PERSONAL DATA CONFIDENTIALITY
TIARA HOTELS & RESORTS
Personal Data Confidentiality and Protection Policy
We place immense importance on the confidentiality and protection of the personal data we process.
Therefore, as the data controller of your personal data, we do everything possible to best protect your private life and the information you provide us with particularly when you visit our website, book a room or when you register for our newsletter.
To this end, our personal data confidentiality and protection policy is aimed at this purpose.
By reading this document, you will particularly know how we collect your personal data, what type of information is collected and for what purpose they are used, who we share these data with and which measures are taken to protect them.
By using this site and/or our products and services, you agree to the processing of your personal data as described in this confidentiality policy.
We may modify our Personal Data Confidentiality and Protection Policy. Any modification will be effective immediately as soon as it is published on our site. As a result, we ask that you read it each time you visit our site so you are aware of the contents of the most recent version available.
Why do we collect personal data?
We collect and use your personal data in order to improve and develop our products and services, provide you with the highest quality customer service, offer you a customized experience when you stay at the Hotel and use our services and to make it easier for you to browse our website.
We collect your personal data for legitimate reasons and/or with your consent.
We use your personal data for the following purposes:
- 1. Due to the execution of a contract or to perform contractual obligations
We must collect your personal data in order to identify you, provide you with a service or manage your bookings.
Collecting your personal data allows us to provide you with information on your booking and billing and track your relationship with us as a client. These data may also be used before your stay in order to send you information regarding your stay at the Hotel. After your departure from the Hotel, we may also send you not only information concerning your stay, but also satisfaction surveys in order to get some feedback on your experience at the Hotel.
- 2. Due to our legitimate interest in collecting your personal data
We have a legitimate interest in collecting your personal data in order to communicate with you and answer your questions.
Moreover, we use the personal data to track our users’ account activities and ensure our customers’ security, particularly by monitoring for possible fraud and analysing any activities considered suspicious, potentially illegal or which breach our general terms of sale and/or use. This type of processing is justified by our legitimate interest in ensuring the safety of our products and services.
3. With your consent
Subject to your prior consent, we may use your personal data and mainly the information on your stay to personalize your booking experience at our site, customize our offers and give you recommendations concerning our services proposed by third-party sites and applications that may be of interest to you.
We use the personal data to facilitate our advertising and marketing campaigns and to provide you with information on the services we believe may be of interest to you.
If you have granted your consent, we may send you promotional messages, marketing offers, advertising and other information that may be of interest to you based on your accommodation preferences. This includes any contests and other promotional activities. You always have the right to ask us not to send you promotional documents or information.
- 4. In order to fulfil legal obligations
We process your personal data to fulfil our legal obligations.
We reserve the right to make the personal data collected anonymous and use these data.
We save your billing and other information collected on you for as long as is necessary for accounting reasons or to fulfil other legal obligations we have.
We may process your personal data for purposes other than as mentioned herein, but only if they are compatible with the initial purpose for which the data were collected. In doing so, we will ensure that:
- the connection between the purposes, context and nature of the personal data are adapted to any subsequent processing;
- any subsequent processing does not harm your interests and;
- appropriate security measures are taken for such processing.
What type of data do we collect and how do we collect them?
The term “data” refers to any personal nature that enables your identification as an individual that you provide as part of your interaction with us.
We must often collect information concerning you, namely:
- 1. The data you provide us with
We collect social and professional data concerning you that you may provide us such as your name, your email address, your personal and professional addresses, your phone number, your nationality, your date of birth and your accommodation preferences which you provide us when you book a room via our booking system or directly with the hotel, purchase and/or use one of our products or services or when you stay at the Hotel when you connect to the Wi-Fi service provided by the Hotel or upon any interaction you may engage in with our services, especially when registering on our site, when you contact us, when you register for our newsletters, do an online survey or engage in promotional transactions or use our online assistance section or any other function available at our website.
Furthermore, we (or our financial services providers) collect personal data with all bookings connected to the reservation as they are needed to process your request. The information collected include payment data, especially your credit/debit card number.
- 2. The data we collect automatically
When you browse our website, we collect data to monitor our commercial relationship with you: the type of booking made, the type of room reserved, special requests sent to the Hotel before your stay, the product and/or service purchased with the reservation, stay or subscription, quantities, sums and frequencies as well as any other pertinent information regarding your stay at the Hotel, the history of your bookings and services requested, any correspondence and/or telephone exchanges with our teams, etc.
