SAS THE PALAIS is committed to ensuring that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulations (GDPR) and Act 78-17 of 6 January 1978 computer science, files and freedoms.
The collection of personal data from its customers is limited to the bare necessities, in accordance with the principle of data minimisation, and indicates what purposes are pursued by the collection of such data, if providing such data takes on a optional or mandatory to manage applications and who will be able to read them.
I. About Us
The PALAIS Company is an SAS headquartered at 9 Tehran Street 75008 Paris and registered in the trade register under the number SIRET 829 614 890 00020. APE code 5510Z.
The Company offers the following services:
- 3-star hotel accommodation and catering
“Site” refers to the Company’s website, namely, www.palaisannecy.com
“Cookies”: A cookie is information deposited on a user’s hard drive by the server of the site they are visiting. It contains several data: the name of the server that filed it, an identifier in the form of a single number or text, and possibly an expiration date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.
“Personal data” refers to any information relating to a natural person identified or that can be identified, directly or indirectly, by reference to an identification number or one or more elements of its own. This is, for example, the user’s email address.
“Client” refers to any individual or legal person who makes a reservation on the Site, with our partner providers (e.g. Booking.com) or directly with the receptionist stationed at the establishment whose address is indicated in Article I;
“Reservation” refers to any booking made by the User, Customer, Professional, Consumer in order to benefit from the Company’s Services;
“General Terms of Sale and Use” or “CGV/CGU” refer to the company’s terms and conditions of sale and use;
“Consumer” refers to the natural person buyer who does not act for professional purposes and/or outside of his professional activity;
“Professional” refers to the legal or physical person buyer who acts in the course of his professional activity;
“Services” refers to all services and/or products offered to Customer and Professional Users by the Company through Sites owned by the Company;
“Company” refers to the Palace of the Isle Hotel Company, more amply designated in Article I of these;
“User” refers to anyone who uses the Site.
“Account” refers to the client’s personal space among the Company’s partner providers.
“Quote” refers to an estimate made by the Company for a specific and tailor-made service requested by the Customer
“RGPD” refers to the General Regulation on the Protection of Personal Data applicable from 25 May 2018.
“Personal data processing” refers to any operation or set of operations relating to such data, regardless of the process used (collection, registration, organization, retention, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of provision, reconciliation or interconnection, locking, erasure or destruction…)
III. Personal Data Protection
In accordance with the so-called “Computer and Freedoms” Act of 6 January 1978 and the General Data Protection Regulations 2016/679 (RGPD), the information about you is intended for the Company, responsible for the processing. You have the right to access, correct and delete the data that concerns you (details in Article 7). You can do it by sending an email to [email protected]
By logging into the company’s palaisannecy.com site, you gain access to content protected by law, including the provisions of the Intellectual Property Code. The Company allows only strictly personal use of the information or content you access, limited to a recording on your computer for display on a single screen, and reproduction, when authorized (link or download button) for copying or printing on paper. Any other use is subject to our prior express permission. As you continue your visit, you agree to abide by the above restrictions.
The Company commits its Customers, Consumers, Consumers, Professionals to respect the applicable laws and the ethical rules of practice necessary to establish a relationship of trust between the Company and its Customers, Users, Consumers, Professionals.
The Company commits its Users to comply with a set of obligations through its CGV/CGU.
Failure to comply with these obligations may result in an unannounced cancellation of a booking made on the Company’s website or live with the Saint-Patrick Hotel.
NOTE THAT THE SOCIETE does NOT make NO CHANGE NOR LOCATION OF HIS CLIENTS AND PROSPECTS.
The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we are aware of the collection of personal data of minors without the prior authorization of the holder of parental authority, we would take appropriate measures to remove this personal data from our Servers.
IV. Treatment Manager
Sanddy Maguer-Winet, director of the Palais de l’Isle Annecy hotel, whose information is stipulated in Article 1 on this page, is responsible for the processing of the personal data referred to herein.
