Personal Data Policy
Last updated on: 29/08/2022
PREAMBLE
To make our Personal Data Policy easier to read, terms beginning with capital letters, such as “Personal Data” “Guest”, “Users” or “Network”, are explained in the definitions section of Article 17 of this Personal Data Policy.
This Personal Data Policy is binding for LOUVRE HOTELS GROUP (hereinafter referred to as “LOUVRE HOTELS GROUP”, “we”, “us”, “our”). It applies to all processing of Personal Data that we implement via the following websites: Louvrehotels.com ; Campanile.com; Premiereclasse.com ; Kyriad.com ; Goldentulip.com; Pro.louvrehotels.com; Hotelforyou.com; Passforyou.com; Passforyouentreprise.com; Wbe.goldentulip.com; webbooking.louvre-hotels.fr ; http://webbooking.louvre-hotels.fr/ca/; http://webbooking.louvre-hotels.fr/ky/; http://webbooking.louvre-hotels.fr/pc/ and their associated sub-domains.
These Sites allow bookings to be made in the Campanile, Première Classe, Kyriad, Kyriad Direct, Golden Tulip, Royal Tulip & Tulip Inn hotels (hereinafter our "Hotels") and in partner establishments as defined in the general conditions of sale of LOUVRE HOTELS GROUP.
Please note that a large majority of the hotels you will be staying at are not owned by LOUVRE HOTELS GROUP: they are operated, as a franchised/managed hotel of one of our brands, by a fully autonomous and independent entity. The hotel is therefore responsible for the data processing it carries out on its own behalf: tracking your booking, payment, billing ,etc.
We offer Users and Guests (hereinafter: “you”) via our online site accessible at: https://www.louvrehotels.com/fr/do-dare-dream and via the websites and mobile applications dedicated to our various brands and those of the Hotels in our Network, an online hotel room booking service and associated services (such as our loyalty programs, events or contests) (hereinafter the “Site(s)"). These Services may also be offered to you, in whole or in part, when you make a booking using an online comparison site or search engine.
As part of these Services, we may collect and process certain Personal Data about you. Because respecting your privacy is important to us and warrants the trust you place in us, we have implemented this Policy (hereinafter “Personal Data Policy”) to demonstrate our transparency and to inform you about:
Your privacy is important and for this reason we have implemented the necessary measures for protecting and minimizing the Personal Data that we collect about you and process, for compliance with the new General Data Protection Regulation[1] (hereinafter, “GDPR”) and the French Data Protection Act[2].
With this in mind, our policy is designed by default to implement the principles for protecting your privacy by respecting the principles of the GDPR and the French Data Protection Act, with particular regard to:
1. NAME AND CONTACT INFORMATION FOR THE DATA CONTROLLER
We, LOUVRE HOTELS GROUP, a simplified joint-stock company with a registered capital of €117,624,016, Nanterre Companies and Trade Register number 309 071 942, with its main office located at Tour Voltaire, 1 place des degrés - 92700 PUTEAUX, process your Personal Data as a data controller in connection with the Services offered on our websites.
This means that we control the way in which this Personal Data is processed and that we decide on the purposes (i.e. the objectives of the data processing: booking, registration to the loyalty program, complaint etc.).
It also means that we give precise instructions to our subcontractors, who may process your Personal Data on our behalf and to operate part of the Services you enjoy.
Please contact us with any questions, information requests or complaints as described in Article 7 herein.
As explained in the introduction, most of our hotels are franchised and their hotel activities are “managed” independently. They therefore assume responsibility for the processing the Personal Data necessary for your booking and stay, as soon as we send those data to them. Our network of franchised/managed hotels must comply with the principles of the applicable legislation designed to protect your Personal Data, including the proper management of your rights when you exercise them.
2. WHAT TYPE OF PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES?
2.1. Data that we collect directly from you
We mostly collect identification and contact data (first name, last name, email address, etc.), which allows us to identify you, in order to, among other things, better manage your bookings and the commercial relationship that we maintain with you, or more simply to be able to manage our Sites and your Guest Account. To provide you with customized offers, we also process data related to your interests based on your consumption data during your stay with us.
