Loading...

Hôtel le Clément

Personal Data Protection Policy

Introduction

This personal data protection policy (the “Policy”) describes the rules applied within Hôtel Clément. It is binding on all employees of our company required to process such data, as well as on any external natural or legal person acting on our behalf.

This Policy complies with the requirements established by the French Data Protection Authority (CNIL), in accordance with Law No. 78-17 of January 6, 1978 relating to information technology, files, and freedoms, as amended and supplemented most recently by Law No. 2018-493 of June 20, 2018 promulgated on June 21, 2018 (the “French Data Protection Act”), and with European Regulation 2016/679 of April 27, 2017 relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data (the “Regulation”).

This Policy forms an integral part of the contractual relationship with our users, clients, and partners (cookies, commercial or partnership agreements, etc.). It informs you about how your personal data is collected and processed, as well as how the roles and responsibilities of all parties involved in such processing are defined and guaranteed.

Definitions

In the remainder of this Policy, the terms below shall have the following meanings: “client(s)”, “contact(s)”, “users”, “partners”: any natural or legal person having a relationship with Hôtel Clément; “data controller”: any natural or legal person who determines the purposes and means of the processing of personal data defined in this Policy; “processor”: any natural or legal person who processes personal data on behalf of the data controller (in practice, these are the service providers with whom we work and who process the personal data handled by us); “recipients”: the natural or legal persons to whom personal data is disclosed, which may therefore include both internal recipients and external organizations.

Purpose of Processing

Your data is collected for a specific and clearly defined purpose. The purposes are consistent with applicable standards and regulations. We do not use personal information for purposes incompatible with those for which it was collected, unless such use has subsequently been approved by you. Should we use the information concerning you collected by us in another manner, we would inform you at the time of collection or request your authorization.

  • The data processing activities we implement are notably necessary to:
  • provide our services (reservations, management of your stay, Wi-Fi access, etc.);
  • perform a contract or carry out pre-contractual measures;
  • improve our services and the customer and user experience;
  • manage our relationship with customers before, during, and after your stay;
  • fulfill our obligations toward our customers;
  • manage video surveillance for your safety, the security of the premises, and the safety of staff;
  • secure payment transactions by determining the level of fraud risk associated with each transaction, and protect property and individuals by combating unpaid debts;
  • use the necessary services to identify individuals present in our hotel in the event of serious incidents (natural disasters, terrorist attacks, health crises, etc.);
  • pursue our legitimate interests, particularly with regard to understanding our contacts, as well as managing, monitoring, controlling, and developing our activities;
  • comply with our legal obligations.
  • engage in or encourage any third party to engage in illegal activity or any other activity that would infringe upon the rights of Hôtel Clément or any other user;
  • impersonate another person;
  • attempt to probe, scan, or test the vulnerability of the Website, or breach security or authentication measures without authorization;
  • attempt to probe, scan, or test the vulnerability of the Website, or breach security or authentication measures without prior authorization;
  • Comply with applicable legislation:
  • identify, prevent, and protect ourselves against fraud and any other offenses, claims, and liabilities;
  • comply with our legal obligations and policies;
  • establish, exercise, or defend legal rights in court;
  • carry out our audit, inspection, and communication activities;
  • monitor and report compliance issues;
  • more generally, comply with our legal obligations and defend our interests in the event of a dispute or legal action.
  • Provided that you authorize us to do so where required by applicable legislation, we may also use the personal data we collect for the following purposes:
  • send you emails or text messages (SMS) regarding our products and services, as well as games, contests, offers, promotions, or events that we believe may be of interest to you;
  • send you emails or text messages (SMS) regarding the products and services of our business partners;
  • enable cookies and similar technologies;
  • provide you with our online services (including the website and online booking services).
  • monitor and report compliance issues;
  • more generally, comply with our legal obligations and defend our interests in the event of a dispute or legal action.
  • The purposes are:
  • provide our services and fulfill our contractual or pre-contractual relationships
  • respond to your requests, honor your reservations, and process payments related to our products and services;
  • manage our loyalty programs;
  • communicate with you regarding your reservations and purchases, as well as our loyalty programs;
  • manage your complaints, requests for information, and inquiries;
  • provide you with our services at our hotel or online;
  • and, more generally, address any concerns you may have regarding our services and products;
  • inform you about and improve our services – Pursue our legitimate business interests, manage our relationship with you by maintaining a database that includes existing and potential contacts, and enables us to proactively manage our loyalty program;
  • introduce you to our products and services and inform you about games, offers, promotions, or events that we believe may be of interest to you;
  • provide you with our services at our hotel or online;
  • offer you a personalized experience;
  • ensure your browsing experience on our website and improve your user experience;
  • personalize our website and commercial offers according to your preferences;
  • use analytics and profiling technologies to personalize your experience, develop content (including advertisements) tailored to your interests and use of our online services or our hotel, manage our business activities, diagnose potential technical or service-related issues, administer our online and on-site services, identify users of our online services, identify a device for fraud prevention purposes, gather demographic information about our contacts, and determine usage patterns associated with our services;
  • ensure the security of our networks and systems.

