Personal data and cookies policy

1. Personal data management

The Customer is hereby informed that the www.amoria-labaule.com complies with legal data protection obligations, in accordance with :

the French Data Protection Act of January 6, 1978, as amended,
the French law on confidence in the digital economy of June 21, 2004,
and General Data Protection Regulation (GDPR - EU 2016/679).

1.1 Data controller

The data controller is :

SAS AMORIArepresented by Mr Antoine Boulle,
Immeuble Emergence, 60 avenue du Canada, 35200 Rennes, France
contact@amoria-labaule.com

AMORIA defines the purposes of data processing, ensures compliance with the legal framework in force, informs its customers about the use of their data, and takes all necessary measures to guarantee their security and confidentiality.

1.2 Purpose of processing

Personal data collected via the site www.amoria-labaule.com are used solely for legitimate, specific and explicit purposes:

Management of reservations, payments and customer relations
Response to contact requests
Sending of commercial offers and news (emails, SMS), with prior consent
Statistical monitoring and improvement of site navigation
Combating fraud and misuse

Data is never sold to third parties and is only used for statistical purposes after anonymization.

1.3 User rights

In accordance with the RGPD, users have the following rights:

Right of access, rectification, deletion of their personal data (Articles 15 to 17 of the RGPD).
Right to withdraw consent at any time
Right to object to or restrict processing (articles 18 and 21)
Right to data portability (article 20)
The right to define directives concerning the fate of their data after their death

To exercise these rights, users may write to the following address, enclosing a copy of their identity document:

SAS AMORIA - 60 avenue du Canada, 35200 Rennes, France
or by email : direction@amoria-labaule.com

The user may also lodge a complaint with the competent supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr

1.4 Data storage and security

Personal data is kept for a period strictly necessary for the purposes for which it was collected, in accordance with legal and regulatory obligations.

AMORIA implements appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration or disclosure. This includes secure hosting, data encryption, firewall systems and strict access management.

1.5 Subcontracting and transfer

AMORIA does not transfer personal data outside the European Union without adequate safeguards within the meaning of the RGPD. Technical service providers (e.g. hosting, booking solution) may process certain data on behalf of AMORIA, in strict compliance with the applicable legal and contractual framework.

No data is published, exchanged or passed on to third parties without your express consent, except in the event of sale of the company or transfer of business, in which case the same data protection obligations will be passed on to the transferee.

1.6 Incident notification

In the event of a personal data breach, AMORIA undertakes to notify the incident as soon as possible to the CNIL, as well as to the users concerned where required, in compliance with Articles 33 and 34 of the RGPD.