PRIVACY & COOKIES POLICY
The www.yquem.fr and reservation.yquem.fr Websites (“Websites“) are published by Château d’Yquem, a public limited company with a capital of 224,640 euros registered with the Bordeaux Trade and Companies Register under number b384 809 281, whose registered office is located at Château d’Yquem, 33210 Sauternes, tel: + 33 5 57 98 07 07 (hereinafter «Château d’Yquem» or “We »).
We attach the utmost importance and care to the protection of the privacy and personal data of users of our Websites.
For more information on the management of your reservations, please refer to the legal notice.
Note: We may change this policy, especially if a new processing of Personal Data is implemented. You are invited to check this page regularly to ensure that you agree with any changes. You will be informed of these changes either by a special mention on our site or by a warning.
1/ DATA CONTROLLER
As part of the management of the Websites and the management of your reservations, Château d’Yquem (whose contact details appear above) is the data controller.
Château d’Yquem has appointed a Data Protection Officer (DPO) who is your main contact for any question relating to the processing of your Personal data by Château d’Yquem.
He can be reached:
- By email to the following email address: firstname.lastname@example.org
- By post, to the following address: Ms/Mr Data Protection Officer (DPO) of Château d’Yquem, Château d’Yquem, 33210 sauternes
In the specific context of the management of your reservations, we draw your attention to the fact that some of Château d’Yquem’s service providers who receive your Personal data may act as data processors: this is the case in particular with the payment service provider Mercanet.
In this case, the processing of your Data is subject to the providers’ own privacy policies, which you can obtain by contacting them directly. Similarly, the rights you have under the legislation on the protection of personal data must be exercised directly with these service providers.
2/COLLECTION OF YOUR PERSONAL DATA
Where does the Personal data we collect come from?
Your Personal data is collected by us either:
- Directly from You, in particular when You use our Websites and our services (by filling in various forms on the Website, making a reservation, communicating directly with us, etc.);
- Indirectly: When someone makes a booking on our site in your name.
- Automatically when you access or use the Websites (cookies, technical data, information about your browsing).
What Data do we collect?
Château d’Yquem collects several types of Personal data about You. The Data that we ask You for and that are essential to respond to your requests are identified by an asterisk or an equivalent procedure on the collection forms. If You do not fill in the mandatory fields or do not provide the information marked as mandatory, we will not be able to respond to your requests or process your requests
When You contact us, in particular via the forms made available to You on the Websites, we collect and process all of the data that You provide to us, such as your title, your surname, your first name, your e-mail address, the subject and content of your message, the date and time of your visit, your postal address, your telephone number and your payment information, such as your bank card number, its expiry date and the cryptogram.
3/ PURPOSES AND LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
In accordance with the applicable data protection regulations, we only collect personal data when we have a legal basis to do so.
We collect personal data on the basis of your consent, for the following purposes:
- Respond to your requests and questions (other than those related to a reservation);
- Measuring and improving the performance of our site: we use analytics cookies to help us to count site visits and traffic sources to our Websites. This helps us to identify the most and least popular pages and to see where visitors go on the sites. The information collected by these cookies does not allow us to identify visitors to the site and although this data is mostly aggregated, some of the data must still be qualified as Personal Data under the GDPR.
- We collect Personal data on the basis of the performance of a contract, for the following purposes:
- To process your reservations: We use your data to manage your reservations and your visit to the castle.
- To respond to any requests You may make concerning your reservation.
We collect personal data on the basis of our legitimate interest, for the following purposes:
- To prevent payment fraud and ensure the validity of the payments we receive.
- To prevent counterfeiting or illicit resale to ensure the safety of our products.
- To ensure the defence of our interests in the event of a dispute or legal action.
We collect Personal data on the basis of our legal obligations, in order to comply with applicable laws:
As such, we keep transaction history and any other commercial document for legal and administrative reasons (accounting, tax, legal or commercial guarantees, product traceability, insurance, audit, etc.).
4/ DATA RECIPIENTS
Your Data is processed by Château d’Yquem for the purposes described above and is only accessible to Château d’Yquem staff who need to know it in the exercise of their duties.
However, your Personal data may be communicated to third parties when we use service providers and/or subcontractors for technical and logistical reasons (logisticians, transporters, site hosting and maintenance providers, payment and fraud management providers, etc.).
We may also be required to communicate your Personal data when the communication is required by law, a regulatory provision or a judicial decision or if this transmission is necessary to ensure the protection and defence of our rights.
5/ TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
Your Data is processed in France, however, We may use certain service providers located abroad or who themselves use subcontractors who may be located outside the European Economic Area (EEA).
Any transfer of your Data outside the EEA will be made subject to appropriate safeguards which will comply with applicable data protection regulations such as Standard Contractual Clauses (SCC) or BCR for example.
6/ RETENTION PERIOD OF PERSONAL DATA
Your Personal data is kept for as long as is necessary to fulfil the purposes for which it was collected and may then be kept for a longer period of time in order to comply with a legal obligation to retain it or if it is of historical interest for example.
