Privacy Policy

1. Who are we?

1.1 The data controller

The following information is provided to enable you to familiarize yourself with the personal data protection commitments of Société Civile Agricole Château La Nerthe, an agricultural non-trading company whose registered office is at Château La Nerthe, 84230 Châteauneuf-du-Pape.

Société Civile Agricole Château La Nerthe, which acts as data controller for the processing of personal data referred to in this document, hereinafter referred to as “the Data Controller” or “we”.

 

1.2 Our data protection officer

The Data Controller has appointed a person to be responsible for data protection policy, who can be contacted by e-mail at the following address: rf.drahcirseniamod@sellenosrepseennod.

 

2. The personal data we process

As part of the processing of personal data, the Data Controller collects and processes the following data:

  • surname, first name, postal address, e-mail address and telephone number; and
  • IP address, unique session ID and unique user ID.

3. Purposes and legal basis of our data processing operations

3.1 Purposes of our data processing operations

We process data for the following purposes:

  • Website content management;
  • Management of orders;
  • Management of marketing communication / communication with customers and prospects;
  • Follow-up of customer transactions;
  • Monitoring customer relations and customer complaints;
  • Audience analysis ;
  • Customer categorization; and
  • Management of requests via the contact form.

3.2 Legal basis for data processing

We only process data if at least one of the following conditions is met:

  • your consent to the processing operations has been obtained;
  • the performance of a contract binding us to you requires us to carry out the personal data processing concerned;
  • we are bound by legal and regulatory obligations that require us to carry out the personal data processing concerned; and
  • the existence of our legitimate interest, or that of a third party, justifies our carrying out the personal data processing concerned. The legitimate interests pursued by the Data Controller may include enabling the continuity of its business, improving the consumer experience, building consumer loyalty, understanding consumer expectations and managing user requests.

4. Recipients of your data

The personal data we collect, as well as those collected subsequently, are intended for us in our capacity as Data Controller.

We ensure that only authorized persons have access to this data. Our subcontractors / service providers may receive this data in order to carry out the services we entrust to them.

Your personal data may be combined, pooled or shared between all the parent, sister and subsidiary entities of the Data Controller.

It may be communicated to these entities for the purposes set out in this privacy policy. These operations are carried out on the basis of instruments that comply with the applicable regulations and are capable of ensuring the protection and respect of your rights.

 

5. Transfer of your data

As part of the services we offer, we transfer your personal data to recipients located in the United States.

Each of these transfers is governed by legal instruments that comply with the applicable legal framework.

Transfers to the United States are subject to appropriate safeguards. Standard contractual clauses proposed by the European Commission have been signed for all the data transfers referred to in this paragraph.

 

6. How long we keep your data

The retention periods we apply to your personal data are proportionate to the purposes for which they were collected. Accordingly, we organize our data retention policy as follows:

Purpose of processingRetention period
Canvassing3 years from the last contact with you or, where applicable, from the end of the commercial relationship, plus the period required by law.
CustomerIn the case of concluded contracts, data is kept for the duration of the commercial relationship, plus the duration of legal requirements.
CookiesPlease refer to the cookie policy, depending on the type and function of the cookie.
Contracts over €120 for accounting purposes10 years from conclusion of contract
In the event of exercising rights of access, rectification, deletion, limitation, data relating to identity documents and information enabling these rights to be taken into account1 year from receipt of request
In the event of exercising the right of opposition, data relating to identity documents and information enabling the right of opposition to be taken into account.6 years from receipt of request
Requests made via the contact formDuring the time it takes to process the request, plus the statutory limitation period.
Customer profile created on the website3 years from the last contact from you or, failing that, the date on which the customer profile was created.
NewsletterUntil you withdraw your consent, or otherwise 3 years from the last contact from you.

The above retention periods may be increased by the applicable statutory limitation periods.

 

7. Your rights

7.1 How to exercise your rights

You may exercise your rights by sending an e-mail to the following address: rf.drahcirseniamod@sellennosrepseennod

To do so, you must clearly indicate your surname(s) and first name(s), and the address to which you wish the reply to be sent.

In principle, you can exercise all your rights free of charge. However, with regard to the right of access, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.

With regard to the right to information, the Data Controller will not be obliged to respond if you already have the information you are requesting.

The data controller will inform you if it is unable to comply with your request.

