Personal Data Policy
PRIVACY POLICY
Last update May 10th, 2023
PREAMBLE
To facilitate the reading of our Privacy Policy (hereinafter the "Policy"), terms using capital letters, such as "Personal Data", "Client", "Users" or "Network" refer to the definitions in article 16 of this Policy.
The Policy is binding on LOUVRE HOTELS GROUP (hereafter "LOUVRE HOTELS GROUP", "we", "us", "our").
It applies to all the processing of Personal Data that we implement via the following websites (hereafter the "Site(s)"): louvrehotels.com ; campanile.com ; premiereclasse.com ; kyriad.com ; goldentulip.com; pro.louvrehotels.com; https://www.flavoursbenefit.com/fr-fr/; Passforyouentreprise.com; webbooking.louvre-hotels.fr; http://webbooking.louvre-hotels.fr/ca/; http://webbooking.louvre-hotels.fr/ky/; http://webbooking.louvre-hotels.fr/pc/ and their associated subdomains.
These Sites allow you to make reservations in hotels of the Campanile, Première Classe, Kyriad, Kyriad Direct, Golden Tulip, Royal Tulip and Tulip Inn brands (hereafter referred to as our "Hotels") and in partner establishments as defined in the general terms and conditions of sale of LOUVRE HOTELS GROUP.
Please note that the vast majority of the hotels in which you will be staying do not belong to LOUVRE HOTELS GROUP: they are operated, as a franchised/managed hotel of one of our brands, by a perfectly autonomous and independent entity. The hotel is therefore responsible for the processing of Personal Data that it carries out on its own behalf: follow-up of your reservation, payment, invoicing, etc.
We offer Users and Clients (hereinafter referred to as "you") via our online website https://www.louvrehotels.com/fr/do-dare-dream and via the websites and mobile applications dedicated to our various brands and those of the Hotels in our Network, an online hotel room reservation Service and associated services (such as our loyalty programme, events or competitions). These Services may also be offered to you, in whole or in part, when you book through an online comparison/search engine.
As part of the Services, we collect and process Personal Data about you.
Because respecting your privacy is essential to us and justifies the trust you place in us, we have set up this Policy which, in a transparent approach, aims to inform you about :
- the methods of collection and processing of your Personal Data by LOUVRE HOTELS GROUP and their transmission to the Hotels in the event of a reservation;
- the commitments made by LOUVRE HOTELS GROUP to ensure the security of your Personal Data;
- the rights that you have with regard to the Personal Data processed by LOUVRE HOTELS GROUP;
- the obligations of LOUVRE HOTELS GROUP, but also yours, in order to ensure maximum protection of your data.
Your privacy is important, and that is why we have implemented the necessary measures to protect it and to minimise the Personal Data we collect and process, in compliance with the General Data Protection Regulation (hereinafter "GDPR")[1] and the French Data Protection Act[2].
As such, we implement the principles of privacy protection from the design of our projects and by default, and respect the principles of the GDPR and the French Data Protection Act, including:
- the security of your Personal Data,
- the respect of the lawfulness of the processing of your Data,
- the processing of your Data for a specific and transparent purpose,
- the respect of storage periods appropriate to these processing objectives,
- the respect of the accuracy of your Data,
- respecting your rights and fairness in the processing of your Data,
- respecting appropriate safeguards with regard to transfers of your Data outside the European Economic Area.
- IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
We, LOUVRE HOTELS GROUP, a simplified joint stock company with a capital of €117,624,016, registered with the Nanterre Trade and Companies Register under number 309 071 942, whose registered office is located at 1 Place des Degrés 92800 Puteaux - France, process your Personal Data as data controller within the framework of the Services offered on our Sites.
In other words, we control the way your Personal Data is processed and we determine the purposes, i.e. the objectives (booking, loyalty programme registration, complaints etc).
It also means that we provide specific instructions to the subcontractors processing your Personal Data on our behalf and to operate some of the Services for you.
You can send us any questions, requests for information or complaints by referring to article 7.
