Privacy policy
Introduction
Hotel Le Rocroy operates a Hotel which provides Clients with Accommodation(s) and related services, namely through the Website(s) www.lerocroy.com/. The ultimate objective of our teams is your satisfaction and the trust you place in us. In this spirit and in compliance with your expectations, we have adopted a rigorous personal data protection policy, aligned with the requirements of the General Data Protection Regulation (GDPR). This policy illustrates our commitment to you and is intended to provide a general overview of our privacy practices.
The processing of personal data, as detailed below, is carried out regarding Accommodation(s) booking offered via its Website(s) www.lerocroy.com/. The processing operations mentioned in this privacy policy do not systematically involve personal data in the strict sense of the legislation relating to the protection of privacy (law of January 6, 1978 or European regulation GDPR).
In order to allow the Customer to make a Reservation(s) directly with the establishment, Hotel Le Rocroy provides a Booking Engine which allows Users to check availability according to multiple criteria (dates, price , room categories, etc.) and book a stay and other optional services.
The Booking Engine is a crucial tool regarding the relationship between the Client and Hotel Le Rocroy,it is therefore important to first specify that Hotel Le Rocroy does not own the Booking Engine, it is a solution operated by an independent service provider, namely the company D-edge. By clicking on the “Book now” or “Search” button highlighted on the Website(s), the Client is redirected to a page of the Booking Engine (sometimes integrated into the Website(s) as “iframe”). When you use the Booking Engine your data is collected and used by the company D-edge, we strongly invite you to first consult their confidentiality policy available at the following link https://www.d-edge.com/fr/mentions-legales/.
Hotel Le Rocroy organizes its activity in compliance with the principle of data minimization which consists of collecting only necessary personal data (data minimization), we inform you when a collection is not strictly necessary.
Definitions
The terms defined in this Privacy Policy supplement or clarify the terms defined in the General Conditions.
Booking Engine : Software solution allowing customers to make a Reservation(s) online, directly with the establishment, based on room availability (checked in real time) and a multitude of criteria (example: price, dates, types of bedroom).
Website(s) : Websites whose domain name belongs to Hotel Le Rocroy and offering Accommodation(s) booking of the establishment.
Accommodation(s) and related services : rooms and various main and related services and products that the User(s) can order, purchase, rent, reserve or consume from Hotel Le Rocroy.
Accommodation(s) booking : Online order, purchase, payment or booking services for different products and services on the Booking Engine.
Reservation(s) : The order of a Service or Product available and completed via the Booking Engine.
User(s) : Anyone using a Website(s) or the Booking Engine.
Recipient(s) : Any natural or legal person who receives personal data from Hotel Le Rocroy, this may include Hotel Le Rocroy employees or external entities (for example: partners, banking establishments, etc.).
Personal data : Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by a reference to an identifier, such as name, identification number, location data, online identifier, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose(s) : The main objectives assigned to the processing and the substantial functions implemented.
Data subject : User(s) or Customers whose Personal Data is collected and integrated into the Processing of the Personal Data of Hotel Le Rocroy.
Controller : The company Hotel Le Rocroy is the entity responsible for processing personal data for the processing activities listed in this privacy policy and carried out as part of the Accommodation(s) booking offered via the Booking Engine and its Website(s), unless otherwise indicated or explicitly stated.
Processor : Any natural or legal person who processes Personal Data on behalf of Hotel Le Rocroy.
Personal data processing: Any operation or set of operations relating to Personal Data, regardless of the process used, such as collection, recording, organization, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, broadcast or any other form of making available, reconciliation or interconnection, as well as blocking, erasure or destruction.
Transparency and detailed information
First of all, transparency is expressed by reminding you what information you are entitled to access regarding the processing activities. Therefore, in case you consider that information is missing or is not sufficiently clear in this Privacy Policy, we invite you to contact our DPO who will endeavor to answer your questions.
The information relating to the processing activities of your personal data that we share with you:
- The identity and contact details of the data controller.
- Contact details of the data protection officer.
- Recipients or categories of recipients.
- Where applicable, the legitimate interests pursued by the data controller or by a third party.
- Where applicable, the fact that the controller intends to transfer personal data to a third country or to an international organization.
- The duration of data retention.
- The existence of the right to request from the controller access to your personal data, rectification or erasure thereof, or the restriction of processing relating to the data subject, or the right to object processing and the right to data portability.
- Where applicable, the existence of the right to withdraw consent at any time.
- The right to lodge a complaint with a supervisory authority.
- The information on whether the requirement to provide personal data is of a regulatory or contractual nature or whether it conditions the conclusion of a contract and whether the data subject is obliged to provide the personal data, as well as the possible consequences of non-provision of this data.
