Personal data processing policy
1.GENERAL DECLARATIONS
The protection of your privacy and your personal data is of the utmost importance to us.
We particularly care about the protection and confidentiality of the personal data that we process and collect.
We are committed to ensuring the best level of protection for your personal data in accordance with the personal data protection regulations in force, applicable in Europe (Regulation (EU) 2016/679 of the EU Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereinafter the GDPR) and in France.
The purpose of this policy is to provide you with an explanation about:
–the personal data that we collect,
–why we collect it,
–the way we use it,
–as well as your rights in this regard.
This privacy policy is designed to apply to all Users, Customers or Prospects visiting our Site http://www.purethermalresort.fr, and/or using our services or who have sent their contact details to us as part of events, business card exchanges, etc.
Our privacy policy should therefore be read carefully because it contains important information about your personal data.
2.WHO ARE WE?
The terms “we”, “our” and “our” designate the Pure Thermal Residence operating the Pure Thermal Residence tourist residence.
Site Owner and Publisher
HABITAT 06
Société Economie Mixte
With a capital of 4 785 760 €
Head office : Immeuble « Le Centaure »
64-66 avenue Valéry Giscard d’Estaing, 06200 NICE
NICE TRADE AND COMPANIES REGISTER NO 303 469 159
VAT NO : FR00 852 276 625
Email : contact@purethermal.fr
Host
WPEngine, Inc. Irongate House,
22-30 Duke’s Place Londres, EC3A 7LP,
UK
Phone : 08 00 50 53 049
Data Controller
Laurent CHADAJ
Email : lchadaj@habitat06.fr
3.WHAT DATA IS COLLECTED AND HOW?
First of all, we would like to inform you that we undertake to collect only the data we need to perform the services we offer you on the Site.
You will be informed if the requested personal data is mandatory (identified by asterisks) or if it is optional.
The consequences of the failure to send data considered mandatory will be specified at the time of collection.
Certain data collected on the Site is strictly necessary to establish and monitor your contract (e.g.: reservation of a stay).
Failure to provide it will make it impossible for the person concerned to access the Services and use them.
We may collect personal data directly from you (for example when you make an online reservation, when you contact us, when you sign up for the Newsletter) or indirectly (for example from your electronic devices interacting with our Site).
3.1 Personal data that you send us directly
You may need to provide us with your personal data when:
–you create an online account on our Site,
–you book one of the services we offer on our Site,
–you wish to contact us via our Site,
–you respond to our customer satisfaction surveys,
–you subscribe to our Newsletter;
–you are attending one of our events.
The information collected by us may be the following:
–your identity (including your title, first name, last name, date of birth)
–the identity of your spouse, partner (including title, first name, last name, date of birth) as well as the number of children, their first names and their date of birth,
–your contact details (including your postal address, email address, telephone numbers);
–your username and the encrypted password used for logging onto our Site,
–data about our commercial relationship (customer number, reservations, etc.)
–payment data, invoicing, payment receipt.
3.2 The data we collect during our commercial relationship
In the course of our business relationship, we also collect the following information:
–the history of our commercial relationship, (customer number, reservation number, requests for documentation, services reserved and purchased, quantity, amount, frequency, number of children, children’s date of birth, children’s first names, correspondence with the customer and after-sales service;
–your participation in events that we may run,
–any requests you have sent to our customer service or any incidents that you may have reported to them,
–information about services you have purchased,
–any other information that you wish to bring to our attention.
As such, we recommend that you provide only the data requested or necessary for your request, excluding any sensitive data relating to race, ethnic origin, political opinions, religious or philosophical beliefs, and data about your health, sex life or sexual orientation.
3.3. The data we collect automatically
We may collect data when you use our Site, with the web server automatically recording data and information about your device and the browser it uses. (Information about the type of browser and the version used, the operating system, the internet service provider, the IP address, the date and time of access to the Site, the pages visited, etc.).
