Privacy policy

Privacy policy
1)            Introduction

Ports of Normandy is committed to meeting its obligations under the General Data Protection Regulation (GDPR) and ensuring that the personal data of users is protected.

This privacy policy describes the rules for managing, processing and storing the personal data of users collected within the framework of our operations. Personal data means any information concerning an identified or identifiable living individual. This policy only governs the processing for which Ports of Normandy is controller in accordance the GDPR and the French Data Protection Law (Loi Informatique et Libertés) of 1978 as amended. 


2)           Who is responsible for data processing?

The data controller is Ports of Normandy, represented by its President, Hervé Morin. 


3)           How do we use your personal data?

We may need to collect and use your personal data to manage: 

              The database of elected representatives

              Calendars and business contacts

              Administrative services

              Legal cases

              Finances and accounting

              Public procurement


              Public service concession contracts

              General services

              General meetings

              Job applications, internships, CVs


              Legality audit


              Port security

              Requests to exercise rights under the GDPR

              This website

              Press relations


              External communication

              Port calls

              Customer relations

              Purchasing and outsourcing for infrastructure maintenance

              Infrastructure maintenance work schedules

              Infrastructure operation

              The on-call Technical Support Service

              Dry docking equipment at Cherbourg

              Access control at Caen-Ouistreham and Cherbourg

              CCTV of infrastructure

              Floods caused by the river Orne


4)           What personal data do we collect?  

 Various categories of data may be collected depending on the processing operations carried out: identifiers and login data, personal and/or business information, supporting documents, tracking data (IP address, cookies, etc.)

This information may be collected from:


              Paper files

              Information provided during phone calls or via email  

              Your visit to our website

              A third party who is authorised to transmit such data to us

Some data is collected automatically via cookies, as you browse through our website.  (Read more about our cookies in paragraph 12 below)


5)           What is the legal basis for processing your personal data?

Ports of Normandy is only authorised to process personal data if one of the following conditions is met:

              The user has given clear, systematic and explicit consent for a specific processing purpose

              Data needs to be collected for the performance of a contract

              The data needs to be processed by the controller to meet one of its legal obligations

              Processing is linked to a task carried out in the public interest or in the interest of a public authority

              Processing is required in the legitimate interests of the data controller or a third party


6)           Who has access to your personal data?

Depending on their respective needs, the following may have access to all of part of your data: 

              Ports of Normandy departments in charge of examining files

              Partners who are authorised to process the data under an official agreement

              Subcontractors who have been contracted by Ports of Normandy to carry out processing in full or in part.

              Service providers during the performance of a software and/or maintenance provision agreement

              Third parties authorised by the French tax authorities or courts (DGFIP, DSN, etc.)

Anyone with access to your data is systematically asked to provide security guarantees to determine the responsibilities of each and everyone.


7)           Is your data transferred outside of the EU?

Ports of Normandy may need to transfer your data to third countries. Data is only transferred to countries which have an adequate and appropriate level of data protection. 


8)           How long do we keep your personal data?

The personal data we collect for each operation is subject to data storage rules, which may have been drawn up to satisfy:

              A legal retention period

              A period required to fulfil the processing purpose

              A set period, for regulatory or control reasons, imposed by rules that are applicable by law.

Once this storage period has expired, the information is archived, deleted or anonymised (for statistical purposes).


9)           How do we keep processing secure?

Once this storage period has expired, the information is archived, deleted or anonymised (for statistical purposes)

We use secure protocols for communication and the transfer of data.  We monitor all our systems to detect any vulnerabilities and attacks,  

and have taken measures to protect the confidentiality, integrity and availability of data.  Ports of Normandy has also implemented policies and procedures to prevent any unauthorised access to data, and has taken a “privacy by design” approach to its processing operations. 


10)        How can you manage the information we hold about you?

You have the right to access and rectify any data we hold about you, restrict the processing of such data, and request a copy of the data or that it be transferred to another controller. 

You also have the right to object to the processing of your data, request the data be erased, or withdraw your consent at any time, on legitimate grounds, unless the law states otherwise. 

Ports of Normandy has appointed a data protection officer, who ensures the rights of users are upheld.

Any queries or complaints about how Ports of Normandy processes data can be sent to the data protection officer.

To exercise your rights or if you have a question about how your personal data is processed, contact the data protection officer either by sending an email to


or a letter to:


2 Impasse Initialis - CS  20052



If you exercise your right to access your data, you will need to send us proof of identification  so that we can check we are sending the data to the right person in all confidentiality.

Should you wish to take any complaints or queries further, you have the right to contact the French data protection authority, the CNIL (3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France or


11)          What happens if a data breach occurs?

Any data breach which potentially puts the data subjects at risk will be reported to the data protection authority (CNIL) within 72 hours of the breach being noticed. 

If the breach puts the data subjects at an increased level of risk, both the CNIL and the data subjects will be notified of the breach.


12)         What are cookies and how can you manage them?

Cookies are small text files stored on your device (computer, tablet or phone) when you visit a website.  They are used to identify a visitor from one visit to the next.

You can deactivate and/or delete cookies in your web browser settings.  f you need help, use the Help menu in your web browser or visit the browser’s website. 


13)         Ports of Normandy’s commitment with regard to data processing

Ports of Normandy undertakes to do all it can to ensure that the personal data of users is:


              Obtained and processed fairly and lawfully  

              Collected for specific and legitimate processing purposes, and used solely for those purposes.

              Adequate, relevant and not excessive in relation to the processing purposes.

              Processed in keeping with the rights of data subjects as provided for in the GDPR

              Stored according to the requirements of the purposes it was collected for

              Processed and stored in a secure way to prevent it from being damaged, modified, destroyed or shared with unauthorised third parties