SAS Paris Hotel undertakes to collect and process your data lawfully, fairly and transparently, in accordance with the General Data Protection Regulation (RGPD) and Law No. 78-17 of 6 January 1978 on data processing, data files and individual liberties.
The collection of its customers’ personal data is limited to what is strictly necessary, in accordance with the principle of data minimisation, and indicates the purposes for which the data is collected, whether providing this data is optional or mandatory in order to manage requests, and who will be able to access it.
SAS Paris is an SAS with its registered office at 14, Avenue de Paris 78000 Versailles and registered in Paris under SIRET number 30404607100011.
The Company offers the following services:
“Site” refers to the Company’s website, i.e https://hotel-roys-versailles.com/en
“Cookies” : A cookie is a piece of information placed on an Internet user’s hard drive by the server of the site they are visiting. It contains several pieces of information: the name of the server that placed it, an identifier in the form of a unique number or a text and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.
“Personal data”
means any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person. For example, the User’s e-mail address.
“Customer” refers to any natural or legal person who makes a reservation on the Site, with our partner service providers (e.g. Booking.com) or directly with the receptionist on duty at the establishment whose address is indicated in article I ;
“Reservation” refers to any reservation made by the User, Client, Professional or Consumer with a view to benefiting from the Company’s Services;
“General Terms and Conditions of Sale and Use” or “GTC/UGU” refers to the Company’s general terms and conditions of sale and use;
“Consumer” means the buyer who is an individual and who is not acting for professional purposes and/or outside his professional activity;
“Professional” refers to the buyer who is a natural or legal person acting in the course of a professional activity;
“Services” refers to all the services and/or products offered to Customer and Professional Users by the Company through the Sites owned by the Company;
“Company” refers to SAS Paris Hotel, more fully described in Article I hereof;
“User” refers to any person who uses the Site.
“Account” refers to the client’s personal space with the Company’s partner service providers.
“Quotation” refers to a quotation drawn up by the Company for a specific, customised service requested by the Client.
“GDPR” means the General Regulation on the Protection of Personal Data applicable from 25 May 2018.
“Processing of personal data” means any operation or set of operations which is performed upon personal data, whatever the process used (collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, etc.).
In accordance with the French Data Protection Act of 6 January 1978 and the General Data Protection Regulation 2016/679 (RGPD), information concerning you is intended for the Company, which is responsible for processing it. You have the right to access, rectify and delete data concerning you (details in article 7). You can exercise this right by sending an email to contact@hotel-roys-versailles.com
By logging on to the website hotel-roys-versailles.com/en
of the Company, you are accessing content protected by law, in particular by the provisions of the French Intellectual Property Code. The Company only authorises strictly personal use of the information or content you access, limited to storage on your computer for the purposes of display on a single screen and reproduction, where authorised (link or download button) for copying or printing on paper. Any other use is subject to our express prior authorisation. By continuing your visit, you agree to abide by the above restrictions.
The Company undertakes to ensure that its Customers, Users, Consumers and Professionals comply with the laws in force and the ethical rules of practice necessary for the establishment of a relationship of trust between the Company and its Customers, Users, Consumers and Professionals.
v
1. Responsable du Traitement
Le responsable du traitement des données personnelles visées aux présentes est Mme Laurence Guilloux, directrice de l’hôtel Des Roys Versailles dont les informations de la société sont stipulées dans l’Article 1 sur cette page.
2. Nature of the data collected
User information and rights
The company hereby provides you with clear information about the personal data it processes in the course of its business, and how the data is collected, used and protected.
All Users, Clients, Consumers and Professionals have the right to ask the data controller, i.e. Ms Laurence Guilloux, for access to the personal data provided;
Subcontracting
La Société s’engage à ce que tout sous-traitant présente des garanties contractuelles suffisantes quant à la mise en œuvre de mesures techniques et organisationnelles appropriées, afin que le traitement réponde aux exigences du règlement européen sur la protection des données (voir la liste des destinataires de données à l’article 6).
Data collected on the site (contact form)
When a Customer, User, Consumer or Professional makes a booking request on the site via our contact form, the following data is collected and processed by the Company: email, first name, surname, telephone number, country, date of arrival, date of departure, number of adult(s), number of child(ren), additional information that the Customer, Professional, User or Consumer deems necessary for their booking request.
Data collected on the site (via our service provider D-Edge)
When a Customer, User, Consumer or Professional makes a booking request on the site, the following data is collected and processed by our subcontractor D-Edge: email, first name, surname, country, telephone number, IP address, type of room, booking rate, date of stay, credit card number (16 digits + expiry date) and additional information that the Customer, Consumer, Professional or User may provide if he or she deems this information useful for the booking.
The data is then sent to us by email with the exception of the bank card number (16 digits + expiry date) which remains in secure access on the D-Edge and Medialog server (our PMS). This data is only visible with a password and an identifier via the intranet between the Company and D-Edge and Medialog.