Some cookies and other trackers are necessary for our Site to function properly and others are used for analytical purposes that help us provide you with more personalised services and a better digital experience.
For more information about cookies and how to change your preferences, please read our Cookie Policy below.
Geolocation may also be set up on Mobile Apps with your consent. The personal data concerned will not be kept when you leave the Site. You can turn off geolocation at any time.
3.4. Social networks
When you use a Service via a social network, you are permitting us to access certain information that you have given the social network, especially your username, your first and last name, your profile picture, and any of your data relating to the use of this Service.
By accessing a Service through a social network, you authorise us to collect, store and use any information that you have authorised the social network to provide us with.
3.5 Data relating to minors
Please remember that we do not enter into commercial relations with persons under the age of 18.
We do not collect or store personal data about minors under the age of 18 without obtaining verifiable parental consent, in the full knowledge that those with parental authority may request to know what information we hold about their child and that they may request its deletion.
3.6. Data relating to a third party
We may need to collect data about you from third parties, including a spouse who contacts us on your behalf or if your friends provide us with your contact details.
If you provide us with personal data about a third party, you must first ensure that you have the right to disclose that data to us and that, without us taking other measures required by data protection law, we may collect, use and disclose such data for the purposes described in this policy.
For example, you must ensure that the person in question is aware of the various details set out in this Policy.
4.WHAT IS THE PURPOSE OF DATA COLLECTION?
4.1. We collect and process your personal data so that we can perform our pre-contractual and contractual relations, for legitimate purposes and in accordance with the provisions of Article 6 (1) b) of the GDPR, for the purposes of:
–providing you with the products or services that you have reserved;
–managing your stay and your visit to our establishment (such as monitoring your use of services (telephone, bar, etc.), managing room access, etc.)
–running checks to identify you and verify your identity;
–carrying out customer satisfaction surveys,
–responding to your questions, requests and suggestions,
–managing the events you have registered for and/or attended;
–building a customer database.
4.2. We may also process your personal data based on our legitimate interests in accordance with the provisions of Article 6 (1) f) of the GDPR so that we can ensure the continuity of our services and especially so we can respond to requests, promote services similar to those already provided in the past, analyse Site navigation so we can improve its ergonomics, manage and develop our activities, including risk management or for any other purposes, which, while respecting the interests, fundamental rights and freedoms of the persons concerned, are lawful and are presented in the special context of their processing.
4.3. Your Data is also processed so we can comply with our legal obligations, namely and particularly for accounting reasons and when we need to send it to authorities or public bodies in accordance with the legislations in force based on the provisions of Article 6 (1) c).
4.4. With your consent and in accordance with the provisions of Article 6 (1) a) of the GDPR, we may lastly process and collect your personal data to send you promotional, loyalty, satisfaction, and prospecting communications and newsletters, and so on via email, texts, phone calls etc.
Generally speaking, your consent is given when ticking the boxes or by activating the options designed for this purpose when you register for the Services, or even subsequently. You may withdraw your consent at any time but this has no retroactive effect on the lawfulness of the Processing conducted on this basis, prior to said withdrawal.
5.HOW LONG DO WE KEEP YOUR DATA FOR?
Your personal data is kept no longer than the period necessary to complete the purposes for which it was collected, to comply with legal and regulatory obligations or to establish, exercise or defend legal rights if required.
So:
–With regard to our prospects (potential customers): your data is kept for three years from your last action, then deleted or archived so we can comply with legal retention obligations;
–With regard to our customers: your data is kept for the duration of our business relationship and for up to 6 years, then in principle is deleted or archived so we can comply with legal retention obligations (with some exceptions: ongoing litigation, to meet specific requirements);
–With regard to the cookies used on the site: they are stored for up to 13 months from the time they were installed on your device.
–Your credit card information is kept for 10 days after your stay or cancellation.
6.WHO CAN GET ACCESS TO YOUR DATA?