- The existence of automated decision-making, including profiling.
- The information about any further processing of personal data for a purpose.
- The data controller and the objectives of collecting this data (purposes).
- The legal basis for data processing.
- The mandatory or optional nature of the data collection in order to manage your request and the reminder of the categories of the processed data.
- The source of the data (when other data than those provided via the online service are used to process your request).
- The categories of data subjects.
- The recipients of the data (in principle, only our company, unless otherwise specified when transmission to a third party is necessary).
- The duration of data retention.
- Security measures (general description).
- The possible existence of data transfers outside the European Union or automated decision-making.
- Your rights and how to exercise them.
Data sources
Data subjects
The Accommodation(s) booking offered by Hotel Le Rocroy requires you to communicate certain information to enable you to make a Reservation(s). All personal data is then provided to us in general by you, the data subject concerned by the processing. You can also share certain information of your own volition in order to benefit from a better quality of service during the Accommodation(s) and related services (ex : special diet). In this case, be sure to only communicate the strictly necessary information, including in free text fields (for example the “message” field in a form). Likewise during your communication with our Customer Service, via our contact form, our messaging or any other solutions that we use, social networks or specialized service providers.
Other User(s)
In order to respect the principle of minimizing the processing of personal data, the email of the people accompanying you is not required during the Reservation(s), consequently, Hotel Le Rocroy cannot enter directly into contact with the accompanying persons. Therefore, we ask you to ensure the accuracy of the data that you may share with us concerning them, and then to share with them, as soon as possible, the link to this Privacy Policy page, in order to inform them about the processing of their data and their rights.
Automatically
When browsing our Website(s) or using the Booking Engine, certain information about you is automatically collected.
Accessible to the public
For Professional Clients or Partners, certain publicly accessible legal data, concerning the legal entity for which they act, may be provided by specialized partners.
Partners
Commercial partners.
Service Provider(s)
Accommodation(s) booking involves using external service providers such as the Booking Engine. In certain situations, these service providers may be required to send us certain information about you, mainly in order to finalize a Reservation(s).
Processing activities
The purposes of the processing activities are based on the following legal bases described in the General Data Protection Regulation (GDPR): your consent (which you can withdraw at any time), performance of a contractual or pre-contractual obligation, legal duty, legitimate interest.
Reservation(s) via the Booking Engine
Purpose
Allow the User(s) to search for and, then,complete and manage their Reservation(s) online as smoothly and comfortably as possible. To clarify, this involves any communication relating to your Reservation(s) (confirmations, reminders, invoicing, modifications).
Subsequent Purpose(s): Proposals for services closely linked to the Reservation(s) of Accommodation(s) and related services (e.g.: additional proposals, anniversary date offers).
Legal basis
6.1.b - the processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject.
Data provision requirement
The Reservation(s) cannot be finalized if the required data is not communicated by the User(s).
Categories of data likely to be processed
- Reservation - Customer information: Title, First name, Last name, Email, Nationality, Telephone number, Country of residence, Postal address (optional), Age (for children)
- Reservation - Accompanying person information (optional): Title, First name, Last name, Age (for children)
- Reservation - Contact information: Email, Telephone number
Payment is made by the User(s) directly to our Booking Engine partner offering the payment gateway D-edge, Hotel Le Rocroy does not intervene in the processing of your data related to payment (Payment - Credit Card: Name of holder, Card number, Expiry date, CVC/CVV), we invite you to consult the privacy policy on the following page (https://www.d-edge.com/fr/mentions-legales/).
Storage duration
5 years from the date of the last Reservation(s).
Customer service
Purpose
The aim of Customer Service is to assist you during your Reservation(s) and each time you contact us for any other reason relating to your Reservation(s) (modifications, complaints, special requests, etc.).
Legal basis
6.1.a - the data subject has consented to the processing of his or her personal data for one or more specific purposes.
Data provision requirement
Hotel Le Rocroy cannot provide customer support if the required data is not provided.
Categories of data likely to be processed
- Reservation - Customer information: Title, First name, Last name, Email, Nationality, Telephone number, Country of residence, Postal address (optional), Age (for children)
- Reservation - Contact information: Email, Telephone number
Storage duration
5 years from the date of your last request for assistance.
Communication
Purpose
The Hotel Le Rocroy teams may use the contact details you provide to contact you (via email, text message, chat, telephone, courier, etc.) on their own initiative or in response to actions or requests from you or of the Accommodation provider(s). For example, if you have started your Reservation(s) online but not completed it, our teams can offer you their help to finalize it, to invite you to leave a comment on Hotel Le Rocroy, to send you information relating to your Reservation(s), or to check inappropriate behavior.
