USER PRIVACY POLICY
Last updated: 06/21/2025
Preamble and Purpose
This privacy policy is implemented by the tourist office, accommodation provider, or any other organization using the digital services provided by FeelCity, namely:
- the SaaS-based visitor management software Coq-Trotteur
- the personalized activity recommendation service (Emailing Service)
(together referred to as the “Services”).
The users of the Services process personal data of:
- Visitors: who visit the premises and use Coq-Trotteur
- Travelers: who book a stay and receive personalized email recommendations
(together referred to as “Data Subjects” or “You”).
The data processing is carried out by the Data Controller, as defined under the GDPR (Regulation (EU) 2016/679) and the French Data Protection Act of January 6, 1978.
This policy aims to:
- Inform you about the nature of data processing;
- Present the privacy and security commitments;
- Explain your rights and how to exercise them.
Definitions
Terms with a capital letter, such as Personal Data, Processing, Data Subjects, Data Controller, Processor, Recipient, Data Breach, have the meanings assigned by the GDPR.
“Data” in this policy refers to Personal Data.
Key Processing Features
| Item | Coq-Trotteur | Emailing Service |
|---|---|---|
| Data Subjects | Visitors | Travelers |
| Purposes | - Access management - Providing platform features - Building personalized stay/activity offers - Visitor assistance - Sending personalized information - Newsletter sign-up - Anonymization for statistics | - Sending personalized activity suggestions (travel guide) - Promotional emails - Anonymization for analyzing traveler needs - Retaining traveler profile for future use - Sending satisfaction surveys |
| Legal Basis | Performance of the Terms of Use between the Controller (e.g. tourist office) and the Visitor | Legitimate interest of the Controller and the Traveler |
| Data Processed | - Contact info (phone, email, postal address) - Stay details - Stay context (e.g. couple, family) - Specific needs (e.g. pets, disabilities) - Preferences - Identity info (name, nationality) - Technical and connection data | (same as Coq-Trotteur) |
| Collection Method | Data collected during use of Coq-Trotteur in and outside tourist office premises | Responses from forms filled during booking process |
| Retention Period | 3 years from data collection before anonymization | Max. 3 years after last interaction (e.g. email opened) |
Data Recipients
- Internal recipients: Authorized personnel of the Data Controller involved in providing the Services, with access restricted to relevant roles and protected under technical and organizational measures.
- External recipients:
- Service providers or Processors, such as FeelCity (SAS, RCS Nice B 850289083), headquartered at 18 rue de la Plaine de Cimiez, 06000 Nice, represented by Nicolas Garcin
- Administrative or judicial authorities as required
Your Rights Regarding Your Data
Under the GDPR, you have the following rights:
- Right of access: Request confirmation that your data is being processed, access it, and obtain a copy.
- Right to rectification: Correct any inaccurate or outdated data.
- Right to withdraw consent: If the processing is based solely on your consent.
- Right to object: Oppose processing due to your specific situation; request deletion if justified.
- Right to erasure: Request deletion of your data, subject to legal exceptions.
- Right to restriction: Temporarily suspend processing (e.g. pending rectification).
- Right to data portability: Receive your data in a commonly used format, where processing is automated and based on consent or contract.
- Post-mortem rights: Define how your data is handled after your death; absent specific instructions, your data will be deleted unless needed for legal reasons.
How to Exercise Your Rights
To exercise your rights:
- Contact the Data Controller using the contact details they provided (email or postal address).
- Your request must come from you (or a duly authorized third party) and be as clear and complete as possible.
- The Controller may request additional information to verify your identity, including a valid ID, which will be deleted once verified.
- The Controller may refuse manifestly unfounded or excessive requests, such as repeated or abusive demands.
Security Measures
The Data Controller, with assistance from FeelCity, implements appropriate technical and organizational security measures to protect your data:
- Access control and authorization management
- Secure authentication (HTTPS, SSH with public key)
- Pseudonymization and anonymization
- Data backups
- Encryption (private keys)
- Logging and audit trails
A formal data processing agreement defines the responsibilities and obligations of the Data Controller and FeelCity.
In case of a Data Breach, the Data Controller commits to:
- Notify the CNIL (French Data Protection Authority) if required
- Inform affected individuals when the risk is high
International Data Transfers
The Data Controller prioritizes hosting your Personal Data in France or within the European Economic Area (EEA).
If data must be transferred outside the EEA (to a country without an adequacy decision), the Controller will implement appropriate contractual safeguards in compliance with the GDPR.
Updates to This Policy
This policy may be updated at any time to reflect:
- Legal or regulatory developments
- Jurisprudence
- Changes in processing operations
- Introduction of new services
Any new version will be communicated by the method of our choosing.
Contact Us
For any questions or complaints about this policy, or to share comments, contact the Data Controller via the contact details they provided.
You may also contact the CNIL:
- Mail: Service des plaintes, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07
- Phone: +33 (0)1 53 73 22 22
- Online: www.cnil.fr/en/complaints