Confidentiality and privacy policy

1- Protection of Digital Data

Digital technology and its applications are an integral part of our daily lives. Based on the information requested from you, the forms you complete, or automated capture systems, Concarneau Cornouaille Agglomération and its public institutions digitize numerous pieces of data that are personal to you and often relate to your private life.
Their legal basis, purposes, collection, retention period, transmission, security, and confidentiality must comply with the provisions of the European Data Protection Regulation (GDPR) and the French “Informatique et Libertés” law.
To ensure continuous compliance with legal rules, guarantee maximum transparency regarding data processing, and facilitate the exercise of your rights of access and rectification, Concarneau Cornouaille Agglomération and its public institutions have implemented several mechanisms presented in this section.

• Community policy for data protection
• Data Protection Officer
• Processing registers
• How to exercise your rights

———————————————————————–

2- Personal Data Protection Policy

Concarneau Cornouaille Agglomération has defined a personal data protection policy aimed at four objectives:

Taking data protection rules into account when designing IT products and services intended to process personal data;
Monitoring compliance with legal obligations throughout the entire lifecycle of IT data processing and being able to prove such compliance;
Reducing data collection to what is strictly necessary;
Ensuring maximum transparency regarding data processing, except for information whose disclosure could compromise security;
Facilitating the exercise of rights granted by legislation to individuals whose data is processed.

Download the “Personal Data Protection Policy”

———————————————————————–

3- How to Exercise Your Rights

Articles 15, 16, and 17 of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (GDPR) grant you rights over your data:

Right of Access

You have the right to access any information concerning you contained in a computerized file managed by CCA or one of its public institutions. You may obtain a clear-language copy of all such data (including information in “notes” or “comments” fields).

Right to Rectification and Right to Erasure (“Right to be Forgotten”)

You may request that any information concerning you contained in a computerized file managed by CCA or one of its public institutions be rectified, completed, updated, or erased. You may then obtain a copy of the updated record.
*The right to erasure does not apply to all types of data processing.

Practical Procedures

You must contact the Data Protection Officer of Concarneau Cornouaille Agglomération:

> By email For rectification rights, send an email

> By postal mail
Délégué à la protection des données
CCA
1 rue Victor SCHOELCHER
29900 CONCARNEAU

> In person 1 rue Victor SCHOELCHER Zone de Colguen Concarneau

Important :

You must attach to your signed letter a copy of an identity document bearing your signature, or present it in person (this essential precaution prevents unauthorized access to your personal information). You must specify the exact address to which CCA should send its response.

After completing the online form or sending your letter, you will receive an acknowledgment of receipt (a dated and signed receipt will be issued for in‑person requests).

Concarneau Cornouaille Agglomération has a legal period of 1 month from receipt of your request to respond. If your request is too imprecise, CCA may ask for additional information by registered letter or email before the deadline. In this case, the response period is suspended until your reply.

Failure to respond within the legal timeframe constitutes a refusal. In such cases, or if the response seems incomplete, you may contact the CNIL. See the notice “Special Cases and Restrictions”.

CNIL. See the notice “Special Cases and Restrictions”.

———————————————————————–

4- Data Protection Officer

In accordance with legislation (Articles 37, 38, and 39 of the GDPR), Concarneau Cornouaille Agglomération has appointed a Data Protection Officer, whose designation was registered with the CNIL on 25/05/2018.

Her main missions include :

Maintaining and documenting registers of personal data processing, taking into account associated risks;
Independently monitoring compliance with legislation, including GDPR and the French Data Protection Act;
Implementing and promoting appropriate measures to demonstrate compliance at all times;
Providing advice and recommendations to departments and raising staff awareness;
Enabling CCA and its institutions to notify the CNIL of any data breaches and, if necessary, communicate with affected individuals;
Acting as the primary contact for the CNIL and cooperating during inspections.

Information Notice – Video Protection

The Pont‑Aven Museum is under video surveillance to ensure the protection of public buildings and facilities and their surroundings, as well as to prevent harm to the safety of people and property.

Video surveillance allows competent public authorities to record and transmit images taken in public areas.

The camera management and operation system is located within the museum premises.

Who is the Data Controller?

The data controller is Concarneau Cornouaille Agglomération, which determines the purposes and means of processing your personal data.

As data controller, it ensures the protection of personal data collected through this system and implements all technical, physical, and logical measures to comply with GDPR and the French Data Protection Act.

Legal Basis and Retention Period

Processing of your personal data is justified by different legal bases depending on the use made by the authority.

Refer to the French Internal Security Code: Articles L. 251‑2 and following.

The legal basis for this processing is legitimate interest, which does not infringe on your privacy.

Retention period: Images are kept for 1 month.

Recipients of the Data

Images may be viewed by:

The President of CCA and the Museum Management
Public authority agents individually designated and duly authorized
Private operators individually designated and duly authorized by the authority
In case of an incident: Gendarmerie, Police, Customs, Fire and Rescue Services

The authority does not sell or transfer collected data. No data is transferred outside the European Union.

How to Exercise Your Rights

You may request access to information concerning you, subject to third‑party rights. According to Article R. 253‑6 of the Internal Security Code, this right may be restricted to ensure national security or protect against threats to public safety.

By email: museepontaven@cca.bzh By mail: Musée de Pont‑Aven Parc d’activités de Colguen 1, rue Victor Schoelcher CS 50 636 29186 CONCARNEAU CEDEX

Phone: 02 98 06 14 43 / 07 84 43 55 53 Website: www.museepontaven.fr

Or by contacting the Data Protection Officer: protection.donnees@cdg29.bzh Service RGPD, Centre de Gestion de la Fonction Publique Territoriale du Finistère 7 Boulevard du Finistère 29000 Quimper

You may also file a complaint with the CNIL

Cookie	Duration	Description
cli_user_preference	1 an	Stores the user's cookie consent status.
cookielawinfo-checkbox-advertisement	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Advertising” type cookies.
cookielawinfo-checkbox-analytics	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Statistics” type cookies.
cookielawinfo-checkbox-functional	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Functional” type cookies.
cookielawinfo-checkbox-necessaires	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Necessary” type cookies.
cookielawinfo-checkbox-others	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Other” type cookies.
cookielawinfo-checkbox-performance	1 an	This cookie is installed by the cookie banner module. It is used to record user consent for “Performance” type cookies.
cookielawinfo-checkbox-statistiques	1 year	This cookie is set by the GDPR Cookie Consent plugin to check if the user has given consent to use cookies under the "Statistiques" category.
CookieLawInfoConsent	1 an	Used to store your consent to the use of cookies
PHPSESSID	1 mois	This cookie is installed by PHP applications. The cookie is used to store and identify the user's unique session ID in order to manage the user's session on the website. This cookie is a session cookie and will be deleted when all browser windows are closed.
viewed_cookie_policy	1 an	This cookie is installed by the cookie banner module, it is used to record whether or not you have accepted the use of cookies. It does not store any personal information.