We therefore also collect data resulting from interactions with you on our Websites, by telephone, via hotel comparison sites and search engines or directly during your stay.
Please note: we collect certain data automatically through the use of the Services:
- Technical data: IP address, internet connection, browser type, information about the Terminal used.
- Data collected using cookies: for more information, see the COOKIES Policy.
Note: we also collect data indirectly.
2.2. The primary uses for your Personal Data are:
Why do we process your Personal Data? | What data do we collect? |
For hotel room bookings or creating a Guest Account or following up on your booking via our guest service
| Your identification data such as: title, first name, last name, email address, postal address, date of birth, your cell phone and/or landline telephone number and possibly the recording of your telephone conversations when you make a booking by telephone. Your stay data: dates, number of nights, destination, presence of an adult/child. |
As a guarantee when you book a room online | Data relating to your bank card: card number, card validity date, card security code (only at the time of transaction), if applicable, cardholder name (for anti-fraud purposes). |
For the use of our mobile applications | Technical data about your device and its operating system. |
For the optimized use of some of our websites | Solely with your consent, your geolocation data for the “destination around me” feature. |
For the administration of our Websites | Data related to your device and connection, including: IP address, internet connection, type of browser, information about the device used. |
For registration to our emailing list via the registration form on our websites | Your email address, title, last name, first name, zip code, country, language for communication purposes |
When contacting us by filling out a form, by telephone or giving us a rating | Your identification data: name, first name, email address, subject of your message. |
In order to send you our promotional offers | Your contact information |
2.3 The purposes for which we process your Personal Data
2.3.1. Operations necessary for the deployment of our Services:
The management and administration of our various Sites and social media pages:
Managing your stay at the hotel:
Enabling you to benefit from the Services we offer:
2.3.2. Operations necessary for marketing and sales prospecting:
Important: with respect to these operations, you have the option of exercising your right to object, particularly your specific right to object to commercial prospecting (by not ticking the opt-in box and/or by following the procedure described in Article 4), which, once taken into account, ensures that your Personal Data will no longer be processed for that purpose.
2.3.3. Managing your requests
3. ONLINE BOOKING SITE OTHER THAN OUR WEBSITES
3.1. Partners
We may collect your Personal Data from some of our partners who record your booking on their own websites and may or may not collect the booking fee.
These partners are online hotel comparison sites or search engines such as Booking.com, Expedia, Kayak, Google Hotels Ads, TripAdvisor, Skyscanner or Trivago.
They may collect and send us the data necessary for your booking.
These partners collect certain information on their own behalf and within their own databases, to which we do not have access. For this processing, our partners process the Personal Data that you provide to them as data controller. Consequently, we recommend that you consult their privacy policies in order to understand how and why they process the Data you provide to them and in particular to be able to exercise your rights with them.
3.2. Social media: social connect
When you create a Guest Account or book a room, you have the option of providing us with the necessary Personal Data via your Facebook account or Google account.
In this case, we become a recipient and data controller of this Personal Data in respect of your booking or creation of a Guest Account. We will be able to carry out any request to exercise your rights.
However, Facebook and Google remain responsible for the processing of your Personal Data for the purposes they determine on their own behalf (e.g. managing your e-mail, managing your personal page, etc). To obtain effective exercise of your rights regarding this part of the processing of your Personal Data, please refer to their privacy policy and contact them directly.
4. ON WHAT BASIS DO WE COLLECT/USE YOUR PERSONAL DATA?
We may process your Personal Data on several bases:
Legal Basis | Examples of processing |
Fulfillment of a contract or of pre-contractual measures taken at your request | For example, registering and managing your bookings, tracking your billing or your membership of a loyalty program. |
Your consent | For example, when we send you emails or SMS containing news, special/commercial offers or satisfaction surveys or when we offer to geolocate you via our Mobile Applications so that you can find a hotel near you. |
The legitimate interests of LOUVRE HOTELS GROUP |
|
A legal obligation | For example, when we collect your information in order to respond to your requests to exercise your rights (see Article 4). |
If the processing of your Personal Data is ever necessary to safeguard your vital interests or those of any other natural person |
|
Right of access, rectification, erasure, limitation, objection and right of data portability (in accordance with the provisions of Articles 15 to 21 of the GDPR.
