This policy is intended to (1) inform you about how PROMISSA TERRA processes your Personal Data and, (2) with regard to Personal Data entrusted to us by our Clients in the context of the subscribed Services, to define at a minimum the respective obligations of PROMISSA TERRA and its Clients. The rules applicable to cookies are addressed in (3).

The terms “You” and “your” refer to visitors of the chateau-de-montaupin.com website (the “Visitors” / the “Site”) as well as customers and prospects who have subscribed to Services or who may be interested in our Services (the “Clients” / “Prospects”).

The terms “We,” “our,” and “us” refer to PROMISSA TERRA.

The “Services” are those we offer on our Site and which are specified, for each Client, in our quotes.

“Applicable Regulations” refers to law no. 78-17 of January 6, 1978, known as the “Data Protection Act” (“Informatique et Libertés”), in its latest version in force, and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on data protection (“GDPR”).

All terminology relating to the protection of personal data has the meaning given in Article 4 of the GDPR. However, for the sake of clarity, we remind you of a few definitions.

“Personal Data” means personal data within the meaning of the Applicable Regulations, i.e. any information relating to an identified or identifiable natural person, such as a name, identification number, location data, or an online identifier (e.g. an IP address).

“Data Subject” means any identified or identifiable natural person whose Personal Data has been Processed.

“Data Controller” means any person who determines the means and purposes of Processing.

“Data Processor” means any person who processes Personal Data on behalf of the Data Controller in accordance with the instructions given by the latter.

“Processing” means any operation or set of operations performed on personal data, whatever the process used, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as restriction, erasure or destruction.

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

1. Processing of your data by PROMISSA TERRA

1.1 Why and how do we process Your Data?

We process your Personal Data for the purposes of informing you about our Services (Visitors, Clients and Prospects), analyzing Site traffic (Visitors), commercial or non-commercial communication (Clients and Prospects), and more generally monitoring our contractual relationship (Clients). In this context, we act as “Data Controllers” of your Data. The legal basis for this Processing is PROMISSA TERRA’s legitimate interest in ensuring its business development.

1.2 What Data do we process?

Visitors are under no obligation to provide us with their Data. Nevertheless, during your visits, your IP address may be recorded (see paragraph 3 on Cookies).

If you fill in a contact form and/or contact us to present your Project, we will primarily process the following Data: your last name, first name, position/title, email address, and company name.

If you have subscribed to Services with us, we may also process financial data to ensure payment of our invoices and monitor their collection.

1.3 Who are the recipients of this Data?

Authorized personnel from PROMISSA TERRA’s sales and marketing department, as well as, where applicable, the support department, are required to process your Personal Data and only have access to the Data necessary for their functions/duties. Our company’s employees have signed a specific confidentiality agreement.

We may also contract with trusted partners and processors who may access, host, and/or process some of your Personal Data on our behalf, according to our instructions, and who contractually guarantee the security and confidentiality of your Data (such as technical service providers, recruitment agencies, etc.).

The Personal Data of our Clients may also be transferred to authorized third parties subject to a confidentiality obligation (auditors, consultants, lawyers, accountants, etc.) for general accounting purposes, but also in the event of company reorganization or transfer to another legal entity, as part of audits carried out regarding personal data protection and security, and/or to investigate or respond to a complaint or security threat. We may need to share documents (such as invoices, contracts, quotes, emails, etc.) containing your Personal Data with our accountants, statutory auditors, and lawyers.

Finally, we may disclose your Personal Data in response to requests made by courts or tribunals, government agencies, or law enforcement bodies, or when necessary to comply with applicable laws, injunctions or decisions of courts and tribunals, or government regulations.

1.4 How long do we keep your data?

We only retain your Personal Data for a period necessary and proportionate to the purpose for which it was collected.

For the management of our Clients and Prospects, Personal Data is retained on average for a maximum period of 3 years from the last exchange you had with our company, initiated by you, or any other longer period that may be imposed on our company under legal provisions (e.g. archiving for the legal statute of limitations period, in order to allow us to take legal action / ensure our defense in the event of a dispute).

