- The way in which their personal data are collected and processed. All data capable of identifying a user must be considered as personal data. These include the first and last name, age, postal address, email address, location of the user or his IP address;
- What are the rights of users regarding this data;
- Who is responsible for the processing of personal data collected and processed;
- To whom this data is transmitted;
- Possibly, the site's policy regarding "cookies" files.
As part of your use of the skimium.com site, some of your personal data is collected and processed. SKIMIUM has taken the necessary measures to ensure its protection, while respecting your privacy and the legal framework. You will find below the modalities of the processing of your personal data by Skimium.
General principles of data collection and data processing
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of site user data respects the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that their data is collected, and for what reasons their data is collected;
- Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use;
- Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Conservation of data reduced in time: the data is kept for a limited period of time, of which the user is informed. If the retention period cannot be communicated to the user;
- Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only take place if they comply with at least one of the conditions below. after listed:
- The user has expressly consented to the processing;
- Processing is necessary for the proper performance of a contract;
- The processing meets a legal obligation;
- The processing is explained by a necessity linked to the protection of the vital interests of the data subject or of another natural person;
- The processing may be explained by a need linked to the performance of a task of public interest or which falls within the exercise of public authority;
- The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
Personal data collected and processed in the context of browsing the site
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the site https://www.skimium.co.uk are as follows:
- Mandatory: Last name, first name, title, email, postal address, city, country of residence.
- Optional: Date of birth, first name of the person (s) associated with each pack or equipment rented, landline or mobile phone number, height, shoe size, age, sex, level of skiing, weight.
This data is collected when the user performs one of the following operations on the site:
- Use of contact forms, online ordering on the website https://www.skimium.co.uk , newsletter subscription.
The data controller will keep all the data collected in his site's computer systems and under reasonable security conditions for the following periods:
- Bank data encrypted and operated by a third party bank while the payment transaction is being carried out
- 6 months for connection data
- 3 years from the end of the commercial relationship for customers
- 5 years with regard to the tenant's contract
- 10 years with regard to accounting and financial data
The collection and processing of data serve the following purposes:
- Online booking management
- Create an account
- Order on the website
- Order tracking
- Sending personalized promotions and recommendations for similar products or services
- Newsletter sending
- Request for an opinion on the transaction or customer experience
- Audience measurement and statistics
B. TRANSMISSION OF DATA TO THIRD PARTIES
The data may be transmitted to the third party (s) listed below:
- To companies of the SPC group;
To technical service providers, in particular those in charge of:
- Processing payments;
- Email routing, both transactional and commercial;
- Analysis of traffic on the group's websites
C. DATA HOSTING
The site https://www.skimium.co.uk is hosted by: Platform.sh SAS, whose head office is located at the following address:
131 Boulevard de Sébastopol -75 002 Paris - France
Contact: Tel: +33 1 40 09 30 00, firstname.lastname@example.org
The data collected and processed by the site are transferred to the following country (ies): Switzerland. This transfer of personal data outside the European Union is justified by techniques related to hosting
Data Controller and Data Protection Officer
A. THE DATA CONTROLLER
The person responsible for processing personal data is: SPC, 424 Bureaux de la Colline, 92210 St Cloud registered in the trade and company register under number: 833 634 454. He can be contacted as follows:
By email: email@example.com
By phone: +33 (0) 4 50 93 28 07
By contact form: https://skimium.zendesk.com/hc/fr/requests/new
The data controller is responsible for determining the purposes and means used for the processing of personal data.
B. OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.
The site has an SSL certificate to guarantee that the information and the transfer of data passing through the site are secure.
An SSL certificate ("Secure Socket Layer" Certificate) is intended to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the user's personal data is compromised, the data controller undertakes to inform the user by any means.
C. THE DATA PROTECTION OFFICER
In addition, the user is informed that the following person has been appointed Data Protection Officer: cabinet Haas, 32 Rue la Boétie, 75008 Paris
The role of the Data Protection Officer and to ensure the proper implementation of national and supranational provisions relating to the collection and processing of personal data. It is sometimes called DPO (for Data Protection Officer).
The data protection officer can be reached as follows: firstname.lastname@example.org
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to grant his request, the user is required to provide him with: his first and last names as well as his e-mail address, and if relevant, his account number or personal space or subscriber.
The data controller is required to respond to the user within 30 (thirty) days, which may be extended to 60 (sixty) days depending on the complexity or the number of requests.
. PRESENTATION OF THE USER'S RIGHTS IN TERMS OF COLLECTION AND PROCESSING OF DATA
a. Right of access, rectification and right to erasure
In accordance with the European regulation on the protection of personal data, you have a right of access, rectification, erasure, limitation, portability and opposition to your personal data being processed by SPC.
You can exercise these rights at any time and free of charge by sending an email to email@example.com or by post to : Skimium - for the attention of the DPO, 1160, avenue Joseph Thoret 74190 Passy Mont Blanc - France.
b. Right not to be the subject of a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him. similar way.
c. Right to determine the fate of data after death
The user is reminded that he can organize what should be the fate of his data collected and processed if he dies, in accordance with Law No. 2016-1321 of October 7, 2016.
d. Right to seize the competent supervisory authority
In the event that the data controller decides not to respond to the user's request, and the user wishes to challenge this decision, or, if he believes that one of the rights listed above, he is entitled to appeal to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
All requests must be signed and accompanied by a photocopy of an identity document and specify the address to which the response is desired.
B. PERSONAL DATA OF MINORS
In accordance with the provisions of article 8 of European regulation 2016/679 and the Data Protection Act, only minors aged 15 or over can consent to the processing of their personal data.
If the user is a minor under the age of 15, the consent of a legal representative will be required so that personal data can be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years of age, or that he has obtained the consent of a legal representative before browsing the site.
Use of "cookies" files
The site may use “cookie” techniques.
A “cookie” is a small file (less than 4 kb), stored by the site on the user's hard drive, containing information relating to the user's browsing habits.
These files allow it to process statistics and traffic information, facilitate navigation and improve the service for the convenience of the user.
For the use of "cookie" files involving the saving and analysis of personal data, the user's consent is necessarily requested.
This user consent is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the site will again request the user's authorization to save “cookie” files on their hard drive.
A. User opposition to the use of "cookie" files by the site
It is brought to the attention of the user that he can oppose the recording of these “cookie” files by configuring his browser software.
For information, the user can find at the following addresses the steps to follow in order to configure his browser software to oppose the recording of "cookie" files:
- Chrome: https://support.google.com/accounts/answer/61416?hl=fr
- Firefox: https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
- Safari: http://www.apple.com/legal/privacy/fr-ww/
- Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies/
- Opera: http://www.opera.com/help/tutorials/security/cookies/
In the event that the user decides to deactivate the "cookies" files, he will be able to continue browsing the site. However, any dysfunction of the site caused by this manipulation could not be considered as being due to the editor of the site.
All of the information relating to the Cookies used on https://www.skimium.co.uk can be consulted at the following internet address: https://www.skimium.co.uk/security-confidentiality
This confidentiality policy can be consulted at any time at the address indicated below:
The site editor reserves the right to modify it in order to guarantee its conformity with the law in force.
User acceptance of the confidentiality policy