Content management

Océarium du Croisic - Avenue de Saint Goustan - BP44 - 44490 Le Croisic

Publishing Director

Nadine AUFFRET

Creation and design of website

All details regarding the creation of the website are available via the following link:

Mediapilote: Communications and website design agency in Vendée

The information published on this site is the property of the Océarium du Croisic.
Such information may not be reproduced, in full or in part, without the consent of the Océarium du Croisic. Users are responsible for the searches they make and for the interpretation and use they make of the results. It is their responsibility to use the information in compliance with the regulations in force and the recommendations of the CNIL (the French data protection authority) when the data concerned is of a personal nature.
In particular, they should be aware that the information may only be used for strictly personal use, and that taking screenshots to recreate or expand a database containing people's personal details is against the law in France and is therefore forbidden. Similarly, it is also forbidden to use screenshots for commercial or advertising purposes.

Personal Data

In accordance with Act No. 2004-801 of 6 August 2004 on the protection of individuals in relation to the processing of personal data, amending Act No. 78-17 of 6 January 1978, this website has been registered with the CNIL [French data protection authority] (registration No. 2086200 v 0). Terms of the Laws (available on the CNIL website: www.cnil.fr) Act No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, known as the Data Protection Act; CNIL Decision No. 81-94 of 21 July 1981 adopting a recommendation on the general security measures for computer systems; Act No. 88-19 of 5 January 1988 on computer fraud, referred to as the Godfrain Act.

PRIVACY POLICY

1. PRIVACY POLICY
In this Privacy Policy, you will find all relevant information about the use we make of our users' personal data, regardless of the channel or media (online or in person) that you use to interact with us.

Our use of your personal data is transparent so that you understand how we use it and know what your rights are to your data.
We make all the information in this privacy policy available to you permanently, so that you can consult it whenever you deem it appropriate. You will also find information on the processing of your personal data as you interact with us.
This privacy policy complies with Article 4 of the General Data Protection Regulation ("GDPR").
The Company is a "controller" within the meaning of paragraph 7 of Article 4 of the GDPR for all personal data processed, as an application developer, owner and administrator of websites and other products and services. services.

1.1. Owner and Data Controller
Name:
Océarium of Croisic
Address:
Saint Goustan Avenue - 44490 LE CROISIC - FRANCE
Contact :
info@ocearium-croisic.fr

1.2. Types of information collected and processed

• Device information;
• Service usage data;
• Application crash reports.

 1.3. Special categories of personal data
No particular category of personal data (in accordance with Article 9 (1) of the PMSD) is processed.
 1.4. Categories of people concerned
• Application Users and other products and services;
 
1.5 Treatment objectives
• Maintenance of the application and other products and services;
Correction and improvement of websites, applications and other products and services;
• Development of new functionalities of websites, applications and other products and services;
• Security and reliability of websites, applications and other products and services.

1.6. Last update

• July 29, 2019.

2. APPLICABLE LEGAL BASIS
In accordance with Article 13 of the RGPD, we inform you of the legal basis of the processing of your personal data.
If the legal basis is not directly mentioned, the following conditions apply:
• The legal basis for obtaining consent is Article 6, Section 1 (a) and Article 7 of the RGPD;
• The legal basis for the processing of our services and the execution of contractual measures as well as for responding to requests for information is Article 6, Section 1, paragraph (b) of the RGPD;
• The legal basis for dealing with our legal obligations is Article 6 (1) (c) of the RGPD;
• The legal basis of treatment to protect our legitimate interests is Article 6, Section 1, paragraph f) of the GDPR.
If vital interests of the data subject or other natural person require processing of personal data Article 6 (1) (d) of the RGPD is the legal basis.

3. AMENDMENTS AND UPDATES TO THE PRIVACY POLICY

Please inform yourself regularly about the content of our privacy policy.
We will adjust the privacy policy as soon as data processing changes made by us make it necessary.

We will notify you as soon as the changes require your cooperation (for example, your consent) or any other individual notification.