Data collected at the Company’s Establishment
When a customer arrives, the following data is collected and processed: date of arrival and departure from the establishment, room number, number of breakfasts (if any), order history, complaints, incidents, information relating to correspondence on our website or directly with the Company (email message sent directly).
Some data is collected automatically as a result of the user’s actions on the site (see the paragraph on cookies in article 8).
Data collected by a partner Service Provider
A customer, consumer or professional may book a service provided by the Company through a partner service provider. The data collected in this way (e.g. Booking.com) is subject to the General Terms and Conditions/General Terms and Conditions and Privacy Policy of these Partner Service Providers and those of the Company.
The data submitted must not include sensitive personal data, such as government identifiers (such as social security numbers, driving licence numbers, or taxpayer identification numbers), full credit card numbers (unless requested for example as part of a booking on the site by filling in the relevant field on the booking form) or personal bank account numbers, medical records or information relating to care requests associated with individuals, without this list being exhaustive.
Regarding the collection of identity data
Prior identification for the provision of the desired service
The provision of a room requires the prior identification of the customer by means of their identity card or any other document enabling them to be identified. The personal data (surname, first name, postal address) appearing on the identity document are used to fulfil our legal obligations resulting from the provision of the service as set out in the reservation. The customer, whether a consumer or a professional, must not provide false personal information and must not make a reservation for another person without their authorisation. Contact details must always be accurate and up to date.
Collection of terminal data
Collection of profiling data and technical data for the purposes of providing the service.
Some of your device’s technical data is collected automatically by the Site and the server. This information includes in particular your IP address, Internet service provider, hardware configuration, software configuration, browser type and language, etc. The collection of this data is necessary for proper navigation on the Company’s website.
The Company also offers a personalised experience by using the principle of automated decision-making via its newsletter email messages.
Collection of technical data for commercial and statistical purposes
Your device’s technical data is automatically collected and recorded by the server and our subcontractors for advertising, commercial and statistical purposes. This information helps us to personalise and continually improve your experience on our Site. We do not collect or store any personal data (surname, first name, address, etc.) that may be attached to technical data.
3. Purpose of Processing
The main purpose of collecting your personal data is to provide you with a safe, optimal, efficient and personalised experience in the establishment. To this end, you agree that we may use your personal data to:
Your personal data collected on the site, at the establishment and from partner service providers is intended for use by the Company and may be passed on to subcontracting companies that the Company may call upon in order to provide its services. The Company ensures compliance with data protection requirements for all its subcontracting companies. The Company does not sell or rent your personal data to third parties for marketing purposes. In keeping with our ethical values, we do not enter into strategic partnerships to share your data in order to promote a service or product of a Third Party company.
The Company does not disclose your personal data to third parties unless :
The current recipients of the data are :
In accordance with the French Data Protection Act (Loi Informatique et Libertés) and the General Data Protection Regulation 2016/679 (RGPD), you have the right to access, rectify and delete your personal data, which you may exercise by sending an email to contact@hotel-roys-versailles.com.
Your request will be processed within 30 days. We may ask that your request be accompanied by a photocopy of proof of identity or authority.
You can also modify your personal data at any time by clicking on the link at the bottom of each newsletter email, either to unsubscribe or to update your contact details.
1. 1. Use of Cookies
Cookie retention period
In accordance with CNIL recommendations, cookies are kept for a maximum of 13 months after they are first placed on the User’s terminal, as is the period of validity of the User’s consent to the use of these cookies. The lifespan of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.
Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, by processing information concerning the frequency of access, the personalisation of pages, the operations carried out and the information consulted.
You are informed that the Company may place cookies on your terminal. The cookie records information relating to navigation on the site (the pages you have consulted and may consult) which we will be able to read during your subsequent visits.
For the duration of the cookie’s validity or recording period, the cookie will enable the Company to identify your computer on future visits. The Company’s partners or service providers, or third-party companies may also, subject to your choices, place cookies on your computer.
There are two main categories of cookies:
Technical” cookies. These cookies are essential for browsing our site, in particular to ensure that the order process runs smoothly;
Optional” cookies. These cookies are not essential for browsing our site, but may, for example, facilitate your searches, optimise your user experience, and for us: better target your expectations, improve our offer, or optimise the operation of our site.
This information is stored on your computer for one year. Only the sender of a cookie is likely to read or modify the information contained in this cookie.
No cookie enables us to identify your marital status.
The User’s right to refuse cookies
Deactivation may result in the service not working properly.
You acknowledge that you have been informed that the Company may use cookies and authorise it to do so.
If you do not wish cookies to be used on your terminal, most browsers allow you to deactivate cookies via the settings options.
Vous pouvez vous opposer à l’enregistrement des cookies en paramétrant votre navigateur de la manière suivante :
For Chrome
For Mozilla Firefox :
For Microsoft Internet Explorer :
For Edge :
For Opéra :
Please note: If you choose to refuse to save cookies on your computer or if you delete the cookies saved on your computer, we cannot accept any responsibility for the consequences of our services not functioning properly as a result of our not being able to save or consult the cookies necessary for them to function and which you have refused or deleted.
