Protection of personal data

The Cité du cuir undertakes to ensure the confidentiality and security of personal data collected as part of the use of its website, online ticketing, in-store shopping and group reservations. All data are processed in accordance with General Data Protection Regulation (GDPR) 2016/679 and to the Information Technology and Freedoms Act of 6 January 1978 as amended.

According to the interaction with the Cité du cuir (navigation on the site, ticket purchase, in-store order or group reservation), the data collected may include:

• Identification : surname, first name, civility
• Contact details : e-mail address, telephone number, postal address
• Payment information : only for the processing of transactions (no bank data are retained by the Cité du cuir)
• Reservation data : number of participants, type of visit, booking date
• Navigation data : IP address, cookies (see cookie policy)

This information is collected for the following purposes:

• Order and payment management (ticket shop, online shop)
• Treatment of group reservations
• Ensure the proper functioning of the website and improve user experience
• Responding to user requests (customer service, complaints)

The Cité du cuir implements technical and organisational security measures to protect data against unauthorized access, loss or alteration.

Data are retained for a limited period of time, depending on legal requirements and operational requirements:

• Identification data: 3 years after last contact
• Orders and billing 10 years from purchase in accordance with the requirements of Article L123-22 of the Commercial Code
• Group reservations 3 years after last interaction
• Navigation data and cookies : according to the duration specified in the cookie policy
• Data required for assistance and claims : 2 years after the resolution of the file

The data collected are intended exclusively for the Cité du cuir and its contract service providers (e.g. : secure payment solution, web hosting), which are subject to the same confidentiality obligations.
No personal data are transferred, leased or sold to third parties.

In accordance with the GDPR, each user has the following rights:

• Right of access : obtain a copy of the data collected
• Right of rectification : correct inaccurate information
• Right to erasure (« Right to be forgotten ») : request the deletion of data under conditions
• Right of opposition : refuse the use of data in certain cases
• Right to limitation of treatment : restrict the use of data under certain conditions
• Right to portability : recover data in a usable format

These rights may be exercised by contacting our DPO: GAIA, rgpd@gaiaconnect.fr