PERSONAL DATA PROTECTION POLICY
Our philosophy and our commitments
Hôtel Kyriad Prestige Sables d'Olonne is committed to protecting your personal data and is committed to ensuring a high level of protection of your personal data in accordance with European Regulation 2016/679 and the Data Protection Act No. 78-17.
As such, you will find below our policy for protecting your personal data explaining in particular what we collect as personal data, how it is processed and on what basis, its retention and your personal rights. We invite you to read it.
Our Personal Data Protection Officer is at your disposal to answer all your questions, you can contact him at the following address: RGPD@madeho.fr You
can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or question/contact the regulatory authority (CNIL) via its website www.CNIL.fr.
This version of the personal data policy may be modified by us if necessary and you will be informed.
Your data controller
Hôtel Kyriad Prestige Sables d'Olonne is the controller of your personal data and whose contact details you will find below: 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE; it is referred to by its name or "We" herein.
Your personal data and their collection by Hôtel Kyriad Prestige Sables d'Olonne
Your personal data may be collected during:
- your visit to our site,
- our exchanges,
- our prospecting actions,
- the formation or execution of our contracts.
We do not collect any data that is not necessary for the processing purpose mentioned during collection or data prohibited by law or regulation.
The collection of certain data may be mandatory or optional and you are informed of the mandatory information. Your personal data may be collected by third-party service providers or partners, who undertake to comply with European and national regulations on personal data.
Our policy is not to transfer your data outside the European Union; if by exception we do so, this transfer may only take place to a country or organization subject to an adequacy decision (art. 45 GDPR) or presenting sufficient appropriate guarantees (art. 46 GDPR).
We do not make any automated decisions.
We may potentially collect the following personal data from you:
- Civil status, identity, contact details, images
- Personal life
- Professional life
- Personal economic and financial data
- Login details
- Unique National Identification Number
- Health data
- Criminal convictions or offences
Our processing of your personal data
We process your personal data by inserting them into databases; they are stored, retained and, where appropriate, rectified, deleted, archived, anonymized or pseudonymized, transferred to trusted third parties.
We are required to process your personal data for the following processing purposes or for purposes specified to you at the time of collection:
- Your information on our commercial offers (products, services, etc.) and promotions – Communicating with you
We may use your personal data for commercial prospecting purposes, and in particular to send you information about our products/services, our commercial and promotional offers, quotes and other pre-contractual documents, our news by email, post or telephone.
- Execution of your current contracts and customer follow-up
We use your personal data to ensure the execution of current contracts in accordance with your requests. We may also send you any information about your order or your current contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees where applicable and our legal obligations. We also use your personal data to manage our customer relationship, your requests or complaints, disputes where applicable and to track your customer history.
- Improving the use of our services and improving our offers
We process your personal data to enable you to make optimal use of our services, improve our offers and products/services, and to track your user journey, carry out satisfaction surveys, polls and anonymous statistics.
- Your payments
Your bank details may be collected either directly by us or by a dedicated and selected service provider, which guarantees the complete confidentiality of your bank details and these details are only kept for the time necessary for the duration of the contractual relationship or within legal limits.
- Protection against fraudulent initiatives
The personal data collected may be used to combat fraud, particularly in respect of payments or direct debits made. In this respect, our payment security service providers may be made recipients of this data.
- Ensure compliance with the law and court decisions
Your Data may be used to:
- respond to a request from an administrative or judicial authority, a representative of the law, a legal officer or comply with a court decision;
- ensure compliance with our general conditions of sale/service;
- protect our rights and/or obtain compensation for any damages we may suffer or limit the consequences;
- prevent any action contrary to the laws in force, particularly in the context of preventing the risks of fraud.
We may still process your personal data for the following purposes:
- Business relationship
Sending marketing campaigns by email, post or telephone (including via a service provider)
- Miscellaneous
Electronic Signature
- Internet
Create and manage your user account
- Cookie management
- Performance cookies — (allowing anonymous statistics and traffic levels on the site to be established) and tracking and personalization cookies collecting information on your use of the site and allowing individualization of our offers,
- Third-party cookies — to target advertisements likely to interest you based on your identified interests (these cookies are subject to the policy applied by third parties and not to the policy of Hôtel Kyriad Prestige Sables d'Olonne for their issue and processing),
- Analytical cookies — allowing us to understand and analyze your browsing on our site.
The basis for processing your personal data
In accordance with the regulations, the processing of your personal data by us is justified if it is based on one of the following grounds:
- Your consent to our processing of your data: you agree to the processing of your personal data by means of express consent. You may withdraw this consent at any time by contacting our DPO; or
- The existence of a contract between you and us: the processing of data is then justified by the needs of the performance of the contract; or
- Our legitimate interest in processing your personal data where such proportionate interest respects your fundamental rights and privacy; or
- The Law or regulations in force when they oblige us to process and store your personal data.
