Personal data
1. SCOPE OF APPLICATION
In this policy, the terms "Maison Pigalle", "Hotel" or "Company" refer to :
MAISON PIGALLE, the company operating Maison Pigalle, located at 41, rue Jean-Baptiste Pigalle 75009 Paris, whose website is https://www.maisonpigalle.com/
The purpose of this Data Protection Policy is to provide you with simple, clear and complete information on how Maison Pigalle handles the personal information you provide to us.
2. OUR DATA PROTECTION PRINCIPLES
In accordance with current regulations, in particular the General Data Protection Regulation adopted in Europe, we have established the following principles for the processing of your data within our Hotel:
- Lawfulness: we only use personal data if :
o we have obtained the person's consent,
o OR it is necessary for the performance of a contract to which the person is a party,
o OR as required by law,
o OR to safeguard your vital interests in very limited cases,
o OR we pursue a legitimate interest in using personal data and this use does not infringe on the freedoms and interests of the individual.
- Loyalty: we explain as clearly as possible what we do with data.
- Specified purposes and data minimization: we collect only the personal data we really need. If we can achieve the same result using less personal data, then we make sure that we use only that data.
- Transparency: we inform data subjects of how we use their data. We make it easy for data subjects to exercise their rights. - Retention periods: we only keep personal data for limited periods.
- We ensure the security of personal data, i.e. its integrity and confidentiality.
- If personal data is to be used by a third party, we ensure that the third party is able to protect the personal data.
- If personal data is to be transferred outside the European Union, we ensure that this transfer is governed by the appropriate legal provisions.
- If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify the relevant data protection authorities and the individuals concerned, if the breach is likely to generate high risks for the rights and freedoms of individuals.
3. WHAT PERSONAL DATA IS COLLECTED?
At various times, we may collect information about you or the people accompanying you, in particular:
- contact information (e.g. first name, last name, telephone number, e-mail) - personal information (e.g. date of birth, nationality)
- information about your children (e.g. first name, date of birth, age)
- your credit card number (for transaction and reservation purposes); information contained in an identity document (e.g. identity card, passport or driver's license)
- your arrival and departure dates
- your preferences and interests (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of print media read, sports, cultural interests, food and drink preferences, etc.).
- your questions/comments, during or following a stay in one of our branded establishments
- technical and location information generated in the course of using our websites and applications. In order to satisfy your requests or to provide you with the appropriate service (e.g. a specific diet) we may need to collect sensitive information, in particular certain details about your health. In such cases, we will only collect this data with your express prior consent.
4. FOR WHAT PURPOSES IS YOUR DATA COLLECTED AND FOR HOW LONG IS IT STORED?
Purpose: To manage room and accommodation reservations
Basis for processing: Processing necessary for the performance of the contract binding us.
Retention period: 3 years from the date on which you were last active with us in any way.
Purpose: To complete the police form if you are a foreign national
Basis of processing: Legal obligation Retention period: 6 months
Purpose: To complete the check-in form on arrival at the hotel.
Basis of processing: Contract performance Retention period: 3 years from the date on which you were last active with us in any way.
Purpose: To manage the various services offered during your stay (spa reservations, ski pass sales, etc.).
Basis of processing: Performance of contract Consent
Shelf life: Duration of your stay
Purpose: Sending satisfaction questionnaires or to collect your expectations about your stay and your comments following it
Basis for processing: Consent
Retention period: 3 years from the date on which you were last active with us in any way.
Purpose: To send you newsletters, promotions and offers concerning tourism, hotels or services and/or to contact you by telephone.
Basis for processing: Consent
Retention period: 3 years from the date on which you were last active with us in any way.
Purpose: To personalize the customer's welcome to the hotel, to improve the quality of your service and experience.
Basis for processing: Processing necessary for the performance of the contract binding us.
Retention period: 3 years from the date on which you were last active with us in any way Purpose: To manage complaints
Basis for processing: Legal obligation
Retention period: 6 years from the date of closure of your file in the context of a complaint or claim.
Purpose: To secure and improve your use of the Hotel's websites, in particular: to improve navigation, to provide assistance and maintenance and to implement security and fraud prevention measures.
Basis for processing: Processing necessary for the pursuit of our legitimate interest in managing our business, providing IT services, administration and network security in order to prevent fraud.
Retention period: 13 months from collection of information
Purpose: To protect people and property and prevent overdue payments - Video surveillance
Basis for processing: Processing necessary for the pursuit of our legitimate interest in managing our business, securing property and persons and combating non-payment.