You also have the right to submit a complaint to the competent authority, for example in France, the CNIL (Commission Nationale de l’Informatique et des Libertés [French Data Protection Authority]).
If the processing of Personal Data that we carry out requires your consent, you may withdraw this consent at any time by contacting us.
You may exercise these rights at any time free of charge, except in the case of manifestly unfounded or excessive requests (in particular due to their repetitive nature). If this occurs, we reserve the right, in accordance with the GDPR, to demand reasonable payment of fees (based on the administrative costs of your request) or to refuse your request.
LOUVRE HOTELS GROUP hereby informs you that it has a Personal Data Protection Officer who can be contacted, either by email: dpo@groupedulouvre.com, or at the following address:
DPO
LOUVRE HOTELS GROUP
Tour Voltaire- 1 place des degrés
92800 PUTEAUX
You have an absolute right to object to commercial prospecting: so you can request, free of charge, at any time, to no longer receive marketing communications from us and our network.
You may also exercise your rights with respect to your personal data stored and processed by a hotel in its capacity as data controller. We encourage you to exercise your rights directly with this or these hotel(s) and to consult their privacy policy if necessary.
Your rights | Use |
Rights to access | The right to know if we hold Personal Data about you and to obtain a copy, in addition to the following information: the purpose for which it is being processed, the type of Personal Data processed, the types of recipients of the data, the retention period where possible (or other criteria for determining the duration), and your rights. |
Right to erasure (right to be forgotten) | The right to have your Personal Data deleted according to the terms of the GDPR (Article 17), primarily: once the data processed is no longer necessary; if you object to sales prospecting and request that your information is deleted in addition to the cessation of the processing; if the processing is unlawful. |
Right to objection
Right to refuse sales prospecting |
For example, you may object at any time from the moment your Data is collected up to the transfer of your Data to our partners. |
Withdrawal of consent | When processing your Personal Data requires your consent, we cannot continue to process said data once you withdraw your consent. |
Right to rectification and right to limitation | You may request the update or correction of any Personal Data that you deem inaccurate or out of date. You may request that we suspend processing the data, but not suspend retention of your Personal Data if:
When a processing has been limited, your Data may only be processed with your consent or for the exercise, establishment and defense of rights in Court. |
Right to portability |
This right applies only to processing based the person’s consent or upon execution of a contract, which is done with the aid of an automated process. |
6. WHAT HAPPENS TO THE DATA IN THE EVENT OF DEATH?
In accordance with the provisions of Article 85 of the French Data Protection Act, we hereby inform you that as a natural person:
You are also hereby informed that if you do not send LOUVRE HOTELS GROUP specific instructions regarding your Personal Data, your heirs, upon your death, may exercise the right regarding the retention, erasure and communication of your Personal Data as required by the administration and regulation of your estate, as well as notify LOUVRE HOTELS GROUP of your death.
7. HOW TO CONTACT US? HOW TO FILE A COMPLAINT?
You can make a request to exercise one of the rights described in Article 4 in the following manner:
For security reasons, and because our Services involve sensitive issues in terms of confidentiality, any request for the right to access the Data must be signed and accompanied by a photocopy of an identity document, which must specify the address to which the response should be sent. In the light of the risk assessment for data subjects conducted by LOUVRE HOTELS GROUP, these security measures may also apply to other requests to exercise rights. Once the identity is proven, a response will then be sent to you within one (1) month following receipt of the request, which may be extended to two (2) months depending on the complexity of the request or number of requests.
For all requests for information regarding the processing of your Personal Data, you may contact us at dpo@groupedulouvre.com.
For all information regarding the protection of Personal Data, you may also visit the CNIL (Commission nationale de l'informatique et des libertés [French Data Protection Authority]) website.
8. HOW LONG DO WE KEEP YOUR DATA?
The Personal Data collected is kept for the time necessary to achieve the purposes as described in Article “3. WHY DO WE COLLECT/USE YOUR PERSONAL DATA?”, and extended by the duration of legal requirements.