1.5 What are your rights?

In accordance with the provisions of the Applicable Regulations, you have the right to access, rectify, and erase data concerning you, and the right to obtain a copy of the personal data we hold in a structured electronic format (right to data portability).

You also have the right to object, on legitimate grounds, to the Processing of data concerning you, and to the use of such data for commercial prospecting purposes.

For any questions, additional information, or complaints, please contact us by sending an email to contact@chateau-de-montaupin.com. We may ask you to provide proof of identity if your request concerns the exercise of one of the rights granted to you under the Applicable Regulations.

The exercise of your rights (in particular your rights of objection or deletion of Data) must also be reconciled with the legal obligations and legitimate interests pursued by PROMISSA TERRA.

We respond to your requests within one (1) month of receipt, it being understood that this period may be extended by two (2) months depending on the complexity of your request or in the event of a high volume of simultaneous requests, provided that we inform you accordingly.

In the absence of a response from us within a maximum period of three (3) months from your initial request, or in the event of a dispute regarding the exercise of your rights, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).

1.6 Compliance with rules relating to the transfer of Personal Data

PROMISSA TERRA does not transfer Personal Data to countries that do not ensure an adequate level of protection without first implementing one or more of the appropriate safeguards provided for by the Applicable Regulations to govern such transfer, in particular by using standard contractual clauses approved by the European Commission.

2. Processing carried out by PROMISSA TERRA on behalf of its Clients

As part of the Services, PROMISSA TERRA is entrusted by its Clients with access to and/or Processing of Personal Data. The manner in which this Data Processing is contractually governed is defined in this § 2 of the Privacy Policy, which supplements any provisions agreed between the Parties on this specific subject or fills any gap in the contract on the subject.

2.1 Compliance with Applicable Regulations

PROMISSA TERRA and its Clients must each comply with the provisions of the Applicable Regulations within their respective areas of responsibility. The Client is the “Data Controller” or “DC” and PROMISSA TERRA is its “Data Processor” or “DP” within the meaning of the Applicable Regulations. It is the Client who determines the means and purposes of the Processing it carries out and for which it has requested our Services, such as, for example, organizing promotional mailings targeting the Client’s customers (Data Subjects), hosting websites or applications (whether or not developed by us), etc.

2.2 Compliance with Client instructions

PROMISSA TERRA will only act on the basis of clear and precise instructions from its Client, which must specify in particular the categories of Personal Data we are to process, the processing operations we are authorized to carry out (by default, all those covered by the definition of “Processing”), the retention period for Data depending on the categories of Data we process, and the specific security measures to be implemented, depending on the nature of the data and the associated risks. In the absence of clear, written instructions from Clients, our liability cannot in any way be engaged due to the Clients’ failure to provide instructions. We do not exploit or use the Personal Data entrusted to us by our Clients for our own purposes or on behalf of third parties not expressly authorized by our Clients.

2.3 Client obligations

You are required to inform Data Subjects affected by the Processing of their ability to exercise their rights under the Applicable Regulations with their designated representative for handling such requests.

You must proactively provide us, in writing, with the contact details of your “data privacy” point of contact or DPO so that we know who to redirect any requests or notifications regarding personal data protection to. These requests must be sent, within PROMISSA TERRA, to contact@chateau-de-montaupin.com.

As Clients are solely responsible for the content of their website or the application, where applicable, developed, maintained, or hosted by PROMISSA TERRA, it is their responsibility to verify that databases containing Personal Data are complete, accurate, and up to date, and to indemnify PROMISSA TERRA against any claims or actions by third parties (including from an administrative authority such as the CNIL) brought against PROMISSA TERRA (including covering its reasonable legal fees to defend its rights).

Similarly, if Clients entrust us with sending commercial prospecting mailings or other promotional operations, they must also ensure beforehand that they have obtained the express consent of the Data Subjects where required by the Applicable Regulations, and indemnify us against any claims or actions by third parties (including from an administrative authority such as the CNIL) brought against PROMISSA TERRA (including covering its reasonable legal fees to defend its rights).