Shelf life: 30 days
Purpose: To provide the services needed to identify people in the hotel, particularly in the event of serious events affecting the establishment (natural disasters, terrorist attacks, etc.).
Basis for processing: Processing necessary to protect the vital interests of customers.
Shelf life: For the duration of the event.
Purpose: To comply with all applicable legislation, in particular: Management of requests to unsubscribe from newsletters, promotions, tourism offers and satisfaction surveys, Management of requests from data subjects for protection of their personal data, Storage of accounting documents.
Basis for processing: Processing necessary to comply with a legal obligation.
Shelf life: For as long as required by applicable legislation.
5. CONDITIONS OF ACCESS BY THIRD PARTIES TO YOUR PERSONAL DATA
We need to share your personal data with internal and external recipients, under the following conditions. We share your data with a limited number of authorized individuals and departments within our Hotel, in order to provide you with the best possible experience in our Hotel. The following teams may access your data:
- Hotel staff
- Reservation staff using reservation tools
- IT Services
- Sales partners and marketing services
- Medical services if required
- With service providers and partners: your personal data may be transferred to a third party in order to provide you with services and enhance your stay, including IT subcontractors, banks, credit card issuers, external lawyers, routers and printers.
- Local authorities: we may also pass on your information to local authorities, if required by law or as part of an investigation and in accordance with local regulations.
6. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
For the purposes indicated in article 5, the Hotel endeavors to keep your personal data in France, or at least within the European Economic Area (EEA). Where we transfer your personal data to recipients outside the EEA, we guarantee that the transfer is made: - Either to a country ensuring an adequate level of protection, i.e. a level of protection equivalent to what European regulations require - Or the transfer is governed by standard contractual clauses Flows to the United States may also be made to entities that have joined the Privacy Shield program.
7. DATA SECURITY
The Hotel takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular Article 32 of the RGPD), to protect your personal data against destruction, loss or alteration, misuse and unauthorized access, modification or disclosure, whether such actions are unlawful or accidental. To this end, we have put in place technical measures (such as firewalls) and organizational measures (such as a login/password system, physical safeguards, etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. When you transmit credit card information when booking, SSL (Secure Socket Layer) encryption technology is used to secure your transactions. Organizational measures ensure secure processing.
8. COOKIES AND OTHER TRACKERS
What is a cookie?
A cookie is a small text file stored in the browser directories of your computer, tablet or cell phone. Cookies can be deposited on your device when you visit a website and can serve several purposes, such as ensuring the smooth operation of websites and obtaining information about visitor habits. When browsing the L'Hôtels website, you can decide whether or not to allow cookies to be stored on your computer.
How do I configure cookies?
Cookies can be set directly via your Internet browser and, depending on the type of browser used, can be systematically refused during browsing or authorized on a case-by-case basis. To find out how to configure your browser, visit the dedicated page on the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser
9. YOUR RIGHTS
You have the right to obtain information and access to your personal data collected by the Hotel, subject to the applicable legal provisions. You also have the right to have your data rectified, erased or the processing thereof restricted. In addition, you have the right to portability of your data and the right to define instructions for the processing of your data upon your death. You also have the right to object to the processing of your data, and in particular to the sharing of data concerning your stays, preferences and satisfaction with other establishments. If you wish to exercise these rights, please contact the department in charge of personal data directly by e-mail at https://www.maisonpigalle.com/ or by writing to the following address:
MAISON PIGALLE 41, rue Jean-Baptiste Pigalle 75009 Paris - France
In the interests of confidentiality and the protection of your personal data, we will need to identify you in order to respond to your request. To this end, if there are reasonable doubts as to your identity, you may be asked to enclose a copy of an official identity document in support of your request (national identity card, driving licence, passport, etc.). You may also exercise your rights with regard to your personal data stored and processed by a hotel in its capacity as data controller. To do so, please contact the hotel directly. If you require any assistance, please write to the Personal Data Protection Department at bonjour@maisonpigalle.com or at the above postal address. If you feel that your rights have not been respected or that a response provided by the hotel is not satisfactory, you may lodge a complaint with the CNIL.
10. UPDATES
We may modify this policy from time to time and we invite you to consult it regularly, particularly when you make a reservation.
11. CONTACT
If you have any questions about the Hotel's personal data policy, please contact the Personal Data Protection Department (see "Your rights").
Latest version: November 14, 2022