The General Data Protection Regulation (GDPR) entered into force on May 25th, 2018 and complements legislation on the protection of personal data.
For your information, a personal data corresponds to any information relating to an identified natural person or that can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to it (surname, first name, address, e-mail, telephone, contract number, CB number, ...).
Personal data processing refers to any operation on this type of data (collection, storage, transmission, deletion, etc.) whether on paper or computer. The controller is the person who determines the purposes of each processing and the means to achieve those purposes.
Therefore, we invite you to consult our Policy regularly, accessible from all pages of the Site, in order to keep you informed of the latest applicable online version. For changes that we consider to be the most significant, a notification will be made on the Site. We also invite you to check the date indicated on this Policy to know the date of the last update.
1. Why does BAMYLOC need to collect your data?
2. What data does BAMYLOC collect?
3. What is the legal basis for processing your data?
4. How long is your data kept?
5. What are your rights and how do you exercise them?
5.1. Your rights to your data
5.2. Exercising your rights
6. With whom does BAMYLOC share your data?
7. How does BAMYLOC secure the processing of your data?
8. Mandatory Fields
9. Cookies Policy
10. Privacy by Design/by Default
Why does BAMYLOC need to collect your data?
The data that BAMYLOC collects are necessary to enable it to meet the following purposes:
Respond to requests received via the contact form,
Monitoring your navigation on the site,
Manage business relationships,
Manage payment requests website and agencies,
Offer you commercial offers,
Perform customer management operations related to contracts, order processing, deliveries, invoices, accounting, and in particular customer account management;
Commercial prospecting and marketing (sending of advertising messages (SMS or email));
Conducting customer studies including survey, trade statistics;
Updating its prospecting files for the management of the opposition list to telephone canvassing;
Management of requests for access, rectification and opposition rights;
Managing people’s opinions about products, services or content.
For Supplier Partner data,
Supplier file management: perform administrative operations related to contracts;
orders; deliveries and invoices, accounting for the management of supplier accounts;
Maintain supplier documentation.
With regard to candidate data,
Management of applications.
Generally speaking, BAMYLOC does not process any of your data for purposes incompatible with those for which it was collected, unless you have given your prior consent.
What data does BAMYLOC collect?
BAMYLOC collects different types of personal data concerning you:
Personal data that you communicate directly to us:
When you fill out a contact form,
When you complete a quote request,
When you make a booking on the website,
When you want to take out a contract,
When you contact customer service to ask a question, make a complaint,
Generally speaking, when you exchange with BAMYLOC in any other way.
The disclosure of your personal data is voluntary. However, certain information, identified y an asterisk, is essential for BAMYLOC to process your request. Without this information, BAMYLOC will not be able to process your request.
Personal data communicated to us
In the context of commercial partnerships, data are transmitted to us by third-party organizations:
Tour operator (turnkey travel organizer)
Broker (Comparative Websites)
Assistant (insurance companies)
Hotel Partners (Hotel, Lodging, etc.)
Personal data that we automatically collect
What is the legal basis for processing your data?
The BAMYLOC Company collects your personal data for the purposes described in point 1 of this Policy. In all cases, the Company BAMYLOC collects your data, only when their collection and processing are based on a legal basis.
Execution of contractual relations with BAMYLOC
Your data is necessary for the performance of the contract to which you have subscribed or wish to subscribe. On this contractual legal basis, any refusal to disclose your personal data will prevent the conclusion and performance of the contract.
Compliance with a legal obligation to which BAMYLOC is subject
Some of your data are processed by BAMYLOC to meet its legal obligations:
Comply with its legal obligations, including the applicable accounting rules, in terms of the management of accounts receivable and accounts payable,
Manage requests for access, rectification and opposition rights,
Manage a list of objections to telephone canvassing,
Check the age of the driver at when setting up a car rental contract.
Subject to your prior consent, BAMYLOC may process your data for:
Send you commercial offers on its products and services,
At any time, you may reconsider your choice and withdraw your consent, in accordance with the terms described in section 5.2 of this Policy, without, however, calling into question the legality of the processing based on consent and implemented prior to withdrawal.
The legitimate interests of BAMYLOC
The Company BAMYLOC may process your personal data for the purposes of pursuing its legitimate interest, in particular, for the management of commercial relations.
How long is your data kept?
Your data are kept by the Company BAMYLOC for the time necessary to achieve the purposes referred to in point 1 hereof, plus the statutory limitation periods.
In terms of cookies .
BAMYLOC may keep the data for 13 months.
In terms of commercial management and business development.
BAMYLOC may keep the data for 3 years from the last contact with BAMYLOC and you. (Simplified Standard n°48)
In terms of invoicing .
The Company BAMYLOC may keep the data for 10 years (Art L123-22 paragraph 2 of C.COM. Simplified standard n°48)
When it comes to accounting.
