Logo Ctoutvert

Privacy policy

We attach great importance to safeguarding the personal data entrusted to us by our customers as part of our Services. The purpose of this Privacy Policy is to inform you about our personal data policy, in particular with regard to the data we collect, how we process it, for what purposes we use it and with whom we share it.

More specifically, this Charter describes how we use your personal data when you use our websites and/or booking portals, when you purchase and use the Services provided or offered by CTOUTVERT, or when you interact with us via other channels (hotline, social networking platforms).

By simply using one of the services provided or offered by CTOUTVERT (hereinafter "the Services"), you confirm that you have read and understood this Privacy Policy in its entirety and that you accept it.

In accordance with current legislation on the protection of personal data, we consider that CTOUTVERT acts as a subcontractor for certain processing operations and purposes, and as a Data Controller for others.

Personal data (hereinafter referred to as "Data" or "Personal Data") means "any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity".

Data processing (hereinafter "Processing" or "Data Processing") means "any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".

Information we collect

We declare that Personal Data has been collected fairly and lawfully, for specified, explicit and legitimate purposes.

Collection of Personal Data from consumer customers

As part of the reservations made by the Establishment's clients, via the SecureHoliday Reservation Interface, we collect Personal Data from them at the time of their reservation and then transmit them to the Payment Provider or to the Establishment (via its PMS management software if a PMS gateway is installed) via a technical means that it -the Establishment- determines and for which it is responsible, in particular with regard to the safety and security of the Personal Data. We then integrate these Personal Data into the SecureHoliday system database.

The Data collected are the first and last names of the customers, their date of birth, their addresses (street, postcode, town, country), their telephone numbers, their email addresses, the place and dates of their reservations.

Collection of Personal Data from Customer Establishments

As part of the Services provided to the Establishment, we collect Personal Data from the Establishment, mainly at the time of placing the order via the corresponding Order Form. The Data collected are the name of the Establishment, its address, its company name, its telephone number, the address of its website, its intra-community VAT number, its email address, as well as the first and last name of the manager of the Establishment or the person signing the order.

How we use the information we collect

Processing of consumer customer Personal Data

We Process Personal Data for the sole purpose of carrying out the Services for the Establishment and in particular for the following purposes:

  • Processing customer Reservations and managing the Services ordered by the Establishment
  • Subsequent commercial communication, only if the booking is made via the SecureHoliday system from a Partner website belonging to CTOUTVERT
  • Statistical studies
  • Purpose of profiling as part of the "CRM / GRC Pack" service Personal Data may not, in this respect, be the subject of any operation other than those set out in the present provisions.

Processing of Personal Data of the Customer Establishment

We Process Personal Data for needs relating to the performance of Services for the benefit of the Establishment and to legal requirements, and in particular for the following purposes:

  • Processing Service Orders
  • To meet the legal requirements arising from the law of 21 June 2004 in terms of the retention of Publishers' data.

We may also use the information detailed above, including any Data relating to consumer customers and any Data relating to customer Establishments, for the following purposes:

  • To comply with our legal and regulatory obligations (including fraud prevention, anti-money laundering and sanctions screening). This may include checking the information provided to us against Data from other sources.
  • Enforce any contract between you and us relating to our Services
  • Notify all customers of changes to our Services or to our terms and policies
  • Improve customer experience and quality of service

Information we share

We may share Personal Data with our business partners, in particular when these partners collect the cost of bookings directly, before paying it to the Establishment in question. We may also share Personal Data with service providers that we use in the context of the Services for essentially technical purposes, including the host of our servers (Microsoft Azure). When service providers intervene as part of the Services provided or offered by CTOUTVERT, all measures are taken to ensure a high level of security for the protection of Personal Data and all Processing is carried out in accordance with our instructions. They may not, under any circumstances, make any other use of the Personal Data transmitted to them than that expressly required, nor disclose to any other third party the Personal Data concerning CTOUTVERT's client Establishments or the consumer clients of the Establishments booking via SecureHoliday. In particular, technical service providers are not authorised to use your data for commercial prospecting on their behalf.

In any case, the only other occasions on which Personal Data may be transmitted to a third party are the following:

  • We have obtained your prior consent to do so
  • The information is processed via a trusted commercial partner in compliance with the Confidentiality Charter, respect for privacy and security levels, on the basis of the contract concluded between the said commercial partner and the Customer Establishment.
  • We use third-party service providers for technical subcontracting purposes
  • We have aggregated non-personally identifiable data for use in segmentation, statistical modelling, general research or trend analysis
  • We have a duty to disclose or communicate Personal Data in order to comply with our legal obligations, to enforce our terms of sale and other agreements, and to protect our rights, property or safety, that of our customers or others. This includes exchanging information with other companies or organisations in order to prevent fraud and reduce credit risk.

Retention of Personal Information

We retain Personal Data for as long as is necessary to pursue and achieve the above purposes in the manner indicated and to comply with our legal obligations.

Accuracy of information

We endeavour to ensure that Personal Information held is accurate, current and complete. We will respond to customer requests to rectify inaccurate information in a timely manner. Consequently, any person about whom we hold Personal Data has the opportunity to let us know.

Security

We have put in place a number of technical and organisational measures to ensure the security and protection of the Personal Data processed.

Nevertheless, if Personal Data is transmitted to us via a means of communication using the Internet, we cannot guarantee that this Data is perfectly secure.

Transfers outside the EEA

The Personal Data we process is hosted exclusively in the European Union and we do not transfer any Personal Data outside the European Union.

Your rights and preferences

At any time and in accordance with current legislation on the protection of personal data, you have the right to access, rectify and delete your data, as well as the possibility of objecting to the processing of your data, by sending your request by post to the following address: CTOUTVERT SAS 10 Place Alfonse Jourdain 31000 Toulouse (France) Email address: ctoutvert.cnil@ctoutvert.com

You may also lodge a complaint with the competent supervisory authority, the CNIL, at any time.

You are reminded that if you exercise any of these rights, we may no longer be able to provide you with all or part of the Services.

Updates

This Personal Data Protection Policy may be modified without prior notice. In order to keep you informed of any changes, we invite you to consult our Policy regularly.

Updated: 01/04/2025