Exceptional house in the heart of Burgundy By the Côte d'Or Tourism Development Agency Label 5-star Tourist Residence
RGPD
RGPD, Data Protection Act • Document compliance: the GDPR focuses on corporate responsibility, better known as accountability. Indeed, companies will be obliged to document their good data protection compliance via internal documentation. Companies must be able to inform the competent authorities at any time, by means of a corresponding list, of the stored data, the purpose and the processing of the data, as well as the date on which the company intends to delete this data. . • Privacy by Design: the concept of Privacy by Design means that companies must take into account the respect of data protection right from the design of the technical structure of the processes. It will no longer be allowed to implement data protection measures retrospectively but must integrate them from the design of a process, service or product. In addition, they must be designed so that they require the least amount of personal data (so-called "minimization" principle). • Privacy by Default: this protection of privacy by default, this provision of the European Data Protection Regulation stipulates that, in principle, the most respectful variant of data protection must be technically predefined and must guarantee the highest security level. This is to prevent consumers from struggling to obtain restrictions on data processing. • Transparency and consent: In the majority of cases, individuals will have to explicitly accept the use of their personal data in the future. In addition, the consent of the employee or consumer is valid only for the stated purposes. In addition, the declaration of consent must be formulated in a clear and understandable manner and must in principle be revocable. The revocation must be as easy for the person as it is to give consent (consent). The requirements for effective consent have been strengthened under the GDPR. • Deletion of data: personal data can only be kept for the duration necessary for the purpose. If the processing authorization expires (for example, if the consent is revoked), the data must be deleted. • Right of information and de-listing: EU citizens have the right to know, on request, what data is held by a company and how it is used. In addition, a consumer may also ask businesses to delete the data. In particular, the right to referencing is stipulated in the RGPD. • The data contained in this email are exclusively intended for communication between Mr. Lagneau and the author of the email. • The data protection officer is Pierre Lagneau - plag2015@self-catering-burgundy.fr • The only recipient of this data is Mr Lagneau. • Data are kept for a maximum of 6 months. • The data is not communicated to any third party. • The author of the email has the right to information and erasure provided by law; he can activate this right by contacting the data protection officer.