Personal data

This page presents the personal data protection policy of the Royal Abbey of Fontevraud website.

Personal data protection policy

The Royal Abbey of Fontevraud is managed by 4 separate legal entities:

The association Centre culturel de l’Ouest (CCO)

  • SIRET 30581500300010 / RNA W493002677
  • Intracommunity VAT FR09305815003
  • Abbaye royale de Fontevraud – BP 24
  • 49590 FONTEVRAUD L’ABBAYE

GIE Fontevraud

  • SIRET 79915633600015
  • RCS Angers 799 156 336
  • Intracommunity VAT FR45799156336
  • Fontevraud Royal Abbey – BP 24
  • 49590 FONTEVRAUD L’ABBAYE

The Société Publique Régionale de l’Abbaye Royale de Fontevraud (SOPRAF)

  • SPL with capital of €225,000
  • SIRET 52926090300016
  • RCS Angers 529 260 903
  • Intracommunity VAT FR03529260903
  • Fontevraud Royal Abbey – BP 24
  • 49590 FONTEVRAUD L’ABBAYE

SAS Fontevraud Resort

  • SAS with capital of €750,000
  • SIRET 79312936200026
  • RCS Angers 793 129 362
  • TVA intracommunautaire FR20793129362
  • Fontevraud Royal Abbey – BP 24
  • 49590 FONTEVRAUD L’ABBAYE

The data controller is indicated for each processing operation carried out when personal data is collected on the website.

Objective and scope of this policy

As part of its missions, the Royal Abbey of Fontevraud collects and processes personal data relating to its visitors, partners, suppliers and service providers.

This processing of personal data is governed in particular by the General Data Protection Regulation (GDPR).

Definitions

Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’); an ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Specific personal data: this refers to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person.

Data subject: any ‘identifiable natural person’.

Controller of personal data: this is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.

Processor: this is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing of personal data: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

The principles applied to personal data

Legitimate and proportionate use

Personal data may only be collected and processed for specific, explicit and legitimate purposes relating to the missions of the Royal Abbey of Fontevraud or to its operation:

  • the conservation, presentation, enrichment and promotion of its tangible and intangible heritage ;
  • the production and dissemination of its cultural offering;
  • informing and welcoming all kinds of visitors;
  • the marketing of goods and services related to its missions;
  • managing its human resources;
  • managing its finances, accounting, purchasing, technical equipment and facilities, etc. ;
  • and, more generally, to comply with its regulatory, administrative and legal obligations.

Furthermore, personal data may not be used subsequently in a manner incompatible with the purposes for which it was initially collected or processed.

For each processing of personal data that it implements, the Royal Abbey of Fontevraud undertakes to collect and process only the data that is strictly necessary for the objective pursued.

Fair and Transparent Data Processing

The Royal Abbey of Fontevraud informs individuals about each data processing operation it carries out through information notices.

These data are collected fairly; no data is collected without the individuals’ knowledge or without prior notification.

Relevance, Adequacy, and Minimization of Collected Data

The personal data collected, as well as the processing carried out, are strictly necessary for the intended purpose. The Royal Abbey of Fontevraud strives to minimize the data collected and ensure its accuracy.

Respect for Individuals’ Rights

Individuals whose data are processed by the Royal Abbey of Fontevraud have rights that must be exercisable and implemented by the Royal Abbey of Fontevraud in compliance with applicable legal and regulatory provisions.

These rights include:

  • Access to their personal data;
  • Rectification of their data if it is inaccurate or incomplete;
  • Objection to the processing of personal data;
  • Erasure of personal data, also known as the “right to be forgotten”;
  • Restriction of data processing in specific cases defined by the GDPR;
  • The right to data portability, allowing the transfer of personal data from one data controller to another.

For more information on the personal data protection policy of the Royal Abbey of Fontevraud, you can ask a question or exercise your rights via email at: dpo@fontevraud.fr.

Personal Data Security

The Royal Abbey of Fontevraud implements technical and organizational measures appropriate to the sensitivity level of the personal data it processes, ensuring their integrity and confidentiality. These measures protect the data against malicious access, loss, alteration, or disclosure to unauthorized third parties.

Information and Contact

This page presents the processing of personal data of various users of the Royal Abbey of Fontevraud’s website and its subdomains, in accordance with the General Data Protection Regulation (GDPR).