V. Nature of Collected Data
User information and rights
By this, the company clearly informs you about the processing of personal data it implements as part of its business, how the data is collected, used and protected.
Every User, Customer, Consumer, Professional has the right to ask the processing manager, i.e. Sandra Delon access to the personal data provided;
- Correcting or erasing them;
- A limitation of treatment related to the person;
- To oppose treatment;
- Data portability;
- To file a complaint with the CNIL.
The Company is committed to ensuring that any subcontractor has sufficient contractual guarantees for the implementation of appropriate technical and organisational measures, so that the treatment meets the requirements of the European (see the list of data recipients in Article 6).
Data collected on the site (contact form)
When a Customer, User, Consumer, Professional, makes a booking request on the site via our contact form, the following data is collected and processed by the Company: email, first name, name, phone, country, date of arrival, departure date, number of adults, number of children, additional information that the Customer, Professional, User, Consumer, deems necessary for his booking request.
Data collected on the site (via our provider D-edge)
When a Customer, User, Consumer, Professional, makes a booking request on the site, the following data is collected and processed by our D-edge subcontractor: email, first name, name, country, phone number, IP address, type of room, booking rate, date of stay, credit card number (16 digits – expiry date) and additional information that the customer, consumer, professional, user can pass on if he deems this information to be good and useful for booking it.
The data is then sent to us by email with the exception of the credit card number (16 digits – expiry date) which remains in secure access on the server of D-edge and Topsys (our PMS). This data is only visible with a password and an identifier via the intranet between the Company and D-edge and Topsys.
Data Collected at the Company’s Establishment
When a customer arrives, the following data is collected and processed: the date of arrival and departure of the establishment, the room number, the number of possible breakfasts, order history, complaints, incidents, information correspondence on our website or live with the Company (email message addressed directly).
Some data is collected automatically because of the user’s actions on the site (see section 8 cookie paragraph).
Data Collected by a Partner Provider
The submitted data must not include sensitive personal data, such as government identifiers (such as social security numbers, driver’s license, or taxpayer identification numbers), full credit card numbers (unless requested, for example, in connection with a reservation on the site by filling out the intended field of the booking form) or personal bank account, medical records or information relating to requests for care associated with individuals, but this list is not exhaustive.
Regarding the collection of identity data
Pre-identification for the provision of the desired service
The provision of a room requires prior identification of the client using his identity card or any other document allowing his identification. The personal data (name, first name, postal address) on the ID is used to fulfill our legal obligations resulting from the provision of service as provided in the booking. The customer, consumer, professional, must not provide false personal information and not take a reservation for another person without his permission. The contact information provided will always have to be accurate and up-to-date.
Collecting terminal data
Collecting profiling and technical data for service delivery purposes.
Some of your device’s technical data is automatically collected by the Site and server. This information includes your IP address, Internet service provider, hardware configuration, software configuration, browser type and language… The collection of this data is necessary for a good navigation on the Company’s website.
The Company also offers a personalized experience using the automated decision principle via its email messages from its newsletter.
Collecting technical data for commercial and statistical purposes
Your device’s technical data is automatically collected and stored by the server and our subcontractors for advertising, commercial and statistical purposes. This information helps us continually customize and improve your experience on our Site. We do not collect or retain any name data (name, first name, address, etc.) possibly attached to a technical data.
VI. Treatment Purpose
The main goal of collecting your personal data is to provide you with a safe, optimal, efficient and personalized experience in the facility. To this end, you agree that we may use your personal data to:
- Provide our services and facilitate their operation, including conducting audits of you;
- Solve any problems to improve the use of our site and services;
- Personalize, evaluate, improve our services, content and documentation;
- Analyze the volume and history of your use of the Company’s services;
- To inform you about the Company’s services;
- Prevent, detect and investigate any potentially prohibited, illegal or contrary to good practice, and ensure compliance with the Company’s CGV/CGU;
- Respect our legal and regulatory obligations.
