Publisher: HOTEL CEZANNE SAS
Simplified Joint-Stock Company registered with the Aix en Provence Trade and Companies Register under number 432 244 002
Registered office: 40, avenue VICTOR HUGO, 13100 AIX EN PROVENCE
Intra-community VAT number: FR31 432 244 002
Telephone number: +33 (0)4 42 91 11 11
Email address: [email protected]
Publication Director: [email protected], Hotel Director Anne-Marie Da Costa.
Design and production: Opinews
Hosting company: FC Micro, a limited liability company registered with the EVRY Trade and Companies Register under number 451 517 528, located at 3 rue des Préaux 91640 VAUGRIGNEUSE.
Telephone number: +33 (0)1 69 94 10 96
Email address: [email protected]
The following conditions set out the policy on the processing of customers’ personal data, collected:
- When visiting the website https://boutiquehotelcezanne.com/;
- In the context of booking holidays via the website or on-site at the hotel’s reception;
- During a stay at the hotel.
This charter appears on the website and is displayed at the hotel’s reception. All customers may consult it.
This policy is in line with the French law no. 78-17 of 6th January 1978, with regard to information technology, files and freedoms, amended by French law no. 2018-493 of 20th June 2018 and EU Regulation 2016/679 of the European Parliament and Council of 27th April 2016 with regard to the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).
The term “personal data” refers to any information enabling the direct or indirect identification of an individual.
The term “data controller” refers to the legal entity, which determines the purposes and means of the processing of the personal data collected.
The term “Data Protection Officer (DPO)” refers to the person responsible for implementing GDPR compliance with regard to the processing implemented by this body.
- DATA CONTROLLER
The data controller is the company:
HOTEL CEZANNE SAS
Registered with the AIX EN PROVENCE Trade and Companies Register under number 432 244 002
Whose registered office is located at 40, avenue VICTOR HUGO, 13100 AIX EN PROVENCE
- DATA PROTECTION OFFICER
The Data Protection Officer (DPO) appointed by the group to which the data controller belongs is:
41-43 avenue Ledru Rollin, 75012 PARIS
Dedicated phone line: +33 (0)298687172
- PERSONAL DATA
- Data Collected
The personal data collected or likely to be collected, by the data controller during the events mentioned in the introduction to this text are as follows:
- Customers’ surnames and first names
- Email address(es)
- Telephone numbers
- Postal addresses
- Dates of stay in the hotel
- Vehicle registration plate number
- Images collected by the hotel’s CCTV system
- Similar information about persons accompanying customers during their stay, including in a family or business setting
- Bank details
- Customer preferences and/or requirements, as communicated by customers (e.g. dietary requirements or allergies)
- Any data that the customer may spontaneously decide to bring to the attention of the data controller in the context of their reservation or stay at the hotel
- Purpose of the collection
The personal data collected from customers are primarily used to allow the appropriate functioning of the hotel services offered by the data controller as well as to manage the customer relationship.
The purpose of video surveillance of the hotel is to ensure the safety of the property and of individuals during their stay.
The purpose may also be to meet applicable regulatory obligations, for example to complete a hotel registration form.
The data can be used to subscribe customers to newsletters and promotional campaigns, if the customer has agreed to receive such information.
Any transmission of data to partners of the data controller will be approved in advance by the customer, via the specific form concerned.
- Legal basis for data processing
The data processing enacted by the data controller takes place on the following legal bases:
- The execution of a contract relating to the hotel services ordered by the customer;
- Consent, for example if the customer ticks a box indicating that they wish to receive newsletters and promotional campaigns;
- The data controller’s compliance with its legal obligations;
- The legitimate interests of the data controller, for example to ensure the safety of persons and property, to combat fraud, to enable internal administrative management, to establish financial statistics and turnover related to its business activity.
- Data Retention
Personal data are retained for the period necessary for the performance of hotel services and other services requested by the client.
Beyond that, the data are retained or archived for the legal or recommended period specific to the data in question, for example:
- Specific provisions relating to accounting or tax documents (invoices, etc.)
- Storage of images for a maximum of 1 month as part of the CCTV surveillance system;
- Retention of data 3 years from the last solicitation concerning the contact details of a prospect;
- Storage of hotel registration forms for 6 months.
Cookies may be placed and read when consulting the website.
The customer’s consent may be sought when browsing the website, for example regarding cookies linked to operations involving targeted advertising, certain site-usage assessment cookies or those related to social media. The customer can read the relevant information on the website.
- DATA SHARING AND TRANSFER
Personal data may be shared with third parties in the following cases:
- When the customer uses the payment services, as required by the third-party banking and financial companies that are partners of the controller;
- If required by law, the data controller may transmit data to respond to complaints submitted and to comply with administrative and judicial procedures, for example, the hotel registration forms being sent to the police at their request;
- Data may be shared with companies within the group of companies of which the data controller is a part, specifically SAS COFIGAD and its subsidiaries, if the customer has consented to receive marketing communications;
- If the controller is involved in a merger, acquisition or disposal of assets, it may be required to transfer or share all or part of its assets, including personal data.
The data may be transmitted to the following technical service providers, acting as subcontractors:
- The website hosting company, whose contact details are stated in the legal notices;
- The booking service integrated into the site, published by AVAILPRO SAS, with share capital of €126,729, Paris Trade and Companies Register no. 435318985, registered office: 14-16 Bd Poissonnière 75009 Paris, telephone: +33 (0)1 58 62 58 31
- The hotel property management system (PMS) published by Oracle, registered office (France): 15, boulevard Charles de Gaulle 92715 Colombes cedex, telephone: +33 (0)1 57 60 20 20
- THE DATA CONTROLLER’S COMMITMENTS
The data controller commits to:
- a) process customers’ personal data in the context of hotel services, to the extent necessary for the provision of these services and not to use them for other purposes;
- b) put in place appropriate technical and organisational measures to ensure the security of personal data, which may include:
- The implementation of a policy limiting access to premises to persons needing such access as part of their position and within the context of their responsibilities,
- Physical security measures to prevent unauthorized persons from accessing the computers and servers on which customer data is stored.
- c) ensure that its employees authorised to process personal data in the context of hotel services are subject to a confidentiality agreement and receive appropriate training concerning the protection of personal data;
- d) ensure that its technical service providers provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures ensuring that their services meet the necessary requirements and guaranteeing the protection of data.
- EXERCISING YOUR RIGHTS
You have the right to access, review, modify, rectify and delete your personal data. You also have a right to object to the processing of your personal data for legitimate reasons, as well as a right to object to these data being used for commercial prospecting purposes.
These rights may be exercised by sending an email to [email protected] or by sending a letter to the DPO address indicated above.
All data subjects also have the right to lodge a complaint with the CNIL, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, T: +33 (0)1 53 73 22 22