As explained in the preamble, most of our Hotels, as franchisees and "managed", benefit from an independence in the management of their hotel activity: they thus assume the responsibility for the processing of the Personal Data necessary for your Reservation and your stay as soon as we transmit them.
Our organisation as a franchise/managed network obliges our Hotels to respect the principles of protection of your Personal Data in accordance with the applicable legislation, in particular to ensure the management of your rights when you exercise them.
- WHAT PERSONAL DATA DO WE COLLECT, AND FOR WHAT PURPOSES?
- Data we collect directly from you
In particular, we collect identification and contact data (surname, first name, email address, etc.), which enables us to know who you are, in order, among other things, to better manage your reservations and the commercial relationship we have with you, or more simply to be able to manage our Sites and your Loyalty Programme via your Customer Account. In order to provide you with tailored offers, we also process data relating to your interests based on your consumption data during your stay with us.
We collect data resulting from your interactions with us, on the Websites, by telephone, through hotel comparisons or directly during your stay.
Note: we collect certain data automatically through the use of the Services:
- Technical data: IP address, internet connection, browser type, information about the Terminal used;
- Data collected using cookies: for more information, see the Cookie Policy.
Note: we also collect data indirectly.
- The main Personal Information we collect and its uses are set out below:
Why do we process your Personal Data? | What data do we collect? |
To book a hotel room or to create a Customer Account and manage your Loyalty Programme or to follow up your booking via our customer service
| Your identification data such as: title, surname, first name, email address, postal address, date of birth, your mobile and/or fixed telephone number and possibly the recording of your telephone conversations when you make a reservation by telephone. The details of your stay: dates, number of nights, destination, presence of an adult/child. |
As a guarantee, when you book a room online | Data relating to your bank card: bank card number, date of validity of the bank card, cryptogram (only during the transaction), if applicable, name of the bank card holder (fight against fraud). |
For the use of our mobile applications | Technical data about your device and its operating system. |
For the optimised use of some of our websites | Only with your consent, your geolocation data with the "destination around me" function. |
For the administration of our websites | Data related to your terminal and your connection, in particular: IP address, internet connection, type of browser, information concerning the terminal used |
For your subscription to our email communications via the subscription form on the websites | Your email address, title, surname, first name, email address, postcode, country, language of communication |
When you want to contact us via a form or by phone or if you want to leave a review | Your identification data: name, first name, email address, subject of your message |
To provide you with our commercial offers with your consent | Your contact details |
- The purposes for which we process your Personal Data
2.3.1 Operations required to deploy our Services :
- Management and administration of the various Sites and our pages on social networks:
- managing the registration to the Loyalty Programme via the creation of the Customer Account;
- managing access and security of your Customer Account;
- managing cookies under the conditions defined by the Cookie Policy;
- Managing your online reviews and our e-reputation.
- Managing your stay at the hotel:
- ensuring that the Hotel registers you;
- in some cases (where we operate the network), to provide you with access to the Wi-Fi network in our Hotels and restaurants;
- monitor your consumption and expectations during your stay in order to adapt our service offers;
- manage our customer lists.
- To enable you to benefit from the Services we offer:
- Booking, follow-up and history of bookings;
- Prepayment and payment by credit card: recording of credit card data to secure the reservation, fight against fraud, and to operate reservation statistics;
- Cancellation of a reservation and, if necessary, refund;
- Processing your preferences (e.g. food) and personalising our offers;
- Monitoring our commercial relationship (sending "pre-stay" and "post-stay" emails) and sending satisfaction surveys and polls by email
- Membership of loyalty programmes and management of loyalty programmes, in particular;
- Membership of our special offers (e.g. private sales).
