BASS PRIVACY POLICY

BASS Val D’Isere Syndycate, 140 Solile, La Dialle, Val D’Isere 73150, France. info@bass-skischools.com

BASS have endeavoured to implement a privacy policy for clients and workers in line with the guidelines below. Please familiarise yourselves with the details.

What action has BASS taken?

1. All clients on the emailing list have been invited to continue to participate or be removed.

2. All new clients agree to their information being used for contact purposes about BASS or their reservation.

3. Privacy awareness is now implemented in team training. This document represents the basis of that training with the addition of customised elements, eg: Posting on social media, exchange of details in resort and uninvited contact.

4. BASS employ the services of security companies to secure website and terminals.

Protection of personal data - BASS is concerned with respect to the privacy of information that may be collected from users of our site. BASS undertakes that the pursuit of its legitimate business interests in the collection and processing of personal information received from users of our site does not conflict with the reasonable expectations of the privacy of the latter. Below we describe the way we treat the personal data that are sent to us by the users of our site. Access to and use of this site implies your consent to the collection, use and disclosure of personal information described further below in this document.

Categories of personal data and purposes - BASS only collects identification data, such as name, address, e-mail addresses, when they have been given voluntarily by you or you have expressly consented to. Your personal data may only be processed according to the purpose for which it was collected and which has been agreed to and may in particular be used to respond to any request made to us (including email notifications and ordering requests) and to improve the level of service and content of our site, as well as for other purposes that have been requested directly by you. Your personal data will be deleted by BASS when the respective processing is no longer necessary for the purpose for which it was collected. In accordance with the applicable law, you may exercise, at any time, the rights of access, correction, cancellation and opposition to the personal data kept in the files of BASS, under the terms described below in this document.

Personal data transfers - BASS guarantees that your personal data will not be disclosed in any way to third parties without your explicit and informed consent, except in cases where the disclosure of such information may be deemed necessary by BASS to execute a contract concluded between them and the BASS for the declaration, exercise or defence of a right in a judicial proceeding, or to protect the vital interests of BASS, the users of this site or the general public. The information collected through cookies will only be used by BASS and other companies of the BASS group to increase the quality of content, service and support provided to users of our site. Some of this information, such as the number of users accessing the site, may be made public, albeit only in an aggregated, non-individualized format. The type of information collected includes the origin of the user, type of browser, operating system and search engine used, and the duration of the site visit. 
Your personal data will be stored on BASS's computers / servers located in the European Economic Area and may, for the purposes described above, be shared with other BASS group companies. BASS and / or other companies of the same group situated in the European Economic Area may transfer their personal data to subcontractors within the European Economic Area.

Subcontractors - BASS may transfer your personal data to specialized third parties (eg data storage companies) that may be contracted by BASS or other group companies, which will process the data on behalf of the BASS (as subcontractors) and will assist in the provision of the content and provision of the services requested by them. These subcontractors shall be obliged to the BASS to comply with the obligations of confidentiality of their data and to put in place appropriate technical and organizational measures to protect their personal data against accidental, unlawful destruction, accidental loss, alteration, and unauthorized access and any other form of illicit treatment.

Data retention - BASS will only maintain its data for the period considered reasonably necessary for the purposes for which it was collected or for compliance with any other legal or ethical requirements.

Security measures - BASS have put in place a set of measures to protect your personal data and have implemented an adequate level of security in relation to the risks that the processing of your data presents and the nature of the data to be protected. BASS regularly inspects your system for vulnerabilities and weaknesses. However, given the risks inherent in the use of the Internet, BASS cannot guarantee or guarantee the security of the information transmitted to BASS. The emails sent through this site are not encrypted, so the BASS does not advise that any kind of confidential information is transmitted by this means as there is a risk that they may be used by unauthorized third parties.

Rights of the data subject - Users of the site have the right to access personal data held by BASS concerning them, to review and correct it and to request the erasure of data that is incorrect. You also have the right to withdraw the consent previously given to BASS for the processing of your personal data. If you have requested to send BASS commercial information (eg. newsletters), which you do not wish to continue to receive, you may inform BASS of your opposition to the processing of your personal data for this purpose.

If you wish to exercise any of the rights referred to above, you may contact BASS via the postal address referred to in the heading of this document or by e-mail:

 

 

BASS GDPR Policy

Security subcontractors: Norton Securities all devices – Trustwave – Website.

The IT department will be responsible for implementing, adhering to, and maintaining these controls. For the purposes of this document, “all devices” refers to workstations, laptops, servers, switches, routers, firewalls, mobile devices, and wireless access points. Where possible, these guidelines will apply to external remote systems and cloud services. 

Configuration guidelines 
All devices should be configured using strong administrative controls, including complex passwords or SSL keys (which must be kept in a centralized password/key database that only the IT department can access). These passwords/keys must be rotated every 90 days or when an IT staff member has been terminated. 

All devices should be set up with a “least privilege necessary” model, whereby access is provided only to employees who require it to do their jobs. Administrator accounts should be kept to a minimum and provided only to authorized members of the IT department (or elsewhere if approved by IT). 

All devices should have only the access, services, and functions needed for them to function properly. Critical systems storing confidential data should be protected by firewalls with the bare minimum of ports opened only to those sources that should access them. 

Where applicable, devices should be subject to hardening guidelines as provided by the vendor, insofar as these do not interfere with desired functions or access.