These rights are not absolute and are subject to various conditions under:

  • applicable local data protection or privacy laws; and
  • laws and regulations applicable to you.

The Data Controller wishes to inform you that the non-information or modification of your data may have consequences in the processing of certain requests in the context of the execution of contractual relations and that your request to exercise your rights will be kept for follow-up purposes for 6 years concerning the exercise of the right to object and 1 year concerning the exercise of other rights.

All your rights are detailed below.

 

7.2 Your right to information

You acknowledge that this privacy policy informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and of the possibility of data being transferred to a third country or to an international organization.

In addition to this information, and with the aim of guaranteeing fair and transparent processing of your data, you declare that you have received further information concerning:

–    how long your personal data will be kept;

–    the existence of your rights and how to exercise them.

If we decide to process data for purposes other than those indicated, you will be provided with all information relating to these new purposes.

 

7.3 Your right to access and rectify your data

By exercising this right, you have confirmation that your personal data is or is not being processed, and when it is, you have access to your data as well as information concerning:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients, in particular those established in third countries;
  • where possible, the intended retention period for personal data, or, where this is not possible, the criteria used to determine this period;
  • the existence of the right to ask the Data Controller to rectify or erase your personal data, the right to request a restriction on the processing of your personal data, and the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • information on the source of the data when it is not collected directly from the data subjects; and
  • the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the significance and anticipated consequences of such processing for the data subjects.

You may ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.

 

7.4 Your right to erase your data

You may ask us to delete your personal data if one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you withdraw the consent previously given;
  • you object to the processing of your personal data when there are no legal grounds for such processing;
  • the processing of personal data does not comply with applicable laws and regulations; and
  • your personal data was collected when you were a minor.

However, the exercise of this right will not be possible where the retention of your personal data is required by law or regulation, for example for the establishment, exercise or defense of legal claims.

 

7.5 Your right to limit data processing

You may request the restriction of the processing of your personal data in the cases provided for by legislation and regulations.

 

7.6 Your right to object to data processing (unsubscribe)

You have the right to object to the processing of your personal data where such processing is based on the legitimate interests of the Data Controller.

In the event of direct communication, this right may be exercised by any means, including by clicking on the unsubscribe links at the bottom of the communications sent.

 

7.7 Your right to data portability

You have the right to the portability of your personal data. The data for which this right may be exercised are:

  • your personal data only, which excludes anonymized personal data or data that does not concern you;
  • declarative personal data and personal operating data; and
  • personal data that does not infringe the rights and freedoms of third parties, such as those protected by business secrecy.

This right is limited to processing based on consent or on a contract, and to personal data that you have personally generated.

This right does not include derived or inferred data, which are personal data created by the Data Controller.

 

7.8 Your right to withdraw your consent

Where the processing of data by us is based on your consent, you may withdraw it at any time. We will then cease to process your personal data without affecting any previous operations for which you have given your consent.

 

7.9 Your right of recourse

You have the right to lodge a complaint with the competent supervisory authority, without prejudice to any other administrative or judicial remedy.

 

7.10 Your right to define post-mortem directives

You have the possibility of defining directives relating to the conservation, deletion and communication of your personal data after your death, with a trusted, certified third party responsible for ensuring that the wishes of the deceased are respected, in accordance with the requirements of the applicable legal framework.

 

7.11 Your right to object to telephone canvassing

You are informed that if you do not wish to be the subject of commercial canvassing by telephone, you have the right to oppose telephone canvassing by entering your landline and/or mobile telephone numbers on the free opposition list accessible via the www.bloctel.gouv.fr website.

Please note that your request will be processed within 30 days of confirmation of your registration. This registration is valid for 3 years.

 

8. Security of your data

We attach great importance to the protection, integrity and confidentiality of your data. Accordingly, we have implemented technical and organizational measures to ensure a level of security appropriate to the risk and thus protect your data against loss, alteration, access or disclosure to unauthorized third parties.

However, despite our best efforts, no security measure can protect against all risks of misappropriation or piracy, for which we cannot be held responsible as data controller.

In the event of a personal data breach, we undertake to notify the CNIL in accordance with current regulations on the protection of personal data. In the event of a data breach presenting a high risk to your rights and freedoms, we will inform you as soon as possible, in accordance with the conditions laid down in current regulations on the protection of personal data.