The primary retention periods are:
Purposes | Conservation periods |
Internet traffic data | One (1) year from the connection date observed |
Data concerning Guests for the purposes of sales prospecting | Three years for facilitation and prospecting purposes from the end of your stay or your last contact with us |
Data concerning prospective guests for the purposes of sales prospecting | Three years from the last contact with LOUVRE HOTELS GROUP |
Documents and accounting documents (e.g. an invoice) | 10 years, as accounting evidence |
Data regarding transactions and methods of payment | Duration of the transaction (up to the point where the LOUVRE HOTELS GROUP account is credited). If you have consented to us retaining this Personal Data to facilitate your future bookings as part of a Guest account: until the expiration date of the credit card or withdrawal of your consent. In intermediate archiving, to meet administrative requirements such as the establishment, exercise and defense of our rights in court: up to 13 months from the date of the debit or 15 months for deferred debit cards. |
Data relating to your identity documents | In the case of exercising the right of access, erasure, portability, limitation or rectification: one (1) year In the case of exercising the right of opposition: six (6) years |
Possible recording of your phone conversations when making a booking by phone | Two months |
Personal Data retrieved via trackers (Cookies, SDKs) | 13 months |
Unless you give us a special instruction (provided that such special instruction is reasonable and practicable for us), we will delete all your Personal Data, in the event of your death, at the end of the applicable retention period and the applicable requirements, or upon request of a legal successor and upon proof of his or her legal capacity and of your death and in accordance with Article 6.
9. TO WHOM ARE WE LIKELY TO SEND YOUR DATA (THE RECIPIENTS)?
The Personal Data we collect may be sent on to achieve the purposes listed in Article 3:
If you do not want your Personal Data to be sent to our hotels or partners for commercial purposes, or to social media platforms for targeted advertising purposes, you may object to it at the time of collection or exercise your right of objection discussed in Article “5. WHAT ARE YOUR RIGHTS?”.
You agree that we may also be obligated to disclose all of your information in order to comply with the Applicable Regulation or to respond to a legal or administrative proceeding.
10. HOW DO I COMPLETE THE OPEN TEXT FIELDS AND HOW TO MANAGE YOUR SENSITIVE DATA?
In general, failure to complete the fields labeled with an asterisk (*) on the Sites does not allow us to provide you with all or part of the Services that we offer and the functionalities of the Site, and your requests may not be taken into account in an optimal manner.
The other fields are optional and serve to improve the quality of the Services offered.
If the form (rating, contact, etc.) has an open field, we ask that you not provide any personal information and that you limit yourself to information strictly necessary for processing your request. We reserve the right to delete all unnecessary information regarding your original request.
We do not collect Sensitive Data about you.
We remind you that Sensitive Data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data and biometric data processed solely to identify a natural person, health-related data, and data concerning a person’s sex life or sexual orientation.
When you voluntarily communicate these Sensitive Data to us, particularly in the course of making special requests for your booking, you explicitly consent to us processing these particular categories of Personal Data.
11. WHAT SECURITY MEASURES DO WE APPLY TO YOUR PERSONAL DATA?
We implement the appropriate technical and organizational techniques to protect your Personal Data from accidental or unlawful destruction, accidental loss, alteration and unauthorized disclosure or access.
However, we cannot foresee all of the risks associated with the function of the internet and we must underscore the potential for risks inherent to its function.
We also monitor the manner in which our service providers process your Personal Data so that they provide sufficient warranties regarding the implementation of appropriate data security measures.
In the event that you identify a security breach affecting the Site, you are required to notify us with the relevant information regarding this breach in a confidential manner.
12. HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU?
In order to perform our Services, we are required to transmit your Personal Data to recipients, particularly hotels in our network, who may be located outside of the European Union.
In the event that Personal Data is transferred outside the European Union, we are committed to complying with the requirements of the Applicable Regulations and will implement the appropriate safeguards necessary for such a transfer.
13. ACCURACY OF DATA
As a User of the Site or Guest of LOUVRE HOTELS GROUP, you hereby declare that you have been informed of the importance of the accuracy of your Personal Data and that you have verified such on the Site or when communicating with us.
You are also required to provide only accurate Personal Data when communicating with us, entering into an agreement with us, requesting Services and for the period the Site is used, as well as to update the Data immediately if one or more elements of such changes during the duration of the use of the Site or Agreement between us.