The Company BAMYLOC may keep the data for 10 years (Art L123-22 paragraph 2 of C.COM. Simplified standard n°48)
For more information on the retention periods of your data, you can contact the DPO of BAMYLOC: firstname.lastname@example.org.
What are your rights and how do you exercise them?
Your rights to your data
Right of access to your data
You may obtain confirmation from BAMYLOC that your data are or are not processed and, where they are, access to all data and information held by BAMYLOC.
Right to rectification of your data
You can obtain from the Company BAMYLOC, as soon as possible, the rectification of data concerning you which would be inaccurate or erroneous. You can also request that your data be completed, if necessary.
Right to erasure of your data
Unless there are legal exceptions, you may request that BAMYLOC delete your data as soon as possible, if in particular, you feel that the processing carried out by BAMYLOC on your data is no longer necessary in view of the purposes for which it was collected.
Right to data portability
You can retrieve part of your data in an open and machine-readable format or ask BAMYLOC to transmit it to another organization. Only the data that you have provided actively and consciously to BAMYLOC are concerned by this right (for example, the data that you have entered in an online form) or data generated during the use of a service or device in connection with the conclusion or management of your contract, which is processed automatically, on the basis of consent or the performance of a contract.
Right of opposition
If your data is processed for prospecting purposes, you may object to it at any time (See section 5.2 of this Policy). Similarly, you may object to the distribution of targeted advertising (Cookies).
Right to limit the processing of your data
You can ask BAMYLOC to keep your data without being able to use it, in one of the following cases:
You dispute the accuracy of the data used by BAMYLOC,
You object to the processing of your data,
In case of illicit use but you oppose their erasure,
You need it for the recognition, exercise or defense of rights in court.
Right to withdraw your consent to the processing of your data
Where the processing of your personal data is based on your consent (sending of our electronic commercial offers, for example), you may withdraw your consent at any time (see point 5.2 of this Policy).
Right to issue post-mortem directives
You have the possibility to define guidelines for the retention, erasure and communication of your data after your death. These guidelines define how you want your rights to your data to be exercised after your death. You can send us these instructions by sending us a letter, with the subject line "Post mortem instructions", to the following address: email@example.com You can, at any time, modify or revoke your instructions.
Exercising your rights
To exercise one of your rights, please send your request to: firstname.lastname@example.org or BAMYLOC Oficinas Clare Facio Leal, 300m este de Plaza Mayor contiguo a la Clínica Prisma Dental, Rohrmoser, Pavas, San José - specifying “BAMYLOC - For the attention of the DPO.
Any request must specify, in subject matter, the reason for the request (exercise of the right of access, opposition, etc.) and the company concerned by the request. The application must also be accompanied by a double-sided copy of a valid piece of identification bearing the applicant’s signature and the address to which the reply must be sent.
The Company BAMYLOC will send you its reply within a maximum of one month, from the date of receipt of your request. However, this period may be extended to two months due to the complexity and number of requests.
If you feel, after having contacted the Company BAMYLOC, that your IT rights and Freedoms are not respected, you can address a complaint to the CNIL.
Prospecting and targeted advertising
Once you have agreed to receive commercial offers from BAMYLOC, you may, at any time, respond to STOP.
In general, for any question relating to this data protection policy or for any request relating to the management of your personal data by BAMYLOC, you can send your request by email or mail, as indicated above.
With whom does BAMYLOC share your data?
The BAMYLOC Company may also transmit your data to the following entities where this is necessary to meet one of the purposes referred to in point 1 of this Agreement:
Regarding the collection of payment information your data can be transmitted:
• Paybox (Payment on the website)
How does BAMYLOC secure the processing of your data?
BAMYLOC implements all technical, physical and organizational measures to ensure the security and confidentiality of your data during the collection, processing and transfer of your data.
BAMYLOC Company’s infrastructures are protected against malware (viruses, spyware, etc.); the security of your terminal is your responsibility.
In the event that we may use service providers to process part of your data, we undertake to verify that they provide sufficient guarantees to ensure the protection of personal data entrusted to them and to have them sign confidentiality clauses in accordance with Article 28 of the GDPR.
In the event of a breach of personal data, that is to say in the event of a security incident, whether malicious or not and occurring intentionally or unintentionally, resulting in a compromise of integrity, the confidentiality or availability of your personal data, we undertake to comply with the following obligations:
The “Violation Register” contains the following:
The nature of the violation;
The categories and approximate number of people involved;
The categories and approximate number of files involved;
The likely consequences of the violation;
The measures taken to remedy the violation and, if necessary, to limit the negative consequences of the violation;
If applicable, the justification for the lack of notification to the CNIL or information to the persons concerned.
However, and in accordance with the regulations in force, we are not required to inform you of a violation in the following cases:
Your personal data is protected by measures that make it incomprehensible to anyone who is not authorised to access it;
Steps have been taken to ensure that the risk is no longer likely to materialize;
This communication requires disproportionate efforts on our part, including not having any contact information to inform you.
