The General Data Protection Regulation (GDPR) entered into force on May 25th, 2018 and complements legislation on the protection of personal data.
For your information, a personal data corresponds to any information relating to an identified natural person or that can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to it (surname, first name, address, e-mail, telephone, contract number, CB number, ...).
Personal data processing refers to any operation on this type of data (collection, storage, transmission, deletion, etc.) whether on paper or computer. The controller is the person who determines the purposes of each processing and the means to achieve those purposes.
Therefore, we invite you to consult our Policy regularly, accessible from all pages of the Site, in order to keep you informed of the latest applicable online version. For changes that we consider to be the most significant, a notification will be made on the Site. We also invite you to check the date indicated on this Policy to know the date of the last update.
1. Why does CORAIL. need to collect your data?
2. What data does CORAIL. collect?
3. What is the legal basis for processing your data?
4. How long is your data kept?
5. What are your rights and how do you exercise them?
5.1. Your rights to your data
5.2. Exercising your rights
6. With whom does CORAIL. share your data?
7. How does CORAIL. secure the processing of your data?
8. Mandatory Fields
9. Cookies Policy
10. Privacy by Design/by Default
The data that CORAIL. collects are necessary to enable it to meet the following purposes :
Respond to requests received via the contact form • Monitoring your navigation on the site, • Manage business relationships, • Manage payment requests website and agencies, • Offer you commercial offers, • Perform customer management operations related to contracts, order processing, deliveries, invoices, accounting, and in particular customer account management; • Commercial prospecting and marketing (sending of advertising messages (SMS or email)); • Conducting customer studies including survey, trade statistics; • Updating its prospecting files for the management of the opposition list to telephone canvassing; • Management of requests for access, rectification and opposition rights; • Managing people’s opinions about products, services or content. For Supplier Partner data, • Supplier file management: perform administrative operations related to contracts; orders; deliveries and invoices, accounting for the management of supplier accounts; • Maintain supplier documentation. With regard to candidate data, • Management of applications.
Generally speaking, CORAIL. does not process any of your data for purposes incompatible with those for which it was collected, unless you have given your prior consent.
CORAIL. collects different types of personal data concerning you:
Personal data that you communicate directly to us: • When you fill out a contact form, • When you complete a quote request, • When you make a booking on the website, • When you want to take out a contract, • When you contact customer service to ask a question, make a complaint, • Generally speaking, when you exchange with CORAIL.in any other way.
The disclosure of your personal data is voluntary. However, certain information, identified y an asterisk, is essential for CORAIL.to process your request. Without this information, CORAIL. will not be able to process your request.
Personal data communicated to us In the context of commercial partnerships, data are transmitted to us by third-party organizations: • Tour operator (turnkey travel organizer) • Broker (Comparative Websites) • Assistant (insurance companies) • Hotel Partners (Hotel, Lodging, etc.) • Franchisors.
The CORAIL. Company collects your personal data for the purposes described in point 1 of this Policy. In all cases, the Company CORAIL. collects your data, only when their collection and processing are based on a legal basis.
Execution of contractual relations with CORAIL. Your data is necessary for the performance of the contract to which you have subscribed or wish to subscribe. On this contractual legal basis, any refusal to disclose your personal data will prevent the conclusion and performance of the contract. Compliance with a legal obligation to which CORAIL. is subject.
Some of your data are processed by CORAIL.to meet its legal obligations:
• Comply with its legal obligations, including the applicable accounting rules, in terms of the management of accounts receivable and accounts payable, • Manage requests for access, rectification and opposition rights, • Manage a list of objections to telephone canvassing, • Check the age of the driver at when setting up a car rental contract.
Your consent Subject to your prior consent, CORAIL. may process your data for:
At any time, you may reconsider your choice and withdraw your consent, in accordance with the terms described in section 5.2 of this Policy, without, however, calling into question the legality of the processing based on consent and implemented prior to withdrawal. The legitimate interests of CORAIL. The Company CORAIL. may process your personal data for the purposes of pursuing its legitimate interest, in particular, for the management of commercial relations.
Your data are kept by the Company CORAIL. for the time necessary to achieve the purposes referred to in point 1 here of, plus the statutory limitation periods.
In terms of cookies CORAIL. may keep the data for 13 months.
In terms of commercial management and business development. CORAIL. may keep the data for 3 years from the last contact with CORAIL. and you. (Simplified Standard n°48)
In terms of invoicing . The Company CORAIL. may keep the data for 10 years (Art L123-22 paragraph 2 of C.COM. Simplified standard n°48) When it comes to accounting.
The Company CORAIL. may keep the data for 10 years (Art L123-22 paragraph 2 of C.COM. Simplified standard n°48)
For more information on the retention periods of your data, you can contact the DPO of CORAIL. : email@example.com.