2.3.2 Operations necessary for marketing and commercial prospection:
- To send you our commercial offers adapted to your profile and to display targeted advertising, notably on your social network pages (offers originating from LOUVRE HOTELS GROUP and concerning LOUVRE HOTELS GROUP, its subsidiary and non-subsidiary hotels (for all its Commercial Brands);
- Communicating to you coupled or personalised offers with companies with which we have commercial agreements (such as EUROPCAR, which offers car rental services likely to complement your hotel reservation) notably within the framework of our Loyalty Programs;
- The communication of your email address to our specialised subcontractors (Facebook, Amazon) in order to help us find new prospects, with a profile similar to yours, likely to be interested in our Services. These companies, to whom you have subscribed, do not provide us with any information about you, they only search for people with similar interests and profiles to you and provide tailored advertising on our behalf;
- Using your Data to create personalised audiences with our partner Facebook to provide you with targeted advertising;
- Analysing connection and navigation data (collected via tracers/cookies or via your browser) for the purpose of targeted advertising on the Sites' Services; For more information, see our Cookie Policy.
Important: with regard to these operations, you have the possibility of implementing your right of opposition and in particular your specific right of opposition to commercial prospecting (by refraining, on the one hand, from ticking the opt-in box and/or by following the procedure described in Article 5) which ensures, once taken into account, that the processing of your Personal Data for this purpose is stopped.
2.3.3 The management of your various applications
- processing your online applications;
- processing and documenting your requests to exercise your rights (access, rectification, opposition, deletion, limitation, portability, etc.);
- processing of your calls and requests by our customer service.
- ONLINE BOOKING SITES OTHER THAN OUR WEBSITES
- Partners
We may collect your Personal Data from some of our partners who register your Booking from their own websites and may or may not collect the price of the Booking.
These partners are online hotel comparison websites or search engines such as Booking.com, Expedia, Google Hotels Ads, TripAdvisor, Skyscanner or Trivago.
They collect and transmit to us the Personal Data necessary for your reservation.
These partners collect certain information on their own behalf and within their own databases, which we do not have access to. For these processing operations, our partners process the Personal Data you provide to them as a data controller. Therefore, we invite you to consult to understand how and why they process your Data and to be able to exercise your rights with them.
- Social networks: social connect
When you create a Customer Account or book a room, you have the option of providing us with the Personal Data necessary for processing via your Facebook account or your Google account.
In this case, we become the recipient of and responsible for the processing of such Personal Data in relation to your booking of a stay or creation of a Customer Account. We will be able to process any request to exercise your rights.
Nevertheless, Facebook and Google remain responsible for the processing of your Personal Data with regard to the purposes that they determine for their own account (management of your email, management of your personal page, etc.). To obtain the effective exercise of your rights regarding this part of the processing of your Personal Data, you should refer to their privacy policies and contact them directly.
- ON WHAT BASIS DO WE COLLECT AND USE YOUR PERSONAL DATA?
We may process your Personal Data on several grounds:
Legal basis | Examples of treatments |
The performance of an agreement or pre-contractual measures taken at your request | The registration and management of your reservations, the follow-up of the invoicing or your membership to a loyalty program |
Your consent | When we send you emails or SMS containing news, special/commercial offers or satisfaction surveys or when we offer to geolocate you via our Mobile Applications so that you can find a hotel near you. |
The legitimate interest of LOUVRE HOTELS GROUP |
|
A legal obligation | When we collect information about you in order to respond to your requests to exercise your rights (see section 5). |
If the processing of your Personal Data is ever necessary to safeguard your vital interests or those of another natural person |
|
- WHAT ARE YOUR RIGHTS?
You have a right of access, rectification, deletion, limitation, opposition and right to portability (in accordance with the provisions of Articles 15 to 21 of the GDPR).
You also have the right to lodge a complaint with the competent supervisory authority (in France, the Commission Nationale de l'Informatique et des Libertés, or "CNIL").
You may exercise these rights at any time and free of charge, except in the case of manifestly unfounded or excessive requests (particularly because of their repetitive nature). In this exceptional case, we reserve the right, in accordance with the GDPR, to demand payment of a reasonable fee (indexed to the administrative costs of your request) or to refuse your request.
LOUVRE HOTELS GROUP informs you that it has a Data Protection Officer (DPO) who can be contacted either by e-mail: dpo@groupedulouvre.com, or at the following address:
DPO
LOUVRE HOTELS GROUP
Tour Voltaire - 1 Place des Degrés
92800 PUTEAUX
You have an absolute right to object to commercial prospecting: you may therefore request, free of charge and at any time, that you no longer receive commercial communications from us, from our Commercial Brands and from our Hotel Network
You may also exercise your rights with respect to your Personal Data stored and processed by a Hotel in its capacity as data controller. We invite you to exercise your rights directly with that Hotel or those Hotels and to consult their privacy policy if necessary.