6.1. Access to personal data
Our employees and staff may have access to some of your personal data for the purposes of carrying out their job responsibilities.
Access to your data is based on individual and limited access permissions.
Staff who can access personal data are subject to strict NDAs (through a name-based, personal non-disclosure agreement).
6.2. Data transfer
The following may have access to some of your data:
Subcontractors
These provide services on our behalf and according to our instructions, mainly including:
–Online payment services, security and fraud prevention
–Developers and IT support,
–Site host,
-D-Edge,
–Chartered accountant etc.
Our subcontractors access your data subject to signed contracts that specify their data security and privacy protection obligations.
These service providers undertake to respect confidentiality and are not authorised to use your personal data for any other purpose.
We also require them to apply the appropriate security measures to protect your personal data.
Police, judicial or administrative authorities
When we have a legal obligation to do so or in order to uphold our rights, property and safety.
Social media platforms
Using social networks to interact with our Site is likely to result in data being exchanged between our Site and the social networks indicated above.
Please be vigilant and check the personal data protection policies of these social networks so you have precise knowledge of what data is collected by these sites and apps as well as what your data is being used for.
Using these “social network” buttons is entirely up to you and you hold full responsibility for that.
7.IS YOUR DATA TRANSFERRED?
The data we collect, particularly when it comes to reservations, is, in principle, not processed outside the European Union (EU), or the European Economic Area (EEA).
However, it is possible for the data we collect to be transferred to subcontractors or partners located in other countries, some of which may have less effective personal data protection legislation than the legislation in force in the country where you reside.
If there is a transfer of this type, we ensure that the processing is carried out in accordance with this privacy policy and that it is subject to the European Commission’s standard contractual clauses which guarantee sufficient levels of protection individuals’ privacy and fundamental rights.
8.HOW DO WE PROTECT YOUR DATA?
As a data controller, we implement all the appropriate technical and organisational measures in accordance with applicable legal provisions, to protect your personal data against alteration, accidental or unlawful loss, use, disclosure or unauthorised access.
All your personal data is strictly confidential.
We have implemented security measures to protect your personal data against unauthorised access and use.
We follow all the appropriate security procedures as applicable to retaining and disclosing your personal data to prevent unauthorised access by third parties and to prevent accidental loss of your data.
We only allow people to access your data who genuinely need access to it for business reasons.
The people who access your data are subject to non-disclosure obligations.
We also require the persons to whom we send your personal data to comply with the above.
9.WHAT ARE YOUR RIGHTS OVER YOUR DATA?
You can at any time ask the Data Controller for access, rectification, removal, deletion and portability of your personal data, or to restrict its processing or oppose this.
Your rights are as follows:
–Your right of access: the right to receive a copy of your personal data. (Art.15 GDPR)
–Your right of rectification: the right to ask us to rectify any errors in your data or to complete it. (Art.16 GDPR)
–Your right to be forgotten: the right to ask us to delete your personal data, in certain situations. (Art 17 GDPR)
–Your right to restricted processing: the right to ask us to restrict the processing of your personal data, in certain circumstances, (Art 18 GDPR)
–Your right to data portability: the right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format and/or to send this data to a third party, in certain situations. (Art 20 GDPR)
–Your right to oppose the processing of your personal data when the processing is based on legitimate interests for reasons arising from your particular situation, except when subject to legal constraints to the contrary, or if it is needed for the purposes of executing a contract, or the information is needed for defending a legal right or if there are no risks to your fundamental rights and freedoms.
However, you can at any time object to the processing of your data when it is processed for prospecting purposes.
These rights are more fully explained on the French data protection authority website at : https://www.cnil.fr.
You also have the right to lodge a complaint with your local data protection authority if there’s an alleged violation of the data protection rules applicable to you.
