Customer personal data protection charter : Plage Palace

CUSTOMER PERSONAL DATA PROTECTION CHARTER

(hereafter the “Charter”)

Who are we?
What is the purpose of our policy for privacy protection?
What personal data is do we collect?
When do we collect your personal data?
For which purposes do we collect your personal data and for which period do we store it?
What are the conditions of third-party access to your personal data?
How is your personal data protected during international transfers?
How do we secure your personal data?
What is our policy on cookies and other tracers?
What are your rights?
How can you be informed of updates of this Charter?

Who are we?

The company JLGC is a simplified joint-stock, with a share capital of € 2000, whose registered office is located 336 avenue de Saint Maurice – 34250 Palavas Les Flots, registered in the Montpellier TCR under number B 525-310-421, intra-community VAT number: FR 17 525 310 421, SIRET number 525 310 421 00025.

The company JLGC operates this website which can be accessed by the public at the URL address www.plagepalace.com (hereafter the “Site”).

The Site aims to:

Provide information in order to discover the activity and the services offered by the company JLGC;
Offer an online booking functionality for hotel rooms and accommodation within the establishment Plage Palace;
Allow the subscription to our newsletter;
Allow you to contact the company JLGC (contact request, information request, etc.);

During your navigation and your interactions with the Site or with the company JLGC, the company JLGC may collect and process personal data which concern you, as data controller.

In any case, this Site is not destined to be used by minors, to whom we ask not to provide personal data on this Site. Should be discover that we have collected or received personal data from a minor without parental consent, such information will be deleted. If you believe we may have collected or received data sent by or regarding a minor, please contact us at [email protected]

What is the purpose of our policy for privacy protection?

The company JLGC is mindful to ensure your privacy and processes all your personal data with the utmost care and according to the application legislation and regulation in matters of data protection.

This Charter formalizes our commitments towards you and aims to inform you on how we process your personal data and on your rights related to the data you provide and/or have provided as a user of this Site, a subscriber to emails, a hotel guest, a restaurant guest, a client or a partner of the company JLGC.

It is important for you to review this Charter, in order to be fully aware of how we use your data and why we use said data.

In accordance with regulations in force, and in particular:

Regulation (EU) 2016/79 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (i.e. General Data Protection Regulation or “GDPR”, which entered into force on 25 May 2018);
Law n°2018-493 of 20 June 2018 on personal data protection, which amends Law n°78-17 of 6 January 1978 (i.e. the French “Data Protection Act”);

We undertake that our Customer personal data protection policy shall respect the following principles:

Lawfulness: your personal data is only used in one of the following cases:

If we obtain your consent;
If it is necessary to do so for the performance of a contract to which you are a party;
If it is necessary for our compliance with a legal obligation;
If it is necessary in order to protect your vital interests;
If we pursue a legitimate interest in using personal data and said use does not adversely affect your liberties and interests.

Fairness: we explain during our interactions and/or in this Charter how your personal data, which we collect, is useful to us.

Purpose limitation and data minimization: we only collect the personal data which is really necessary to us. We undertake to use the least amount possible of personal data according to the intended processing purpose.

Transparency: we inform you, during your interactions and/or in this Charter, of how we process your data.

Storage limitation: we store your personal data only for a limited period in accordance with the intended processing purpose.

Exercise of your rights: we facilitate the exercise of your rights regarding your personal data, i.e. right of access, rectification and erasure of data, or right to object to their processing.

Integrity and confidentiality: we ensure the security and confidentiality of your personal data. As such:

If a third party must use said data, we ensure that this third party presents the appropriate warranties in order to protect the data in question.
If data must be transferred outside the European Union, we ensure that this transfer is operated within an appropriate legal framework.
In the event where personal data is compromised (i.e. lost, stolen, damaged, unavailable, etc.), we undertake to notify such breach to the competent authorities and responsible persons, pursuant to the applicable legislation and regulation.

What personal data is do we collect?

