Privacy and Cookie Policy

Last updated: May 25, 2026

1. Introduction

Welcome to corsica-holiday.online.

This policy explains how we protect your personal data and use cookies to enhance your experience.

By using this site, you agree to the practices described below. If you do not agree, we kindly ask you not to use it.

2. Personal Data Collected

We only collect information that you voluntarily provide to us (via a form, email, WhatsApp message, or phone call). No data is collected automatically without your consent.

2.1 Data You Provide Directly

Here are the types of data we may collect if you provide them to us:

Identity Data:

First name, last name, email address, phone number.

Booking Data:

Stay dates, number of people, preferences (e.g., additional linens).

Payment Data:

Banking details (only to process your payment via Stripe or bank transfer).

We never store your banking details on our servers.

Communication Data:

Content of exchanged emails or messages.

Important:

WhatsApp messages are subject to Meta's privacy policy.

Online payments are managed by secure providers (Stripe, PayPal) and do not transit through our servers.

2.2 Automatically Collected Data (Cookies)

We use cookies to:

Improve your experience (e.g., remember your preferences),

Analyze traffic on our site (e.g., number of visitors, pages viewed via Google Analytics).

Types of cookies used on this site:

Strictly Necessary Cookies:

Purpose: Site functionality (e.g., contact form).

Duration: Session.

Consent required: No (exempt).

Performance Cookies (Google Analytics):

Purpose: Measure audience (visits, pages viewed).

Duration: 1 year.

Consent required: Yes.

Functionality Cookies:

Purpose: Remember your preferences (e.g., language).

Duration: 1 year.

Consent required: Yes.

No intrusive advertising cookies are used on this site.

3. Purposes of Data Processing

We process your data solely for the following purposes:

Booking Management:

Process your request, send you a confirmation, manage your stay.

Legal basis: Contract performance.

Communication:

Respond to your questions (email, WhatsApp, phone).

Legal basis: Consent or legitimate interest.

Site Improvement:

Analyze traffic to optimize user experience (via Google Analytics).

Legal basis: Consent (for cookies).

Security:

Protect the site against abuse (e.g., fraud detection).

Legal basis: Legitimate interest.

Legal Obligations:

Retain invoicing data for 10 years.

Legal basis: Legal obligation.

4. Cookie Management

4.1 What Is a Cookie?

A cookie is a small text file placed on your device (computer, smartphone, tablet) when you visit a site. It allows:

Remembering your preferences (e.g., language),

Analyzing your navigation (e.g., pages visited),

Improving your experience.

4.2 Cookies Used on This Site

_ga and _gid (Google Analytics):

Measure the site's audience (visits, pages viewed).

cookie_consent:

Stores your cookie consent choice.

We do not use advertising tracking cookies (such as those from Facebook or advertising networks).

4.3 How to Manage Your Cookies?

On Your First Visit:

A banner will appear at the bottom of the page with 3 options:

Accept all cookies,

Reject all (except strictly necessary cookies),

Customize (choose which cookies to allow).

Your choice will be remembered for 1 year.

Modify Your Preferences Later:

You can:

Click on "Manage Cookies" (if available at the bottom of the page),

Delete cookies via your browser:

Chrome: Go to Settings > Privacy and Security > Cookies.

Firefox: Go to Options > Privacy & Security > Cookies.

Safari: Go to Preferences > Privacy.

Edge: Go to Settings > Privacy, Search, and Services > Cookies.

Disable Google Analytics via this official tool.

Consequences of Refusal:

If you refuse performance cookies (Google Analytics):

We will not be able to measure the site's audience, but your browsing experience will remain unchanged.

If you refuse strictly necessary cookies:

Some features (e.g., contact form) may not work.

5. Data Storage and Security

5.1 Where Is Your Data Stored?

Contact and Booking Data:

Stored on secure servers (hosting by Namecheap.com, GDPR-compliant).

Payment Data:

Never stored by us (direct processing by Stripe).

Analytics Data (Google Analytics):

Stored by Google (servers in Europe for EU users).

5.2 Security Measures in Place

We protect your data with the following measures:

SSL/TLS encryption (HTTPS) to secure exchanges,

Restricted access to data (only authorized personnel),

Regular data backups,

Protection against attacks (firewall, anti-malware),

GDPR compliance of our subcontractors (Namecheap.com, Google, Stripe).

No data transmission to third countries not covered by an EU adequacy decision (e.g., United States) without additional safeguards.

5.3 Data Retention Periods

Booking Data: 10 years (tax obligation, Article L123-22 of the French Commercial Code).

Contact Data: 3 years from your last interaction (legitimate interest).

Performance Cookies: 1 year (or until you withdraw consent).

Technical Logs (IP, etc.): 30 days (security and maintenance).

You can request the deletion of your data at any time (see Section 7).

6. Sharing Data with Third Parties

We do not sell, rent, or share your personal data with third parties for commercial purposes.

However, your data may be transmitted only in the following cases:

Namecheap.com (Hosting Provider):

Purpose: Hosting the site and data.

Location: Servers in Europe (GDPR).

Legal Basis: Contract performance.

Google (Google Analytics):

Purpose: Audience analysis.

Location: Servers in the EU (for European users).

Legal Basis: Consent.

Stripe / PayPal:

Purpose: Payment processing.

Location: GDPR-compliant servers.

Legal Basis: Contract performance.

Legal Authorities:

Purpose: Comply with a legal obligation (e.g., judicial request).

Legal Basis: Legal obligation.

All our providers (Namecheap.com, Google, Stripe) comply with GDPR and sign a Data Processing Agreement (DPA).

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of Access:

Obtain a copy of the data we hold about you.

Right to Rectification:

Correct or complete your data if it is inaccurate.

Right to Erasure ("Right to Be Forgotten"):

Request the deletion of your data (subject to legal obligations).

Right to Restriction:

Restrict the processing of your data (e.g., suspend its use).

Right to Data Portability:

Receive your data in a structured format (e.g., CSV, JSON).

Right to Object:

Object to the processing of your data for legitimate reasons.

Right to Withdraw Consent:

Withdraw your consent at any time (e.g., for cookies).

Right to Lodge a Complaint:

Contact the CNIL (French data protection authority) if you believe your rights are not being respected.

How to Exercise Your Rights?

To exercise any of these rights, send an email to:

[contact@corsica-holiday.online]

We will respond within 1 month (up to 3 months in case of complexity).

Proof of Identity:

For security reasons, we may ask you to provide a copy of your ID (national ID card, passport) to verify your identity before processing your request.

8. Protection of Minors' Data

Our site is not intended for minors under 16 years of age.

We do not knowingly collect personal data from minors.

If you are a parent or guardian and believe your child has provided us with data without consent, please contact us immediately at [contact@corsica-holiday.online] so we can delete it.

9. Modifications to This Policy

This policy may be updated at any time, particularly in case of:

Changes in applicable laws (e.g., GDPR, French law),

Changes in our practices (e.g., new service provider),

Addition of features to the site.

You Will Be Informed of Modifications:

Via a banner on the site,

Or by email (if you have provided your address).

Last Updated: May 25, 2026

If you have any questions or specific requests regarding your data, please do not hesitate to contact us at [contact@corsica-holiday.online].