Subscription to Newsletters

Data Controller

The entity responsible for processing your personal data is GIE FONTEVRAUD.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

When you subscribe to our newsletter, we collect the following mandatory information:

  • Email address

Purpose of Data Processing

The information we collect is used solely to send you our newsletter, which may include news, promotions, and information about our products and services.

Legal Basis for Processing

The processing of your data is based on your explicit consent, which you provide by subscribing to our newsletter. You can withdraw this consent at any time by unsubscribing via the link provided in each newsletter.

The personal data requested in the newsletter subscription form is necessary to ensure the delivery of email communications regarding programming, news, and visitor offers at the Royal Abbey of Fontevraud, as well as our commercial offers.

Your data will not be used for any other purpose without your consent.

Data Transfer

  • Internally: Communication department
  • Externally: Your data is stored on the Mailchimp platform. The processed data may be transferred, stored, or processed outside the European Union.

Data Retention Period

We retain your data as long as you remain subscribed to our newsletter. Once you unsubscribe, your information will be automatically deleted.

Data Security

We take all necessary measures to protect your personal data from loss, misuse, or unauthorized access. This includes the use of appropriate technical and organizational measures.

Contact form

Data Controller

The entity responsible for processing your personal data is: GIE FONTEVRAUD.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

The following information is mandatory when submitting our contact form:

  • Full name
  • Email address
  • Phone number
  • Subject of the request
  • Details of the request

Purpose of Data Processing

The collected data is used to process your contact request and respond to your inquiries. We may also use this information to improve our services or conduct follow-ups if necessary.

Legal Basis for Processing

The processing of your data is based on your explicit consent when you complete the contact form. By submitting your information, you agree that we may use it to respond to your request.

Data Transfer

Depending on the nature of your request, your personal data may be transferred to other partner organizations or service providers for processing, who then become data controllers:

  • To SOPRAF for requests related to: General information / Ticketing and reservations / Press and filming / Modern Art Museum / Public services / Schools
  • To Fontevraud Resort for requests related to: Personal events and seminars / Fontevraud L’Ermitage

Data Retention Period

We retain your personal data only for the duration necessary to process your request and complete any related follow-ups. Once your request has been handled, your data will be deleted.

Data Security

We implement appropriate security measures to protect your personal data from unauthorized access, loss, or disclosure. This includes the use of protection systems and access control measures to ensure the security of your information.

Recruitment (Spontaneous Applications, Job Applications, Job Alerts)

Data Controller

The entity responsible for processing your personal data is: GIE FONTEVRAUD.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

What Data Do We Collect?

When you apply for a position, we collect the following mandatory personal data:

  • Full name
  • Email address
  • Phone number
  • Curriculum Vitae (CV) and/or Cover Letter
  • Details of your professional background
  • Qualifications and skills
  • Other relevant information provided by you as part of your application

Why Do We Collect Your Data?

The information you provide is used exclusively to evaluate your application, organize interviews, and keep you informed about the recruitment process. We may also use this data for communication regarding potential future opportunities.

Legal Basis for Processing

The processing of your data is based on several legal grounds under the GDPR:

  • Consent: You give explicit consent by submitting your application.
  • Performance of a contract: If you are selected, we will use your data for the hiring process and employment contract management.
  • Legitimate interest: We may use your information to optimize our recruitment process.

Data Transfer

Depending on the nature of your application, your personal data may be transferred to other partner organizations or service providers for processing:

  • Joint Data Controllers: SOPRAF / CCO / FONTEVRAUD RESORT
  • Consultants or Trainers: If necessary, for pre-employment assessments or training.
  • Service Providers: Taleez is used as our recruitment platform. Taleez’s GDPR policy is available here: https://help.taleez.com/rgpd

These entities are contractually required to maintain the confidentiality and security of your personal data in compliance with GDPR requirements.

Data Retention Period

We retain your personal data for the duration of the recruitment process. If your application is not successful, your data will be kept for a maximum of two years to contact you for potential future opportunities. If you are hired, your data will be integrated into your employee file in accordance with internal procedures.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data from loss, alteration, disclosure, or unauthorized access.