Data Relevance

The defined purpose makes it possible to determine the relevance of the data we collect. Only data that is adequate, relevant, and strictly necessary to achieve the intended purpose is collected and processed. We ensure that the data is updated throughout the processing activities in order to maintain its accuracy.

  • As part of the processing of personal data whose purposes and legal bases have been specified above, we may collect and process, in particular, the following categories of data:
  • contact details (last name, first name, telephone number, email address);
  • personal information (date of birth, nationality);
  • information about your children (first name, date of birth, age);
  • your credit card number (for transaction and reservation purposes);
  • information appearing on an identity document (identity card, passport, or driver’s license);
  • your partner loyalty program membership number and information relating to your activities within the loyalty program;
  • your arrival and departure dates;
  • your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers read, sports, cultural interests, food and beverage preferences, etc.);
  • your questions/comments during or following a stay;
  • technical and location information generated through the use of our website;
  • any other personal data that you provide to us.

We may also collect additional personal data concerning you directly during events that we organize, under the conditions and for the purposes specifically notified to you on such occasions.

You may refuse to provide us with your personal data. However, certain data is mandatory in order to respond to your request, access the requested service, or comply with legal or regulatory obligations. In the absence of such information, your request may not be processed or its processing may be delayed.

Where a password or validation code is required, it remains entirely unknown except to the contact concerned.

We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor do we process genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health, sex life, or sexual orientation. Nevertheless, during exchanges with you, if you provide us with such information, and in particular data relating to your health, a specific procedure will be followed in order to obtain your express consent to such collection.

In the event that you provide us with the personal data of a third party, you must first inform them of your actions and ensure that you have obtained the necessary authorizations and their consent to do so.

Personal data of minors.
We are particularly committed to protecting the privacy of children who may access our services. The collection of information concerning persons under 16 years of age is limited to their surname, nationality, and date of birth, which may only be provided to us by an adult. We thank you for ensuring that your children do not transmit any personal data to us without your authorization (particularly via the Internet).

In the event that a parent or guardian exercising parental authority becomes aware that their child has provided us with personal data without their consent, we invite them to contact us. We will take the necessary measures to delete such information from our database in accordance with applicable legal requirements.

We strongly recommend that parents and guardians exercising parental authority regularly monitor and supervise their children’s online activities.

  • Declarative personal data.
    We may collect personal data directly from you, in particular when:
  • you connect to our website;
  • you make a reservation;
  • you check in (check-in and check-out) or use services during your stay (meals, beverages, and any other services);
  • you pay for your stay and/or services;
  • you make a reservation through third parties (online or offline travel agencies and others);
  • you interact with us in any other way, including through social media;
  • you subscribe to our newsletters;
  • you use our loyalty program;
  • you write a review or comment on our website, on third-party social networks, or participate in satisfaction surveys;
  • you contact us through various channels, including contact forms, email, postal mail, or telephone;
  • you contact us through our social media accounts or via third-party social networks;
  • you participate in a game or contest, a prize draw, satisfaction surveys, or polls;
  • you communicate with us in any other way.
  • This data is collected in particular through our forms and questionnaires, in paper or electronic format.

Operational personal data.
The operations carried out when we provide services to you generate and produce data concerning you. The same applies when you use our website. This data resulting from the operation of our products and services is subject to processing.

