The Company Le Tahaa S.A. is committed to ensuring that the processing of your personal data collected via the website https://www.letahaa.com complies with the EU law n°78-17 of 6 January 1978 as amended, relating to data processing, files and civil liberties, and with the EU's General Data Protection Regulation (GDPR).
This privacy policy applies only to the website https://www.letahaa.com.
Third-party websites or mobile applications to which you may be redirected when using the website have their own policies. We therefore advise you to consult their legal notices and privacy policies.
This privacy policy explains how we handle the personal data we collect on our website.
DEfinitions
EU Data Protection Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as all other applicable national laws relating to the processing of personal data and the protection of privacy ("Data Protection and Civil Liberties" act).
Personal data: Any information relating to an identified or identifiable natural person (“Data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Controller: The natural or legal person, public authority, agency or any other body who, alone or jointly with others (co-controllers), determines the purposes and means of processing personal data.
Data Processor: A natural or legal person, public authority, agency or other body who processes personal data on behalf of the data controller.
Recipient: A natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether a third party or not..
Third party : A natural or legal person, a public authority, a service or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Supervisory authority: An independent public authority established by a Member State in accordance with Article 51 of the GDPR (CNIL).
Processing: An operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Standard Contractual Clauses: A set of standard contractual clauses for transfers adopted by the European Commission for the international transfer of personal data.
Personal data breach: A breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Personal data processing
"Le Tahaa" collects and processes, in particular, identification data (your name, first name, etc.) and personal and family contact data, contact details (address, telephone number, e-mail address), economic and financial information (payment card number), data relating to your tastes, preferences and traveling habits, marketing data, connection data (IP address, browsing data) and, more generally, data relating to the nature of our relationship (booking, information requests, claims). Please refer to our Cookies policy here for more information on cookies used on the website.
This collection of personal data is lawful and necessary for the following purposes:
Purpose |
Legal basis |
Data processed |
Retention period |
Source |
Booking management |
Contract (pre-contractual measures) |
Identification (including minors), booking details, contact details, type of payment card, specific requests that may contain sensitive data. |
3 years from the booking date. 10 years for accounting requirements and dispute management. |
Booking form on the website and online chat. |
Information request management |
Consent |
Identification, contact details, comments. |
Archived once the request has been processed |
Contact form |
Newsletter subscription |
Consent |
Name, first name, country, e-mail address |
Until consent withdrawal through the unsubscription link |
Newsletter subscription form |
Commercial prospection |
Contract (pre contractual- measures) |
E-mail address |
3 years from the last contact OR until your unsubscription through the dedicated link |
Commercial relationship |
Social media interaction
|
Legitimate interest |
Identification and pseudonym
|
Related to the existence of the social media page concerned |
Social media page concerned |
Online games |
Legitimate interest |
Depending on the game type: identification data, contact details, pseudonym |
Related to the game rules |
Game application form, social media |
Your personal data is kept and accessible by "Le Tahaa" S.A. only for the time necessary to achieve the purpose for which it was collected, in accordance with all applicable laws.
THE RECIPIENTS
Your personal data collected on the website https://www.letahaa.com/ is confidential and only shared internally to employees authorized to process it for the above-mentioned purposes and who commit to respecting the confidentiality of such data. It may be shared with other group entities involved in the relationship. The CNIL or any other competent supervisory authority may also have access to it.
We may also share personal data with third parties acting on behalf of "Le Tahaa" S.A. All such processing is based on our prior instructions set out in a contract that complies with the requirements of the applicable law. The said disclosures are made for different reasons, in particular:
-
Development, maintenance, IT support and hosting of the website.
-
Chatbot assistance for bookings.
-
Verification of your information, payment authentication for reservations via the OSB platform.
-
Newsletter management
These service providers shall maintain the confidentiality of such information and are not allowed to to use your personal data for any purpose other than those previously listed. We also ensure that appropriate security measures are implemented to protect your personal data.
We may also disclose your personal data where such disclosure is permitted and required by law or a court order, in particular to meet our legal obligations regarding the prevention and combat against fraud, money laundering and the financing of terrorism.
TRANSFER OF DATA OUTSIDE OF THE EU
Personal data may be processed outside the European Union. In the case of countries not compliant with the GDPR, "Le Thaa" S.A. will implement appropriate measures to ensure that such transfers comply with the European Data Protection Regulation, by establishing standard contractual clauses approved by the European Commission, as they offer adequate protection.
SECURITY
"Le Tahaa" S.A. has implemented technical and organizational security measures to protect your personal data against unauthorized access and use. We follow appropriate security procedures in the storage and disclosure of your personal data to prevent unauthorized access by third parties and to prevent accidental loss of your data. Access to your personal data is strictly limited to to authorized persons that need it for professional purposes. Those accessing your data are subject to a duty of confidentiality towards "Le Tahaa" S.A.
We also have procedures for dealing with potential data breaches. We will notify you and the French supervisory authority (Autorité de contrôle française) of any suspected data breach where we are required to do so by law.
The site is protected by a TLS certificate ("Transport Layer Security" Certificate) to ensure that any information and data transiting through the website is secured. The purpose of a TLS certificate is to secure any data exchanged between the user and the website.
SOCIAL NETWORKS
Elements (buttons, plug-ins, etc.) linked to social networks or websites have been added to the website to share content or users' opinions on products or services. These elements allow social networks/websites to track the user's browsing habits, provided that the user is connected to his/her social network on the browser.
How the information linked to these elements is used is solely defined by the social network/website of which you are a member, and we have no control over this.
We invite you to consult the privacy policies of these social networks/websites for more information on the use of the data collected during your browsing and on how to modify your account privacy settings.
YOUR RIGHTS - GDPR AND LAW 'INFORMATIQUE ET LIBERTÉS'
You have the right of access, rectification, limitation, deletion, portability and objection of your personal data at any time.
-
Right of access: the right to obtain a copy of your personal data.
- Right to rectification: the right to request rectification of any errors in your data.
-
Right to erasure: the right to request that your personal data be deleted.
- Right to restrict processing: the right to request restriction of the processing of your personal data in certain circumstances, for example if you dispute the accuracy of the data.
-
Right to data portability: the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and/or to transmit this data to a third party, in certain situations.
- Right to object: the right to object to the further processing of your personal data (if applicable).
- Consent withdrawal: your right to withdraw consent at any time (if applicable).
If you have any questions about our Privacy Policy or the processing of your data, if you wish to exercise any of your rights listed above or to withdraw your consent, you can contact the Data Protection Officer of " Le Tahaa " S.A.
-
by e-mail: dpo@letahaa.com
- by mail to the following address:
Data Protection Officer - Service Juridique - "Le Tahaa" S.A. - B.P. 67 – 98 733 Patio, Taha'a - FRENCH POLYNESIA
You may be asked to provide certain information (such as a copy of a legally valid identity card) for identification purposes in order to process your request and protect you against fraudulent requests.
In the event of an unsatisfactory response, you may file a complaint with the French Supervisory Authority (the CNIL https://www.cnil.fr/fr/plaintes).
Last updated July 9, 2023.
This Privacy Policy discloses our current practices but may be modified and updated at any time.