Privacy statement

Our customers’ privacy and personal data in the framework of our Services is very important to us. The following Privacy Statement aims at giving you information on our policy regarding personal data, more particularly how and why we process it and with whom we share it.

More precisely, this Statement describes how we use your personal data when you’re using our websites and/or booking portals, when you’re buying and using the Services provided by CTOUTVERT, or when you’re interacting with us via other channels (help desk, social media).

Using one of the Services provided by CTOUTVERT (hereby named « (the) Services ») confirms you have read and understood this Privacy Statement in its entirety and that you accept it.

In accordance with current legislation regarding protection of personal information, we consider CTOUTVERT acts as subcontractor for specific processes and purposes and as Processor for others.

It is reminded that personal data (hereby named « Data » or « Personal Data ») names « any information relating to an identified or identifiable individual, who can be identified, directly or indirectly in particular by reference to an identification number, a name, GPS data, or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity ».

Data processing (hereby named « Processing » or « Data Processing ») names « any operation or set of operations in relation to such data, whatever the mechanism used, especially the obtaining, recording, organisation, structuration, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction ».

We declare that Personal Data has been obtained lawfully for specific, explicit and lawful purposes.

We collect Personal Data from customers who have made a booking at an Establishment thanks to the SecureHoliday Booking Interface when the booking is made and send them to the payment Subcontractor or to the Establishment (via its PMS software if a PMS bridge has been set up) via a technical device the Establishment selects and is responsible for, most particularly regarding Personal Data safety.

Then we enter this Personal Data in the SecureHoliday system’s data base.

The Data obtained are the customers’ names and surnames, date of birth, address (street, postcode, town, country), phone number, email address, location and dates of booking.

We collect Personal Data from Establishments within the Services we provide them with, mostly when they order via the related Order Form.

The Data obtained are the name of the Establishment, address, company name, phone number, website, VAT number, email address, owner or signing person name and surname.

Personal Data is processed for the sole purposes of Service(s) execution for the Establishment, most particularly :Personal Data shan’t be used for any other operation than the ones described above.

Personal Data is processed for the execution of Services for the Establishment and for legal requirements, most particularly:We can also use the information described previously, including Data from customer consumers and Data from customer Establishments for the following purposes :
We can be led to share Personal Data with our partners, most particularly when the latter cash the amount of bookings directly, before they pay the concerned Establishment. In this case, sharing Data is made within the contract signed between said partners and the customer Establishment.

We can also be led to share personal data with subcontractors for our Services – mainly technical ones – among whom our servers’ host (Microsoft Azure).

When subcontractors intervene in Services provided by CTOUTVERT, all measures are taken to insure high level security in the protection of Personal Data and Processing is accomplished after our instructions. Subcontractors cannot use Personal Data any other way than the one expressly demanded nor transfer the Personal Data from CTOUTVERT’s customer Establishments or from the Establishments’ customer consumers who booked via SecureHoliday to any other party. More particularly, subcontractors are not allowed to use your data for their own market research purposes.

In any case, the only other occurrences Personal Data can be transferred to a third party are the following :

We store Personal Data as long as necessary for the purposes described above and comply with legal requirements.

We endeavour to make sure stored Personal Data is accurate, up to date and complete. We answer our customers’ requests to correct inaccurate information in due time, which means any person whose Personal Data we are storing can tell us to do so.

We have set up several technical and organization measures to insure safety and protection of processed Personal Data.

However, if the Personal Data are transferred to us via the Internet, we cannot guarantee their entire safety.

The Personal Data we process is exclusively hosted in the EEA. We transfer no Personal Data outside the EEA.

In accordance with current legislation regarding protection of personal data, you have a right to access, correct and delete it after request by mail at any moment :

10 Place Alfonse Jourdain
31000 Toulouse (France)
Email address :

You also have a right to complain to the competent supervisory authority, the National Commission for Data Protection and Liberties (CNIL-France).

It is reminded that, should you exercise any of these rights, we might no longer be able to provide you with all or part of the Services.

The following Policy regarding protection of Personal Data is subject to change without prior notice. In order to be informed of the changes made, please read our Policy on a regular basis.

Updated: 18/05/2018