Terms and duration of storage of your personal data
We manage your personal data in three phases:
- An active phase where the data is kept for the time indicated below in an “active” basis: your personal data is then accessible only by people who have an operational need to access it in order to carry out the authorized processing.
- An archiving phase (for additional time to storage in the “active” database) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited period.
- A deletion or anonymization phase: at the end of the additional archiving within the time limits below, your personal data is deleted or anonymized (such that it can no longer constitute personal data identifying you).
Your personal data is kept for the time necessary for the purposes of its processing, our customer relationship where applicable and the execution of contracts and within the limits specifically set out by regulation; we may keep your personal data in archives for the purposes of retaining accounting, tax or evidentiary supporting documents for the duration of the applicable requirements. As an example, we indicate below the retention periods applicable to the following processing operations (subject to regulations imposing a differentiated retention period):
Purpose of Processing | Basis of Processing | Retention of Personal Data in the "Active" Database | Additional Archiving |
Prospecting | Your consent | 3 years if you have not actively responded to any solicitations. The period starts anew in case of active solicitation from you. | X |
Execution of our contractual obligations towards you / services | Contract | The time necessary to perform the contract and 3 years from the end of the commercial relationship (last activity such as end of contract execution (purchase, service...), login to the site as a registered user) | 5 years after the end of the contractual relationship |
Customer relationship | Contract | 3 years from the end of the commercial relationship (last activity from you towards us) | 5 years after the end of the contractual relationship |
Withdrawing your consent to the collection or processing of your personal data
Your consent granted for the collection of your personal data can be withdrawn by writing to our DPO by email or by post to the addresses listed in the header, mentioning your name, first name, email and address with the nature and precise subject of your withdrawal request.
You can also send us any comments on your personal data to Hôtel Kyriad Prestige Sables d'Olonne, 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE.
Exercising your rights over your personal data
You have :
- A right of access, which allows you to obtain:
- Confirmation as to whether or not data concerning you is being processed;
- Communication of a copy of all personal data held by the data controller.
- A right to request the portability of certain data: it allows you to recover your personal data in a structured, commonly used and machine-readable format.
- A right of opposition: this allows you to no longer be the subject of commercial prospecting from us or our partners, or, for reasons relating to your particular situation, to stop the processing of your data for research and development, anti-fraud and prevention purposes.
- A right of rectification: it allows you to have information concerning you rectified when it is obsolete or incorrect. It also allows you to have incomplete information concerning you completed.
- A right to erasure: this allows you to obtain the erasure of your personal data subject to the legal retention periods. It may in particular apply in the event that your data is no longer necessary for processing.
- A right of limitation: It allows you to limit the processing of your data in the following cases:
In the event of unlawful use of your data;
If you dispute the accuracy of your data;
If you need to have the data to establish, exercise or defend your rights.
They will then no longer be actively processed, and may not be modified for the duration of the exercise of this right.
A right to obtain human intervention: the data controllers may use automated decision-making for the purpose of subscribing to or managing your contract. In this case, you can ask the Data Protection Officer what the determining criteria for the decision were. You
can exercise these rights by email: RGPD@madeho.fr or by letter to the following address: 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE, indicating your surname, first name, address and email (your customer references if applicable) as well as the subject of your request in clear and legible terms. Hôtel Kyriad Prestige Sables d'Olonne undertakes to respond to your verified request within one month of receipt.
In case of difficulty, you can contact our personal data protection officer directly by email: RGPD@madeho.fr or contact the National Commission for Information Technology and Civil Liberties (CNIL).
Our subcontractors and partners
Hôtel Kyriad Prestige Sables d'Olonne may transmit your personal data to subcontractors carrying out services involving the processing of your data and in compliance with the purposes set out herein; these subcontractors must provide your personal data with the same level of confidentiality as Hôtel Kyriad Prestige Sables d'Olonne and have undertaken to be in full compliance with the regulations on personal data, in particular with the GDPR.
We do not trade in your personal data; if you would like to find out more and specifically know the identity of the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: RGPD@madeho.fr .
The service providers or partners likely to access your personal data may in particular be:
- service providers likely to manage outsourced services for the execution of our services and contracts,
- service providers helping us to improve our services, carry out data analyses and optimize our offers, carry out surveys and statistics,
- auditors, accountants, consultants, lawyers, audit firms, IT and outsourcing service providers, security service providers,
- investors and buyers.
We may also be required to transmit your personal data to French authorities, administrations and courts, particularly in the context of legal action or legal formalities requiring this communication.