Welcome2France is delighted that you have shown interest in our Website. The use of the Welcome2France Internet pages is, in general, possible without showing or furnishing personal data. There are special enterprise services in our Website, however, that require personal data for proper processing.
Data protection is extremely important to the management of Welcome2France. If the processing of personal data is deemed necessary, and there is no statutory basis for such processing, we will first obtain the consent of the user or data subject.
The processing of personal data, such as the data subject’s given name, surname, residential address, work address, e-mail address, or telephone number, shall be in line with the General Data Protection Regulation (GDPR). It shall also be in accordance with country-specific data protection regulations that apply to Welcome2France.
Through this data protection declaration, Welcome2France informs the general public of the nature, scope, and purpose of any or all personal data we collect, utilize, and process. Also through this declaration, Welcome2France also informs data subjects of the rights to which they are entitled and which they can assert.
As the controller, Welcome2France has implemented several technical and organizational measures to ensure the thorough and complete protection of personal data processed through this Website. Internet-based data transmissions, however, may have security gaps in principle, so absolute data protection cannot be guaranteed. For this reason, every data subject may use alternative means, such as the telephone, to lessen the risk of data being compromised by any Internet-borne security gaps.
1. Definition of Terms
The data protection declaration of Welcome2France is based on the terms used by the European legislator for the adoption of the GDPR. Per GDPR guidelines, the Welcome2France data protection declaration has been made legible and understandable for the general public, as well as our clients and business partners.
To comply with the guidelines, we will first explain the essential terms used in this declaration, as follows:
a) Data Subject
“Data Subject” refers to the identified or identifiable natural person or human being, whose information is being requested or required by the controller for processing.
b) Personal Data
“Personal Data” refers to any information that relates to the data subject. An identifiable person is someone who can be identified, directly or indirectly, through the given name, surname, location data, or his or her physical, physiological, genetic, mental, emotional, social, cultural, or economic trait.
“Processing” refers to any operation or a set of operations that is performed on personal data or sets of personal data. The operation or set of operations may be performed by automatic or manual means, or a combination of these, and associated activities include personal data collection, organizing, structuring, recording, storage, alteration, adaptation, retrieval, utilization, disclosure by transmission, digital or analog dissemination to one recipient or many recipients, restriction, erasure, disposal, or destruction.
d) Restriction of Processing
“Restriction of Processing” refers to the marking of stored personal data, with the aim of limiting the use in the future.
“Profiling” refers to any form of automated processing of personal data to evaluate or analyze certain aspects or traits of a natural person, with the aim of predicting his or her economic situation, performance at work, health condition, personal preferences, behavior, interests, activities, or location.
“Pseudonymization” refers to the processing of personal data in such a manner as that personal data, without the use of additional information, can no longer be attributed to the data subject who owns said personal data. In pseudonymization, any additional information furnished is kept separately from the personal data, and it is subject to technical and organizational measures that make sure it will not be attributed to the concerned data subject.
g) Controller or Controller Responsible for the Processing
“Controller” or “Controller Responsible for the Processing” refers to the natural person, legal person, public authority, or other body that, individually or jointly with other such entities, determines the purposes of processing personal data and the means by which it is processed. In case the purposes and means of such personal-data processing is determined or provided for by Union or Member State law, the controller or the specific criteria for nomination may be determined or provided for by Union or Member State law.
“Processor” refers to a natural person, legal person, public authority, or other body assigned and authorized to process personal data on behalf of the controller.
“Recipient” refers to a natural person, legal person, public authority, or other body, to which personal data (or sets thereof) are disclosed, whether it is a third party or not. A public authority is not a recipient if it receives personal data as part of an inquiry in accordance with Union or Member State law; in that case, the processing of personal data shall be in compliance with applicable rules, regulations, and laws.
j) Third Party
“Third Party” refers to a natural person, legal person, public authority, or other body that is not the data subject, controller, processor, or somebody explicitly authorized by the controller or processor to handle and act on personal data.
“Consent” refers to the indication that the data subject is authorizing the controller or processor to process the data subject’s personal data. Consent given by the data subject is freely given, specific, unambiguous, and informed, and this is made by a statement or a clear affirmative action.
2. Name and Address of the Controller
In compliance with GDPR and data protection laws that apply in Member States of the European Union, Welcome2France provides the name and address of the controller of this Website, as follows:
8 Blandfield Road
SW12 8BG London
Phone: +1 (650) 267.4328
Many Internet sites and servers utilize cookies, and many of these cookies contain a cookie ID that is a unique identifier of the cookie. Enabling a cookie allows already-visited Internet sites and servers to differentiate the individual Internet browser of a data subject from other Internet browsers that, in turn, have other cookies. Through the cookie ID, a specific Internet browser may be recognized and identified.
