Protection of personal data and cookies

MAEVA&CO Group attaches the utmost importance to the protection of the privacy and personal data of its customers and visitors who use its Services or access its Sites (hereinafter "you" or "User").

The objective of this Privacy Policy (the "Policy") is to:

  • describe what types of Personal Data concerning you, the Group and, if applicable, its Subcontractors, may be required to collect, and
  • to inform you about the reasons and manner in which your Personal Data is processed by the Group entities, their potential Partners and Subcontractors, and
  • inform you of your rights and the manner in which they are exercised between you and the Group with respect to your Personal Data.

All transactions on your Personal Data shall be carried out in compliance with the regulations in force and in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "Regulation" or "GDPR") and with any national legislation applicable to the protection of personal data.

If you disagree with this Policy, you are free not to use our Services or to provide certain Personal Data. However, you are advised that the communication of some of these data – indicated by an asterisk – will condition access to some of our Services and that, in the absence of your Personal Data, certain features may be degraded (e.g. reservations).

Article 1 - Definitions

The following terms, beginning with a capital letter, will have the following meaning:

"Personal Data (or DCP)", "Process/Treatment", "Processing Officer", "Subcontractor", "Person concerned" have the same meaning as in the Regulations;

"The Group" means all companies of which MAEVA HOLDING, identified in the PARIS RCS under No. 534 484 461, would directly or indirectly hold at least 50% of the capital and the legal entities operating the following marks: "MAEVA", "VACANSOLEIL", "CAMPING PARADIS", "PARCEL", "USHUAIA VILLAGES", "France from the North to the South". The Group may also, as appropriate and in context, designate a specific identified or identifiable entity.

"Company" means the legal entity of the Group, the contact details of which are given in the legal notices as the publisher of the site.

"Partner" means a third-party company with which the Group has entered into an agreement allowing it to send solicitations on behalf of the Group to its own prospect and customer database.

"Service" means a service offered by an entity of the Group or one of its Partners;

"Site" means a website of one of the Group's entities;

"EU" means the European Union

"EEA" means the European Economic Area

"Application" means an application of one of the entities of the Group.

Article 2 - Scope

In addition to their main and traditional tourism and real estate activities, or in order to achieve their objectives, certain entities of the Group are likely to engage in electronic commerce.

Article 3 - Processing of personal data

As part of the operation of its Site, the Data Controller collects personal data concerning you.

Legal basis for treatment

  1. The processing is based on either (i) the consent of the persons concerned (Art. 6 (1) (a) GDPR), or (ii) the establishment and performance of a contract or pre-contractual measures at the request of the person concerned (Art. 6 (1) (b) GDPR), or (iii) the need to satisfy the legitimate interests of the Group (Art. 6 (1) (f) GDPR), or (iv) the basis of legal obligations to which the Group must respond (Art. 6 (1) (c) GDPR).

Purposes

  1. With your consent, the Group may collect and process your Personal Data for the specified purposes, including:
    • Sending requests, promotional and informative messages via email, mail, SMS/mms (potential use of dedicated marketing tools);
    • The organisation of contests, lotteries and any other promotional activities;
    • solicitation via telephone calls through promotional, remarketing or commercial marketing, customer loyalty and/or customer satisfaction offers;
    • the establishment of a loyalty programme;
    • sharing information on social networks;
    • the management of notices, surveys and surveys of Users of Site and Applications Services or Content;
    • (push notifications)
    • the transmission, free of charge or at a cost, to all entities of the Group, as well as to all its Partners, for the purpose of prospecting and commercial solicitation, through any channel of communication.
  2. In addition, entities of the Group may be required to collect Personal Data for other purposes, taking care to collect your prior and detailed consent, preceded by complete information on the Processing of Your Data.

    Generally speaking, your consent is expressed by checking the boxes or by activating the options provided for the Services when you register for the Services or later.

    Withdrawal of consent shall be possible at any time and shall not have retroactive effect on the legality of the Treatments carried out on that basis, prior to such withdrawal.

    Personal data about you may have been collected from our Partners. They agree to have your consent for any transmission and processing by the Group.
     