To exercise any of these rights, please contact the Data Controller at the following address : lchadaj@habitat06.fr
Please note that if you exercise any of the rights mentioned above, you will be asked to let us know which right you wish to exercise and to provide us with certain information (copy of an identity card, passport or other document that is legally recognised) for identification purposes so we can process your request and protect you against fraudulent requests from third parties.
10.COOKIES AND OTHER TRACKERS
We use cookies and other trackers to make our Site easier to use and to better tailor the Site to your interests and needs.
A cookie is a small text file saved on your device (computer, tablet, smartphone, etc.) when visiting a site. Their main purpose is to collect information about your Site browsing, namely:
10.1Strictly necessary cookies
These cookies are necessary for Site operation and optimisation.
These mostly enable you to move around the Site, use its functionalities, and for the Site to adapt to your device’s display preferences (language used, display resolution), memorise passwords and other information from a form that you have filled in on the Site (registration or when logging into your account).
These cookies do not require you to be informed or give your prior consent before they are installed on your device given their legitimate purpose.
10.2 Audience measurement cookies
These cookies allow us to determine the number of visits and the sources of traffic, so we can measure and improve the performance of our Site. They also help us identify the most/least visited pages and assess how visitors navigate the Site. All the information collected by these cookies is aggregated and therefore anonymised. If you do not accept these cookies, we will not be notified of your visit to our site.
10.3 “Social network” cookies
These cookies enable us to promote or share our content with other people on social networks such as Facebook, Twitter, LinkedIn, Instagram etc.
Even if you have not used these sharing buttons or apps, these social networks can track your browsing habits if your account or session has been activated on your device.
If you do not want the social network to link the information collected through our Site to your user account, you must first log out of the social network.
We have no control over the process used by social networks to collect information relating to your Site browsing. We therefore encourage you to read the social network cookie management policy on the sites concerned.
10.4 Management of cookies and other trackers
Some cookies require consent. This will be requested when you log in. You will always be able to change your choices later.
This means you will see a banner as soon as you arrive on the Site indicating that “This site uses cookies.” We may use cookies to personalise website content, to provide social media functionality and to analyse website traffic. Below you will find more detailed information about the cookies we use and their purposes.” You must actively choose an option, and this is usually: – “Customise” – “Reject all” – “Allow all” –
The cookies used on the Site and their retention period are as follows: See the lists of cookies
Please remember that you can also deactivate the use of cookies and other trackers by selecting the appropriate settings on your browser as follows:
-for Internet Explorer™ : http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies;
-forSafari™ : https://support.apple.com/fr-fr/guide/safari/sfri11471/mac;
-for Chrome™ : http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647;
-for Firefox™ : https://support.mozilla.org/fr/kb/effacer-les-cookies-pour-supprimer-les-information;
-for Opera™ : https://www.opera.com/help/tutorials/security/privacy/.
Please note that you must configure each of the browsers on your various different devices (tablets, smartphones, computers, etc.).
For more information about cookies, you can log onto the CNIL website https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser
10.5 Google analytics
This Site uses Google analytics.
The information generated by the cookie about your use of this Site is sent to a Google server in the United States and stored there. Google uses this information to evaluate your use of the site, to compile reports about Site activity for Site operators and to provide other services related to Site use and internet usage.
Google may also pass this information on to third parties if required by law or if this data is processed by third parties on Google’s behalf.
However, we have configured the Site so that the minimum amount of data generated by cookies is sent to it (for example an anonymous IP address)
For more information about the purpose and scope of this data collection, as well as its further processing and use by Google, especially as pertains to your rights or your personal data protection settings options, see the following links at the address http://www.google.com/analytics/terms/fr.html,
at the address http://www.google.com/intl/fr/analytics/privacyoverview.html
at the address https://policies.google.com/privacy?hl=fr
11.CHANGES TO THIS POLICY
The Personal data processing policy may be modified or amended at any time if legal or regulatory texts so require.
We encourage you to frequently check the said Privacy Policy each time you provide us with personal data.