We may collect and process various data which concern you or the persons who accompany you, and in particular:

Your identification data: civil status, first and last name, date of birth, nationality, etc.
Your contact details: postal address (including your delivery address for online purchases), email address, phone number, etc.
On a voluntary and consented basis, information on the occupants of the reserved accommodation: first and last name, age, time of arrival
Information on your children: first name, date of birth/age, etc.
Information from an ID document: ID card, passport, driving license
Financial information (details of the bank account and/or payment card) for transaction and reservation purposes
Details of financial transactions (details on payments you made and received, and other details of services you purchased with us or on our Site)
Information on your reservations: dates of arrival and departure.
Technical information (connection data, type and version of your browser and plug-in, etc.) and location information (IP address, time zone settings and location, etc.) generated during the use of the Site, of your traffic and browsing history on the Site, as well as tracking information of your actions towards emails we may send you (openings, clicks, etc.)
Data regarding the monitoring of your customer relation with the company JLGC: customer relation history, contact, information or documentation requests, prior correspondences, data necessary for operations of prospecting, customer loyalty, marketing and communication, satisfaction surveys, etc.
Information on customer loyalty actions as the case may be.
On a voluntary and consented basis, information regarding your interests, favorite product categories and particular expectations.

In order to meet your requirements and provide you with a specific service (such as dietary requirements or specific health condition requiring special arrangements), we may have to collect and process “sensitive” information when necessary (such as information concerning race, ethnicity, religious and philosophical beliefs, or health details, etc.). In this case, we will only process this data if you provide your express and prior consent.

When do we collect your personal data?

Your personal data may be collected or processed in whole or in part during your navigation on the Site, your interactions with the Site and your provision of information within the data collection forms of the Site (in particular the reservation forms), and in particular:

As part of hotel activities: booking of a room/suite, registering and payment, hotel stay and services provided during the stay, beverages and food consumed at the bar/restaurant during a stay, etc.
As part of a participation in a marketing program/animation: registering in customer loyalty programs, participation in guest satisfaction surveys, subscription to newsletter in order to receive offers and promotions by email, etc.
For purposes of communication of information from third parties: tour operators, travel agencies (online or not), GDS reservation systems, etc.
As part of Internet activities: connection to the Site (IP address, cookies according to our Cookie Policy: xxx), online data collection form (online reservation, surveys, social networks login devices, conservations with a “chatbot”, etc.).

We may also collect your data as part of your relation and exchanges with the company JLGC, and in particular:

Via telephone reservations;
By means of various channels you may have used to book with the hotel Plage Palace;
Via social media of the company JLGC (Facebook page, Twitter account, Instagram account, etc.);
As part of our customer loyalty program as the case may be.

We generally collect your data directly from you and as part of the abovementioned situations.

Moreover, we inform you that the data we collect and process which concern you may be supplemented by us, in particular for commercial purposes, prospecting, customer loyalty, communication or marketing, by means of other information sources (social media, etc.).

Furthermore, we inform you within the Site, on each personal data collection form, of the mandatory character of the replies and more generally of the collected information, by the presence of asterisk next to the fill-in field(s) in question. Without said asterisk and/or when the term “optional” is indicated, the requested information is optional.

Therefore, should you not fill in the mandatory information, we may not be able to process the request regarding said data collection (online reservation, information request, etc.) or process it with a delay.

For which purposes do we collect your personal data and for which period do we store it?

Pursuant to application regulation in matters of data protection, the use of personal data must be justified by a legal basis provided by legislation. We are required to inform you of the purpose of each use of your personal data in this Charter.

The main purposes which justify our use of your personal information are as follows:

Consent: when you have consented to our use of your personal information (you provide an explicit and informed consent, given freely regarding such a use, and you may withdraw your consent by informing us).

Legitimate interest: the interest of our company in running and managing our business in order for us to provide you with the best service and experience in the best conditions. We ensure that we take into account any potential impact on you (positive or negative) and on your rights prior to processing your personal data for our legitimate interests.

Performance of a contract to which you are a party: processing your data when it is necessary in order to perform a contract with you, or performing procedures prior to concluding such a contract.

Compliance with a legal or regulatory obligation: processing your data when it is necessary in order for us to comply with a legal or regulatory obligation to which we are bound.

Legal claims: when your information is necessary in order to defend you, press charges or file a claim against you or a third party.

We store your personal data only for the time necessary to the achievement of the purposes for which we have collected them, and in order to comply with legal, accounting or reporting obligations.

In order to determine the appropriate conservation period of personal data, we take into account the amount, nature and sensitivity of personal data, the potential risk of damage resulting from an unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve said purposes by other means, as well as the applicable legal requirements.

In some case, you may ask us to delete your data: see “What are my rights” below for further information.