  3. When necessary for the performance of a contract between the Group and you or for the taking of pre-contractual measures at your request, your Personal Data shall be collected and processed, in particular, for the purpose of:
    • booking and follow-up of a stay and/or activities and other services provided by the Group,
    • payment of products, activities and other reserved services provided by the Group,
    • creation or use of or access to a customer account allowing you to create and use your customer account, update your personal information, view or modify or cancel your stay information or book additional services.
    • conducting satisfaction surveys after stays;
    • contact with a customer relations officer as part of an ongoing or confirmed reservation;
    • the recall of unvalidated or unsuccessful pending baskets.
    • the establishment of a Client database for the monitoring and implementation of the services of the entities of the Group or its subcontractors and third parties responsible for issuing the promised service.
  4. Your Personal Data can also be processed in the context of legitimate interest, Art. 6. I GDPR, of the Group to enable us to ensure the continuity of service and the sustainability of the activity which includes, in particular:
    • response to requests for information;
    • direct marketing for the promotion of goods and services similar to those previously provided to a customer;
    • analysis of navigation on the website to improve ergonomics, response times and relevance (excluding commercial activity)
    • prevention and investigation of criminal offences
    • the management and development of our activities, including risk management
    • the establishment, exercise or defence of legal claims against us or, where appropriate, against the User or Partners (e.g. failure to comply with applicable legal or contractual obligations or late payment of Services).
    • All purposes, other than those already set out in this Article (3)(b), which, while respecting the fundamental interests and rights and freedoms of the persons concerned, are lawful and are presented in the particular context of their treatment.
  5. The Group may also process your Personal Data in order to comply with our legal obligations, which may include in particular:
    • the retention of your Personal Data for accounting reasons (in accordance with applicable laws);
    • the communication of your Personal Data to public authorities, public bodies or public service providers, in accordance with the legislation in force.
We do not set up a data system for automated decision-making, which can have legal effects on individuals.

Personal data processed

Prior to the collection of Personal Data, the User will be informed whether the Personal Data requested must be provided or optional. The consequences of a data failure considered mandatory will be specified at the time of collection.

Some data collected on the site, are strictly necessary for the establishment and monitoring of your contract (e.g. booking stay/service) or for browsing our website. These purposes will be specified at the time of data collection. Mandatory Personal Data are identified by asterisks. Failing to provide them, access to and use of the Services by the data subject will be impossible or a request related to a form cannot be satisfied.

The remaining data are optional and their non-supply will not affect the delivery of promised Services or responses to inquiries, although it may limit their relevance.

In particular, the entities of the Group may collect from you and Process the following Personal Data:

  1. Identity: civility, surname, first names, address, telephone number (fixed or mobile), e-mail address, date of birth, customer number, number of children, date of birth of children, first name of children;
  2. Means of payment data: postal or bank identification, transaction number, cheque number, credit card number, third party financing;
  3. Bank data are not retained by the Group.
  4. Business relationship data: customer number, reservation number, requests for documentation, products and services reserved and purchased, quantity, amount, periodicity, delivery address, purchase history, origin of sale (seller, representative) or order, customer correspondence and after-sales service;
  5. Data relating to payment of invoices and historical data: terms of settlement, remissions granted, information relating to the credits subscribed (amount and duration, name of the lending agency), receipts, unpaid payments, recoveries, balances;
  6. Contact data and corresponding (meta-) data: correspondence exchanged, date and time of messages;
  7. Registration data for newsletters: civility, surname, first names, e-mail address, country of residence, date of birth.
  8. Technical data required when using our website: when users visit the Site, the Web server automatically records the data and information relating to the device and the browser used by them. This information on the type of browser and version used, the operating system, the Internet provider, the IP address of its device, the date and time of access to the website from which users visit this website and the pages they visit on the Site.



In addition, Geolocation can be implemented on Mobile Applications with your consent. Related Personal Data will not be retained when you leave the Site. You can disable geolocation at any time. Depending on the services offered, deactivation may invalidate the operation of the Application.
  • In all circumstances, the entities of the Group shall process all your Personal Data collected in accordance with the regulations in force and in particular the Regulations.

Recipients of personal data collected – provision of personal data to third parties

The Personal Data collected on a Site or form is intended for the publisher of the Site or for the issuer of the Form (the contact details of which appear in the Legal Mentions or whose identity is specified on the collection form).

If necessary, and under the conditions laid down in the GDPR, a transfer of your Personal Data is possible to third parties.

These third-party bodies are, but are not limited to:
  • Courts, administrative authorities, court officers, ministerial officers, under a legal obligation, or if the company could reasonably believe that disclosure of the data is necessary to avoid an imminent threat to life, loss of physical or financial integrity, or to report an alleged unlawful act.
  • Where appropriate, the bodies responsible for the recovery of claims, under contractual measures.
  • In the course of subcontracting, the service providers shall act on behalf of and as directed by the Company in accordance with this Policy and applicable agreements concerning the Processing of Personal Data. In particular, they will be chosen for their ability to provide sufficient guarantees for the implementation of appropriate technical and organisational measures, in particular in terms of reliability and security measures.
  • Other entities of the Group or its Business Partners for prospecting purposes, subject to your express and prior consent.