- For customers who have made a reservation directly on the site, by phone or through the Company’s partner providers, we process their data for the performance of the service delivery contract.
- For our newsletter, we process your personal data on the basis of the explicit consent you have given for this purpose.
VII. Recipients of Data
Personal data about you collected on the site, at the institution and from partner providers is intended to be used by the Company and may be passed on to the subcontractors to which the Company may call as part of the performance of its services. The Company complies with data protection requirements for all of its subcontracting companies. The Company does not sell or lease your personal data to third parties for marketing purposes. By ethics that meet our values, we do not conduct a strategic partnership to share your data by promoting a third company’s service or product.
The Company does not disclose your personal data to third parties, except if:
- You request it or authorize disclosure.
- Disclosure is required to process transactions or provide services you have requested (i.e., for the purpose of verifying your good shipping practices or when processing a purchase card with credit card companies ) ;
- The Company is compelled to do so by a government or regulatory body, in the event of judicial requisition, subpoena or other similar governmental or judicial requirements, or to establish or defend an application Legal;
- the third party acts as the Company’s agent or subcontractor in the performance of the services.
Currently the recipients of the data are:
- MIXOLOGEEK: Server management
- Jocelyne GAL: Accounting-related operations
- Sanddy Maguer-Winet: Site Edition
- D-Edge: Payment Management
- GOOGLE ANALYTICS: Statistics and Technical Analysis of the site
- OVH: Email exchange between the Company and its Users, Consumers, Customers, Professionals
- Passman: Wi-Fi service in the hotel available to guests, employees, consumers and professionals
VIII. Right of access, rectification and suppression
In accordance with the Computer and Freedoms Act and the General Data Protection Regulations 2016/679 (RGPD), you have the rights to access, correct and delete your personal data by sending an email to the [email protected]
Your request will be processed within 30 days. We may ask that your application be accompanied by a photocopy of proof of identity or authority.
You can also change your personal data about yourself about our newsletter at any time by clicking on the link at the bottom of each email in our newsletter either to opt out or to update your contact information.
IX. Using Cookies
Cookie retention time
In accordance with the CNIL’s recommendations, the maximum shelf life for cookies is no more than 13 months after their first deposit in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies. Cookies. The lifespan of cookies is not extended with each visit. The User’s consent will therefore have to be renewed at the end of this period.
The purpose of cookies
Cookies can be used for statistical purposes, including optimizing services to the User, based on processing information about frequency of access, page customization and operations performed. and the information they have accessed.
You are informed that the Company is likely to deposit cookies on your terminal. The cookie records information about browsing the site (the pages you have viewed and can view) that we can read during your subsequent visits.
The cookie will allow the Company, during the validity or registration of the cookie, to identify your computer on your next visits. Company partners or service providers, or third-party companies may also be required, subject to your choices, to deposit cookies on your computer.
There are two main categories of cookies:
“Technical” cookies. These cookies are essential for browsing our site, especially for the proper execution of the ordering process;
“Optional” cookies. These cookies are not essential for browsing on our site but can facilitate, for example, your search, optimize your user experience, and for us: to better target your expectations, improve our offer, or even optimize the operation of our site.
The shelf life of this information on your computer is one year. Only the issuer of a cookie is likely to read or change the information contained in that cookie.
No cookie allows us to identify your marital status.
Deactivation can cause the service to function degraded.
If you don’t want cookies to be used on your device, most browsers allow you to disable cookies through setting options.
You can object to the registration of cookies by setting your browser as follows:
- On your computer, open Chrome.
- At the top right, click Settings (the 3 small dots)
- Click Advanced Settings and Then Content Settings
- At the top of the page, disable “Allow sites to save and read cookie data”
For Mozilla Firefox:
- Choose the “Tool” menu and then “Options” menu
- Click on the “Privacy” icon
- Find the “Cookie” menu and select the options that are right for you
For Microsoft Internet Explorer:
- Choose the “Tools” menu, followed by “Internet Options”) menu.
