Privacy policy (RGPD standard)

Security and protection of personal data

Hotel Le Moulin de La Brevette (Arbigny)

Definitions:

The Publisher: The natural or legal person who publishes the online public communication services.
The Site: All of the sites, web pages and online services offered by the Publisher.
The User: The person using the Site and the services.

Nature of the data collected

In the course of using the Sites, the Publisher may collect the following categories of data
following data concerning its Users:
Civil status, identity and identification data, etc.
Connection data (IP addresses, event logs, etc.)
Your payment details (credit card number), country,
your telephone number and your e-mail address.

Disclosure of personal data to third parties

No disclosure to third parties
We do not sell our databases to third parties. We do not share your personal data
with our third-party partners (other than our network) without your consent.
However, you are informed that your personal data may be disclosed in application of a law, a regulation or by virtue of a decision by a competent regulatory or judicial authority.
of a competent regulatory or judicial authority.

Prior information for the communication of personal data
to third parties in the event of a merger / takeover

Pre-information and opt-out possibility before and after the merger / acquisition
In the event that we take part in a merger, acquisition or any other form of transfer of assets,
we undertake to guarantee the confidentiality of your personal data and to inform you
before it is transferred or made subject to new confidentiality rules.

Finality of re-use of personal data collected

Compilation of commercial statistics
.
Managing people’s opinions on products, services or content
Aggregation with non-personal data
We may publish, disclose and use aggregated information (information relating to all our Users or to groups or categories of Users) for the following purposes
specific groups or categories of Users that we combine in such a way that an individual User cannot be
individual User can no longer be identified or referred to) and non-personal information for the purposes of
sector and market analysis, demographic profiling, promotional and advertising purposes and other
advertising and other commercial purposes.
Aggregation with personal data available on the User’s social accounts
If you connect your account to an account of another service in order to cross-post, said service
service may share your profile and login information with us, as well as any other information you have
you have authorised us to disclose. We may aggregate information about all of our other
Users, groups, accounts, with the personal data available about the User.
Improve your User experience, including by sending you questionnaires and surveys.
Fight fraud; in particular, we may process your account and payment data automatically
as part of your transactions. This processing may result in your transaction being automatically blocked.
We may :

  • invite you to participate occasionally in online surveys;
  • to send you commercial and/or promotional offers, emanating solely from our hotel or our Contact Hotels network.

 

Collection of identity data

Free consultation
Consultation of the Site does not require prior registration or identification. It can be carried out without
providing any personal data about yourself (surname, first name, address, etc.). We do not
record any personal data for the simple purpose of consulting the Site.
Collection of identification data
Use of the user’s identifier only for access to services.
We use your electronic identifiers only for and during the performance of the contract.
Collection of terminal data
Collection of profiling data and technical data for the purposes of providing the service
Some of your device’s technical data is collected automatically by the Site. This
information includes in particular your IP address, Internet access provider, hardware configuration
software configuration, browser type and language, etc. The collection of this data is necessary for the provision of
services.
Collection of technical data for advertising, commercial and statistical purposes
The technical data of your device is automatically collected and recorded by the Site for advertising, commercial and statistical purposes.
commercial and statistical purposes. This information helps us to personalise and continually improve
your experience on our Site. We do not collect or store any data
(surname, first name, address, etc.) that may be linked to technical data. The data collected
may be sold to third parties.

Security of your data

We protect your information using physical, electronic and administrative security measures.
Our protection measures include firewalls, organisational measures
(such as a login/password system, physical safeguards, etc.).
When you transmit your credit card information when you make a reservation,
SSL (Secure Socket Layer) encryption technology is used to secure your transactions.
Our partner in charge of managing bookings is PCI DSS (Payment Card Industry Data Security Standard) certified.
(Payment Card Industry Data Security Standard) data security standard for the payment card industry.
for the payment card industry. This PCI DSS standard aims to reduce online fraud.