4. SAFETY MEASURES
We will take appropriate technical and organizational measures to ensure an appropriate level of risk protection, in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation, the nature, the scope, circumstances and purpose of the processing as well as the likelihood and severity of the risks to the rights and freedoms of individuals are different.
These measures include protecting the privacy, integrity and availability of data by controlling physical access to data, as well as access, capture, transmission, security of availability and its separation.
In addition, we have procedures in place to ensure the exercise of data subjects' rights, data deletion and response to data risks. In addition, we already consider the protection of personal data when developing or selecting hardware, software and procedures, in accordance with the principle of data protection through technology design and preselection respectful of data protection (Article 25 of the RPGD).
Security measures include the encrypted transmission of data between your browser and our servers (TLS).

 5. DATA PROCESSING

5.1. Applications
When using applications for analysis and optimization, as well as for error detection and correction in applications, the following information is transferred to third parties (see section 6 of this policy):
• Device information;

Service usage data;
• Application crash reports.

5.2. Newspapers

In accordance with our legitimate interests, pursuant to Article 6 (1) (f) of the GDPR, we save the data whenever the server on which this service is located (server log files) is accessed.
This access data includes the name of the website or application being accessed, the file, the date and time of access, the amount of data transferred, the type and version of the browser and application , the user's operating system, the referral URL (the previously visited site), the IP address, and the provider through which the access occurred.
For security reasons, the log file information is saved for one year, after which it is deleted.
Data that needs to be saved longer for proof purposes is free from deletion and is backed up until the corresponding incident is resolved.

 6. THIRD PARTIES
Under GDAR Article 45, we share your information with third parties who comply with the requirements of the GDPR and possess a certificate of compliance with the EU-US Privacy Shield, such as:

• Crashlytics.
• Wezit Analytics

 6.1. Crashlytics

We use Crashlytics - a service provided by Fabric - a company of Google Inc. Group 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Crashlytics provides us with information about faults and malfunctions in applications.
For Crashlytics, in case of malfunction or failure, the following information is transmitted:

• IP address of the device;
• Device information, such as: device ID, device model and type, operating system name and version, settings, and device language;
• version and functionality of the application;
• moment of failure.
Data sent to Crashlytics is not stored, transferred to other services or resources, or associated with other data available to Google.
For more information on Crashlytics privacy settings, please visit:
• https://docs.fabric.io/apple/fabric/data-privacy.html;
• https://docs.fabric.io/android/fabric/data-privacy.html.
Google's privacy policy is available at:
• https://policies.google.com/privacy.
Google is certified under the Privacy Shield and hereby guarantees compliance with European privacy laws:
• https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

6.2. Wezit Analytics

We use Wezit Analytics - the service proposed by Wezit a MAZEDIA MAZEDIA brand - 16 boulevard Charles de Gaulle 44800 SAINT-HERBLAIN - Tel. 02 28 03 04 04 - www.mazedia.fr to collect and analyze the technical and usage data of Applications.
The following information is transmitted to Wezit Analytics:
• location data, such as: country, obtained through the country entered in the device;
• device information, such as: device ID, device model and type, device operating system name and version, device settings, and language settings;
• Version of the application.
Wezit Analytics is used in Applications according to Wezit's recommendations
The data transmitted to Wezit Analytics is not stored or transferred to other services or resources, or associated with other data available to Facebook.

7. ERASING DATA
The data we process are deleted or their processing is limited in accordance with sections 17 and 18 of the GDPR.
Except as expressly stated in this policy, the data that we save is deleted as soon as it is no longer necessary for its intended purpose and its removal does not violate any legal obligation to store and retain such data.

8. RIGHTS
You do not have to accept the transfer of your data to us or third parties.
If you refuse to provide your data to us or to third parties, you may not use the company's websites, applications, and other products and services that require you to provide certain data.
If you process your data in accordance with this policy, you have the following rights:
• the right to require access to your data, as well as to correct or delete your data, or limit processing, as well as the right to portability of data;
• the right to withdraw consent at any time without affecting the validity of the treatment performed prior to the withdrawal of consent;
• the right to complain to the supervisory authority.
If you have any questions, requirements or requests regarding the processing of your data in accordance with this policy, you may contact us using the contact information in section 1.1. of this policy