Legal basis
6.1.f - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject which require protection.
Storage duration
5 years from the date of our last communication.
Accounting and taxation
Purpose
We keep invoices and other mandatory documents as part of your Reservation(s), which may include your personal data, in order to meet our general accounting and taxation obligations.
Legal basis
6.1.c - the processing is necessary for compliance with a legal obligation to which the data controller is subject.
Categories of data likely to be processed
- Reservation - Customer information: Title, First name, Last name, Email, Nationality, Telephone number, Country of residence, Postal address (optional), Age (for children)
Storage duration
10 years from the end of the current accounting year.
Safety and prevention
Purpose
Ensuring the security of User(s) data is a priority concern for Hotel Le Rocroy, Specifically, this involves detecting and preventing any suspicious events on the Website(s).
Legal basis
6.1.f - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject which require protection.
Categories of data likely to be processed
- Browsing: Media type (computer, mobile, tablet, etc.), Display format, IP address, Browser, Language, Connection timestamp, Conversion tunnel, referring URL
- Logging: User Activities, Identifiers, Connection Timestamps, IP Address
Storage duration
6 months from the date of the last activity.
Data sharing
Hotel Le Rocroy shares your data with third parties, within the limits of what is necessary in order to achieve the purposes of each processing.
With our advisors
In certain cases, we may share certain strictly necessary personal data about you with our advisors (internal or external). This may involve, for example, law firms (themselves subject to an obligation of confidentiality) in the case of litigation management or to simply respond to a complaint.
With the authorities
In certain cases, when the law or any other legal obligation requires it from us, or in order to defend our rights, we are required to share certain strictly necessary personal data concerning you with certain authorities.
Data retention and transfer
We have chosen to store the majority of data with providers whose servers are located in France and which ensure one of the highest levels of data security on the market.
The hosting of the Website(s) as well as the optimization and security of the databases are provided by our subcontractor OVH (head office: 2 rue Kellermann - 59100 Roubaix - France, +33 9 72 10 10 07), we control the main parameters of the platform including the choice of data location in France:
We invite you to consult OVH data protection policy (https://www.ovhcloud.com/en-gb/personal-data-protection/) for further details on the security measures implemented and the documentation relating to compliance.
We may transfer data outside the European Union, either on the basis of a so-called adequacy decision of the recipient's country, or on the basis of appropriate guarantees implemented by the recipient.
For each processing the data is kept for the period necessary for the specific purpose of the processing (according to the form provided in the register of “processing activities”). Additional retention period may be added to this initial period according to the legal requirement applicable to the processing in question, during which the data is kept in intermediate archives with restricted access. At the end of the established retention periods, we delete the personal data from our databases.
Security measures
We pay particular attention to the confidentiality and security of your personal data. Hotel Le Rocroy has established an authorization management policy, this is an organizational security measure aimed at regulating access to the information system by all of our teams (employees and service providers). This measure helps to strengthen the protection of your personal data against any illegitimate access, in order to preserve their confidentiality and integrity.
We have put in place a whole series of technical measures (example: pseudonymization, anonymization, firewall, database backups) to ensure the availability of your data.
Personal data relating to children
Hotel Le Rocroy does not offer any Accommodation(s) booking to people under the age of 18 ans, these young people cannot make any Reservation(s). the User(s) must be at least 18 years old to access the Accommodation(s) booking of Hotel Le Rocroy. Hotel Le Rocroy may only process children's personal data when it has been transmitted by, or with the consent of, one of the parents (or legal guardians).
Exercise your rights
Data subjects have the right to request from the controller access to personal data, rectification (completed, clarified, updated) or erasure thereof, or restriction of processing personal data relating to the concerned person, or the right to object to the processing and the right to data portability (within the conditions set by the regulation).
The protection of your personal data is a priority, In order to facilitate the exercise of your rights, we have made several means of communication available to you, so you can:
- Write us a message at the following email address: dpo@dfc.com.
- Send us a letter to the following postal address: Hotel Le Rocroy, 13, rue de Rocroy - 75010 Paris.
- Contact us via the form available on the website page Exercise Your Rights.
We will tell you if it is necessary to attach documents to your request in order to confirm your identity (your identity document, for example).
Submit a complaint
You have the right to lodge a complaint with a supervisory authority, the supervisory authority in France is the CNIL.
- Postal address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
- Telephone: +33 (0)1 53 73 22 22
- Submit a complaint online at the following link: CNIL (service des plaintes)
General
The French language version of this privacy policy shall be controlling in all respects and shall prevail in case of any inconsistencies with translated versions, if any. Any other language versions of this privacy policy are provided for convenience only.