PRIVACY POLICY
PRIVACY

a question?

The purpose of this privacy policy is to inform visitors to the "bordeaux-port.fr" website about how their personal data is collected, processed and protected in accordance with Regulation (EU) 2016/679 (RGPD).

By visiting this site, you agree to the terms of this privacy policy.

1. Data controller

Bordeaux Port Authority (GPMB), a state-owned public institution, registered with the Bordeaux Trade and Companies Register under no. 781 804 141, with its head office at 152 Quai de Bacalan CS 41320, 33082 Bordeaux Cedex.

dpo@bordeaux-port.fr

 

2. Type of data collected :

The GPMB processes personal data. According to the RGPD, personal data is "any information relating to an identified or identifiable natural person". It is all information that directly or indirectly relates back to your person.

We receive data directly from you, when you fill in the form on the site, or when you contact us via social networks according to the parameters and settings made from the account you hold on the latter.

The GPMB is likely to collect the following categories of data: civil status data, postal address, e-mail address, telephone number.

 

3. Disclosure of personal data to third parties :

3.1 Communication to the authorities on the basis of legal obligations :

On the basis of legal obligations, your personal data may be disclosed in application of a law, regulation or by virtue of a decision by a competent regulatory or judicial authority. In general, we undertake to comply with all legal rules that may prevent, limit or regulate the dissemination of information or data, and in particular to comply with the French Data Protection Act no. 78-17 of January 6, 1978.

3.2 Communication to third parties :

Your personal data is strictly confidential and may not be disclosed to third parties without your express consent.

 

4. Virality of the conditions for re-using personal data :

Should your personal data be communicated to a third party, the third party's confidentiality conditions will apply.

 

5. Purposes of re-use of personal data collected :

・Respond to requests via contact forms;
・Paying invoices;
・Respect our legal obligations ;
・Improve the site and its functionality.

 

6. Cookies :

As part of the use of the Site by Customers, the GPMB may use cookies.

In accordance with RGPD regulations, the GPMB informs Customers that cookies record certain information that is stored in the memory of their computer hardware/equipment. 

This information is used to improve the use and operation of the site and other GPMB services. An alert message asks each visitor to the site if they wish to accept cookies. 

These cookies do not contain any confidential information.

Details concerning the use of cookies are set out in the Cookie Policy. Cookie Policy.

 

7. Data retention :

7.1. Technical data retention period :

Technical data is kept for the time strictly necessary to achieve the above-mentioned purposes.

7.2. Retention period for personal data :

We undertake to ensure that the data collected is kept in a form that enables you to be identified for no longer than is necessary for the purposes for which the data is collected and processed.

However, data may be processed for the purpose of proving a right or contract. Data may also be stored for the purpose of complying with a legal obligation or kept in files in accordance with applicable laws and regulations.

As an exception, visitor identification data is kept by us for a period of three (3) years from the last contact with you.

For the management of requests for rights to your personal data, your data is kept for 1 year.

 

8. Indications in the event of a security vulnerability detected
by the GPMB :

8.1. Information in the event of a security breach :

We undertake to implement all appropriate technical and organizational measures to guarantee a level of security appropriate to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data.

In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorized access resulting in the risks identified above, we undertake to :

・Notify you of the incident as soon as possible;
・Examine the causes of the incident and inform you ;
・Take the necessary measures within reasonable limits to mitigate the negative effects and harm that may result from the said incident.

8.2. Limitation of liability :

Under no circumstances may the undertakings relating to notification in the event of a security breach be assimilated to any admission of fault or responsibility for the occurrence of the incident in question.

 

9. Transfer of personal data abroad :

The GPMB undertakes not to transfer the personal data of its visitors outside the European Union. If the GPMB were to do so, it would inform them, indicating the measures taken to control the transfer and ensure that the confidentiality of their data is respected.

 

10. The visitor's rights regarding the processing of his personal data :

Everyone has the right to access their personal data, to have them erased, to request a restriction on processing, to have them transferred and to object to the processing of their personal data. Here is a brief explanation of the various rights.

10.1. Data access :

You have the right to consult your personal data and to receive a copy.