- Click on the “Confidentiality” (or “Confidentiality”) tab
- Select the desired level using the cursor.
- Go to Settings
- Under Clear Navigation Data, Select Choose Items to Clear.
- Check the boxes next to each type of data you want to erase, then select Clear.
- Choose the “File” menu – “Preferences” – Privacy
Warning: If you choose to refuse to register cookies in your computer or if you delete those registered there, we do not accept responsibility for the consequences of the degraded operation of our services resulting from the inability of us to register or view the cookies necessary for their operation and which you would have refused or deleted.
X. Data Retention
The Company collects and retains your personal data for the purposes of fulfilling its contractual obligations as well as information on how and how often our services are used. Personal data must be retained only for the time necessary to achieve the objective that was pursued during its collection. The Company only stores your data for as long as it takes to provide the service, and as such, the Company deletes your banking data after the service is completed. The retention of the data of our customers, professionals, consumers, users varies according to the type of data concerned. For example, your statistical data, which is more than 13 months old, will be deleted. Other data may be deleted at any time, in accordance with the above provisions.
Time to keep personal and sensitive data
Data retention for the duration of the contractual relationship and beyond.
In accordance with Article 6-5 of Act 78-17 of 6 January 1978 relating to computer, files and freedoms, sensitive data (Bank Card) being processed is not kept beyond the time it takes to carry out obligations defined at the time of the conclusion of the contract or the pre-defined duration of the contractual relationship.
Personal data (name, first name, email, postal address) that is processed is stored for 3 years in our booking software.
Delete data after deleting account
Data purge means are put in place to provide for effective removal once the shelf life required to achieve the stated or imposed purposes is reached. In accordance with Act 78-17 of January 6, 1978 relating to computers, files and freedoms, you also have a right to delete your data which you can exercise at any time by contacting the Company.
Delete data after 3 years of inactivity
For security reasons, if you have not been to our facility for more than 3 years, your personal data will be deleted.
Delete Data after 12 months in newsletter
If you have not behaved actively within the newsletter, i.e. opened and/or clicked in a link in an email, for a period of 1 month, you will receive an email inviting you to perform an action (click on a link) before finally deleting in the relevant list.
XI. Location of Data Storage and Transfers
The hosting servers on which the Company processes and stores your data on the site are exclusively located in France.
La Société s’engage à vous informer immédiatement, dans la mesure où nous y sommes légalement autorisés, en cas de requête provenant d’une autorité administrative ou judiciaire relative à vos données.
As part of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Thus, and in accordance with the RGPD, the Company undertakes to take all necessary precautions in order to preserve the security of the data and in particular to protect it from accidental or illegal destruction, accidental loss, tampering, dissemination or access. against any other form of illegal treatment or communication to unauthorized persons.
To this end, the Company implements the digital industry’s standard security measures to protect personal data from unauthorized disclosure. Using the encryption methods recommended by the digital industry, the Company takes the necessary steps to protect regulatory information knowing that the Company does not offer on-site payment directly but goes through a external service secured by our subcontractor D-EDGE and PMS Topsys.
In addition, in order to avoid unauthorized access, to ensure the accuracy and proper use of the data, the Company has put in place electronic and manual procedures to safeguard and preserve the data collected through its services.
Even so, no one can consider themselves completely safe from a pirate attack. That’s why in the event of a security breach, the Company undertakes to inform you as soon as possible and to make every effort to take all possible measures to neutralize the intrusion and minimize its impact.
In the event that you suffer damage as a result of the exploitation of a security breach by a third party, the Company undertakes to provide you with all necessary assistance so that you can assert your rights.
It should be kept in mind that any user, customer or hacker discovering a security breach and the operator is subject to criminal sanctions and that the Company will take all measures, including through a complaint and/or legal action, to preserve the data and rights of its users and its own and to limit its impact to the maximum.