Personal data originating from automated means.
We may use automated technologies to collect data from your computer or mobile device (phone or tablet) when you visit our establishment and use our online services or on-site services within our hotel. These automated technologies notably include cookies, local shared objects, and web beacons.

  • We may therefore collect the following data:
  • your Internet Protocol (IP) address;
  • the dates and times at which you access our online or on-site services;
  • the names and URL addresses of files accessed using our online services;
  • the type of mobile device used and its settings;
  • the unique device identifier or mobile equipment identifier associated with your mobile phone;

Data collection minimization.
We collect your personal data only when it is strictly necessary and lawful. We undertake to collect only the minimum personal information necessary for the purposes covered by this Policy.

Should we need to use your personal data for purposes not covered by this Policy, additional consent will be requested from you. Such consent is not mandatory but may sometimes be necessary for us to be able to respond to your needs/requests.

Limited Data Retention

The retention period for data does not exceed the duration necessary for the purposes explained to you, and we inform you of the length of time during which your data will be retained.

We ensure that personal data concerning you is kept in a form permitting identification of the data subjects only for as long as necessary with regard to the purposes for which it is processed.

In general, your personal data is retained for the entire duration of your relationship with us, plus a period of three (3) years following the end of our relationship. It is then archived in order to comply with our legal obligations or for evidentiary purposes, or anonymized for study and statistical purposes. However, we retain certain data where such retention is required by law, or where such retention is necessary to enable us to manage disputes and claims.

In certain cases, we may retain certain personal data concerning you due to a legal obligation, or where an issue remains outstanding, for example an unresolved complaint or dispute. In such cases, the data necessary for resolving the issue, complaint, or dispute will be retained for as long as the matter remains ongoing, subject however to the applicable limitation periods.

Other data may be retained after having undergone processing intended to prevent their reassignment to an identified person for study and statistical purposes.

Restricted Access to Data

Only duly authorized recipients may access the information necessary for the performance of their duties, within the framework of an access management policy. Strict access and confidentiality rules apply to the personal data processed. Access rights are granted according to the user’s role and are updated in the event of any change or evolution of such role.

Recipients of your data.
The personal data that we collect, as well as that subsequently collected, is intended for us in our capacity as data controller, except where we act as an intermediary in order to offer you products or services ancillary to our offers.

We do not sell any of your personal data and share it only in accordance with the terms set out in this Policy or where required by law. We undertake not to rent, distribute, or sell your personal information to third parties unless you have previously authorized us to do so.

We ensure that your data is accessible only to the authorized internal or external recipients listed below.

We may also share your data with service providers who supply us with services such as fulfilling reservations and orders, providing advertising services (particularly within the framework of a loyalty program), data processing and other information technology-related services, managing promotions, contests, raffles, and lotteries, carrying out studies and analyses, and offering a personalized experience to our contacts. We prohibit our service providers from using or sharing this information for purposes other than providing services on our behalf.

Finally, we are entitled to use or share personal data with local authorities where necessary in order to comply with any law, regulation, or legal requirement, to protect our online and on-site services, to initiate legal proceedings or defend legal rights, to protect the rights, interests, and safety of our organization, our employees, or the general public, or in connection with an investigation into fraud or any other violation or breach of our policies.

For strategic or other business reasons, we may decide to sell or transfer all or part of our activities. In connection with such a sale or transfer, we may transfer the information we have collected and stored (including personal data) to any person or entity involved in the transaction. In the event of a merger, acquisition, sale, or transfer of all or part of our activities, your data may be disclosed to the persons or entities concerned.

Transfer of Your Data

We may use profiling techniques for marketing purposes in order to personalize and adapt our product and service offers to your needs and to establish marketing profile models. You may object at any time to the processing of personal data concerning you for direct marketing purposes under the conditions defined in the section “Exercising your rights regarding your personal data” below.

Profiling Processing Activities

We may use profiling techniques for marketing purposes in order to personalize and adapt our product and service offers to your needs and to establish marketing profile models. You may object at any time to the processing of personal data concerning you for direct marketing purposes under the conditions defined in the section “Exercising your rights regarding your personal data” below.

Security of Your Data

Appropriate technical and organizational measures are implemented to ensure that data is processed in a manner that guarantees its protection against accidental loss, destruction, or damage that could compromise its confidentiality or integrity.

