PERSONAL DATA PROTECTION POLICY
Last update: 11-01-2023
​
SOCIETE DE GESTION HOTELIERE ET TOURISTIQUE, a limited liability company, whose registered office is located at 49 IMPASSE DU BAS FORT, 97190 LE GOSIER, registered in the Point-a-Pitre Trade and Companies Register B 487 982 357, ("HOTEL LE FLEUR D'EPEE") is committed to respecting data confidentiality and privacy, and in particular compliance with the General Data Protection Regulation (EU Regulation 2016/679) or "RGPD" and the French law "informatique et libertés" of January 6, 1978 as amended.
​
For further information on the protection of personal data, please consult the website of the Commission Nationale de l'Informatique et des Libertés www.cnil.fr.
​
The purpose of this Privacy Policy is to inform any person accessing and using the website accessible at the url: https://www.hotel-fleur-depee.com/ (the "Site") owned and operated by HOTEL LE FLEUR D'EPEE about the processing of your personal data by HOTEL LE FLEUR D'EPEE.
​
1/ Who is responsible for processing my personal data?
HOTEL LE FLEUR D'EPEE is responsible for processing personal data processed in connection with the use of the Site. The identity and contact details of the data controller are : The SOCIETE DE GESTION HOTELIERE ET TOURISTIQUE, a limited liability company registered with the Registre du Commerce et des Sociétés de Point-a-Pitre B 487 982 357, whose registered office is located at 49 IMPASSE DU BAS FORT, 97190 LE GOSIER.
​
2/ Why is your personal data collected and for what purposes?
HOTEL LE FLEUR D'EPEE collects and processes data from visitors to the Site. As part of the use of the Site, the Personal Data (defined in article 3) of users and visitors may be processed for the following purposes:
- to respond to your requests for information made through the Site;
- to send you newsletters if you have subscribed;
- to enable you to book and pay for a room and organize your stay;
- to provide you with a better experience of browsing and using the Site;
- to carry out statistical and performance studies of the Site.
HOTEL LE FLEUR D'EPEE only collects data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. These purposes are specific and legitimate and, under no circumstances, will your data be further processed in a manner incompatible with these purposes, except with your prior consent.
​
3/ What data is processed (data category)?
The categories of user personal data processed are (hereinafter referred to as "Personal Data"):
2/ Personal Data required to provide our services:
- your identity (first name* and surname*) ;
- your contact details (e-mail address* and telephone number*);
- your bank details* for booking and/or payment purposes, as these details are managed by our payment service provider. *This data is mandatory for any reservation on the Site.
2/ data required to use and improve the Site:
- the way you browse the Site;
- information relating to the hardware and peripherals used to access the Sites, in particular the type of device (desktop computer, laptop), the operating system, the type of Internet browser, the identifier of the mobile device and of the mobile operating system, the IP or MAC address;
- your search queries on the Site (if any);
- the way you browse the Site;
- order or sales history.
​
4/ On what basis is your Personal Data processed (legal basis)?
The processing of your Personal Data is justified on various grounds (legal basis) depending on the use of the Personal Data.
The various legal bases applicable are:
- consent: you agree to the processing of your Personal Data by means of an express consent (check box, click ....). You may withdraw this consent at any time.
- Legitimate interest: HOTEL LE FLEUR D'EPEE has a business interest in processing your data that is justified, balanced and does not infringe your privacy.
With certain exceptions, you may object to processing based on legitimate interest at any time by notifying HOTEL LE FLEUR D'EPEE.
- the law: the processing of your personal data is required by law.
​
5/ To whom is this Personal Data transmitted (recipients)?
Your Personal Data may be transmitted to subcontractors working on behalf of HOTEL LE FLEUR D'EPEE in the context of its activities (in particular third-party hosts) and to ensure the proper operation of the Site. These service providers are located within the European Union. Should Personal Data be transferred outside the European Union, 'HOTEL LE FLEUR D'EPEE will inform you in advance and will take all measures to ensure that such transfers of data outside the European Union are framed either by adherence to an adequacy decision of the European Commission, the conclusion of Standard Contractual Clauses of the European Commission or any other appropriate guarantees provided by Article 46 of the RGPD.
In addition, Personal Data collected and processed may be transmitted:- authorized persons in the relevant departments of HOTEL LE FLEUR D'EPEE, in particular for reservation management;
- our payment service provider, a subcontractor, in charge of the reservation and payment process on the Site;
- to administrative and judicial authorities, and more generally to public bodies, in order to comply with our legal obligations or to enable us to defend our rights and interests,
- where necessary, to our legal advisers and lawyers,
- if we sell or transfer our business or part of it and your Personal Data relates to that part sold or transferred, or if we merge with another company, we will share your Personal Data with the new owner of the company or our merger partner.