Cookies

Cookie retention period
In accordance with CNIL recommendations, cookies are kept for a maximum of 13
months after they are first placed on the User’s terminal, as is the duration of the validity of the User’s consent to the use of cookies.
of the User’s consent to the use of these cookies. The lifespan of cookies is not extended
with each visit. The User’s consent must therefore be renewed at the end of this period.
Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to
the User, based on the processing of information concerning the frequency of access, the personalisation of pages
as well as the operations carried out and the information consulted.
You are informed that the Publisher may place cookies on your terminal. Cookies record
information relating to browsing on the service (the pages you have consulted, the date and time
of the visit, etc.) that we will be able to read during your subsequent visits.
User’s right to refuse cookies
You acknowledge that you have been informed that the Publisher may use cookies. If you do not wish
cookies to be used on your terminal, most browsers allow you to deactivate cookies by going through the
cookies through the settings options.

Storage of technical data

The length of time your personal data is kept varies depending on the purpose for which it is collected:

  • Customer data in connection with the management of reservations is kept for three years from the end of the commercial relationship.
  • Customer data relating to the management of the loyalty programme is kept for the duration of membership of the loyalty programme.
  • Data relating to the management of partners and corporate accounts (corporates) are kept
    for a period of five years from the date of deletion, exclusively for evidential purposes.
  • The data relating to your bank card is kept by our service provider thirty days after the customer’s check out.
    The cryptogram of your bank card is not stored by our services.
  • Data likely to be the subject of a judicial requisition (connection data, identity, contact details,
    transaction data) are kept for twelve months from the date of collection.

Personal data retention and anonymisation periods
Storage of data for the duration of the contractual relationship
In accordance with article 6-5° of law no. 78-17 of 6 January 1978 on information technology, files and civil liberties
freedoms, personal data that is the subject of processing shall not be kept beyond the time required to
necessary for the performance of the obligations defined when the contract was concluded or for the predefined
of the contractual relationship.
Storage of anonymised data beyond the contractual relationship / after deletion of the
account
We retain personal data for the time strictly necessary to achieve the purposes described in these GCU.
described in these GCU. After this period, the data will be anonymised and kept for statistical purposes only.
statistical purposes and will not be used in any way whatsoever.
Deletion of data after account deletion
Means of purging data are put in place in order to provide for its effective deletion as soon as the
storage or archiving period necessary for the fulfilment of the purposes determined or imposed
is reached. In accordance with law no. 78-17 of 6 January 1978 relating to information technology, files and
freedoms, you also have the right to delete your data, which you may exercise at any time by
by contacting the Publisher.
Deletion of data after 3 years of inactivity
For security reasons, if you have not logged on to the Site for a period of three years,
you will receive an e-mail inviting you to log in as soon as possible, failing which your data will be deleted from our databases.
otherwise your data will be deleted from our databases.

Deletion of account

Deletion of account on request
The User may delete his or her Account at any time, by simple request to the Publisher OR via
the Account deletion menu in the Account settings, if applicable.
Deletion of account in the event of a breach of the TOS
In the event of a breach of one or more of the provisions of the TOS or of any other document incorporated herein by reference, the Publisher shall be entitled to cancel the account.
herein by reference, the Publisher reserves the right to terminate or restrict, without prior notice and at its
at its sole discretion, your use of and access to the services, your account and all the Sites.
Indications in the event of a security breach detected by the Publisher
Information to the User in the event of a security breach.
We undertake to implement all appropriate technical and organisational measures in order to
guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access,
disclosure, alteration, loss or destruction of your personal data.
In the event that we become aware of unlawful access to your personal data stored on our servers or those
stored on our servers or those of our service providers, or of unauthorised access resulting in the
risks identified above, we undertake to :
– Notify you of the incident as soon as possible;
– Examine the causes of the incident and inform you;
Take the necessary measures within reasonable limits to mitigate the negative effects and prejudice
resulting from the incident
.

Limitation of liability

Under no circumstances shall the undertakings set out in the point above relating to notification in the event of a security breach
be assimilated to any recognition of fault or responsibility for the occurrence of the incident in question.
of the incident in question.