The following table sets out the purposes for which we process your data, the legal basis for said processing as well as the associated storage periods:

Purpose/Activity	Legal basis for processing, including intended legitimate interest	Storage period
Processing, managing and delivering your reservation / accommodation (in particular creation and storage of legal documents in compliance with accounting standards).	Performance of a contract to which you are a party. Necessary to comply with a legal obligation. Necessary for our legitimate interest in running our business and providing you with the requested products and services.	10 years from the reservation, in accordance with our legal obligations.
Meeting our obligations towards our customers.
Managing your stay: managing access to the rooms, monitoring of your use of services (phone, bar, pay TV, etc.).	Performance of a contract to which you are a party. Necessary for our legitimate interest in running our business and providing you with the requested products and services.	For the duration of your stay.
Managing your payments and bank transactions for a reservation	Performance of a contract to which you are a party. Necessary for our legitimate interest in running our business and providing you with the requested products and services.	For the duration necessary to the execution of the transaction.
Managing our relation with customers before, during and after their stay: imputing details into the customer database, segmentation analysis based on reservation history and customer travel preferences in order to send targeted communications, developing statistics and reporting operations, providing context data for our marketing tools, understanding and managing the preferences of new or repeat customers, sending customers newsletters, promotions and offers, etc.	Performance of a contract to which you are a party. Necessary for our legitimate interest in promoting our services, performing direct marketing operations and improving our services.	3 years from the last date on which you have interacted with us in any way.
Improving our hotel service, and in particular: personalizing your check-in at the hotel, improving the service quality and customer experience, processing your personal data through our customer marketing program, adapting our products and services to better meet your requirements, customizing the commercial offers and promotional messages we send you, informing you of special offers and any new services created by the company JLGC, etc.	Performance of a contract to which you are a party. Necessary for our legitimate interest in promoting our services, performing direct marketing operations and improving our services.	3 years from the last date on which you have interacted with us in any way.
Using a trusted third party to cross-check, analyze and combine your data collected at the time of your reservation or stay, in order to determine your interests, customer profile, and allow us to send you customized offers.	Necessary for our legitimate interest in promoting our services, performing direct marketing operations and improving our services.	3 years from the last date on which you have interacted with us in any way.
Improving our services and in particular: carrying out surveys and analyses of questionnaires and customer reviews, managing customer complaints, offering you the benefits of our loyalty program as the case may be.	Performance of a contract to which you are a party. Necessary for our legitimate interest in promoting our services, performing direct marketing operations and improving our services.	3 years from the last date on which you have interacted with us in any way.
Securing and improving your use of the Site: improving navigation, maintenance and support, implementing security and fraud prevention measures.	Necessary for our legitimate interest in running our business, providing administration and IS services and network security to prevent fraud.	13 months from the collection of the information.
Internal management of lists of guests having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with safety regulations, theft, damage and vandalism or payment incidents).	Necessary for our legitimate interest in running our business and to prevent fraud and the abuse of our property and staff.	Up to 122 days from the recording of an event.
Securing payments by determining the associated level of fraud risk for each transaction.	Necessary for our legitimate interest in running our business and to prevent fraud.	90 days for analysis and control purposes, and then 2 years in a separate database for purposes of improvement of our operating system.
Using necessary services to search for the identity of persons staying at the hotel in case of serious events affecting the hotel (natural disasters, terrorist attacks, etc.).	Protection of the guests’ vital interests.	For the duration of the event.
Complying with any applicable legislation (for example, storing of accounting documents): managing requests to unsubscribe from newsletters, promotions, offers and satisfaction surveys, managing data subject’s requests regarding personal data.	Necessary to comply with a legal obligation.	For the duration determined in the application legislation.

What are the conditions of third-party access to your personal data?

In order to offer the services we provide in the best conditions, we have to share your personal data with internal and external recipients, in the following conditions:

With a limited number of authorized persons and services within the company JLGC, in order to offer the best possible experience.

The following teams may have access to your data:

- Hotel staff
- Reservation staff using the reservation tools
- Restaurant staff
- Body care services staff (spa)
- IT departments
- Commercial departments
- Commercial partners and marketing services
- Medical services if applicable
- Generally, any appropriate person within the company JLGC for certain specific categories of personal data.

With service providers and partners.