Data transfer abroad

Data collected by Group entities, particularly in the context of a reservation, are not, in principle, processed outside the European Union (EU) or the European Economic Area (EEA).

However, transfers may be made to third countries to the European Union or to the Agreement on the European Economic Area (EEA) which do not have a level of data protection equivalent to that established at European Union level:

  • In case of legal obligation
  • As part of a reservation for a destination proposed by a Group entity outside the EU or EEA (China in particular), data transfers may be made. In order to ensure the smooth running of the stay and reserved activities, and within the strict framework of the booking contract to which you are a party, your Data will – subject to the applicable data sharing agreements – be transmitted to or made available to the local entity of the Group managing the destination site.
  • Contact of customer service in the context of a call to customer service (Morocco and Turkey) and reminder of abandoned baskets (you can oppose the reminder via the check box provided for this purpose or via our Privacy Center), under the Contractual Clauses Types of the European Commission and following a regular analysis of the impact of the data transfer.
  • Implementation of accounting transactions via external providers (Mauritius and India) under the European Commission's Contractual Clauses Types and following a regular analysis of the impact of data transfer. Blue card numbers or payment solutions are not affected by these transfers.

 

In the event of recourse to a Provider, located outside the EU, necessary for the performance of a contract to which you are a party, the Group shall put in place appropriate guarantees required by EU law in order to ensure an adequate and equivalent level of protection of Personal Data (e.g. the Contractual Clauses Types of the European Commission or the Contractual Company Rules or any other mechanism for regulating international transfers, particularly in the United States). These guarantees will be presented to you as part of the transfer of your data and their communication may be requested in accordance with the procedure laid down in Article 6 – Human Rights, of this policy.

Shelf life

The entity(s) of the Group party(s) to the Processing shall retain your Personal Data in a secure environment for the period necessary for the fulfilment of the purposes for which it has been processed, increased by the period indicated below or, failing that, determinable under applicable legislation or regulations, including civil and commercial prescriptions.

These periods may differ in accordance with the national requirements of the country in which the group entity(s) concerned is located.

Where deemed appropriate, certain Personal Data may be retained for longer periods exclusively for archival purposes, in the public interest, for scientific or historical research or for statistical purposes. In these latter cases, the data are anonymized.

For shelf life:

  • The Personal Data collected and Processed for the provision of our Services are retained (a) during the duration of the contractual relationship, and then (b) on an active basis for 5 years – unless otherwise justified by the requirements of the transaction (including an ongoing dispute) – from the end of the Service. In any case where this proves necessary, these periods may be extended until the date of the limitation of liability, when Personal Data will be pseudonymized;
  • All Personal Data shall be retained for such periods as are necessary to meet the obligations imposed on the Data Controller by law;
  • Your credit card information is not retained beyond the transaction period unless you have consented to its registration;
  • Information on competitions and competitions shall be kept for the time of the contest and the award of prizes;
  • Personal data relating to enquiries, without any subsequent contract, shall be kept for the time necessary to respond, plus a maximum of 6 months;
  • Personal Data Processed in prospecting or communication operations for which you have given your consent, will not be retained more than 3 years after the last contact from you; they will be removed as soon as your opposition to their use is demonstrated.

 

Social networks

If you have an account on social media and you access the Site or Services without being previously registered with the Services, we may, with your consent, receive information from such social media in order to facilitate the creation of an account on the Site or Service.

When you use a Service via a social network, you allow us to access certain information you have provided to the social network, such as your username, surname and first name, your profile image, and your data relating to the use of this Service. By accessing a Service via a social network, you authorize us to collect, store and use all the information you have authorized the social network to provide us.

In addition, when you visit, like, follow or otherwise connect with our social media pages or accounts (including, where applicable, the use of your social media user account), we may be considered joint controllers of the processing of your personal data with the relevant social network provider. We do not use your Personal Data in any manner other than that described in this Policy. For more information on how the social network uses your Personal Data and other information, please contact the relevant provider.

Article 4 – Protection of personal data of minors

The Group does not collect or retain personal data concerning minors under the age of 15, without obtaining verifiable parental consent, knowing that holders of parental authority may request and request the deletion of information relating to their child. This age of consent may differ depending on the country in which the entity of the Group concerned is located.

Article 5 – Cookies

You are informed that cookies (small text files stored on your terminal) or other similar or complementary technologies are (or may be) used when connecting to the Sites or Applications and when using the Services, subject to the choices expressed by you when permitted. These choices can be changed at any time by setting browser settings or using some tools, as shown below.