In general, your Data will be retained for the duration of our relationship and then for a period of 3 years after the date of the end of our relationship (which is generally the date of the last contact with you). Where necessary, it may then be archived for accounting or evidential purposes for the applicable statutory limitation periods and destroyed or anonymized once these periods have expired.
Please refer to the table below for details of these periods.
|Object||Categories of Data||Storage before erasure|
Customer booking management
|Identification and payment data||Identification and reservation data: duration of the processing of the reservation, then archiving of the data 10 years as part of our traceability obligations.
Payment data: duration of the transaction and all necessary checks.in case of payment irregularity: for the duration of the payment irregularity, then for a period of 3 to 5 years depending on the severity of the irregularity.
|Customer Relationship Management||History of exchanges, opinions posted on the Website, customer account data.||Duration of the relationship + 3 years
Then archiving of data relating to purchases as part of our traceability obligations.
|Product traceability||Identification data, purchase history||In the case of patrimonial data and in the context of the fight against counterfeiting, this data is not deleted.|
|Measuring and improving site performance||Data collected via analytics audience measurement cookies (counting of visits and traffic sources, etc.)
|Site and Service Security||Technical data of your device (IP address, terminal type, browser type, etc.)||6 months|
|Disputes/Claims||Dispute/complaint data||In the absence of legal action, depending on the applicable limitation period: 5 years maximum from the facts
In the event of legal action: duration of the procedure until the full execution of the court decision or settlement protocol.
7/ RIGHTS OF DATA SUBJECTS
In accordance with the regulations in force, you have the right to:
ACCESS: The right of access allows a person to know if data concerning him or her are being processed and then to obtain, if he or she wishes, the communication in an understandable format.
RECTIFICATION: The right of rectification allows you to correct inaccurate data concerning you or to complete data in relation to the purpose of the processing.
ERASURE: The right to erasure allows you to have your data erased where the grounds set out in Article 17 of the GDPR apply.
TO THE LIMITATION OF PROCESSING: This right allows you to obtain, if you contest the accuracy of the data used by the organization or object to your data being processed, the suspension of processing for a certain period of time.
PORTABILITY: this right allows you to recover the data you have provided to a platform, for personal use or to transmit them to a third party of your choice.
OPPOSITION: This right allows you to object at any time, for reasons relating to your particular situation, to the processing of your personal data.
NOT TO BE THE SUBJECT OF AN AUTOMATED INDIVIDUAL DECISION: This right allows you not to be subject to a decision based exclusively on automated processing, including profiling, producing legal effects concerning you or affecting you significantly.
WITHDRAWAL OF YOUR CONSENT: This right allows you to withdraw your consent to the processing of your data at any time.
A DIGITAL DEATH: This right, applicable in France, allows you to define post-mortem directives concerning the fate of your data.
In order to respond to your request, we may have to verify your identity and if necessary, proof of identity may be requested.
Please note that despite exercising your right to erasure or restriction we may retain some of your Personal data where we are required or permitted by law to do so, where we have a legitimate reason to do so.
For any questions relating to your rights and the processing of your Data, you can contact us at email@example.com or by mail at: Ms / Mr. Delegate. e to the data protection of Château d’Yquem, Château d’Yquem, 33210 sauternes.
8/ SECURITY MEASURES
Château d’Yquem implements technical and organizational measures that comply with French and European legal and regulatory requirements, to ensure the security and confidentiality of Personal data.
Château d’Yquem ensures, under the terms of written commitments, that its service providers and subcontractors present guarantees and implement sufficient security measures to ensure the protection of the personal data whose processing is entrusted to them in accordance with the requirements of the legislation on the protection of Personal data.
However, Château d’Yquem does not control all the risks related to the operation of the Internet and draws your attention to the existence of risks inherent in the use of any website
Protection of minors
Our site is not intended for minors, We do not knowingly collect information about minors.
You must be at least 18 years old to provide us your data and/or make a reservation on the Websites. If we are notified that a minor under the age of 18 has submitted data to us, We will delete that Data.
We use these cookies to help us understand your use of the Websites and thus improve how it works.
What is a cookie? A “cookie” is a text file that is stored on a dedicated space on your terminal (computer, tablet, smartphone, etc.) when you visit the site a cookie allows its issuer (We or the third-party provider we use – for example, Google Analytics) to identify and recognize the terminal on which it is stored, throughout the period of validity or storage of the cookie (13 months maximum), each time you log back in to the site.
Refuse and disable cookies: You can refuse third-party cookies the first time you use the Websites.
You can also disable them by going to the dedicated page of your browser.
You can also disable them by using our cookie management tool, accessible on the bottom of every page of the Websites, and manage the categories of cookies you accept or not according to their purpose.
However, some cookies are essential for the operation of the Websites and cannot be disabled.
10 / RECLAMATION
In the event of a complaint about the way in which we collect and process your Data, you also have the right to refer the matter to the “Commission nationale de l’informatique et des libertés” (Cnil), 3 place de Fontenoy – tsa 80715 – 75334 paris cedex 07, tel: 01 53 73 22 22.