1. Your rights to your data
Right of access to your data You may obtain confirmation from CORAIL. that your data are or are not processed and, where they are, access to all data and information held by CORAIL. Right to rectification of your data You can obtain from the Company CORAIL., as soon as possible, the rectification of data concerning you which would be inaccurate or erroneous. You can also request that your data be completed, if necessary. Right to erasure of your data Unless there are legal exceptions, you may request that CORAIL. delete your data as soon as possible, if in particular, you feel that the processing carried out by CORAIL. on your data is no longer necessary in view of the purposes for which it was collected.
Right to data portability You can retrieve part of your data in an open and machine-readable format or ask CORAIL.to transmit it to another organization. Only the data that you have provided actively and consciously to CORAIL. are concerned by this right (for example, the data that you have entered in an online form) or data generated during the use of a service or device in connection with the conclusion or management of your contract, which is processed automatically, on the basis of consent or the performance of a contract. Right of opposition.
If your data is processed for prospecting purposes, you may object to it at any time (See section 5.2 of this Policy. Similarly, you may object to the distribution of targeted advertising (Cookies). Right to limit the processing of your data You can ask CORAIL.to keep your data without being able to use it, in one of the following cases :
You dispute the accuracy of the data used by CORAIL.
You object to the processing of your data,
In case of illicit use but you oppose their erasure,
You need it for the recognition, exercise or defense of rights in court.
2. Exercising your rights
To exercise one of your rights, please send your request to: firstname.lastname@example.org or CORAIL. Airport Road #122 – Simpson Bay – Sint Maarten - specifying “CORAIL.- For the attention of the DPO. Any request must specify, in subject matter, the reason for the request (exercise of the right of access, opposition, etc.) and the company concerned by the request. The application must also be accompanied by a double-sided copy of a valid piece of identification bearing the applicant’s signature and the address to which the reply must be sent. The Company CORAIL. will send you its reply within a maximum of one month, from the date of receipt of your request. However, this period may be extended to two months due to the complexity and number of requests. If you feel, after having contacted the Company CORAIL., that your IT rights and Freedoms are not respected, you can address a complaint to the CNIL. Prospecting and targeted advertising Once you have agreed to receive commercial offers from CORAIL., you may, at any time, respond to STOP. In general, for any question relating to this data protection policy or for any request relating to the management of your personal data by CORAIL., you can send your request by email or mail, as indicated above.
The CORAIL. Company may also transmit your data to the following entities where this is necessary to meet one of the purposes referred to in point 1 of this Agreement: Regarding the collection of payment information your data can be transmitted: • Paybox (Payment on the website)
CORAIL. implements all technical, physical and organizational measures to ensure the security and confidentiality of your data during the collection, processing and transfer of your data. CORAIL. Company’s infrastructures are protected against malware (viruses, spyware, etc.); the security of your terminal is your responsibility. In the event that we may use service providers to process part of your data, we undertake to verify that they provide sufficient guarantees to ensure the protection of personal data entrusted to them and to have them sign confidentiality clauses in accordance with Article 28 of the GDPR.
In the event of a breach of personal data, that is to say in the event of a security incident, whether malicious or not and occurring intentionally or unintentionally, resulting in a compromise of integrity, the confidentiality or availability of your personal data, we undertake to comply with the following obligations: FOR YOU, DATA BREACH CREATES NO RISK A RISK A HIGH RISK Internal documentation in the “Violation Register” X X X We inform you as soon as possible - - X The “Violation Register” contains the following:
The nature of the violation
The categories and approximate number of people involved
The categories and approximate number of files involved
The likely consequences of the violation
The measures taken to remedy the violation and, if necessary, to limit the negative consequences of the violation
If applicable, the justification for the lack of notification to the CNIL or information to the persons concerned.
However, and in accordance with the regulations in force, we are not required to inform you of a violation in the following cases:
Your personal data is protected by measures that make it incomprehensible to anyone who is not authorised to access it
Steps have been taken to ensure that the risk is no longer likely to materialize
This communication requires disproportionate efforts on our part, including not having any contact information to inform you.
The fields indicated by an asterisk in our forms are mandatory. The consequences in case of failure to respond are only the lack of consideration of your request. The obligation to provide the requested data is contractual, as it is necessary for the performance of the contract to which you are a party or for pre-contractual measures carried out at your request, in particular in the event of a request for information or quotation concerning our products and services.
See Cookies Policy
We undertake to integrate the protection of personal data from the conception of a project, a service or any other tool related to the handling of personal data, in particular the minimization of personal data, limitation of the purposes of data collection, respect for the integrity and confidentiality of data, limitation of retention periods.
In order to respect the principle of Accountability, our company:
Adopts internal procedures to ensure compliance with the Regulation (IT Charter, Personal Data Protection Charter)
Keeps a record of any processing carried out under its responsibility or that of the subcontractor (maintenance of the processing register, confidentiality agreements for employees and service providers, company security policy, procedures for managing access requests, rectification, opposition...)
Conducts Impact Assessments (IAA) for treatments that pose specific risks with respect to rights and freedoms.
The aim is to provide rich documentation to demonstrate compliance with data protection rules at all times.
Subscribe to our newsletter
Subscribe to our newsletter and receive our best offers of the moment exclusively
Subscribe to our newsletter