10.2. Data rectification :

You have the right to have your personal data corrected if it is incorrect, and to have it completed if it is incomplete.

10.3 Deleting data :

You can request that your personal data be deleted and this will be respected in the following cases: because the data is no longer necessary for the purposes for which it was collected or processed, because you have withdrawn your consent, because you have successfully objected to the processing, because the personal data has been processed unlawfully or to comply with a legal obligation.

10.4. Limitation of treatment :

You have the right to request and obtain the restriction of processing in a number of specific cases: during the period in which the accuracy of personal data is contested and verified; if the processing has been found to be unlawful, but you do not want the data to be deleted; if the GPMB no longer needs the data, but you still need the data for legal action; and if you have objected to the processing and are still awaiting the response to the objection.

You request the temporary blocking of this data in order to limit its processing in the future.

10.5. Data portability :

You have the right to have your data transferred. This allows you to request and receive a copy of your personal data, which can be used, for example, by another service provider. The data will be provided in a structured, customary and machine-readable form. This right only applies if data processing is based on consent or a contract, and if processing is carried out using automated procedures.

10.6 Opposition to processing :

You always have the right to object on grounds relating to your specific situation: to the processing of your personal data on the basis of a task of general interest or a mission of the public authority, if the GPMB has been entrusted with such a mission and if the processing is necessary to safeguard the legitimate interests of the GPMB or of a third party, if your interests are more important than those of the GPMB.

When your personal data is processed for direct marketing purposes, you can always object to this processing and to profiling linked to direct marketing.

10.7 Fate of personal data in the event of death :

In the event of your death, and in the absence of any instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

10.8. Submitting a claim :

You have the right to submit a complaint about the way we process your data. When you submit a complaint, we prefer to resolve it ourselves. In addition, you always have the right to contact the competent authority overseeing personal data protection with your complaint.

If you wish to exercise any of your rights, please proceed as follows: you can send your request, together with a copy of your valid identity document, by e-mail to dpo@bordeaux-port.fr or by post to the GPMB head office address.

In the event of communication of a copy of an identity document, we will keep it for one (1) year or three (3) years when this communication is made in the context of the exercise of a right of opposition.

 

11. Modification of the privacy statement :

We undertake to inform you in the event of modification of the present declaration of confidentiality, and not to lower the level of confidentiality of your data without informing you and obtaining your consent.

 

12. Applicable law and remedies :

12.1. Application of French law (CNIL legislation) and jurisdiction of the courts :

This privacy statement has been drawn up in accordance with French law, and in particular with Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. The choice of applicable law does not affect your rights as a consumer in accordance with the applicable law of your place of residence. If you are a consumer, you and we agree to submit to the non-exclusive jurisdiction of the French courts, which means that you may bring an action relating to this privacy statement in France or in the EU country in which you live. If you are a professional, any action against us must be brought before a court in France.

In the event of a dispute, the parties shall seek an amicable solution before taking any legal action. Should these attempts fail, all disputes concerning the validity, interpretation and/or execution of the present confidentiality declaration must be brought before the French courts, even in the event of multiple defendants or third-party claims.

12.2 Appeal procedures :

For all requests relating to your personal data, you can contact us by e-mail at the following address dpo@bordeaux-port.fr or by post to the address given at the time of collection or to the address below, enclosing a photocopy of a signed identity document:

GPMB
Personal data
152 quai de bacalan
CS 41320
33082 BORDEAUX CEDEX

Upon receipt of your request, the GPMB has one month to respond.
Finally, you may also lodge a complaint with the supervisory authorities, in particular the CNIL (https://www.cnil.fr/fr/plaintes).

 

13. Safety :

The GPMB undertakes to implement all technical and organizational measures to ensure the security of our processing of personal data and the confidentiality of your data, in accordance with the French Data Protection Act (Loi informatique et Libertés) and the European Data Protection Regulation (RGPD) and Law no. 2018-133 of February 26, 2018 "bearing various provisions for adapting to European Union law in the field of security".

In this respect, the GPMB takes the necessary precautions, with regard to the nature of your data and the risks presented by our processing, to preserve the security of the data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, encryption of certain data, etc.).