Privacy policy
1) Introduction
Ports of Normandy is committed to meeting its obligations under the General Data Protection Regulation (GDPR) and ensuring that the personal data of users is protected.
This privacy policy describes the rules for managing, processing and storing the personal data of users collected within the framework of our operations. Personal data means any information concerning an identified or identifiable living individual. This policy only governs the processing for which Ports of Normandy is controller in accordance the GDPR and the French Data Protection Law (Loi Informatique et Libertés) of 1978 as amended.
2) Who is responsible for data processing?
The data controller is Ports of Normandy, represented by its President, Hervé Morin.
3) How do we use your personal data?
We may need to collect and use your personal data to manage:
• The database of elected representatives
• Calendars and business contacts
• Administrative services
• Legal cases
• Finances and accounting
• Public procurement
• Land
• Public service concession contracts
• General services
• General meetings
• Job applications, internships, CVs
• Archives
• Legality audit
• CCTV
• Port security
• Requests to exercise rights under the GDPR
• This website
• Press relations
• Consultations
• External communication
• Port calls
• Customer relations
• Purchasing and outsourcing for infrastructure maintenance
• Infrastructure maintenance work schedules
• Infrastructure operation
• The on-call Technical Support Service
• Dry docking equipment at Cherbourg
• Access control at Caen-Ouistreham and Cherbourg
• CCTV of infrastructure
• Floods caused by the river Orne
4) What personal data do we collect?
Various categories of data may be collected depending on the processing operations carried out: identifiers and login data, personal and/or business information, supporting documents, tracking data (IP address, cookies, etc.)
This information may be collected from:
• Forms
• Paper files
• Information provided during phone calls or via email
• Your visit to our website
• A third party who is authorised to transmit such data to us
Some data is collected automatically via cookies, as you browse through our website. (Read more about our cookies in paragraph 12 below)
5) What is the legal basis for processing your personal data?
Ports of Normandy is only authorised to process personal data if one of the following conditions is met:
• The user has given clear, systematic and explicit consent for a specific processing purpose
• Data needs to be collected for the performance of a contract
• The data needs to be processed by the controller to meet one of its legal obligations
• Processing is linked to a task carried out in the public interest or in the interest of a public authority
• Processing is required in the legitimate interests of the data controller or a third party
6) Who has access to your personal data?
Depending on their respective needs, the following may have access to all of part of your data:
• Ports of Normandy departments in charge of examining files
• Partners who are authorised to process the data under an official agreement
• Subcontractors who have been contracted by Ports of Normandy to carry out processing in full or in part.
• Service providers during the performance of a software and/or maintenance provision agreement
• Third parties authorised by the French tax authorities or courts (DGFIP, DSN, etc.)
Anyone with access to your data is systematically asked to provide security guarantees to determine the responsibilities of each and everyone.
7) Is your data transferred outside of the EU?
Ports of Normandy may need to transfer your data to third countries. Data is only transferred to countries which have an adequate and appropriate level of data protection.
8) How long do we keep your personal data?
The personal data we collect for each operation is subject to data storage rules, which may have been drawn up to satisfy:
• A legal retention period
• A period required to fulfil the processing purpose
• A set period, for regulatory or control reasons, imposed by rules that are applicable by law.
Once this storage period has expired, the information is archived, deleted or anonymised (for statistical purposes).
9) How do we keep processing secure?
Once this storage period has expired, the information is archived, deleted or anonymised (for statistical purposes)
We use secure protocols for communication and the transfer of data. We monitor all our systems to detect any vulnerabilities and attacks,
and have taken measures to protect the confidentiality, integrity and availability of data. Ports of Normandy has also implemented policies and procedures to prevent any unauthorised access to data, and has taken a “privacy by design” approach to its processing operations.
10) How can you manage the information we hold about you?
You have the right to access and rectify any data we hold about you, restrict the processing of such data, and request a copy of the data or that it be transferred to another controller.
You also have the right to object to the processing of your data, request the data be erased, or withdraw your consent at any time, on legitimate grounds, unless the law states otherwise.
Ports of Normandy has appointed a data protection officer, who ensures the rights of users are upheld.
Any queries or complaints about how Ports of Normandy processes data can be sent to the data protection officer.
To exercise your rights or if you have a question about how your personal data is processed, contact the data protection officer either by sending an email to
or a letter to:
2 Impasse Initialis - CS 20052
14202 HEROUVILLE SAINT-CLAIR CEDEX France
If you exercise your right to access your data, you will need to send us proof of identification so that we can check we are sending the data to the right person in all confidentiality.
Should you wish to take any complaints or queries further, you have the right to contact the French data protection authority, the CNIL (3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France or www.cnil.fr).
11) What happens if a data breach occurs?
Any data breach which potentially puts the data subjects at risk will be reported to the data protection authority (CNIL) within 72 hours of the breach being noticed.
If the breach puts the data subjects at an increased level of risk, both the CNIL and the data subjects will be notified of the breach.
12) What are cookies and how can you manage them?
Cookies are small text files stored on your device (computer, tablet or phone) when you visit a website. They are used to identify a visitor from one visit to the next.
You can deactivate and/or delete cookies in your web browser settings. f you need help, use the Help menu in your web browser or visit the browser’s website.
13) Ports of Normandy’s commitment with regard to data processing
Ports of Normandy undertakes to do all it can to ensure that the personal data of users is:
• Obtained and processed fairly and lawfully
• Collected for specific and legitimate processing purposes, and used solely for those purposes.
• Adequate, relevant and not excessive in relation to the processing purposes.
• Processed in keeping with the rights of data subjects as provided for in the GDPR
• Stored according to the requirements of the purposes it was collected for
• Processed and stored in a secure way to prevent it from being damaged, modified, destroyed or shared with unauthorised third parties