Summary of your rights :
Rights at your disposal | Utility |
Right of access | The right to know whether we hold Personal Data about you and to obtain a copy of it, including the following information: The purpose of the processing, the categories of Personal Data processed, the categories of recipients of the Data, the period of retention where possible (or the criteria used to determine that period), the rights you have. |
Right to erasure (right to be forgotten) | Right to obtain the deletion of your Personal Data in the cases provided for by the GDPR (Article 17), including: When the data we process is no longer necessary for us; when you object to commercial prospecting and request deletion in addition to the cessation of processing; when the processing is unlawful. |
Right to object | This right applies where we process your Data in order to pursue one of our legitimate interests, such as advertising on your social networking pages. In the event of a request from you to object, we will analyse the reasons relating to your particular circumstances and investigate whether we have a legitimate and compelling reason to continue processing your Data. If not, we will cease the processing concerned. |
Right to object to commercial prospecting | If you object to commercial canvassing, we will simply stop processing the Data concerned. |
Withdrawal of consent | Where the processing of your Personal Data is based on your consent, the withdrawal of your consent prevents us from continuing to process the Data in question. |
Right to rectification and right to limitation | You may request the update or rectification of any Personal Data that you consider to be inaccurate or out of date. You may also request that processing be suspended, with the exception of the retention of Personal Data, when:
Where processing has been restricted, your Data may only be processed with your consent or for the exercise, establishment and defence of legal claims. |
Right to portability | You have the right to receive the Personal Data you have directly provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this Data or to request that we transmit it to another controller. This right only applies to processing based on the consent of the individual, or on the performance of the agreement, and which is carried out by means of an automated process. |
- FATE OF DATA IN THE EVENT OF DEATH
In accordance with the provisions of Article 85 of the Data Protection Act, we inform you that, as an individual :
- You have the right to define with us directives relating to the conservation, deletion and communication of your Personal Data after your death;
- You may change or revoke such instructions with us at any time;
- You may at any time change or revoke such instructions from us;
- You may designate a person to be responsible for the execution of such instructions, who shall be entitled after your death to be informed of such instructions and to request their implementation from us;
- You are also informed that in the absence of transmission to LOUVRE HOTELS GROUP of specific directives on the fate of your Personal Data, your heirs may exercise, after your death, the rights relating to the conservation, deletion and communication of your Personal Data insofar as this is necessary for the organisation and settlement of your estate, as well as for LOUVRE HOTELS GROUP to take into account your death.
- HOW TO REACH US? HOW TO MAKE A CLAIM?
You can make a request to exercise one of the rights mentioned in Article 5 in the following way:
- by sending an e-mail explaining the purpose of your request to the following address: relation@louvre-hotels.com.
- by sending a letter explaining the purpose of your request to the following address: LOUVRE HOTELS GROUP - Client Services - Tour Voltaire, 1 Place des Degrés, 92800 PUTEAUX.
For security reasons, and because our Services present sensitive issues in terms of confidentiality, all requests for access to Data must be signed and specify the address to which the reply is expected. A photocopy of an identity document will be requested if LOUVRE HOTELS GROUP has reasonable doubt as to your identity. In this case, LOUVRE HOTELS GROUP will send you the procedure to follow in order to guarantee the security of this transmission. Depending on the evaluation of the risk for the persons concerned carried out by LOUVRE HOTELS GROUP, these security measures could also apply to other requests to exercise rights. A reply will then be sent to you within one (1) month following receipt of the request, which may be extended by two (2) months in view of the complexity or number of requests.
If you have any queries about the processing of your Personal Data, you can contact us at: dpo@groupedulouvre.com.
For any information relating to the protection of Personal Data, you can also consult the site of the CNIL.
- HOW LONG DO WE KEEP YOUR DATA?
