1 PERSONAL DATA PROTECTION POLICY
Last update: 11-01-2023
The SOCIETE DE GESTION HOTELIERE ET TOURISTIQUE, a limited liability company, whose head office is located at 49 IMPASSE DU BAS FORT, 97190 LE GOSIER, registered in the Trade and Companies Register of Point-a-Pitre B 487 982 357, (“HOTEL LE FLEUR D’EPEE”) is committed to respecting the confidentiality of data and privacy, and in particular to respecting the General Data Protection Regulation (EU Regulation 2016/679) or “RGPD” and the French law “informatique et libertés” of January 6, 1978 as amended.
For any information on the protection of personal data, you can also consult the website of the Commission Nationale de l’Informatique et des Libertés www.cnil.fr.
The purpose of this Personal Data Protection Policy is to inform any person accessing and using the Internet site accessible at the following URL: https://www.hotel-fleur-depee.com/ (the “Site”) owned and operated by HOTEL LE FLEUR D’EPEE about the processing of your personal data by HOTEL LE FLEUR D’EPEE.
1/ Who is responsible for processing my personal data?
The HOTEL LE FLEUR D’EPEE is responsible for the processing of personal data processed in the context of the use of the Site. The identity and contact details of the data controller are : The SOCIETE DE GESTION HOTELIERE ET TOURISTIQUE Limited liability company registered in the Trade and Companies Register of Point-a-Pitre B 487 982 357, whose registered office is located 49 IMPASSE DU BAS FORT, 97190 LE GOSIER.
2/ Why are personal data about you collected and for what purposes?
HOTEL LE FLEUR D’EPEE collects and processes data from visitors to the Site. In the context of the use of the Site, the Personal Data (defined in article 3) of users and visitors may be processed for the following purposes
– to respond to your requests for information made through the Site;
– to send you newsletters if you have registered (newsletters);
– to allow you to book, pay for a room and organize your stay;
– to provide a better experience of navigation and use of the Site;
– to carry out statistical and performance studies of the Site.
HOTEL LE FLEUR D’EPEE only collects data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. These purposes are specific and legitimate and, under no circumstances, shall your data be further processed in a manner incompatible with these purposes, except with your prior consent.
3/ What data is processed (category of data)?
The categories of personal data of users processed are (hereinafter the “Personal Data”):
2/ the Personal Data necessary to provide our services:
– your identity (first name* and last name*) ;
– your contact data (e-mail address* and telephone number*);
– your banking data* for the needs of the reservation and/or the payment, these data being managed by our provider of payment. *These data are mandatory for any reservation on the Site.
2/ the data necessary for the use and improvement of the Site:
– the way you navigate on the Site;
– information relating to the equipment and peripherals used to access the Sites, in particular the type of device (desktop computer, laptop), the operating system, the type of Internet browser, the identifier of the mobile device and the mobile operating system, the IP or MAC address;
– your search queries on the Site (if any);
– how you navigate the Site;
– order or sales history.
4/ On what basis is your Personal Data processed (legal basis)?
The processing of your Personal Data is justified by different grounds (legal basis) depending on the use of the Personal Data. The different legal bases applicable are :
– consent: you agree to the processing of your Personal Data through express consent (checkbox, click ….). You can withdraw this consent at any time.
– Legitimate interest: HOTEL LE FLEUR D’EPEE has a business interest in processing your data that is justified, balanced and does not infringe your privacy.
With certain exceptions, you may object at any time to processing based on legitimate interest by notifying HOTEL LE FLEUR D’EPEE.
– the law: the processing of your personal data is made compulsory by a legal text.
5/ To whom is this Personal Data transmitted (recipients)?
Your Personal Data may be transmitted to subcontractors working for HOTEL LE FLEUR D’EPEE in the context of its activities (in particular third-party hosts) and to ensure the proper functioning of the Site. These service providers are located within the European Union. If Personal Data is transferred outside the European Union, HOTEL LE FLEUR D’EPEE will inform you in advance and will take all measures to ensure that such transfers of data outside the European Union are governed either by adherence to an adequacy decision of the European Commission, the conclusion of Standard Contractual Clauses of the European Commission or any other appropriate safeguards provided for in Article 46 of the GDPR.
In addition, the Personal Data collected and processed may be transmitted:
– to authorized persons in the departments concerned within HOTEL LE FLEUR D’EPEE, in particular for the management of reservations;
– to our payment service provider, subcontractor, in charge of the reservation and payment process on the Site;
– to administrative and judicial authorities and more generally to public bodies in the context of compliance with our legal obligations or to enable us to defend our rights and interests,
– if necessary, to our legal advisers and lawyers,
– if we sell or transfer our business or part of it and your Personal Data relates to that part sold or transferred, or if we merge with another company, we will share your Personal Data with the new owner of the company or our merger partner.
