, statutory limitation periods

In any case, the data is not kept beyond a period of 3 years from our last contact remained unanswered, and failing opposition or request for deletion on your part, in the interval.

5. Right of opposition and deletion

As a User, you have the option to cancel and delete your registration and user account at any time. You can also modify the stored data concerning you at any time.

The erasure of the data can take place at any time by sending an email to info@lepal.com

If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible if no contractual or legal obligation prohibits it.

The deletion of the User's personal data will prevent them from receiving the products and services requiring the processing of said data.

VIII. Contact form

1. Description and scope of the processing of personal data

A contact form is available on our website which can be used for electronic contact. If a User uses this option, the data entered in the input mask will be transmitted to us and will be stored. These data are:

  • First and last name
  • E-mail adress
  • Type of person (Individual, Group Manager, CE Manager, School Manager, Journalist, Other)
  • Object of the request

The following data is also stored when the message is sent:

  • User's IP address
  • Date and time of registration

The use of data is indicated in the form with access to this Data Protection Charter.

No transfer of data to third parties is carried out. The data is used exclusively for the processing of the communication.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent provided for in Article 6 paragraph 1 point a of the GDPR. If the contact by e-mail aims to conclude a contract, the additional legal basis for processing is the execution of the contract provided for in Article 6, paragraph 1 point b GDPR.

3. Purpose of processing personal data

The processing of personal data from the input mask is only used to respond to your contact request. In the case of contact by e-mail, this also includes the legitimate interest required for processing the data. .

4. Shelf life

The data are deleted as soon as they are no longer necessary with regard to the purpose for which they were collected. For personal data of the contact form input mask, this is the case when the communication with the User is ended. Communication is terminated when it can be inferred from the circumstances that a detailed response has been given to the request made or that the facts have finally been clarified.

5. Right of opposition and cancellation

The User has the possibility at any time to revoke his consent to the processing of his personal data. If the user contacts us via the contact form, he can object to the storage of his personal data at any time. In such a case, the communication cannot continue.

The erasure of the data can take place at any time by sending an email to webmaster@lepal.com.

In this case, all personal data stored during the contact process will be deleted.

IX. Group reservation request form

1. Description and scope of data processing

A reservation request form is available on our website which can be used to make a group reservation request electronically. If a User uses this option, the data entered in the input mask will be transmitted to us and will be stored. These data are:

  • Name of the group
  • Postal address data
  • Landline Number, Fax
  • First name and last name of the person in charge
  • Mobile number
  • E-mail adress
  • Date of visit
  • Arriving time
  • Number of participants
  • Type of group (Association, School, Center Aéré…)

 

The following data is also stored when the form is sent:

  • User IP address
  • Date and time of registration

The use of data is indicated in the form with access to this Data Protection Charter.

No transfer of data to third parties is carried out. The data is used exclusively for the processing of the group reservation.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR, or even Article 6, paragraph 1 point b of the GDPR for the performance of the contract.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent provided for in Article 6 paragraph 1 point a of the GDPR. If the contact by e-mail aims to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

3. Purpose of processing personal data

The processing of personal data from the input mask only serves us to process your group booking request. In the case of contact by e-mail, this also includes the legitimate interest required for the processing of data

4. Shelf life

The data are deleted as soon as they are no longer necessary with regard to the purpose for which they were collected. For the personal data of the input mask of the reservation request form, this is the case when it is processed and executed.

5. Right of opposition and cancellation

The User has the possibility at any time to revoke his consent to the processing of his personal data. If the User contacts us via the reservation request form, they may object to the storage of their personal data at any time. In such a case, the reservation request cannot continue.

The erasure of the data can take place at any time by sending an email to webmaster@lepal.com

In this case, all personal data stored during the contact process will be deleted.

X. Contest Game Form "Your best PAL photo" on the website www.lepal.com and the PAL application

1.Description and scope of the processing of personal data

To participate in the “My best photo from PAL” contest, data is entered in the input mask and will be sent to us and stored. These data are:

  • First and last name
  • Postal code
  • E-mail adress
  • Photo for the competition

 

The following data is also stored when the message is sent:

  • User IP address
  • Date and time of registration

The use of data is indicated in the form with access to this Data Protection Charter.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent provided for in Article 6 paragraph 1 point a of the GDPR. If the contact by e-mail aims to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

3. Purpose of processing personal data

The processing of personal data from the input mask is used to choose the winning photo and to inform the winner.

4. Shelf life

The data are deleted as soon as they are no longer necessary with regard to the purpose for which they were collected. For the personal data of the entry mask of the contest, this is the case when the game is over.

5. Right of opposition and cancellation

The User has the possibility at any time to revoke his consent to the processing of his personal data. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, his participation in the competition cannot, however, continue.