User information in the event of a security breach
We are committed to implementing all appropriate technical and organisational measures through physical and logistical security measures to ensure a level of safety that is appropriate for accidental, non-accidental access risks. disclosure, tampering, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our providers, or unauthorized access resulting in the realization of the identified risks above, we are committed to:
- Notify you of the incident as soon as possible if it meets a legal requirement;
- Examine the causes of the incident;
- Take the necessary steps within reasonable ness to lessen the negative effects and harmthatened by the incident.
- Limiting liability
Under no circumstances can the above-mentioned commitments relating to the notification of a security breach be equated with any recognition of fault or liability for the occurrence of the incident in question.
XIII. Responsibilities and Guarantees
Barring force majeure, the Company guarantees the User, Consumer, Customer, Professional the correct execution of its service in accordance with these Terms and Conditions.
Compensation possibly owed by the Company to the User or a third party, as a result of the commitment of the Company, its subsidiaries or its partners, to the execution of these may not exceed the price paid by the User, Customer, professional or consumer in return for the services or services at the origin of the said liability (e.g. the price of a room).
The Company does not systematically control how its services are used, including the use of the equipment available in the room and the common areas that remains under the responsibility of the Customer, Consumer, Professional.
Under no circumstances can the Company be held liable to third parties for any harm resulting from the use of the services on behalf of the User, Customer, Consumer, Professional in any capacity.
The Customer, Consumer, Professional, User is solely responsible for the way he uses the room, the common areas and the equipment at his disposal in the execution of these.
XIV. Data Portability
The Company is committed to offering you the possibility of having all your data returned on request. The User is thus guaranteed better control of his data, and keeps the possibility of reusing it. This data should be provided in an open and easily reusable format, directly in the hands of another processing manager when desired and technically possible.
14. Delete Data
Delete data on demand
The User, Customer, Consumer, Professional has the option to delete its data at any time, by simple request to the Company or directly via a link present at the bottom of each of our newsletter emails.
In the event of a violation of one or more provisions of this or any other document incorporated in this reference, the Company reserves the right to cancel your booking without the possibility of refund if there has already been a payment.
16. Transfer of Data to Countries with an Equivalent Level of Protection
The Company is committed to complying with applicable data transfer regulations, although the Company does not currently transfer data to foreign countries for almost all of its treatments. When necessary to provide our services, it is done in the following ways:
- The Company transfers the personal data of its Users, Customers, Consumers, Professionals to countries recognized as offering an equivalent level of protection and recognized by the CNIL as having a sufficient level of protection.
- The Company transfers the personal data of its Users, Customers, Consumers, Professionals to recipients who can present sufficient guarantees of RGPD compliance.
- The Company transfers only the personal data of its Users, Customers, Consumers, Professionals in relation to what is strictly necessary for the purpose of the treatment concerned, i.e. the booking of a room at the hotel door de Genève
Currently, the only treatments covered by this provision concern:
The booking of services offered by the Company to the user who has decided to make a reservation via the subcontractor D-EDGE from the company’s website. Only the following data are transferred: CLIENT ID, email address, purchase amount, product designation, email address,,telephone, postal address (if indicated), 16 digits of the credit card and its validity date.
The management of the ethical and personalized business relationship through information propelled on Facebook via the “Personalized Audience” feature offered by Facebook.
The email address is the only data transferred to allow Facebook to identify its users and build an audience.
The questionnaires completed by the customer on Google’s services (Google Doc, Google Drive, Google Form, Google Sheet etc.). Personal Character Data depends on what the customer wants to share (company name, SIRET number, name, first name, email).
To find out the list of countries with a sufficient legal level: CNIL – Global Data Protection
In the event of a change in these cases, the Company undertakes not to substantially lower the level of confidentiality without prior information from the persons concerned.
18th. Applicable law and language
XIX. Litigation and Jurisdictional
Hotel Palais de l’Isle Annecy
13 Perrière Street,
74000 Annecy, France