6/ Retention Period
Contact Personal Data related to the sending of messages by email or sms (electronic commercial prospecting) will be kept for three years from our last contact. Personal Data facilitating navigation on the Site will be kept for the time necessary for the purposes for which they are collected, as specified in the Cookies Policy. Financial transactions relating to reservations via the Site are entrusted to a payment service provider who ensures the proper conduct and security. For the purposes of the services, this payment service provider is the recipient of credit card number data, which it collects and stores on behalf of HOTEL LE FLEUR D’EPEE. This data is processed by the payment service provider exclusively for the processing/payment of reservations. The retention periods are as follows:
Cardholder/Card number: stored 10 days after the end of the stay
CVV: stored prior to payment transaction to allow hotels to complete the transaction (for security reasons, the CVV is only read once. It is automatically deleted after the 1st reading). The CVV is deleted after being read and no later than 10 days after the end of the stay.
In any case, data relating to credit card numbers may be kept, for the purpose of proof in the event of a possible dispute of the transaction, in intermediate archives, for the period provided for in Article L 133-24 of the Monetary and Financial Code, in this case thirteen (13) months following the date of debit. After this period, the Personal Data are deleted.
7/ What security measures are taken ?
HOTEL LE FLEUR D’EPEE shall take all appropriate measures to ensure the security and confidentiality of the Personal Data processed. HOTEL LE FLEUR D’EPEE has put in place technical and organizational measures to protect Personal Data against accidental loss, destruction, deterioration, abuse, damage and unauthorized or illegal access. As Personal Data is confidential, HOTEL LE FLEUR D’EPEE limits access to it to company employees or service providers who need it to carry out the processing. All persons having access to Personal Data are bound by a duty of confidentiality and may be subject to sanctions if they do not respect these obligations. When we use subcontractors, service providers or transmit Personal Data to partners, this communication is subject to a contract to ensure the protection of this information. Personal Information related to payment is managed by a secure payment provider, certified with the PCI-DSS Level 1 protocol.
9/ Exercising your rights
In accordance with the regulations, you have the following rights:
– a right of access: the right to be informed about how Personal Data are processed and the right to obtain (i) confirmation that Personal Data are processed by HOTEL LE FLEUR D’EPEE and, if necessary (ii) to access and obtain a copy of such data ;
– a right of rectification: the right to obtain rectification of inaccurate Personal Data concerning you and the right to complete incomplete data concerning you by providing an additional declaration. In case of exercise of this right, L’HOTEL LE FLEUR D’EPEE undertakes to communicate any rectification to all recipients of the Personal Data; 5 – a right of deletion: the right to obtain the deletion of your Personal Data. However, this is not an absolute right and L’HOTEL LE FLEUR D’EPEE may for legal or legitimate reasons retain the User’s data;
– a right to the limitation of processing: the right to obtain the limitation of the processing of Personal Data;
– a right to portability: the right to receive Personal Data provided to L’HOTEL LE FLEUR D’EPEE, in a structured, commonly used and machine-readable format, for personal use or to transmit them to a third party of the User’s choice;
– a right to object to the processing: the right to object at any time to the processing of Personal Data for processing based on the legitimate interests of L’HOTEL LE FLEUR D’EPEE, a mission of public interest and those for commercial prospecting purposes. This is not an absolute right and L’HOTEL LE FLEUR D’EPEE may for legal or legitimate reasons refuse this request for opposition;
– the right to withdraw consent at any time: the withdrawal of consent does not compromise the lawfulness of processing based on consent carried out prior to this withdrawal;
– the right to lodge a complaint with the CNIL: the right to contact the CNIL to lodge a complaint about the practices of L’HOTEL LE FLEUR D’EPEE with regard to the protection of Personal Data;
– the right to give instructions concerning the fate of your data after your death: the right to give instructions to L’HOTEL LE FLEUR D’EPEE concerning the use of Personal Data in the event of your death. You can for example unsubscribe from our newsletter at any time.
To exercise these rights or for any questions about the processing of your data in this system, L’HOTEL LE FLEUR D’EPEE invites you to use the following address: firstname.lastname@example.org. If, after contacting L’HOTEL LE FLEUR D’EPEE, you feel that your “Data Protection” rights have not been respected, you can submit a complaint online to the CNIL at www.cnil.fr.