The erasure of the data can take place at any time by sending an email to webmaster@lepal.com

In this case, all personal data stored as part of this participation in the competition will be deleted.

XI. Recruitment form

1. Description and scope of the processing of personal data

A recruitment form is available on our website which can be used to submit an application for a position offered by Le PAL. If a User uses this option, the data entered in the input mask will be transmitted to us and will be stored. These data are:

  • Position chosen from the offers
  • Availability dates
  • Has already or name worked at PAL
  • Civility
  • First and last name
  • Address
  • Mobile number
  • Fixed line number
  • E-mail adress
  • Date of Birth
  • Social Security number
  • If recognized as a disabled worker
  • Comments
  • Numberplate
  • CV (file deposited in the form)
  • Motivation letter (file deposited in the form)
  • Identity photo (file deposited in the form)

 

The following data is also stored when the message is sent:

  • Date and time of registration

 

The use of data is indicated in the form with access to this Data Protection Charter.

No transfer of data to third parties is carried out. The data is used exclusively for the processing of your application.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent provided for in Article 6 paragraph 1 point a of the GDPR. If the contact by e-mail aims to conclude a contract, the additional legal basis for processing is the execution of the contract provided for in Article 6, paragraph 1 point b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask only serves us to process your application and for contact purposes. In the case of contact by e-mail, this also includes the legitimate interest required for the processing of data.

4. Shelf life

The data are deleted as soon as they are no longer necessary for the purpose for which they were collected, in this case when the examination of your application for the envisaged position is completed.

In any event, if your application is not followed up, this data is not kept beyond a period of 2 years after our last exchange, unless requested to delete or oppose your leaves in the meantime.

5. Right of opposition and cancellation

The User has the possibility at any time to revoke his consent to the processing of his personal data. If the User contacts us via the application form, he may object to the storage of his personal data at any time. In such a case, however, the application cannot continue.

The erasure of the data can take place at any time by sending an email to webmaster@lepal.com

In this case, all personal data stored during the contact process will be deleted.

XII. One-day trainer form

1. Description and scope of the processing of personal data

A Day Caregiver form is available on our website which can be used to submit a request for the Day Caregiver activity. If a User uses this option, the data entered in the input mask will be transmitted to us and will be stored. These data are:

  • The requested activity (ies)
  • The Number of people for the activity
  • Age of people for the activity
  • First and last name of the contact person
  • Address
  • Phone number
  • E-mail adress
  • Comments

 

The following data is also stored when this form is sent:

  • Date and time of registration

 

The use of data is indicated in the form with access to this Data Protection Charter.

No transfer of data to third parties is carried out. The data is used exclusively for the processing of this day care provider request.

2. Legal basis for processing personal data

The legal basis for data processing is the consent of the User provided for in Article 6 paragraph 1 point a of the GDPR.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent of article 6 paragraph 1 point a of the GDPR. If the contact by e-mail aims to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

3. Purpose of processing personal data

The processing of personal data from the input mask only serves us to process your request and for contact purposes. In the case of contact by e-mail, this also includes the legitimate interest required for the processing of data.

4. Shelf life

The data are deleted as soon as they are no longer necessary with regard to the purpose for which they were collected. For the personal data of the mask for entering the Day Healer form, this is the case when his request is processed and executed.

5. Right of opposition and cancellation

The User has the possibility at any time to revoke his consent to the processing of his personal data. If the User contacts us using the Day Care Provider form, they may object to the storage of their personal data at any time. In such a case, the communication and his request to be a Healer for a day cannot continue.

The erasure of the data can take place at any time by sending an email to webmaster@lepal.com

In this case, all personal data stored during the contact process will be deleted.

XIII. Website analysis

1.Analysis of websites via Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 United States, hereinafter referred to as "Google". Google-Analytics uses "Cookies", ie text files stored on your computer and allowing an analysis of your use of the website
The information generated by these cookies, such as the time, place and frequency of your visit to the website, including your IP address, is transmitted to Google in the United States and stored there.
Google uses this information to evaluate your use of our website, to compile reports on the activity of our website and to provide other services related to website activity and internet use. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google.
Google declares that it does not associate your IP address with other data supplied by it. You can prevent the installation of cookies by configuring your browser software accordingly; however, we draw your attention to the fact that in this case you may not be able to use all the functions of our website.
In addition, Google offers a deactivation module for the most common browsers, allowing better control of the data that Google collects on the sites you visit. The module informs the JavaScript (ga.js) of Google Analytics that no website visit information should be transmitted to Google Analytics. However, the Google Analytics Disable add-on does not preclude the transfer of information to us or to any other web analysis service that we may use. For more information on installing the browser deactivation module, see Link.
Alternatively, the future analysis of your site visit by Google Analytics can be deactivated by clicking on the link below. By clicking on the link, an deactivation cookie is created, preventing any i from your browsing on our website; :
Click here to deactivate Google Analytics cookies.
Please note that if you delete cookies in your browser settings, the deactivation cookie can also be deleted and may have to be reactivated.

