GDPR – Tourism in a post-COVID and low-carbon world

Drive Innovation Insights SAS (hereinafter “DII“, “We“) attaches particular importance to respecting the privacy of its users (hereinafter “User(s)“, “you“) and therefore undertakes to treat their personal data in the strictest confidence and in accordance with the legislation in force, and in particular, Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms (“Loi Informatique et Libertés“), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“RGPD“) (hereinafter, jointly “Applicable Legislation“).

This data privacy policy (hereinafter the “Policy“) is intended to inform you in a transparent manner about the data that we collect on the dii.eu website and sub-sites (hereinafter the “Site“), the purpose, the way in which we may use them, the persons or organisations to whom we may communicate them, and the way in which you may contact us in order to find out about our data protection practices and to exercise your rights.

Please read this Policy carefully. If you have any further questions, please do not hesitate to contact us at [email protected].

1. WHO IS THE DATA CONTROLLER?

The company detailed below acts as the data controller with regard to the processing of the User’s data:

DRIVE INNOVATION INSIGHTS, SAS

164 BD HAUSSMANN, 75008 PARIS

RCS : 490 045 838

2. WHAT DATA DO WE COLLECT?

We collect your data – personal or not – for various reasons which are defined in the following point (see point 3).
This includes the following data:

– your identification data (surname, first name, position, company, telephone, title, e-mail address, and your address);

– your bank details (credit card number, IBAN and BIC/SWIFT) and billing details;

– the type of domain with which you connect to the Internet;

– the IP address assigned to you;

– the date and time of your access to our site;

– location data or other communication data;

– the pages you have visited on our site;

– the type of browser, platform and/or operating system you are using;

– the search engine and keywords used to find the site;

– your browsing preferences.

– any other personal data that you may transmit to us in the course of our communications (by email or otherwise);

3. WHY DO WE COLLECT YOUR DATA?

We collect and use your data to comply with applicable legal requirements, to send you our newsletters, to provide you with offers and services similar to those already subscribed to with DII or directly related to your profession, to fulfil our contractual obligations and, as permitted by law, for the purposes of our legitimate interests (i.e. the management and improvement of the Site, the performance of data analysis and the management, evaluation and improvement of our business).

4. HOW DO WE COLLECT YOUR DATA?

Most of your data is provided to us through your active participation. This is the case, for example, when you give us your identification data to place an order. Other data, such as the date and time you access our Site, the pages you visit or your location data, is collected automatically, through the servers you visit and the “cookies” placed on our site. For more information on what a “cookie” is, what it is used for and exactly what data it collects, please visit our cookie policy.

5. HOW DO WE PROTECT YOUR DATA?

We take great pride in respecting the privacy of our users. We implement and maintain administrative, technical and physical safeguards to protect the personal data we collect through the Site from accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, use or access. For the payment of your order, in order to guarantee optimal security, we use a secure payment system AXEPTA.

6. HOW LONG DO WE KEEP YOUR DATA?

We keep your data for the time necessary to fulfil the purposes for which it was collected (see point 3) or for a longer period if necessary to comply with our legal obligations and the applicable statutory limitation periods.

7. WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM?

You may at any time request to verify, access, rectify, delete, transfer (right of portability, where applicable) and object to the use of your data, as well as request the limitation of your data.

You can exercise these rights by sending an email to the following address: [email protected], or by contacting us by post at the following address: DRIVE INNOVATION INSIGHTS, SAS, 164 Boulevard Haussmann, 75008 Paris, France. We will then do everything in our power to do what is necessary as soon as possible.

You also have the right to file a complaint with the French data protection authority, the CNIL (see point 13).

8. WHO HAS ACCESS TO YOUR DATA AND TO WHOM IS IT COMMUNICATED?

Our subcontractors, employees, affiliates and partners of the events and services provided by or on behalf of DII. They have access only to the extent necessary to fulfil your order and/or for the fulfilment of their purposes (see point 3). Each of them is subject to a strict obligation of confidentiality.

9. DO WE TRANSFER YOUR DATA ABROAD?

We will only transfer your data to a country outside the European Union if that country provides a level of protection equivalent to what you would find in France.

10. HOW TO RECEIVE OUR MARKETING COMMUNICATIONS?

We only use your email address to offer you services and products similar to those you have already ordered from us or relevant to your profession.