When we use a service provider, we communicate personal data to them only after obtaining commitments and guarantees from them regarding their ability to meet these security and confidentiality requirements. In compliance with our legal and regulatory obligations, we enter into agreements with our processors precisely defining the conditions and methods under which they process personal data.

Likewise, we carry out audits of our own services as well as those of our service providers in order to verify the application of data security rules.

In the event of a personal data breach, we undertake to notify the French Data Protection Authority (CNIL) under the conditions prescribed by the Regulation. If such a breach is likely to create a high risk for our contacts and the data has not been protected, we will inform the affected contacts and provide them with the necessary information and recommendations.

Exercise of Your Rights Regarding Your Personal Data

We are particularly committed to respecting the rights granted to you in connection with the data processing activities we implement, in order to guarantee fair and transparent processing taking into account the specific circumstances and context in which your personal data is processed.

In this respect, you are entitled to confirmation as to whether or not your personal data is being processed and, where it is being processed, you have the right to request a copy of your data and information concerning you.

Right to rectification of your data.
You may request that your personal data be rectified or completed where it is inaccurate, incomplete, ambiguous, or outdated, as applicable.

Right to erasure of your data.
You may request the deletion of your personal data. Such a request may only be granted if one of the grounds provided for under the applicable regulations applies. If none of these grounds applies, we will not be able to respond favorably to your request. This will notably be the case where we are required to retain the data due to a legal or regulatory obligation or for the establishment, exercise, or defense of legal claims.

Right to restriction of data processing.
You may request the restriction of the processing of your personal data in the cases provided for by applicable laws and regulations.

Right to object to data processing.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where the legal basis for such processing is the legitimate interest pursued by the data controller. In the event of such an objection, we will cease processing your personal data in connection with the relevant processing activity unless we can demonstrate compelling legitimate grounds for continuing such processing. Such grounds must override your interests and rights and freedoms, or the processing must be justified for the establishment, exercise, or defense of legal claims.

You have the right to object to direct marketing activities and to profiling insofar as it is related to such marketing. In particular, with regard to direct marketing, you may object to receiving marketing communications by post, electronically, or by telephone. In the case of electronic marketing communications (email, SMS, MMS), we may use such means if you have given your consent at the time of data collection. You may subsequently object to such communications at any time by contacting us using the contact details provided. If you have consented to direct marketing from one of our partners and wish to object to it, you must send your request directly to the relevant partner.

Finally, if you have consented to telephone marketing by checking a box included in the documentation provided in connection with the use of our services, you may request, free of charge, the registration of your telephone number on the telephone marketing opt-out list managed by OPPOSETEL via the following link: http://www.bloctel.gouv.fr Nevertheless, it should be noted that this process will not interrupt the receipt of commercial offers by electronic means if such marketing method has been expressly consented to and such consent has not been withdrawn from the data controller in accordance with the procedures mentioned above.

Right to withdraw your consent.
Where the data processing activities we implement are based on your consent, you may withdraw such consent at any time. We will then cease processing your personal data, without affecting the lawfulness of processing operations carried out prior to the withdrawal of your consent.

  • You may lodge a complaint with the CNIL, without prejudice to any other administrative or judicial remedy:
  • By post: CNIL – Complaints Department: 3, place de Fontenoy - TSA 80715 - 75334 Paris cedex 07
  • Or online via the CNIL website

All the rights listed above may be exercised by contacting us using the contact details provided in the Legal Notice of the Website, and by attaching to your request a copy of an identity document bearing your signature.

It is recalled that if the requests of a data subject are manifestly unfounded or excessive, in particular because of their repetitive nature, we may either require the payment of reasonable fees taking into account the administrative costs incurred in providing the information, communicating the data, or taking the requested measures, or refuse to act upon such requests.

For any further general information regarding the protection of personal data, you may consult the CNIL website (www.cnil.fr).

Applicable law

This Policy is governed by French law irrespective of conflict of law provisions. The French courts shall have exclusive jurisdiction over any dispute relating to this Policy.

In the event that one of the clauses of this Policy becomes void due to a change in legislation, regulations, or by virtue of a court decision, this shall in no way affect the validity and enforceability of the other clauses of the Policy.