We also collect data concerning the type of device you use when browsing our site or when staying at the Hotel when you use the Hotel’s Wi-Fi connection (the unique identifier for your device, the IP address for your device, your operating system, the browser used, your usage data, diagnostics data and localization data from or about your computers, and the type of device from which you access our products and services). When these data are available, we may use your GPS coordinates, your IP address and other technologies to determine the approximate location of your device to improve our products and services and provide you with a better experience as a user of our services. This also includes modifications stored automatically by cookies and other similar tools we use or which are used by our third-party service providers.
- 3. Information from our partners
We collect information through our trusted partners subject to confirmation they have legitimate grounds to share such information with us. It may be information either you provide directly to them or which they collect regarding you for other valid legal reasons.
For example, this is the case when you book your stay at the Hotel via a travel agency or when your information is provided directly through one of our franchises.
- 4. Public information
We may collect information on you which is available to the public.
We do not voluntarily collect sensitive data such as race or ethnic origin, political opinions, religious or philosophical beliefs, health details or sexual orientation.
How long do we save the data?
We only save your personal data for the period necessary for the purposes explained in this confidentiality policy or as established by applicable laws. The period of time your personal data are saved depends on the nature of the data and purposes for which we collect them.
Your personal data concerning information on your browsing of the site and promotional advertising shown to you are actively saved for three (3) years following your last activity on the site or through any electronic medium (particularly email). After this period, your profile is considered “inactive” and is automatically disabled.
Your personal data in relation to a booking via the site (full name, product or service, billing address, accommodation preferences at the Hotel, etc.) are saved for three (3) years after a booking.
Nonetheless, following said periods and even when you request their deletion, your personal data may be subject to intermediate filing in order to meet our legal, accounting and fiscal obligations and/or any prescription periods connected to our relationship.
Where are your personal data saved?
We may use miscellaneous third-party service providers to help us provide the services connected to our website. Our service providers are located in and outside the European Economic Area (“EEA”). If appropriate, your personal data will be transferred pursuant to applicable regulations.
Our service providers have limited access to your personal data in order to perform the tasks done on our behalf and are contractually required to protect and use them solely for the purposes for which they are communicated and pursuant to this Confidentiality Policy. Before sharing your personal data with any third party, we have implemented the necessary measures to ensure there is a sufficient level of protection for your data with them.
Who do we share your personal data with?
If you book a room on our website, we may share your personal data with the Hotel where you have chosen to stay in order to complete your reservation. We hereby inform you that if your personal data are transferred to a country outside the European Union, we will take all necessary measures to conserve the highest level of protection for the confidentiality of your personal data.
In any case, we undertake not to sell or transfer your data to any third party for their own commercial activities.
Subject to your agreement, we may communicate certain data to strategic partners such as mailing companies or message service providers and customer satisfaction study firms solely for the purpose of sending and distributing promotional items.
We may also temporarily and securely transfer certain personal data to third parties needed for the operation, animation or maintenance of our website particularly to send emails that you have chosen to receive and/or to perform the tasks needed to perform certain services, complete your reservation and ensure the provision of services.
If you do not want us to share your personal information with these companies, contact our “customer service” or the “data protection officer” at the following address “Tiara Château Hôtel Mont Royal Chantilly: Route de Plailly, Allée des Marronniers – 60520 La Chapelle-en-Serval FRANCE”.
We may also transfer personal data when their disclosure is required as part of court proceedings, a court decision, a notice to appear, a court order or process, or even when required by law to protect human life; to maintain the security of our products; and to protect our rights and our customers as well as when required for an investigation but only as strictly required pursuant to applicable regulations.
How do we protect your personal data?
We take appropriate technical and organizational measures pursuant to applicable laws to protect your personal data against illegal or accidental destruction, loss or alteration as well as unauthorized disclosure and access.