You may unsubscribe and withdraw your consent to these communications at any time by sending an email to: [email protected]

11. WHAT IS OUR POLICY ON DATA RELATING TO MINORS?

Our Site and services are not intended for minors under the age of 18. If you become aware that your minor child has provided us with personal data without your consent, please contact us at [email protected]. Once we become aware that we have collected personal data from a minor, DII will take steps to delete that information as soon as possible.

12. WHAT HAPPENS IF THE POLICY CHANGES?

If we change this Policy, you will be notified through our website.

13. WHAT IF THERE IS A DISPUTE?

No one benefits from lengthy litigation. In the event of a dispute between us, we are committed to dialogue and openness to finding an amicable solution. We therefore invite you to contact us at the following email address: [email protected] or by post at the following address: DRIVE INNOVATION INSIGHTS, SAS, 164 Boulevard Haussmann, 75008 Paris, France.

We will then make every effort to respond to you as soon as possible, and in any case within the maximum period of 30 days in accordance with Article 12 (3) of the GDPR.

However, if no amicable solution can be found, you are informed that you have the right to lodge a complaint with the data protection supervisory authority by contacting :

CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France
Tel: +33 (0)1 53 73 22 22
www.cnil.fr

1.1 DRIVE INNOVATION INSIGHTS SAS (hereinafter, “DII“, “We“) respects the privacy of its users (hereinafter, the “Users“, “You“).

1.2 DII processes the personal data transmitted to it in accordance with the legislation in force, and in particular, Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms (“Loi Informatique et Libertés“), and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR“).

1.3 Access to the www.dii.eu website and sub-sites (hereinafter, the “Site“) implies the User’s full and unreserved acceptance of this Privacy and Personal Data Processing Policy (hereinafter, the “Policy“), as well as its Terms and Conditions of Sale (hereinafter, the “T&Cs“) and the cookie policy.

1.4 The User acknowledges having read the information below and authorises DII to process, in accordance with the Policy, the personal data that the User provides on the Site as part of the ordering service provided by DII on its Site (hereinafter, the “Service“).

1.5 The Policy applies to all pages hosted on the Site and to records on the Site. The Site may contain links to other online services and websites, which are provided to you for your information (e.g. Welcome to the Jungle, LinkedIn and Twitter buttons). These third party services, websites and features operate independently of us. The privacy and data protection practices of these third parties, including details of any data they may have collected about you, are subject to the data protection policies of those third parties, which we strongly recommend you consult. In the event that any such online services or third party functionality are not owned or controlled by DII, DII disclaims any responsibility for the content and privacy practices of such third parties.

2. DATA CONTROLLER

2.1 The data controller of your data is the company:

DRIVE INNOVATION INSIGHTS, SAS
164 BD HAUSSMANN, 75008 PARIS
RCS : 490 045 838

2.2 Any questions or requests concerning the processing of your data may be sent to the following address: [email protected]

3. DATA COLLECTED

3.1 By filling out the contact form or the service/program request form on the Site, the User expressly authorizes DII to record and retain, for the purposes mentioned in point 4, the following information:

– identification data, i.e. name and surname, position, company, telephone, title, e-mail address, and address;

– banking information necessary for the Service, such as bank account numbers, IBAN and BIC/SWIFT;

– billing information;

– any other personal data that you may transmit to us in the course of our communications (by email or otherwise).

3.2 The User also authorises DII to record and store, for the purposes mentioned in point 4:

– information voluntarily submitted by the User for a purpose set out in the Policy, the T&Cs, the cookie policy on the Site or in any other communication medium used by DII;

– additional information requested by DII from the User in order to identify the User or to prevent the User from violating any of the provisions of the Policy;

3.3 In order to facilitate navigation on the Site and to optimise technical management, the Site may use “cookies”. These “cookies” record in particular:

– the User’s browsing preferences;

– the date and time of access to the Site and other data relating to traffic;

– the pages consulted;

All the information relating to the management of “cookies” is included in the DII Cookie Policy available on https://www.dii.eu/en/cookie-policy.

3.4 When the User browses the Site, we may collect certain data by automated means, such as:

– the type of domain with which the User connects to the Internet ;

– the IP address assigned to the User (when he/she connects);

– the date and time of access to the Site and other traffic data;

– location data or other communication data;

– the various interactions with the Site (e.g. pages consulted);

– the type of Internet browser used;

– the platform and/or operating system used;

– the search engine and keywords used to find the Site.