Your personal data may be sent to a third party in order to provide you with services and to improve your stay, such as:

- External service providers (IT sub-contractors, banks, credit card issuers, external lawyers, dispatchers, etc.)
- Commercial partners: we may, unless you specify otherwise to the Data Privacy department, enhance and supplement your profile by sharing certain personal information which concern you with our preferred commercial partners. In this case, a trusted third party may cross-check, analyze and combine your data. This data processing will allow us as well as our preferred contractual partners to determine your interests and customer profile, and allow us to send you personalized offers.

With local authorities.

We may have to send your information to local authorities, if this is required by law or as part of an investigation, and in accordance with the applicable regulation.

How is your personal data protected during international transfers?

For the purposes set out in article 5 of this Charter, we may transfer your personal data to internal or external recipients located in countries which offer various levels of personal data protection.

Therefore, we implement the appropriate measures in order to secure the transfer of your personal data to an entity of the company JLGC or to an external recipient located in a country offering a different level of privacy from that of the country in which the personal data is collected.

As such, for technical and organizational reasons, it may be necessary for your personal data to be transferred to servers located outside of the European Economic Area (EEA).

When we transfer your personal data outside of the EEA, we ensure that a similar degree of privacy is granted, and that one of the following warranties is implemented:

We only transfer your personal data to countries which have been considered as granting an adequate level of protection of personal data by the European Commission.
When we collaborate with certain service providers, we may use specific contracts approved by the European Commission which guarantee the same protection level to the personal data as in Europe.
When we use providers located in the United States of America, we may transfer data if they are part of the privacy protection system which requires to grant a similar protection to personal data shared between Europe and the United States.
With your express consent or according to what is legally authorized by applicable regulation in matters of data protection.

How do we secure your personal data?

Mindful to secure your data, we take all the useful and appropriate precautions and measures, whether physical, logistic, technical, functional, administrative or organizational, according to the state of knowledge, implementation costs and nature, scope, context and purposes of the processing as well as the risks towards rights and liberties of natural persons, in order to preserve the security and confidentiality of the data and to guarantee a risk-adapted level of security, and in particular to avoid that your personal data is accidentally lost, used or obtained in an unauthorized way, modified or disclosed.

Due to inherent difficulties related to the performance of an activity on the Internet and to the risks resulting from an electronic transmission of data, we cannot be bound by a performance obligation.

We have implemented procedures in order to process any presumed violation of personal data protection and we shall inform you, as well as any applicable regulatory entity, of any breach of personal data protection when we are required to do so by law.

In case of sub-contracting of all or part of a processing of personal data, we undertake to contractually impose security warranties to our sub-contractors, and in particular regarding confidentiality of personal data to which they may have access.

What is our policy on cookies and other tracers?

We use cookies and other tracers on our Site. For further details, please refer to our Cookie Policy: xxx

Cookies allow us to personalize the content of the Site, to analyze our traffic and to improve the performance of the Site as well as the user experience.

Cookies may be installed in your browser subject to your choices and options, which you have expressed or may express at any moment.

What is a cookie?

Cookies are small text files which may be used by websites in order to make the user experience more effective.

According to applicable legislation, we cannot store cookies on your device unless they are strictly necessary to the operation of this Site. For all other types of cookies, we require your consent.

Which cookies do we use?

This Site uses different types of cookies. Certain cookies are places by third-party services which appear on our pages.

Certain cookies contain personal data. Most cookies do not collect information which may identify you, but rather general information such as how you come to the Site and use it.

You may modify or withdraw your consent at any time and from the Declaration related to cookies on our website, on the following link: xxx

We are likely to use the following cookies:

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

The use may oppose and delete them by using his/her browser’s settings; in this case, the Site cannot function properly and the use experience may be downgraded.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously (such as tests, audience measures and analysis, traffic, navigation, performance).

Marketing cookies are used to track visitors accords websites. The goal is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

Consent

The installation of certain cookies is subject to the user’s consent. As such, during the user’s visit to the Site, he/she is asked if he/she accepts cookies which require his/her consent prior to their installation on the device. Cookies subject to such consent cannot only be installed if the user accepts them by continuing his/her navigation on another page of the Site or by clicking the appropriate box.

How to configure and/or delete cookies?

The use has several options to delete and/or refuse cookies and other tracers or similar technologies.

Browser settings: if most browsers are set by default and accept the installation of cookies, the use may, if he/she chooses so, accept all cookies or reject them systematically or choose those he/she accepts according to their providers.