By using cookies, Welcome2France can provide users of its Website with optimized pages and, as a result, a better user experience. With cookies, users can store Website data in their computer system, and they do not have to access data from the Website on each visit. Also with cookies, any item that a user adds to the Website shopping cart will be remembered for future use.
Users may, at any time, deny or block any or all cookies through corresponding settings of the Internet browser. They may also, at any time, deactivate or delete any existing cookies through corresponding settings of the Internet browser. In case of cookie denial, blockage, deactivation, or deletion, however, not all features of the Website may function properly.
4. Collection of General Data and Information
The Welcome2France Website collects a series or set of general data and information whenever a data subject or automated system accesses any of the pages.
The general data and information that are collected and stored in the server log files from a data subject are as follows:
a) browser type and version used during the visit;
b) operating system used;
c) referring site;
e) date and time of access to the Website;
f) Internet protocol (IP) address;
g) Internet service provider (ISP); and
h) any other similar data and information that may be relevant in investigating attacks on the Welcome2France information technology systems.
When using the general data and information, Welcome2France does not make any evaluations of, or draw any conclusions about, the data subject.
The collection and storage of general data and information is specifically to:
a) deliver the Website content correctly and completely;
b) optimize the content of the Website;
c) ensure the long-term viability of Welcome2France information systems and Website technology; and
d) provide law enforcement authorities with the data and information necessary in the criminal prosecution of cyber-attack perpetrators.
Therefore, Welcome2France only uses collected and stored anonymous data and information for the purpose of statistical analysis, with the two-pronged goal of: 1) increasing the data-protection and data-security aspects of its business operations; and 2) ensuring an optimal level of protection and security for the personal data needing to be processed.
The anonymous general data and information collected are stored separately from any and all personal data provided by each and every data subject.
5. Registration on the Welcome2France Website
The data subject may register on the Website of the controller, Welcome2France, with consent to collect and store his or her personal data. The type of personal data that will be transmitted to the controller is determined by the input mask used for the registration.
The personal data furnished and entered by the data subject will be collected and stored exclusively for internal use by controller for reasonable purposes, as stated in this declaration.
The controller may request the transfer of personal data to one or more processors, such as a parcel service. These processors will use the personal data for an internal purpose that is attributable to the controller.
By registering on the controller’s Website, the IP address—assigned by the ISP and used by the data subject—as well as the date and time of registration, are also stored. The storage of this particular data may be used by the controller to prevent the misuse of services or, in unfortunate cases, to enable the investigation of criminal offenses. This data is not shared with, or passed on, to third parties, unless there is a statutory obligation to do so, or if the data transfer is deemed to aid in criminal prosecution.
The voluntary registration of the data subject is intended to enable the controller to offer Website content and/or company services that may only be offered to registered users. Registered persons are free to change or completely delete, at any time, any personal data furnished to the controller.
Upon request, the controller shall provide data subjects information on how their respective personal data have been stored. Additionally, the controller shall correct or erase personal data at the request of the data subject, except when there is a statutory storage obligation. All of the controller’s employees may be the data subject’s contact persons in this respect.
6. Subscription to Newsletters
Welcome2France Website visitors and users are afforded the opportunity to subscribe to the company’s newsletter. The input mask used for this purpose determines the personal data to be transmitted and the time the newsletter is ordered.
By means of a newsletter, Welcome2France informs its clients and business partners of company offers, industry updates, and related news.
A data subject may only receive the Welcome2France newsletter if: 1) he or she has a valid e-mail address; and 2) he or she registers for its shipping. For legal reasons, a data subject will undergo a double opt-in process of registration and receive a confirmation e-mail. This confirmation e-mail is used to prove that the data subject is the owner of the declared e-mail address, or if the data subject is authorized to receive the newsletter through that particular e-mail address.
During the newsletter registration, Welcome2France stores the IP address assigned by the ISP to the computer system used by the data subject for registering, and it also stores the date and time of the registration. The collection of this data is necessary in understanding or investigating misuse, if any, of the e-mail address of a data subject, and it also provides legal protection of the controller.
The personal data collected as part of the newsletter registration will only be used to send the Welcome2France newsletter, or to update subscribers on the newsletter operations, and it will not be transferred to any third parties.