In all our communications, we draw your particular attention to the fact that you must ensure that the exchange of files containing Personal Data is secure and, at a minimum, password protected. Except in cases of justified urgency, any exception to the security measures agreed between Clients and PROMISSA TERRA must be the subject of a written request specifying the nature, duration, and impact assessment of this exception.

2.4 Technical protection measures – security

In accordance with the Applicable Regulations, PROMISSA TERRA and its Clients must each implement all appropriate technical and organizational measures to protect the Personal Data they process against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, in particular in the context of data transmission over a network, as well as against any other form of unlawful processing.

For our part, we ensure that we:

  • implement technical and organizational security measures generally in line with the state of the art as well as with contractual instructions on this matter
  • help, as far as possible, our Clients to fulfill their obligations to respond to requests from Data Subjects to exercise their rights
  • ensure that all data storage media containing Personal Data and all copies or reproductions thereof are carefully stored without allowing access by third parties, except to our authorized (sub-)processors
  • have our employees and any subcontractors involved in the processing of Personal Data sign a commitment to preserve the confidentiality of Personal Data and comply with the Applicable Regulations

We are of course available to your teams to provide any additional information. You must ensure that the technical and organizational security measures we implement meet your own security requirements and, failing that, provide PROMISSA TERRA with precise written instructions on the additional security measures to be implemented. In the absence of specific instructions, PROMISSA TERRA’s Clients acknowledge that the security measures we implement are sufficient.

2.5 Cooperation and assistance – Audits

We strive to handle all reasonable requests from our Clients regarding the Processing of Personal Data we carry out on their behalf promptly and appropriately. We modify or delete, according to our Clients’ instructions and at their expense, the Personal Data of a Data Subject following, in particular, the exercise of their right of access, rectification, or deletion, so that the Personal Data processed is accurate and up to date.

We also provide reasonable assistance, at the Client’s expense, if you need our help responding to requests from the CNIL, conducting risk assessments (PIA), investigations, inspections, or audits relating to the processing of Personal Data. We must each cooperate transparently and share with each other all information exchanged with the supervisory authority relating to the Services or any potential failure on our part to meet our respective obligations, failing which the Client shall forfeit the right to obtain any compensation from us thereafter.

Any audit of a website or mobile application leading to vulnerability testing or attempted intrusion into a computerized data system will be subject to a tripartite agreement between the Clients of PROMISSA TERRA concerned, PROMISSA TERRA, and the third party responsible for carrying out the tests on behalf of the Client in question, specifying the duration of the tests, their nature, and releasing PROMISSA TERRA from any liability for the consequences resulting from the tests ordered by the Client.

Audits will be organized with reasonable notice of at least 30 business days, except in emergency situations (a confirmed or highly likely Personal Data Breach, in which case this period may be reduced by mutual agreement between the Parties or by court order). PROMISSA TERRA will inform its Clients without delay of any legally binding request for disclosure of Personal Data from an administrative or police authority, unless prohibited from doing so by law or by a judicial or administrative decision.

2.6 Notification of Personal Data Breaches

PROMISSA TERRA and its Clients must notify each other of any confirmed or suspected abuse, accidental or unauthorized deletion, alteration, disclosure, or unauthorized access, including, but not limited to, an intrusion into the network or IT resources of PROMISSA TERRA, its processors, or its Clients for the purpose of obtaining Personal Data, or any other violation of the Applicable Regulations (a “Personal Data Breach”). Notification of a Personal Data Breach will be made to the designated contact as soon as possible and no later than 72 hours after the event in question, accompanied by any useful information to enable PROMISSA TERRA or its Clients, if necessary, to notify this breach to the competent supervisory authority.

2.7 Right to compensation and Liability

PROMISSA TERRA can only be held liable to its Clients for direct and certain damages caused by a proven failure to fulfill its obligations as “Data Processor” (Art. 28 of the Regulation), up to the amount of the sums paid by its Clients for the Services concerned during the four (4) months preceding the failure in question (unless otherwise provided in the contract concluded with the Client that expressly derogates from this article). This limitation does not apply to Data Subjects who have suffered certain material or moral damage as a result of a proven failure by PROMISSA TERRA to fulfill its obligations as “Data Processor.”