He/she may also set his/her browser (operation to implement on each reception terminal: tablet, smartphone, computer, etc.) to accept or refuse on a case by case basis the cookies prior to their installation. He/she may also regularly delete cookies from the terminal via the browser.

For management of cookies and user choices, the configuration of each browser is different. It is described in the help menu of the browser, which allows the user to know how he/she can change its settings regarding cookies.

The user may also review the Cnil’s guide available at the following address: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

Therefore, the user may set its browser to refuse cookies. To that extent, the attention of the user is drawn to the fact that, by setting its browser to refuse cookies, certain functionalities, pages, areas of the Site may not be accessible, for which we may not be held responsible.

Module of the Site: our Site also offers a cookie management module which allows the user to accept or refuse cookies according to their purpose. This module can be found here: xxx

Opposition modules by cookie providers: certain cookie providers which we may use on our Site offer specific opposition modules. The user is encouraged to review the information pages of said providers in order to identify these modules, if so.

Opposition platforms: several platforms for advertising professionals also offer the possibility to users to refuser or accept cookies used by companies which are members. These centralized mechanisms do not block the display of ads but prevent the installation of cookies, and allow the user to adapt ads according to his/her interests.

What are my rights?

According to the abovementioned legal and regulatory provisions, you have the following rights:

Right to access your data (also called “access request”): this allows you to receive a copy of the personal data we have which concerns you, and to check that we process it legally.

Right to rectify your personal data: this allows you to correct incomplete or inaccurate data we have which concerns you, although we shall need to check the accuracy of the new data you provide.

Right to erase your personal data: this allows you to ask us to change or delete personal data when there is no valid reason for us to keep processing it. You also have the right to ask us to erase your personal data when you have successfully exercise your right to object processing (see below), when we have unlawfully processed your data or when we are bound to erase personal data in order to comply with application legislation. However, note that we are not always able to grant your erasure request for specific legal reasons which shall be notified to you, if so, upon your request.

Right to object processing of personal data: when we base our processing on one of our legitimate interests (or that of a third party), and that something in your specific situation engages you to object to such processing, because you consider that there is an impact on your rights and fundamental liberties. You also have the right to object to the processing of your personal data for purposes of direct marketing. In certain cases, we can prove that we pursue legitimate and imperious interests to process your personal information, which prevails over your rights and liberties.

Right of limitation of personal data processing: this allows you to ask us to cease the processing of your personal data in the following cases: (a) if you want us to establish the accuracy of the data; (b) when our use of the data is unlawful but you do not wish for us to erase it; (c) when you need us to store the data even if we not longer have use for it, because you need it to establish, exercise or defend rights; or (d) you have challenged our use of your data, but we must check that we have legitimate and imperious interests to use it.

Right to data portability: we shall provide, to you or to your designated third party, your personal data in a structured format, commonly used and readable by a machine. Note that this right only applies to automated information which you initially authorized us to use or when we used it to perform a contract with you.

Right to withdraw your consent: at any time, when we require your consent for the processing of your personal data. However, this shall not affect the lawfulness of any processing performed prior to your consent withdrawal. If you withdraw your consent, we may not be able to provide you with certain services. We shall inform you if this is the case upon said withdrawal.

All requests regarding the exercise of the abovementioned rights, as well as all information requests regarding personal data protection, must be made by postal mail to the following address: Plage Palace, RGPD, 336 avenue de Saint Maurice – 34250 Palavas les Flots or by email to the following email address: [email protected]

For purposes of confidentiality and personal data protection, we must check your identity prior to processing such a request. Therefore, any request regarding the exercise of the abovementioned rights must contain a copy of a signed ID document.

Finally, note that you may in any case file a claim with a national authority in charge of personal data protection (in France, the “National Commission on Computer Technology and Freedom”, or CNIL) should you consider the processing of your personal data does not comply with applicable provisions.

How can you be informed of updates of this Charter?

This personal data protection policy may be amended or adjusted at any time.

In case of any amendment or adjustment, the new policy shall be uploaded on the Site in the dedicated section. Furthermore, all data collection forms on our Site contain a link to this policy. We therefore invite you to review it regularly.

Should you have any question regarding data processing, please feel free to contact us at the following email address: [email protected] We shall reply without undue delay.

Last modification: October XXX, 2020.