Ticket Purchase for Visits and/or Cultural Events

Data Controller

The entity responsible for processing personal data is SOPRAF.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

Data Collected with Account Creation

When you create an account and purchase tickets, we collect the following mandatory data:

  • Identity: Full name
  • Contact details: Email address, phone number, postal address
  • Payment information: Credit card details or other payment method, purchase history

Data Collected Without Account Creation

When purchasing tickets without an account, we collect the following mandatory data:

  • Contact details: Email address
  • Payment information: Credit card details or other payment method, purchase history

Purpose of Data Processing

The personal data collected is used for the following purposes:

  • Creating and managing your user account
  • Processing and managing your ticket orders
  • Communicating about your orders (order confirmation, reminders, cancellations, etc.)
  • Improving our service (statistics, user feedback)
  • Securing your transactions and account

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract execution (account creation, ticket purchase)
  • Legal obligations (e.g., invoicing or payment security management)
  • Legitimate interest (service improvement, website security)

Data Sharing

Your personal data may be transferred to partner organizations or service providers acting as processors:

  • GIE FONTEVRAUD for payment tracking or refunds if needed
  • Payment provider Lyra (GDPR policy available here: Lyra GDPR Policy)
  • Ticketing provider DIPTICK

Data Retention Period

We retain your personal data for as long as necessary to fulfill our contract with you and comply with legal obligations (e.g., invoicing and warranty management). Your data will be deleted or anonymized once it is no longer needed.

Retention periods are as follows:

  • Identification data: Stored for 3 years from the last contact
  • Billing data: Stored for 10 years, in accordance with Article L123-22 of the French Commercial Code

Data Security

We implement appropriate technical and organizational measures to protect your personal data against loss, unauthorized access, disclosure, alteration, and destruction.

Table reservation at the restaurant

Data Controller

The entity responsible for processing personal data is FONTEVRAUD RESORT.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

Data Collected

When creating an account and making a restaurant reservation, we collect the following mandatory data:

  • Identity: Full name
  • Contact details: Email address, phone number

Optional data: Postal address

Purpose of Data Processing

The personal data collected is used for the following purposes:

  • Processing and managing your reservation
  • Improving our service (statistics, user feedback)
  • Securing your transactions and account
  • Sending the Ermitage newsletter

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract execution (account creation, table reservation)
  • Legal obligations (e.g., invoicing or payment security management)
  • Legitimate interest (service improvement, website security)
  • Consent (for newsletter subscription)

Data Sharing

Your personal data may be transferred to partner organizations or service providers acting as processors:

  • Guestonline (reservation management platform). GDPR policy available here: Guestonline GDPR Policy
  • Mews (hospitality management system)
  • GIE FONTEVRAUD via Mailchimp (if you subscribed to the newsletter)

Data Retention Period

Your data will be deleted or anonymized once it is no longer necessary.

Retention periods are as follows:

  • Identification data: Stored for 3 years from the last contact
  • Billing data: Stored for 10 years, in accordance with Article L123-22 of the French Commercial Code

Data Security

We implement appropriate technical and organizational measures to protect your personal data against loss, unauthorized access, disclosure, alteration, and destruction.

Hotel room reservation

Data Controller

The entity responsible for processing personal data is FONTEVRAUD RESORT.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

Data Collected with Account Creation

When creating an account and booking a hotel room, we collect the following mandatory data:

  • Identity: Full name
  • Contact details: Email address
  • Payment information: Credit card details or other payment methods, purchase history

Without Account Creation

When booking a hotel room without an account, we collect the following mandatory data:

  • Contact details: Full name, email address, phone number, postal address
  • Payment information: Credit card details or other payment methods, purchase history

Additionally, we may collect optional information necessary for managing the reservation.

Purpose of Data Processing

The personal data collected is used for the following purposes:

  • Processing and managing your reservation
  • Improving our service (statistics, customer feedback)
  • Securing your transactions and account
  • Sending the Ermitage newsletter

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract execution (account creation, room booking)
  • Legal obligations (e.g., invoicing, payment security management)
  • Legitimate interest (service improvement, website security)
  • Consent (for newsletter subscription)

Data Sharing

Your personal data may be transferred to partner organizations or service providers acting as processors:

  • GIE FONTEVRAUD for payment tracking, invoicing, refunds, and newsletter distribution (via Mailchimp)
  • Adyen (payment service provider). GDPR policy available here: Adyen Privacy Policy
  • SYNXIS (reservation PMS)
  • MEWS (reservation management system)
  • Customer Alliance (service improvement platform)

Data Retention Period

We retain your personal data for the period necessary to fulfill our contract with you and comply with legal obligations (e.g., billing, guarantees). Your data will be deleted or anonymized once it is no longer needed.