​
6/ Retention period
Contact Personal Data relating to the sending of messages by email or sms (electronic commercial prospecting) will be kept for three years from the date of our last contact. Personal Data facilitating browsing on the Site will be kept for the time necessary for the purposes for which they are collected, as specified in the Cookies Policy. Financial transactions relating to bookings via the Site are entrusted to a payment service provider, which ensures their smooth and secure processing. For the purposes of these services, this payment service provider is the recipient of credit card data, which it collects and stores on behalf of HOTEL LE FLEUR D'EPEE. This data is processed by the payment service provider exclusively for the processing/payment of reservations.
The retention periods are as follows:
Cardholder/Card number: stored for 10 days after the end of the stay.
CVV: stored before the payment transaction, to enable hotels to carry out the transaction (for security reasons, the CVV is read only once. It is automatically deleted after the 1st reading). The CVV is erased as soon as it is read, and no later than 10 days after the end of the stay.
In any event, data relating to credit card numbers may be kept in intermediate archives for the period stipulated in article L 133-24 of the French Monetary and Financial Code, i.e. thirteen (13) months following the debit date, for the purposes of proof in the event of any dispute concerning the transaction. After this period, the Personal Data is deleted.
7/ What security measures are taken?
HOTEL LE FLEUR D'EPEE takes all appropriate measures to ensure the security and confidentiality of Personal Data processed. HOTEL LE FLEUR D'EPEE has implemented technical and organizational measures to protect Personal Data against accidental loss, destruction, deterioration, abuse, damage and unauthorized or illegal access. As Personal Data is confidential, HOTEL LE FLEUR D'EPEE limits access to it to those company employees or service providers who require it in order to carry out the processing. All persons having access to Personal Data are bound by a duty of confidentiality and may be subject to sanctions if they fail to comply with these obligations. When we use subcontractors, service providers or transmit Personal Data to partners, this communication is subject to a contract to ensure the protection of this information. Payment-related Personal Data is managed by a secure payment service provider, certified with the PCI-DSS Level 1 protocol.
​
9/ Exercising your rights
In accordance with the regulations, you have the following rights:
- a right of access: the right to be informed about the manner in which Personal Data is processed and the right to obtain (i) confirmation that Personal Data is being processed by HOTEL LE FLEUR D'EPEE and, where appropriate (ii) access to such data and obtain a copy thereof;
- a right of rectification: the right to obtain rectification of inaccurate Personal Data concerning you and the right to complete incomplete data concerning you, by providing an additional declaration. Should you exercise this right, L'HOTEL LE FLEUR D'EPEE undertakes to communicate any rectification to all recipients of the Personal Data;
- a right of deletion: the right to obtain the deletion of Personal Data. However, this is not an absolute right and L'HOTEL LE FLEUR D'EPEE may for legal or legitimate reasons retain the User's data;
- a right to the limitation of processing: the right to obtain the limitation of processing on Personal Data;
- a right to portability: the right to receive Personal Data provided to L'HOTEL LE FLEUR D'EPEE, in a structured, commonly used and machine-readable format, for personal use or for transmission to a third party of the User's choice;
- a right to object to processing: the right to object at any time to the processing of Personal Data for processing based on the legitimate interests of L'HOTEL LE FLEUR D'EPEE, a mission of public interest and those for commercial prospecting purposes. This is not an absolute right, and L'HOTEL LE FLEUR D'EPEE may refuse this request for legal or legitimate reasons;
- the right to withdraw consent at any time: withdrawal of consent does not compromise the lawfulness of processing operations based on consent carried out prior to such withdrawal;
- the right to lodge a complaint with the CNIL: the right to contact the CNIL to lodge a complaint about L'HOTEL LE FLEUR D'EPEE's Personal Data protection practices;
- the right to give L'HOTEL LE FLEUR D'EPEE instructions concerning the use of your Personal Data in the event of your death. For example, you can unsubscribe from our newsletter at any time.
To exercise these rights or if you have any questions about the processing of your data under this system, L'HOTEL LE FLEUR D'EPEE invites you to use the following address: reservation@hotel-fleur-depee.com. If, after contacting L'HOTEL LE FLEUR D'EPEE , you feel that your "Data Processing and Individual Liberties" rights have not been respected, you can lodge a complaint online with the CNIL at www.cnil.fr.