8. Mandatory Fields
The fields indicated by an asterisk in our forms are mandatory. The consequences in case of failure to respond are only the lack of consideration of your request. The obligation to provide the requested data is contractual, as it is necessary for the performance of the contract to which you are a party or for pre-contractual measures carried out at your request, in particular in the event of a request for information or quotation concerning our products and services.
9. Cookies Policy
See Cookies Policy
10. Privacy by Design/by Default
We undertake to integrate the protection of personal data from the conception of a project, a service or any other tool related to the handling of personal data, in particular the minimization of personal data, limitation of the purposes of data collection, respect for the integrity and confidentiality of data, limitation of retention periods.
In order to respect the principle of Accountability, our company:
• Adopts internal procedures to ensure compliance with the Regulation (IT Charter, Personal Data Protection Charter);
• Keeps a record of any processing carried out under its responsibility or that of the subcontractor (maintenance of the processing register, confidentiality agreements for employees and service providers, company security policy, procedures for managing access requests, rectification, opposition...);
• Conducts Impact Assessments (IAA) for treatments that pose specific risks with respect to rights and freedoms.
The aim is to provide rich documentation to demonstrate compliance with data protection rules at all times.
What is a cookie?
A cookie is a small text file that is stored on the hard drive of the computer used when browsing the internet, regardless of the type of computer that is used, whether this is a computer, a tablet, a smartphone, a video game console connected to the Internet, among others.
What are the cookies on our website used for?
Through our website cookies are used to collect data related to the use analysis that the customer gives to our website. The purpose of the cookie is to adapt the content of the website to your profile and particular needs. In addition, they are used to help improve the service we offer by measuring the use and performance of the page to optimize and customize it.
Third Party Cookies:
Our website will have links from different social networks such as Facebook, Twitter, Instagram or as the Google search engine. It should also be noted that our website does not control cookies used by third parties.
For more information about cookies on social networks or other third-party websites, we recommend reviewing your own cookie policies.
What cookies are used?
Attached in table H1 you can find the various cookies used on our website and the purpose of each of these
Is there any risk associated with accepting a cookie?
No, cookies are simply small databases and cannot perform any operation individually.
The company BAMYLOC, guarantees that it complies with all legal obligations regarding cookies. Also, in order to obtain your consent, when browsing our website, an information banner about cookies will appear and requesting your consent for their installation. This banner will not disappear as long as you have not continued browsing, that is, as long as you have not gone to another section of our page or clicked on any element of the page (image, link, button). In addition, it is important to take into account that at the time of your navigation it is considered that your consent has been granted and results in the installation of cookies.
The period of validity of the consent for the placement of Cookies is a maximum of 13 months. At the end of this period, consent must be obtained again. Therefore, our cookies have a maximum duration of 13 months after the first placement on your device.
In order to respect your privacy, we want to assure you that the mere fact of visiting our site does not constitute the granting of consent for the installation of cookies. Likewise, simply clicking on the link in the information banner that allows the installation of cookies does not constitute an acceptance of your installation.
As long as you have not given your consent, no Cookie will be placed on your computer.
The refusal of your consent to the installation of cookies does not prevent access to our website.
There are cookies that are not subject to the requirement of consent, situations that are detailed below:
Cookies "shopping cart" for a trading page;
Cookies "account credentials", for the duration of a session, or Persistent Cookies limited to a few hours in some cases;
Account Cookies created by a media player;
Load balancing session cookies ("load balancing");
Some solutions for audience measurement analysis (analytics);
Persistent Cookies for user interface customization (language choice or presentation).
In the case of other cookies, their placement is subject to your consent. By continuing to browse our site or by using our features, you consent to the placement of these cookies. You can also exercise or withdraw your consent here: [WU2]
Do you accept the placement and reading of cookies so that we can analyze your navigation to offer you targeted advertising?
Do you accept the placement and reading of cookies in order to share the contents of our page with others or for others to know your reading or opinion ("Do I like" Facebook buttons, for example)?
Do you accept the placement and reading of cookies to allow audience measurement?
How can I object to the installation of third-party cookies?
Third-party cookies are managed differently depending on the web browser used.
Menu > Settings > Show advanced settings (located at the bottom of the page).
You must then click the Content Settings button, then tick the Block Cookies and Third Party Pages Data box, and finally click OK to validate your choice.
Menu > Options > Tab "Privacy".
Set the "Retention Rules" menu in "Use custom settings for history". Finally, uncheck the "Accept third party cookies" box
INTERNET EXPLORER: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
Menu > Internet Options > Tab "Privacy", then you must click the "Advanced" button to display the Advanced Privacy Settings window. Then check the box "Override automatic cookie management" and select "Reject" in the "Third Party Cookies" column.