Data subjects may terminate their newsletter subscription any time. They may revoke, at any time, their consent to the storage of personal data, given in connection to the delivery of the newsletter, and they may do so by following a corresponding link found in the newsletter. They may also unsubscribe, at any time, directly on the Website of the controller or by communicating this to the controller through alternative means.
7. Newsletter Tracking
The Welcome2France newsletter contains tracking pixels, which are miniature graphics in HTML format that enables the recording and analysis of log file. A tracking pixel allows the controller to make a statistical analysis of the success or failure of newsletter to convey promotional messages to the audience, or a statistical analysis of the effectiveness of online marketing campaigns. Through the tracking pixel, Welcome2France can see: 1) if and when the e-mailed newsletter was opened by the data subject; and 2) which links were clicked on and called up by the data subject.
The personal data collected in the tracking pixels contained in the e-mailed newsletters are stored and analyzed by the controller to: 1) optimize the shipping of the newsletter; and 2) improve the content of future issues.
The personal data collected as part of the newsletter tracking will not be transferred to any third parties. Data subjects may revoke, at any time, the consent given to the controller in regard to collecting and storing their personal data, and they can do so by undergoing a double opt-in procedure. Upon the revocation of consent, the controller will delete the personal data. Welcome2France automatically considers a withdrawal from the receipt of the newsletter as a revocation.
8. Contact Possibility Through the Website
The Welcome2France Website contains information that enables a quick, direct communication with the staff, and details include the company e-mail address. If a data subject contacts the controller via e-mail or the contact form on the Website, the personal data transmitted by the data subject will be stored automatically. Such personal data, which the data subject provides the controller on a voluntary basis, will be stored in order to process the inquiry and/or respond to the data subject. No transfer of personal data to any third parties will be made.
With regard to instant messaging, Welcome2France has an online instant-messaging service, through which users can contact the company. Personal data may be collected within this system or framework,
The online instant-messaging service that Welcome2France uses is Tawk.to.
9. Blog Commenting
Welcome2France offers users an opportunity to leave comments in its blog, which appears in the controller’s Website. A blog is a Web-based portal that is publicly accessible, and the articles that appear on it are called posts. These posts have a commenting section, usually at the end, and comments may be made by third parties.
A comment that a data subject leaves is stored and published, and information on the data subject’s pseudonyms, comment date, and IP address will be logged. Collection and storage of the data subject’s IP address are for security purposes. These also help determine if the data subject has: 1) violated the rights of third parties; and/or 2) posted illegal content within the comment. The storage of such personal data is thus in the controller’s interest and use in the event of an infringement investigation. No transfer of personal data to any third parties will be made, except when it is required by law or if it serves the purpose of defending the controller from any legal action that may be caused by the blog comment.
10. Routine Blocking or Erasure of Personal Data
The controller shall process and store the data subject’s personal data only for the period necessary in achieving the purpose of storage, or for the period granted by the European legislator or another competent legislator, with respect to any regulations or laws to which the controller is subject.
If the purpose of storage is not applicable, or when the storage period granted by the European legislator or another competent legislator expires, the personal data, on the basis of and in accordance with legal provisions, will be routinely blocked or erased.
11. Rights of the Data Subject
a) Right of Confirmation
Each data subject is granted by the European legislator the right to obtain from the controller the confirmation on whether or not personal data that concerns him or her will be processed. If the data subject wishes to assert this right of confirmation, he or she may contact, at any time, any employee of the controller.
b) Right of Access
Each data subject is granted by the European legislator the right to obtain from the controller free information, and/or a copy thereof, about his or her personal data that is stored at any time.
The European rules, regulations, and directives further grant each data subject access to the following information:
- the purpose/s of processing his or her personal data;
- the categories of personal data associated with the processing;
- the recipients, or the categories of recipients, to whom the personal data have been or are due to be disclosed; in particular, the recipients of third countries or international organizations;
- the envisaged period of storage of personal data or, if it cannot be ascertained, the criteria used to determine the period of storage of personal data;
- the existence of a data subject’s right to request from the controller any alteration, rectification, or erasure made on his or her personal data, or any restriction of processing of his or her personal data;
- the existence of a data subject’s right to object to the controller’s alteration, rectification, or erasure of his or her personal data, or to the restriction of processing of his or her personal data;
- the existence of a data subject’s right to lodge a complaint with a supervisory authority, with regard to the controller’s processing of his or her personal data;
- where no personal data are collected directly from a data subject, the information about the source of such personal data; and
- the existence of automated profiling and/or other methods of decision making, as re