Personal data
Personal data protection policy
The policy described in this document applies to any visitor (hereinafter the “Visitor”) of the website nantes-saintnazaire.fr (the “Site”), published by Nantes Saint-Nazaire Développement (hereinafter also referred to as the “Data Controller”). During your visit to the Site, we may process information relating to you that qualifies as personal data (hereinafter “Data” or “Personal Data”).
We attach great importance to respecting your privacy as well as ensuring the security and confidentiality of your personal data. We undertake to comply with current and future regulations relating to personal data protection, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), as well as the amended French Data Protection Act of 6 January 1978.
This document explains how we process your personal data in this context.
What data is collected and how is it collected?
When using the Site, Visitors may provide information constituting personal data concerning them.
The types of personal data collected directly include identification data entered in contact or application forms, such as surname, first name, title, company name, professional or personal contact details, and CV.
This website uses Google Analytics to measure and analyze website traffic in order to improve the Site. Although data is anonymized, if you do not wish cookies to be installed on your browser, you can disable them via the relevant settings.
You may opt out of tracking your navigation on this website. Doing so will protect your privacy but will also prevent the site owner from learning from your actions and improving the experience for you and other users.
Who processes the data?
The Data Controller responsible for processing Visitors’ personal data is:
Nantes Saint-Nazaire Développement
SIREN: 418 167 557
Head office:
16, rue de Cornulier – CS 10314
44003 Nantes Cedex 1 – France
What are the purposes and legal bases for data processing?
The Site processes Visitors’ data for the following purposes:
- Management of requests submitted via contact forms, based on the Data Controller’s legitimate interest in responding to contact requests or on pre-contractual measures when a booking request is made;
- Recruitment management, based on pre-contractual measures taken at the candidate’s request and, when data is retained in a CV database, on the legitimate interest of the Data Controller in meeting recruitment needs;
- Newsletter subscription management, based on the Data Controller’s legitimate interest in communicating news and services;
- Audience measurement and statistical analysis to improve and optimize services provided on the Site and visitor experience, based on Visitor consent regarding data collected via non-essential cookies.
Who receives the data?
Recipients of personal data include:
- Authorized staff members of the Data Controller (Nantes Saint-Nazaire Développement);
- Authorized personnel of service providers, partners, and subcontractors involved in the Site’s architecture, content, functionality, and hosting;
- Public authorities when required for compliance with legal, regulatory, judicial, or administrative obligations, or in response to requests from administrative or judicial authorities, or to establish legal rights or contracts. Data may be transmitted whenever legally required.
The Data Controller undertakes not to share personal data with any other third party without the Visitor’s consent.
However, anonymized or aggregated data may be shared with third parties for statistical purposes, without allowing identification of Visitors.
How are data protected and stored?
Data confidentiality and security are core concerns of the Data Controller and all authorized personnel handling such data.
The Data Controller implements appropriate technical and organizational measures, including physical, hardware, and software protections, to ensure the security, integrity, and confidentiality of personal data and protect it from unauthorized access, misuse, alteration, disclosure, or destruction.
The Data Controller also requires data recipients to provide sufficient guarantees regarding security and confidentiality.
In accordance with GDPR requirements, the Data Controller commits to notifying Visitors of any data breach likely to result in a high risk to their rights and freedoms, unless such communication is not required under Article 34 of the GDPR.
How long are data retained?
Data collected via contact forms are retained for up to three years after the last contact from the individual concerned. This period may be extended if the information remains relevant in the context of exchanges with Nantes Saint-Nazaire Développement.
Data collected via cookies are retained for a maximum period of 13 months.
Rights of data subjects – DPO contact – Right to lodge a complaint with the CNIL
In accordance with applicable regulations, Visitors have the right to request access to, rectification, or erasure of their personal data, as well as the right to provide instructions regarding the handling of their data after death. Visitors may also request restriction of processing, object to processing for legitimate reasons, and request data portability.
Where processing is based on consent, Visitors may withdraw their consent at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn. However, withdrawal of consent concerning data necessary for service provision may prevent access to that service.
To exercise their rights, Visitors may contact the Data Protection Officer (DPO) by mail or email:
Data Protection Officer
Nantes Saint-Nazaire Développement
16 rue de Cornulier – CS 10314
44003 Nantes Cedex 1 – France
Email: dataprivacy@nantes-saintnazaire.fr
The DPO can also be contacted for any questions relating to this document or data protection practices.
Visitors also have the right to lodge a complaint with a supervisory authority, particularly the French Data Protection Authority (CNIL).
Privacy Data Request Form
This section displays a Privacy Data Request Form allowing Visitors to request export or deletion of their data, depending on configuration options.
Request type: export, remove, or both.
Modification of this policy
This personal data protection policy was published on 21 January 2025. Any future modifications will be communicated on this page.