The Personal Data collected is kept for the period necessary to achieve the purposes described in Article 2 "WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT REASONS", plus the duration of legal requirements.
The main retention periods are :
Purposes | Retention periods |
Traffic data (internet) | One (1) year from the date of the relevant connection |
Data relating to Clients for the purposes of promotion and commercial prospecting | Three (3) years your last interaction with us |
Data relating to prospects for the purposes of promotion and commercial prospecting | Twelve (12) months from your last interaction with us |
Data required to manage the booking | Three (3) years from the date of check-out from the Hotel Three (3) years from the date of booking (in case of no-show) Three (3) years from the date of cancellation (in case of cancellation of the reservation) |
Accounting documents and records (e.g. invoice) | 10 years, as accounting evidence |
Data on transactions and means of payment | Duration of the transaction (until the LOUVRE HOTELS GROUP account is credited); If you have agreed that we retain this Personal Data to facilitate your future bookings under a Client Account: until the expiry date of the credit card or the withdrawal of your consent. For interim storage, to meet administrative requirements such as the establishment, exercise and defence of our legal rights: up to 13 months from the date of debit or 15 months for deferred debit cards |
Data on your identity documents | Time to verify the identity of the person making a request to exercise a right. |
Data needed to process a request to exercise a right | One (1) year in case of exercise of the right of access, deletion, portability, limitation or rectification. Six (6) years in the event of exercising the right to object. |
The possible recording of your telephone conversations when you make a reservation by telephone | 2 months |
Personal Data collected via tracers (Cookies, SDK) | 13 months |
- TO WHOM WE MAY SEND YOUR DATA (THE RECIPIENTS)
The Personal Data that we collect may be transmitted, in order to ensure the purposes listed in article 2:
- to authorised personnel of LOUVRE HOTELS GROUP ;
- to authorised personnel of the subsidiaries of LOUVRE HOTELS GROUP or of any hotel in the LOUVRE HOTELS GROUP network;
- to technical suppliers providing services contributing to the realisation of the purposes described in the article "2. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT REASONS", who are our subcontractors and for whom we are legally responsible, and in particular the suppliers in charge of:
- the execution of Services, reservations and orders, their management and processing;
- after-sales service;
- the processing of payments and security measures concerning the transmission of payment data;
- sending prospecting emails, invitations to register and any other information emails to you;
- to companies with whom we have commercial agreements to enable us to provide you with combined or personalised offers or as part of a loyalty programme, unless you object;
- to social networks acting as a subcontractor: we may disclose your email address or telephone number to identify whether you are already a user of one of these social networks (such as Facebook) and to display ads tailored to you on your account page.
If you do not wish your Personal Data to be transmitted to our Hotels or partners for commercial purposes or to social networks for targeted advertising, you may object at the time of collection or exercise your right to object as described in Article 5 "WHAT ARE YOUR RIGHTS ?".
You agree that we may also be required to disclose any information about you in order to comply with Applicable Regulations, or to respond to any judicial or administrative request.
- HOW TO FILL IN THE FREE FIELDS AND HOW TO MANAGE YOUR SENSITIVE DATA?
In general, failure to fill in the fields identified on the Sites by an asterisk (*) does not allow us to provide you with all or part of the Services we offer and the features of the Site, and your requests may not be taken into account in an optimal manner.
The other fields are optional and are intended to improve the quality of the Services offered to you.
When a form (notice, contacts) offers a free field, we ask you not to indicate any personal information and to limit yourself to the information strictly necessary to process your request. We reserve the right to remove any information that is not relevant to your initial request.
We do not collect Sensitive Data about you.
We remind you that Sensitive Data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person.
If you voluntarily provide us with Sensitive Data, in particular in the context of your special requests in connection with your booking, you explicitly consent to our processing of these particular categories of Personal Data.
- WHAT SECURITY MEASURES DO WE APPLY TO YOUR PERSONAL DATA?
We implement appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, distribution or unauthorised access.
However, we do not control all the risks associated with the operation of the Internet and draw your attention to the existence of possible risks inherent to its operation.