3.5 No nominative data allowing the identification of the User is collected through the cookies and servers consulted. This information is only kept for statistical purposes and to improve the Site.

3.6. We use third party online analysis services on this Site, such as those offered by Google Analytics. The providers of these analytics services use automated solutions to collect data (such as email address, IP addresses, cookies and other device identifiers) in order to, for example, evaluate the use of the Site and to identify technical problems. For more information on Google Analytics, please visit www.google.com/analytics/learn/privacy.html.

4. PURPOSES OF PROCESSING

4.1 DII collects, records and uses the data of its Users in particular for the following purposes:

– to establish, perform and conduct the contractual relationship with the User;

– to analyse, adapt and improve the content of the Site;

– to provide the Service;

– to enable the User to receive messages;

– to facilitate the provision and use of the Site;

– to personalise the User’s experience on the Site;

– to respond to requests for information;

– for possible marketing, commercial prospecting and promotional actions offered by DII to Users in accordance with Applicable Legislation;

– to inform them about the evolution of the Site and its functionalities;

– for any other purpose for which the User has expressly given his consent, or for which DII could assert its legitimate interest.

5. RIGHTS OF THE DATA SUBJECT

5.1 According to the regulations on the processing of personal data, the User has the following rights:

– Right to be informed about the purposes of the processing (see above) and about the identity of the controller (Art. 13 RGPD).

– Right of access (Art. 15 RGPD), rectification (Art. 16) and deletion (Art. 17) of data: DII invites the User to make this request by email to the following email address: [email protected] or to the postal address: DII – 164 bd Haussmann, 75008 Paris, enclosing a copy of an identity document in order to be able to identify him/her with certainty. DII will thus have the guarantee that only the User has access to his/her data.

– Right to limit processing (Art. 18 of the RGPD): the User may in particular obtain the limitation of processing when he/she has objected to the processing, when he/she disputes the accuracy of the data or when he/she considers that the processing is unlawful.

– Right of portability (Art. 20 RGPD): The User has the right to receive the personal data that he/she has communicated to DII and may also ask DII to transmit this data to another controller.

– Right to object (Art. 21 GDPR): The User has the right to object on legitimate grounds to the processing of his/her personal data as well as the right to object to the processing of his/her data for the purpose of prospecting.

6. RETENTION PERIOD

Within the framework of the Applicable Legislation, DII will process and retain the personal data of its Users (1) for the period necessary to achieve the purposes pursued (see point 4) and for as long as the User does not request their deletion or (2) for a longer period if necessary for DII to comply with its legal obligations and applicable limitation periods, in particular in the fulfilment of its fiscal obligations.

7. CLAIMS TO THE SUPERVISORY AUTHORITY

The User is informed that he/she has the right to lodge a complaint with the French data protection supervisory authority, CNIL, in accordance with Article 77 of the RGPD if he/she considers that the processing of his/her personal data does not comply with the Data Protection Act.

CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France
Tel: +33 (0)1 53 73 22 22
www.cnil.fr

8. SECURITY

8.1 In order to guarantee optimal security of payments, DII uses an online payment service (see point 11 below), which meets high security standards.

8.2 In addition, DII has taken appropriate organisational and technical measures to ensure a level of security appropriate to the risk and to ensure that the servers hosting the personal data processed prevent, as far as possible:

– unauthorised access to or modification of such data;

– improper use or disclosure of such data;

– the unlawful destruction or accidental loss of such data;

8.3 In this respect, DII employees who have access to such data are under a strict obligation of confidentiality. However, DII shall not be liable for any misappropriation of such data by a third party despite the security measures adopted, except in the event that DII has been informed of such security breach and has not taken any action to attempt to remedy it.

8.4 Users agree not to engage in any conduct that may be contrary to this Policy, the T&Cs, the Cookie Policy or the law generally. Users are informed in this respect that offences against the confidentiality, integrity and availability of computer systems and the data stored, processed or transmitted by these systems, or the attempt to commit any of these offences, are punishable by imprisonment for a period of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or by one of these penalties only.