2. Analysis of websites by Youtube

This site contains at least one YouTube plugin, owned by Google Inc., located in San Bruno, California, USA, is created. As soon as you visit our website with a YouTube plug-in, you are connected to the YouTube servers. At the same time, the Youtube server will be informed of the particular page of our website that you have visited. If you are also logged into your YouTube account, YouTube allows you to link your browsing experience directly to your personal profile. You can cancel this assignment option if you first log out of your account. For more information on the collection and use of your data via YouTube, see their privacy policy at www.youtube.com.

3. Analysis of websites by Facebook Pixel

Our website uses the remarketing functionality "Personalized audiences" of Facebook Inc. ("Facebook"). This function is used to present (“Facebook ads”) to visitors to this website as part of their visit to the social network Facebook advertisements targeted by area of ​​interest. To this end, the Facebook remarketing tag has been installed on this website. Thanks to this tag, a direct connection to Facebook servers is established when you visit the site. The information that you have visited this website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account. For more information on the collection and use of data by Facebook, your rights in this regard and the means to protect your privacy, see the Facebook privacy policy at https://www.facebook.com/about / privacy /. You can also turn off the "Custom Audiences" remarketing feature at https://www.facebook.com/settings/?tab=ads#_=_. To do this, you must be logged into Facebook.

4. Use of web fonts

A JavaScript code is loaded on our website. If you have activated JavaScript in your browser but have not installed a JavaScript blocker, your browser may transmit personal data. We do not know what data is linked to the data received and for what purpose this data is used. To prevent the execution of JavaScript code in general, you can install a JavaScript blocker (eg www.noscript.net).

The following fonts are used on our website: Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043 USA (additional information in Google's privacy statement).

XIV. Recipients of users' personal data

  1. The personal data of Users is processed mainly by our internal services and our employees.
  2. Your personal data may however be transferred to other recipients providing us with services related to our website, such as our IT providers in the context of the administration and hosting of our website, our service providers external in charge of examining requests or organizing contests, our logistics service providers, our insurance companies in the event of a complaint. In this case, we limit the transfer of your data to what is strictly essential. Our service providers receive your data as subcontractors, they are strictly required to comply with our instructions regarding the processing of your data. We also ensure that they implement all appropriate confidentiality and security measures to best protect the data transmitted.
  3. In the context of the use of statistical analysis tools for the activity of our website, personal data of the User limited to the IP address, are transferred to the USA from entities that have signed up to Privacy shield, regularized agreement with the EU Commission considering the level of protection granted as adequate (implementing decision 2016/1250 of 12 July 2016).

XV. User rights

As a User, you are a data subject within the meaning of the GDPR and you have the following rights which can be exercised at webmaster@lepal.com:

1. Right of access

You can, at any time, ask to confirm whether or not personal data concerning you are being processed. You are also entitled to request the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be communicated;
  • the planned retention period of your personal data or, when this is not possible, the criteria used to determine this period;
  • when personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR, and at least in such cases, useful information regarding the underlying logic, as well that the importance and the expected consequences of this processing for the possible transfer of data to a third country or an international organization. In this context, you can request to be informed of the appropriate guarantees, under article 46 of the GDPR.

We will respond to you within 1 month.

This right of access may be limited when it risks preventing or seriously hindering the performance of research or statistics and this limitation is necessary for their proper conduct.

2. Right of rectification

You have the right to request that your personal data be rectified or supplemented as soon as they prove to be incomplete or inaccurate. This right of rectification may be limited when it risks preventing or seriously hindering the carrying out of research or statistics and this limitation is necessary for their proper conduct.

 

3. Right to limit processing

You can obtain the limitation of the processing of your personal data under the following conditions:

  • you dispute the accuracy of the personal data and request the limitation for a period allowing the Data Controller to verify their accuracy;
  • the processing is unlawful and you refuse the erasure of your personal data by demanding instead the limitation of their use;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but these are still necessary for the establishment, exercise or defense of legal claims, or
  • you have objected to processing in accordance with Article 21 (1) GDPR, but it has not yet been established whether the legitimate interests of the Controller prevail over yours.

When the processing of personal data concerning you has been limited, this data may, with the exception of their conservation, be processed only with your consent, or in the context of the observation, exercise or defense of legal rights, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State.

If the processing of personal data has been limited according to the above conditions, you will be informed by the Data Controller before the limitation of processing is lifted.

This right to limit processing may be limited when it risks preventing or seriously hindering the performance of research or statistics and this limitation is necessary for their proper conduct.