You may also request access and correction, as well as oppose or delete said Data as provided for (among others) in Article 5 herein, “WHAT ARE YOUR RIGHTS? “under this Personal Data Policy.
14. MODIFICATIONS
This Personal Data Policy may be subject to updates which will be published online. The previous Personal Data Policy will then be automatically replaced by the new version which will be immediately enforceable against you. Use of the Site is subject to the Personal Data Policy in effect at the time of use.
In order to remain informed about these possible future modifications and updates, we recommend that you review the Personal Data Policy regularly. Notification regarding the updates may be provided by LOUVRE HOTELS GROUP by posting a notice on the Site, but is not required.
15. LIABILITY
You are obligated to take note of General Terms and Conditions of Sale of the Site (hereinafter, the “GTC”) and other contractual documents signed with LOUVRE HOTELS GROUP for use of the Site and Services, which together with this Personal Data Policy constitute the enforceable contractual documents.
You are required to strictly comply with the terms of this Personal Data Policy and the GTC of the Site when using the latter.
LOUVRE HOTELS GROUP may not be held responsible in the event that: (i) use of your data, such as identification by a third party due to negligence or fault attributed to you; (ii) the Personal Data is incorrect or have not been updated by you; (iii) non-compliance with your obligations under the Applicable Regulation, this Personal Data Policy or the GTC and/or other contractual documents applicable to you.
You will be liable for all pecuniary sanctions that may be ordered against LOUVRE HOTELS GROUP for all rulings issued by a French jurisdiction, administrative or judiciary, or issued by an independent administrative authority, such as the CNIL (French Data Protection Authority), following non-compliance with your obligations pertaining to this Personal Data Policy.
16. GENERAL
In the event that one of the clauses in this Personal Data Policy is declared null and void due to a change in legislation, Applicable Regulation or by a court decision, the validity and obligation to comply with the other clauses of the Personal Data Policy shall not be affected.
This Personal Data Policy and documents referenced herein are governed by French law.
17. DEFINITIONS
To ensure that this document is properly understood, the terms defined below beginning with capital letters and used in the singular or plural shall have the following meanings:
“Guest”:
This means a natural person, Account holder, residing in France and/or overseas who uses the Site.
“Guest Account”:
This means the space provided for a Guest on the Site following registration, according to the terms established by the GTC and GTU. This Account is strictly personal, individual and non-transferable to a third party. The Account is accessible using the Guest’s username and password.
"Sensitive Data”: This means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data and biometric data processed solely to identify a natural person, health-related data, and data concerning a person’s sex life or sexual orientation.
"Personal Data” or “Data":
This means “any information relating to an identified or identifiable natural person (hereinafter, ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.” according to Article 4 of the EU GDPR.
For example, data that identify you such as your title, first name, last name and email address are Personal Data.
“Applicable Regulation”: This refers to all existing or future regulations and standards applicable to Users and the Site, including: the legislation and regulations applicable to Internet platforms such as the Site and concerning the protection of Personal Data, including the French Data Protection Act and the European Regulation on the Protection of Personal Data.
"Our Hotels" or our " Network": These refer to any franchised entity of LOUVRE HOTELS GROUP or any entity managed by LOUVRE HOTELS GROUP, or any subsidiary of LOUVRE HOTELS GROUP that operates a business under a brand of LOUVRE HOTELS GROUP.
“Service”: These are the hotel and related services offered to Guests by LOUVRE HOTELS GROUP via the Site defined in the General Terms and Conditions of Sale and face to face in our hotels.
“Site”: all websites published by LOUVRE HOTELS GROUP presented under the domain name of LOUVRE HOTELS GROUP or presented under the domain name of one of its brands.
“Device”: This refers tothe various technical means allowing the User to access the Site. The Devices may be smartphones, tablets (Apple or Android), microcomputers via the internet and all objects connected or able to connect to another object, in addition to the internet.
“User”: This refers to all natural persons accessing the Site personally or on behalf of a legal entity and, as such having the capacity and/or authority to enter into agreements on the Site, as a visitor or Guest.
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
[2] French Law no. 78-17 of January 6, 1978 regarding data processing, files and individual freedoms