9. COMMUNICATION TO THIRD PARTIES

9.1 We do not disclose the personal data we collect about you except as set out in this Policy. We may disclose your personal data to our employees, subcontractors, affiliates and partners of our events and services provided by or on behalf of DII, for the purposes described in this Policy in point 4, or as required by law.

9.2. DII may disclose to third parties the personal information of its Users, but only if such information is necessary for the performance of a contract with its Users. In this case, such third parties will not be permitted to disclose such information to other third parties, except in the event that :

– the communication by these third parties of this information to their suppliers or sub-contractors is necessary for the performance of the contract to which the User is a party;

– or these third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the fight against money laundering, as well as generally to any competent public authority.

9.3 The communication of such information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations, and shall be carried out in accordance with the requirements set out in the Regulations in force.

9.4. We may also be required to disclose your data (1) if we are required to do so by law or legal process (such as a court order or an order for the production of documents); (2) to comply with a request from a public authority, such as a law enforcement authority; (3) to establish, exercise or defend our legal rights; or (4) if we determine that such disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with any investigation of suspected or actual illegal activity; (6) in the event of a sale or transfer of all or part of our business or assets (including restructuring, dissolution or liquidation); or (7) with your consent.

10. TRANSFER TO A NON-EUROPEAN UNION COUNTRY

DII will only transfer data to a country outside the European Union where that country provides an adequate level of protection under the Applicable Legislation.

In the event of such a transfer, we will ensure that the processing is carried out in accordance with this Policy and that it is governed by the European Commission’s standard contractual clauses or any other Adequacy Decision or contractual mechanisms issued by any public data protection body to ensure an adequate level of protection of the privacy and fundamental rights of individuals.

11. ONLINE PAYMENT SERVICE

11.1 The payment service integrated into the Site is provided by AXEPTA of the BNP-PARIBAS bank.

11.2 The relationship between the User and AXEPTA is governed by the Privacy Policy available at the following address: https://www.axepta.be/fr/politique-de-confidentialite/, which also includes provisions relating to the processing of personal data transmitted by AXEPTA as part of its service, and for which AXEPTA is the data controller.

11.3 When making a payment through AXEPTA, the User declares that he/she has read, understood and accepted the AXEPTA Privacy Policy.

12. B2B SALES PROSPECTING BY ELECTRONIC MEANS (email).

12.1 Your personal data may be used by DII or its affiliates for commercial prospecting purposes when (i) you are already a customer of DII and the object of the prospecting concerns products or services similar to those already provided by DII; or (ii) the prospecting concerns only offers related to your profession.

12.2. In any case, you always have the possibility to object to receiving such commercial prospecting by clicking on the unsubscribe link provided in each e-mail, or by communicating your request by writing to the following address: [email protected]

13. NOTE REGARDING MINORS

The Site is not intended for children under the age of majority (“Minors”), but is not intended for adults only as it does not contain any content that is prohibited for Minors. If DII becomes aware that it has collected the personal data of a Minor, DII will take steps to remove such information as soon as possible.

14. UPDATES AND CHANGES TO THE POLICY

By informing Users through the Site, DII may modify and adapt the Policy, in particular in order to comply with any new applicable legislation and/or regulations, recommendations of the CNIL, guidelines, recommendations and best practices of the European Data Protection Committee and relevant court decisions.

15. VALIDITY OF CONTRACTUAL CLAUSES

15.1 DII’s failure to rely on any provision of the Policy at any time shall not be construed as a waiver of any subsequent rights under the Policy.

15.2 The invalidity, lapse or unenforceability of all or part of any of the foregoing or following provisions shall not invalidate the entire Policy. The provision that is wholly or partially invalid, void or unenforceable shall be deemed unwritten. DII undertakes to replace such provision with another that will, to the extent possible, serve the same purpose.

16. APPLICABLE LAW AND JURISDICTION

16.1 The validity, interpretation and/or execution of the Policy are subject to French law, to the fullest extent permitted by the applicable rules of private international law.

16.2 In the event of a dispute relating to the validity, interpretation or performance of the Policy, the Courts of Paris shall have exclusive jurisdiction, to the fullest extent permitted by the applicable rules of private international law.

16.3 Before taking any steps to resolve a dispute in court, the User and DII undertake to try to resolve it amicably. To this end, they shall first contact each other, before resorting, if necessary, to mediation, arbitration or any other alternative dispute resolution method.