2.8 Sub-processors – Restrictions

Unless otherwise stated in our main contract, you authorize us to entrust the processing of Personal Data to sub-processors offering sufficient guarantees, subject to our compliance with the restrictions described below.

Our potential Sub-Processors (“sub-processors” within the meaning of the Applicable Regulations) will only access the Personal Data you entrust to us and will only use it in accordance with our obligations under paragraph 2 hereof and the contract binding us. They are bound to PROMISSA TERRA by written agreements obliging them to provide a satisfactory level of protection. PROMISSA TERRA informs its Clients of any intention to make substantial changes relating to the addition or replacement of Sub-processors.

2.9 Transfer of Personal Data to third countries

PROMISSA TERRA does not transfer Personal Data to countries outside the EU that do not ensure an adequate level of protection within the meaning of the Applicable Regulations without the Client’s agreement and without first implementing one or more of the appropriate safeguards provided for by said Regulations to govern such transfer, in particular by using standard contractual clauses approved by the European Commission. Clients undertake to facilitate the implementation of these safeguards and authorize PROMISSA TERRA to enter into Standard Contractual Clauses on their behalf.

3. Cookies

3.1 What is a cookie and what is it used for?

The Visitor may decide to disable cookies from their first access to the Site. In the absence of any objection, the Visitor accepts the installation of cookies and their use under the following conditions.

Only the issuer of the cookie in question is able to read or modify the information it contains.

Some cookies are essential for using the Site, while others help optimize the use of the Site and personalize the content displayed. Cookies thus enable:

  • Measuring and analyzing traffic and use of the Site, its sections, and the Services offered, enabling PROMISSA TERRA to conduct studies and improve the interest and usability of the Site
  • Remembering the Visitor’s browser display preferences (language used, display settings, operating system used, etc.) and adapting the presentation of the Site during their visits, according to the viewing or reading hardware and software on their device used to browse the Site
  • Remembering information relating, for example, to a form filled out by the Visitor on the Site
  • Implementing security measures

3.2 Sharing device use among several Visitors

If the device used by the Visitor is used by several people, and when the same device has several browsers, PROMISSA TERRA cannot be certain that the features and advertisements intended for this device correspond to use of the device by one Visitor rather than another. Sharing the use of their device with other people and configuring their browser settings regarding cookies are the Visitor’s free choice and responsibility.

3.3 Managing and using cookies

The Visitor can manage and modify cookie usage at any time according to the options outlined below. The settings made may alter internet browsing and the conditions for accessing and using certain Site features that require the use of cookies. Cookies can thus be managed via browser software or cross-industry platforms.

Please note: opt-out tracking relies on a cookie. Consequently, if all cookies are disabled or the Visitor changes device, PROMISSA TERRA will no longer be aware that this option has been chosen.

Managing cookies via browser software: the Visitor can configure their browser software so that cookies are saved on their device or rejected, either systematically or according to their issuer.
To find out the methods applicable to managing cookies stored in the browser, PROMISSA TERRA invites its Visitors to consult their browser’s help menu as well as the “Your traces” section of the CNIL (Commission Nationale de l’Informatique & des Libertés) website.
Online cookie management via cross-industry platforms: it is also possible to visit the Youronlinechoices website, offered by digital advertising professionals grouped within the European EDAA (European Digital Advertising Alliance) and managed in France by the Interactive Advertising Bureau France. The Visitor can thus find out which companies are registered on this platform and offer the option of refusing or accepting the cookies they use to adapt, based on the information they collect, the advertisements likely to be displayed in their browser: https://www.youronlinechoices.com/.
This European platform is shared by hundreds of internet advertising professionals and provides a centralized interface allowing the Visitor to express their refusal or acceptance of cookies as specified above.
This procedure will not prevent the display of advertisements on websites visited by the Visitor. It will only block technologies that adapt advertisements to their interests.

3.4 Cookie retention period:

Information collected by these cookies is retained for a maximum period of 13 months (in accordance with the Applicable Regulations), unless deleted via the settings of the application on the Visitor’s device.

Link to our general terms and conditions of sale: click here.