The purpose of this data protection policy is to define CITIA’s commitments as data processor or controller, in view of protecting personal data (hereinafter termed "the Data") collected and processed when using its Internet websites (hereinafter termed "the Websites") https://www.citia.org/, https://www.annecy.org/, http://www.lespapeteries.com/ and the Annecy Festival App (iOS and Android version) and more generally for events (hereinafter "the Events") which CITIA organizes and services it offers (hereinafter "the Services").
This data protection policy duly completes the general conditions for use of the Websites.
The Data is collected, processed and stored by CITIA, Image et industries créatives (Image and Creative Industries) – Établissement public de coopération culturelle (EPCC – Public Institution for Cultural Cooperation), registered at the Annecy RCS under the number 489 885 111, with its headquarters at c/o Conservatoire d'art et d'histoire, 18 avenue du Trésum, CS 50038 – Annecy – FR-74001 Annecy Cedex, represented by its chairman, Mr. Dominique PUTHOD.
As data collector, CITIA may harvest several categories of Data, detailed hereinafter.
The Data results from information which you provide to CITIA by several channels, notably: browsing the Websites, enrolling or participating in Events, creating user accounts on the Websites, requesting to be contacted by CITIA, seeking information on Events and Services, and signing up for CITIA e-mailing campaigns.
In the Data collection forms, only starred items denoted by an asterisk (*) are obligatory for processing your request. Replies provided in the non-starred (*) fields are merely optional.
To participate in a CITIA-organized event:
To obtain a letter of invitation necessary for visa acquisition
All of the abovementioned information, as well as:
To create a user account:
To sign up for an e-mailing campaign:
To obtain information from or be contacted by CITIA
Some Data may be supplied/transmitted to/by third parties or CITIA partners, in accordance with current rules and regulations (for example, after having been informed of your right to refuse, you gave your consent or expressed no objection to the transfer of your data to CITIA for marketing purposes).
When you visit our Websites CITIA also collects your IP address, log-in data and cookies (under the conditions stipulated in Article 9).
When browsing the Websites, creating user accounts, filling in contact forms, enrolling in Events or signing up for e-mail campaigns, you are informed that CITIA is collecting, using and processing your data for the following purposes:
The Data is solely reserved for CITIA and its specially-authorized staff members, in strict compliance with the processing purposes listed in Article 4 hereinabove.
CITIA may deem it necessary to communicate certain Data points to its sub-contractors and service-providers, in order to process your requests. The sub-contractors and service-providers are legally bound to respect the privacy and security of any Data which might be communicated to them, and are legally bound to use said Data solely to assist in their sub-contracting or service-provision.
CITIA pledges that your Data will not be disclosed to any non-authorized third parties, without your prior agreement.
If necessary, and only under very particular circumstances, CITIA may be obliged to disclose the Data if this is ordered by judicial or administrative authorities.
To assess the most pertinent time period for Data storage, CITIA distinguishes between prospects who have never before had a contractual relationship with CITIA and/or partner(s), and those with whom CITIA now has an ongoing contractual relationship or already had one in the past.
The Data is stored by CITIA for a period not exceeding the strict time necessary for the collection purposes detailed above; moreover, in no case shall the Data be stored:
At the end of the planned storage period, it is possible that the Data be reprocessed for statistical and research report purposes, as long as it is subject to pseudonymization.
In compliance with the measures of the amended January 6, 1978 law and with the General Data Protection Regulation (or GDPR), you are entitled to the following rights:
If you wish to exercise one of the abovementioned rights, you can request this:
In the event that you exercise one of these rights by electronic means, CITIA will provide said Data via electronic means when appropriate or possible, unless you have specifically requested that this be done otherwise.
Likewise, you have the right to lodge a complaint with the French Data Protection Authority (CNIL) www.cnil.fr.
CITIA applies sufficient, adequate and relevant measures in order to preserve Data security and, notably, to prevent Data being skewed or damaged and to forestall non-authorized third party access to them.
In particular, these measures include:
If CITIA itself discovers a security flaw, vulnerability or violation or is informed of one, it is legally bound to inform the supervisory authorities concerning:
If it is not possible to provide all the above information at a single time, it can be done in stages, within a reasonable time frame.
CITIA will not inform the supervisory authorities concerning any security flaws, vulnerabilities or violations which are unlikely to pose a risk to the rights and freedoms of individuals.
Cookies are small data files which are sent to the browser and land on a computer’s hard disk, smartphone, touch tablet, etc. when you connect to the Websites.
In terms of memory, cookies only retain the identification code, barring the rest of your personal information. Thus the cookies derived from Website use do not allow for your personal identification to be revealed, but rather provide information on how the terminal browsed the Websites (pages viewed, date and time of viewing, etc.). It is this information that CITIA can refer to when you visit the Websites at a later date.
The duration of storage for cookies is not to exceed thirteen (13) months, starting from when they first arrive in your terminal.
There are several types of cookies which can be implemented in your browser by CITIA in order to:
To deal with cookies and your options each browser is configured differently. This is detailed in your browser’s ‘help’ menu, and allows you to understand how to modify your choices about cookies.
This modification, however, will result in elimination of all cookies used by your Internet browser, included those related to other websites, and thus will mean that your Internet browsing may become more complex or even impossible.
CITIA may need to use, collect and process your Data for commercial prospection by dispatching its own direct prospection e-mails or those of its partners.
In these cases, you will be informed in advance that commercial prospection operations are underway and you must consent to this within the Data collection framework.
It is not necessary for your prior express consent to be given if you already are a CITIA customer and if the aim of these proposals is to offer you products or Services similar to those already being provided to you by CITIA.
In any case, you may refuse these proposals at any time by clicking on the special "unsubscribe" link displayed in e-mails sent by CITIA or its partners.
CITIA reserves the right to modify this data protection policy and will inform you in advance of such, by a special note to this effect posted on the Websites.