 

4. Right to erasure

a) Obligation to erase

You have the right to obtain the erasure of personal data concerning you as soon as possible. The Data Controller also has the obligation to erase this data, when one of the following reasons applies:

  • personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • you withdraw your consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.
  • you object to processing under Article 21 (1) GDPR and there are no compelling legitimate grounds for processing, or you object to processing under Article 21 (2) GDPR.
  • personal data has been subject to unlawful processing.
  • personal data must be erased in order to comply with a legal obligation provided for by Union law or by the law of the Member State to which the controller is subject.
  • the personal data concerning you have been collected in connection with the services offered by an information company in accordance with article 8 paragraph 1 of the GDPR.

 

b) Information to third parties

When the Data Controller has made personal data concerning you public and if he is required to delete it under Article 17 (1) GDPR, he must take reasonable measures, taking into account the available technologies and the costs of implementation, including technical measures, to inform those responsible for processing this personal data that, as a data subject, you have requested the deletion of all links to this data, or any copy or reproduction thereof.

c) Exceptions

The right to erasure does not exist when processing is necessary:

  • compliance with a legal obligation or the performance of a task of public interest or falling within the exercise of public authority vested in the Data Controller and requiring processing under the law of the Member States, or of the Union;
  • for purposes of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR;
  • for archival purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, insofar as the law referred to in subparagraph a) is likely to make impossible or seriously affect the achievement of the objectives of this processing; for the establishment, exercise or defense of legal claims.

 

5. Right of information

If you have asserted your right to rectification, erasure or limitation of processing with the Data Controller, the latter is required to inform all the recipients to whom your personal data has been disclosed of this rectification, this erasure or this limitation of data processing, except where this proves impossible or involves a disproportionate effort.

You have the right to ask the Data Controller to be informed about these recipients.

6. Right to data portability

You have the right to receive personal data concerning you and which you have provided to the Data Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without the Data Controller to whom the personal data have been communicated to prevent it, when

the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, or on a contract pursuant to Article 6 (1), point b of the GDPR, and
processing is carried out using automated processes.
When you exercise your right to data portability, you also have the right to obtain that personal data be transmitted directly from one Data Controller to another, when this is technically possible. This should not, however, affect the freedoms and rights of other people.

The exercise of the right to data portability does not apply to the processing of personal data necessary for the performance of a task of public interest or falling within the exercise of public authority vested in the Treatment manager.

7. Right to object

You have the right to object at any time, for reasons relating to your particular situation, to a processing of personal data concerning you based on legitimate interest or a public interest mission in accordance with Article 6, paragraph 1, point e or f of the GDPR; this also applies to profiling based on these provisions.

We then stop processing your personal data, unless there are legitimate and compelling reasons for processing that prevail over your interests and your rights and freedoms, or else the processing is necessary for the establishment, exercise or the defense of legal rights.

When personal data is processed for prospecting purposes, you have the right to object at any time to the processing of personal data concerning you for such prospecting purposes, including profiling insofar as it is linked to such prospecting.

If you object to processing for prospecting purposes, personal data will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58 / EC, you have the possibility of exercising your right of opposition by means of automated processes using technical specifications.

When personal data is processed for scientific or historical research or for statistical purposes pursuant to Article 89 (1) GDPR, you have the right to object, for reasons relating to your particular situation , to the processing of this data.

This right of opposition can be limited as soon as it risks preventing or seriously hindering the carrying out of research or statistics and this limitation is necessary for their proper conduct.

8. Right to revoke the declaration of consent

You have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

9. Automated individual decision-making, including profiling

You have the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning you or significantly affecting you in a similar way. This does not apply if the decision:

  1. is necessary for the conclusion or execution of a contract between the data subject and a Data Controller,
  2. is authorized by Union law or the law of the Member State to which the Data Controller is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
  3. is based on your express consent.

However, these decisions should not be based on particular categories of personal data under Article 9 (1) GDPR, unless Article 9 (2) GDPR applies and only reasonable measures have been taken to protect rights and freedoms and your legitimate interests. Regarding the cases referred to in points (1) and (3), the person responsible takes the appropriate measures to assert your rights and freedoms, as well as your legitimate interests, including those at least to obtain human intervention from the responsible R Treatments to express your point of view and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which your habitual residence is located, your place of work or place where the violation has been committed, if you believe that the processing of personal data concerning you constitutes a violation of the GDPR.

However, you still have the possibility of bringing your complaint beforehand to the Processing Manager at webmaster@lepal.com who will reply to you within 2 months.

The supervisory authority with which the complaint has been lodged will inform you of the progress and outcome of the complaint, including the possibility of a legal remedy under Article 78 of the GDPR .

In France, the supervisory authority is the CNIL, 3 place de Fontenoy, 75007 Paris, tel 01 53 73 22 22.