A cookie allows its transmitter, during its validity period, to recognize the relevant terminal (computer, tablet, smartphone, etc.) whenever that terminal accesses digital content with Cookies from the same transmitter. A cookie records information about browsing your computer on our site (the pages you have viewed, the date and time of the consultation, etc.) that we will be able to read on your subsequent visits.

Most browsers support cookies, but you can configure them to refuse them and delete them at any time: https://lesbases.anct.gouv.fr/resources/delete-les-cookies-sur-les-navigateurs-firefox-chrome-edge.

These cookies facilitate navigation and improve the usability of the Site. It should be noted that on customer accounts, only cookies necessary for navigation and audience measures are put in place.

You may choose to accept or refuse all or part of the cookies, with the exception of browser cookies, which are necessary for the operation of the Site.

The refusal of other cookies (audience, personalization, advertising) will not prevent you from accessing the Site although some of its services and sections may work in a degraded way or you may be deprived of an optimized user experience.

In particular, we strive to give you the best experience on the site, customizing the content of the pages according to your journey and your interests while browsing, as well as customizing the messages on the site with the current commercial offers. Refusal to deposit commercial cookies, hearing cookies and customization will prevent us from displaying these highlights and will lead us to provide you with standard content without animation.

To learn more about the types of cookies used and to manage your consents, visit our dedicated Cookie Management page.

Article 6 - Rights of persons

In accordance with the GDPR, you have the right to ask the Data Controller for access to personal data concerning you (Art.15 GDPR), the rectification (Art.16 GDPR) or the erasure of such data (right to be forgotten, Art.17 GDPR), or a limitation on the processing of your personal data (Art.18 GDPR) and the right to portability of such data (Art.20 GDPR).

When we process your Personal Data, you may also object to such processing on grounds relating to your particular situation (Art. 6 (1)). (e) or (f) GDPR). If you object, your data will no longer be processed, except in the context of legal constraints to the contrary, of the exploitation necessary for the performance of a contract to which you are a party, of the information necessary for the defence of a right in court or of the absence of risk to your fundamental rights and freedoms. You may object at any time to the processing of your data for marketing purposes.

As part of data processed on the basis of your consent, you can withdraw it at any time. Note that the withdrawal of your consent has no retroactive effect on the treatments performed on this basis, previously the withdrawal.

These rights are further described on the website of the Data Protection Authority: https://www.cnil.fr.

You may also have additional rights provided for in the national legislation of which you are responsible, such as the definition of guidelines for the retention, erasure and disclosure of your Personal Data after your death.

With regard to the call-up, you have a specific right to object by registering on the blocktel list (http://www.blocktel.gouv.fr/).

In order to exercise your rights, you can contact the customer service department of the company with which you dealt first:

  • by sending an email to sav@maeva.com
  • or by mail addressed to the Group's headquarters: GROUPE MAEVA&CO, 11 rue de Cambrai, 75947 Paris Cedex 19
To enable your request to be processed quickly and to ensure the confidentiality of your data, please indicate your surname, first names, address and customer number and/or file number if you have one. In case of reasonable doubt as to your identity, we may ask for valid proof of identity (e.g. CNI, passport, resident card, must be communicated by post).

 

The Group has appointed a Data Protection Delegate that you can contact in case of difficulty, by email at dpo@maeva.com or by mail to DPO, GROUPE MAEVA&CO, 11 rue de Cambrai, 75947 Paris Cedex 19.

You also have the right to lodge a complaint with the Data Protection Authority (https://www.cnil.fr) or the Authority for the control of your place of residence (Art. 77 GDPR).

Article 7 – Security measures

Given the evolution of technology, implementation costs, the nature of personal data to be protected and the risks to the rights and freedoms of individuals, the Group shall implement all appropriate technical and organisational measures to ensure the confidentiality, integrity, availability and resilience of the collected and processed Personal Data and a level of security appropriate to the risk.

In particular, to ensure your security and privacy, Sites use the Secure Socket Layer (SSL) encryption protocol.

When transferring information on the network, your credit card number and all the information entered in the various forms are automatically encrypted. The SSL encryption system automatically encrypts information prior to transmission on the network. Upon arrival on our server, bank data will be decrypted using a single SSL key that allows your browser to connect with our website and transparently negotiate a secure communication channel.

Article 8 - Changes in data protection policy

If this Policy is amended, or if required by law or regulation, the amended version will be published on our Sites and will be effective upon publication.

Therefore, we invite you to refer to it during each visit in order to read the latest version, which is permanently available on our websites.