We also monitor the way in which our suppliers process your Personal Information to ensure that they provide sufficient guarantees that appropriate data security measures are in place.
Dans le cas où vous identifieriez une faille de sécurité affectant le Site, vous vous engagez à nous communiquer les informations pertinentes sur cette faille, de manière confidentielle.
- HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU?
In the course of providing our Services, we may transfer your Personal Data to recipients, in particular the Hotels in the network, which may be located outside the European Union.
In the event of a transfer of Personal Data outside the European Union, we undertake to comply with the requirements of the Applicable Regulations and will put in place the appropriate safeguards necessary for such a transfer.
- ACCURACY OF DATA
You declare that, as a User of the Site or Client of LOUVRE HOTELS GROUP, you are aware of the importance of the accuracy of the Personal Data concerning you and that you provide through the Site or in the context of your exchanges with us.
You therefore undertake to provide only accurate Personal Data during your exchanges, contractualisation with us, requests for Service and throughout the duration of the use of the Site and to update them immediately if one or more of these Personal Data change during the said duration of use of the Site or the Agreement linking you to us.
In this respect, you may request access and rectification, as well as opposition or deletion as provided for (among others) in Article 5 "WHAT ARE YOUR RIGHTS?" of this Personal Data Policy.
- MODIFICATIONS
This Policy may be updated from time to time and will be posted online. The previous Policy will then be automatically replaced by the new version, which will be immediately enforceable against you. Use of the Site is subject to the Policy in force at the time of use.
In order to remain informed of any changes and updates, we recommend that you consult the Policy regularly. Information on updates may be provided by LOUVRE HOTELS GROUP, without this being an obligation, by posting a message on the Site.
- GENERAL
If any provision of this Policy is invalid due to a change in legislation, Applicable Regulations or a court decision, this shall not affect the validity of the remaining provisions of the Policy.
This Policy and the documents to which it refers are governed by French law.
- DEFINITIONS
For the proper understanding of this document, the terms defined below beginning with capital letters and used in the singular and plural shall have the following meaning:
"Client": a natural person, holder of an Account, residing in France and/or abroad who uses the Site.
"Customer/Client Account": space made available to a Client on the Site following registration, in accordance with the conditions set out in the GTC and the GCU. This Account is strictly personal, individual, non-assignable and non-transferable to a third party. The Account is accessible via the Customer's login and password.
"Personal Data" or "Data": This is "any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); An "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity" according to Article 4 of the European Regulation on the protection of personal data.
For example, data enabling your identification such as your title, surname, first name and email address are Personal Data.
"Loyalty Program": refers to the "Flavours Instant Benefit" loyalty program of LOUVRE HOTELS GROUP. The General Conditions of Use of the Programme are accessible via links located at the foot of the LOUVRE HOTELS GROUP Sites.
"Applicable Laws": all existing or future regulations and standards applicable to Users and the Site and in particular: the legislation and regulations applicable to Internet platforms such as the Site and concerning the protection of Personal Data, including the French Data Protection Act (Loi Informatique et Libertés) and the European Regulation on the protection of Personal Data.
"Our Hotels" or our "Network": any franchised entity of LOUVRE HOTELS GROUP or managed by LOUVRE HOTELS GROUP, or any subsidiary of LOUVRE HOTELS GROUP, which operates under one of the LOUVRE HOTELS GROUP brands.
"Service(s)": hotel and related services offered to Clients by LOUVRE HOTELS GROUP via the Site and face to face in our Hotels.
"Site": any internet site or mobile application published by LOUVRE HOTELS GROUP, presented under the domain name LOUVRE HOTELS GROUP or presented under the domain name of its brands.
"Terminal": technical means of any kind allowing Users to access the Site. The Terminals may in particular be Smartphones, Apple or Android tablets, microcomputers via the Internet and any object connected/connectable to another object as well as to the Internet.
"User": any natural person accessing the Site, on his/her own behalf or on behalf of a legal entity, and having the capacity to and/or the power to contract through the Site, whether he/she is a simple visitor or a Customer.
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
[2] Law no. 78-17 of 6 January 1978 on information technology, files and freedoms