Transfer of personal data abroad

The data we collect is accessible to our service providers, acting as subcontractors,
who contribute administratively and technically to the fulfilment of the purposes
purposes (hosting service provider, payment service provider, advertising technology, etc.)
In this context, the data we collect may be accessed by our service providers acting as subcontractors.
In this context, the data we collect may be transferred outside the European Union.
In this case, we ensure that the transfer complies with legislation on
transfer of personal data and, in particular, that a sufficient level of protection for your personal data is guaranteed.
In order to comply with our legal obligations, your personal data may also be transmitted to authorised administrative
and judicial authorities, solely upon request by a court of law.

Modification of the GTCU and the privacy policy

In the event of modification of these GTCU, an undertaking not to lower the level of confidentiality substantially
substantially without first informing the persons concerned.
We undertake to inform you in the event of any substantial modification to these GCU, and not to
substantially reduce the level of confidentiality of your data without informing you and obtaining your
your consent.

Law and remedies

In accordance with the regulations on personal data, and in particular Law no. 78-17 of 6 January 1978,
amended by Law no. 2002-801 of 6 August 2004, known as the ‘Informatique et Libertés’ law, and the European Regulation
on Data Protection n°2016/670, known as ‘RGPD’, you have the following rights concerning your personal data:

  • Access: this is your right to obtain confirmation as to whether or not your data is being processed, and if so, to access that data.
  • Rectification: this is your right to obtain, as soon as possible, that your inaccurate data be rectified,
    and that your incomplete data be completed.
    <Deletion/deletion: this is your right to have your data deleted as soon as possible.
  • Limitation: this is your right to obtain the limitation of processing when you object, when you dispute the accuracy of your data,
    when you believe that the processing of your data is unlawful, or when you need the information in order to establish, exercise or defend your legal rights.
  • Opposition: this is your right to object at any time to the processing of your data by the hotel or the Contact Hotels network,
    when this is necessary for the legitimate interests of the hotel or Contact Hotels.
    You may also object to the processing of your data for canvassing purposes.
  • You have the right to lodge a complaint with a supervisory authority.
  • You have the right to give instructions on the fate of your personal data in the event of your death.
  • The exercise of your rights with the hotel or Contact Hotels must be made by contacting the Data Protection Officer
    of the hotel or the Contact Hôtels network.

Arbitration clause
You expressly agree that any dispute that may arise as a result of these Terms and Conditions of Use, in particular as a result of
its interpretation or performance, shall be subject to arbitration proceedings governed by the rules of the arbitration
arbitration platform chosen by mutual agreement, to which you will adhere unreservedly.

Processing manager

Hôtel du Moulin de la Brevette is solely responsible for processing the personal data of its users.
Hôtel du Moulin de la Brevette, registered with the RCS of Bourg en Bresse under SIREN number 532 951 811, having its registered office at 404 Chemin de la Brevette, 01190 ARBIGNY,
represented by Mr and Mrs BUCHAILLARD, in their capacity as managers, is responsible for processing the data it collects.
The Hotel du Moulin de la Brevette processes your data for the purposes of providing the aforementioned Services, managing customer relations and invoicing.
and invoicing with its customers. It also processes this data as part of its legitimate interest in soliciting you
again for commercial offers, and for statistical purposes and to improve its user experience.

Data Protection Officer

Our Moulin de la Brevette hotel has appointed Mrs BUCHAILLARD as Data Protection Officer.
If you have any questions about this privacy policy or any request relating to your personal data,
you can contact our Data Protection Officer :

  • By e-mail to the address: reception@moulindelabrevette.com
  • By post at the following address: Hôtel du Moulin de la Brevette
    Mrs Violette BICHAILLARD – 404 Chemin de la Brevette
    -01190 ARBIGNY

 

Data portability

Data portability
The Publisher undertakes to offer you the possibility of having all your personal data returned to you
on request. In this way, the User is guaranteed greater control over his or her data and retains the possibility of reusing it.
reuse them. This data must be provided in an open and easily reusable format.