We constantly adapt our security measures to all technological advances and developments. In order to ensure card payments are as secure as possible, all data are encrypted before transfer. This means your data are transferred through a secure connection and no external parties may read your personal data. For bookings and purchases by card, we work with payment service providers who observe PCP protocol and help us directly verify through your bank that the card may be used for purchases. Our payment service providers process your card data pursuant to international PCI DSS security standards developed by the credit card companies VISA, MasterCard, Diners, American Express, JCB and any other payment method. This means your card data are processed with a very high level of security. When you pay by card, we reserve the right to conduct an identity control. You may also help secure your data by taking the following security measures:
- Change your password regularly using a combination of letters and numbers;
- Make sure you use a secure Internet browser.
What are Cookies and what other technologies are used?
A “cookie” is evidence of a connection designating a text file that may be recorded, subject to your choice, in a dedicated area of your device’s hard drive when you visit a website. A cookie file allows the issuing party to identify the device on which it is recorded for the period of time the cookie is valid or registered and, thus, must be considered personal data.
This allows you to connect, display advertising in accordance with your accommodation preferences and your interests, fight fraud, analyse the performance of our products and services and fulfil other legitimate objectives such as knowing which pages of our site are visited most as well as the activity and time spent by browsers at our site. These technology tools also allow us to evaluate the efficacy of our marketing and, thus, the attractiveness of our products and services among our clientele.
Just as occurs with most websites of the same nature, some information is automatically registered via a certain protocol. This information particularly includes the protocol addresses (IP address), type of browser used, the Internet service provider, the reference pages and final pages, the operating system, the date, the time and Clickstream data.
Cookies do not record any information provided by users when booking online or when registering for a customer account. Cookies identify your browser (rather than you) and cannot be used alone to reveal your identity.
In addition to cookies used to identify, in particular, your browsing history and to feed statistical tools, our partners may use technologies which are subject to their own personal data protection policies. We inform you of the purpose of the Cookies we know of and the means available to you to choose how these Cookies are used.
What are your rights and, more particularly, your rights of recourse?
- Right to information: This allows you to know if your personal data are being processed; what data are collected, where they come from, why and by whom are they processed.
- Right of access: You have the right to access the data collected about you. This includes your right to request and obtain a copy of your personal data collected.
- Right of rectification: You have the right to demand the rectification or deletion of your personal data when they are inaccurate or incomplete.
- Right of erasure: In certain circumstances, you may demand your personal data be deleted from our files.
- Right to restrict processing: You have the right to restrict the processing of your personal data.
- Right to object to processing: In certain cases, you have the right to object to the processing of your personal data (for directly marketing, for example).
- Right to object to automatic processing: You have the right to object to automatic processing including profiling. You may exercise this right when profiling leads to legal effects that significantly affect you.
- Right to the portability of your data: You have the right to obtain your personal data in a machine-legible format or, when feasible, through direct transfer to another processor.
- Right to withdraw your consent: You have the right to withdraw all consent granted to the processing of your personal data.
- Right to issue instructions as to the post-mortem processing of your data: You have the right at any time to issue instructions on how you want the personal data we process concerning you to be handled after your death.
- Right to file a complaint with the supervisory authority: You may at any time file a complaint with the competent supervisory authority, namely the French Data Protection Agency.
All complaints will be processed as quickly as possible and pursuant to applicable laws.
If you ask for us to delete or erase your data, we hereby inform you that we may, as appropriate, file them for the period of time authorized by applicable legal provisions in order to fulfil our legal obligations or if we believe it is necessary to prevent possible fraud or any other type of abuse as well as for legitimate purposes such as non-personal data analysis and the fulfilment or respect of our/your rights in the event of a complaint or recourse.
As concerns commercial messages, you may manage your preferences and select the commercial messages you wish to receive from us by contacting us via a contact form by clicking here.
You may also object to the collection of your personal data for targeted advertising. You may contact us via a contact form by clicking here or by through the contact details below:
What about third-party websites and services?
Our websites, products and services may include links towards or offer you the possibility of accessing third-party website, products and services. We are not liable for the confidentiality practices applied by such third parties nor for any information or the content of their products or services. This confidentiality policy only applies to the data collected by us when browsing and engaging in transactions concerning our products and services.
And what about information concerning Minors?
Our products and services are exclusively aimed at adults. As a result, we do not knowingly collect, use or disseminate data concerning minors under the age of 16. If we learn that we have collected personal data on a minor under the age of 16, we take the necessary measures to delete such data as quickly as possible. If you believe a minor under the age of 16 has provided us with personal data, please inform us immediately.