Retention periods are as follows:

  • Identification data: Stored for 3 years from account creation
  • Billing data: Stored for 10 years, in accordance with Article L123-22 of the French Commercial Code

For newsletter subscribers, data is retained as long as you are subscribed. Once you unsubscribe, your information is automatically deleted.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from loss, unauthorized access, disclosure, alteration, and destruction.

Gift Box Purchase

Data Controller

The entity responsible for processing personal data is FONTEVRAUD RESORT.
Address: Abbaye Royale de Fontevraud – 49590 FONTEVRAUD L’ABBAYE

Data Collected with Account Creation

When creating an account and purchasing a gift box, we collect the following mandatory data:

  • Identity: Title, full name
  • Contact details: Email address, phone number, postal address
  • Payment information: Credit card details or other payment methods, purchase history
  • Recipient’s identity: Full name, email, postal address

Without Account Creation

When purchasing a gift box without an account, we collect the following mandatory data:

  • Contact details: Email address
  • Payment information: Credit card details or other payment methods, purchase history
  • Recipient’s identity: Full name, email, postal address

Purpose of Data Processing

The personal data collected is used for the following purposes:

  • Creating and managing your user account
  • Processing and managing your orders
  • Communicating about your orders (confirmation, reminders, cancellations, etc.)
  • Improving our service (statistics, customer feedback)
  • Securing your transactions and account
  • Sending the Ermitage newsletter

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract execution (account creation, gift box purchase)
  • Legal obligations (e.g., invoicing, payment security management)
  • Legitimate interest (service improvement, website security)
  • Consent (for newsletter subscription)

Data Sharing

Your personal data may be transferred to partner organizations or service providers acting as processors:

  • GIE FONTEVRAUD for payment tracking, refunds, and newsletter distribution (via Mailchimp)
  • Adyen (payment service provider). GDPR policy available here: Adyen Privacy Policy
  • SECRETBOX (gift box management). GDPR policy available here: Secretbox Privacy Policy
  • MEWS (reservation management system)

Data Retention Period

We retain your personal data for the period necessary to fulfill our contract with you and comply with legal obligations (e.g., billing, guarantees). Your data will be deleted or anonymized once it is no longer needed.

Retention periods are as follows:

  • Identification data: Stored for 3 years from the last contact
  • Billing data: Stored for 10 years, in accordance with Article L123-22 of the French Commercial Code

For newsletter subscribers, data is retained as long as you are subscribed. Once you unsubscribe, your information is automatically deleted.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from loss, unauthorized access, disclosure, alteration, and destruction.

Application for artist residencies

Responsible for data processing

The controller of personal data is the CCO.

Address: Royal Abbey of Fontevraud – 49590 FONTEVRAUD L’ABBAYE

What data do we collect?

When you apply for an artist residency, we collect the following personal data:

  • First and last name
  • E-mail address
  • Telephone number
  • Curriculum Vitae (CV) and/or Cover Letter
  • Other relevant information provided by you as part of your application

Why do we collect your data?

The information you provide us is used exclusively to evaluate your application, organize interviews, and keep you informed of the progress of the selection process. We may also use this data for communications related to possible future opportunities.

Legal basis of processing

The processing of your data is based on several legal bases under the GDPR:

  • Consent: You give us your explicit consent by submitting your application.
  • Performance of a contract: If you are selected (e), we will use your data for the management of the hiring process and the establishment of the employment contract.

Data transfer

Depending on the nature of your application, your personal data may be transferred to other partner structures or service providers for processing your application:

  • GIE FONTEVRAUD for contractual and payment terms.
  • Members of the selection panel who are indicated in the call for applications.

Data retention period

We keep your personal data for the entire duration of the selection process. If you are not retained (e), your data will be kept for a maximum of 3 years in order to contact you for possible future opportunities.

Security of your data

We put in place appropriate technical and organisational security measures to protect your personal data against loss, alteration, disclosure or unauthorised access.