2. Data retention
Generalities
The Company collects and retains your personal data for the purposes of fulfilling its contractual obligations as well as information on how and how often you use our services. Personal data must be kept only for as long as is necessary to fulfil the purpose for which it was collected. The Company only stores your data for the time necessary to provide the service, and as such, the Company deletes your bank details once the service has been completed. The storage of our customers’, professionals’, consumers’ and users’ data varies according to the type of data concerned. For example, your statistical data that is more than 13 months old will be deleted. Other data may be deleted at any time, in accordance with the provisions set out above.
DRetention period for personal and sensitive data
Data is kept for the duration of the contractual relationship and beyond.
In accordance with article 6-5° of law no. 78-17 of 6 January 1978 relating to information technology, files and civil liberties, sensitive data (bank card) that is processed is not kept beyond the time required to fulfil the obligations defined when the contract was concluded or the predefined duration of the contractual relationship.
Personal data (surname, first name, email address, postal address) that is processed is kept for a period of 3 years in our reservation software.
Deleting data after account deletion
Means of purging data are put in place to ensure that it is effectively deleted as soon as the retention or archiving period required to fulfil the purposes determined or imposed has been reached. In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, you also have the right to delete your data, which you may exercise at any time by contacting the Company.
Deletion of data after 3 years of inactivity
Pour des raisons de sécurité, si vous n’êtes pas venu dans notre établissement depuis plus de 3 ans, vos données personnelles seront supprimées.
Deletion of data after 12 months in the Newsletter
If you have not actively followed the newsletter, i.e. opened and/or clicked on a link in an email, for a period of 1 month, you will receive an email inviting you to take action (click on a link) before being permanently removed from the list concerned.
3. Location of Data Storage and Transfers
Les serveurs d’hébergement sur lesquels la Société traite et stocke vos données sur le site sont exclusivement situés en l’Union européenne.
La Société s’engage à vous informer immédiatement, dans la mesure où nous y sommes légalement autorisés, en cas de requête provenant d’une autorité administrative ou judiciaire relative à vos données.
As part of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Accordingly, and in compliance with the RGPD, the Company undertakes to take all necessary precautions to preserve the security of the data and in particular to protect it against any accidental or unlawful destruction, accidental loss, alteration, unauthorised distribution or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
To this end, the Company implements standard digital industry security measures to protect personal data from unauthorised disclosure. By using the encryption methods recommended by the digital industry, the Company takes the necessary measures to protect payment information, bearing in mind that the Company does not offer payment directly on site but uses an external service secured by our subcontractor D-EDGE and VEGA.
Furthermore, in order to prevent any unauthorised access and to guarantee the accuracy and proper use of the data, the Company has implemented electronic and manual procedures to safeguard and preserve the data collected through its services.
Even so, no one can consider themselves completely safe from a hacker attack. This is why, in the event of a security breach affecting you, the Company undertakes to inform you as soon as possible and to make its best efforts to take all possible measures to neutralise the intrusion and minimise its impact.
In the event that you suffer damage as a result of the exploitation of a security vulnerability by a third party, the Company undertakes to provide you with all necessary assistance so that you can assert your rights.
You should bear in mind that any user, customer or hacker who discovers a security vulnerability and exploits it may be subject to criminal sanctions and that the Company will take all measures, including filing a complaint and/or taking legal action, to protect the data and rights of its users and itself and to limit the impact as far as possible.
Informing the User in the event of a security breach
We undertake to implement all appropriate technical and organisational measures using physical and logistical security measures in order to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our service providers, or of unauthorised access resulting in the risks identified above, we undertake to :
Under no circumstances may the undertakings set out in the point above relating to notification in the event of a security breach be assimilated to any acknowledgement of fault or responsibility for the occurrence of the incident in question.
Except in the case of force majeure, the Company guarantees the User, Consumer, Customer or Professional that it will perform its services properly and in compliance with these General Terms and Conditions.
Any compensation owed by the Company to the User or to a third party as a result of the liability of the Company, its subsidiaries or its partners in respect of the performance of these General Terms and Conditions may not exceed the price paid by the User, Client, Professional or Consumer in return for the service(s) giving rise to said liability (e.g. the price of a room).
The Company does not systematically control the way in which its services are used, in particular the use of the equipment available in the room and the common areas, which remains the responsibility of the Client, Consumer or Professional.
Under no circumstances may the Company be held liable to third parties for any prejudice resulting from the use of the services on behalf of the User, Client, Consumer or Professional in any capacity whatsoever.
Responsibility of the User
The Customer, Consumer, Professional, User is solely responsible for the way in which he/she uses the room, the common areas and the equipment made available to him/her in the context of the performance of these Terms and Conditions.
The User, Customer, Consumer, Professional may be held liable for failure to comply with these General Terms and Conditions of Sale and Use, as well as the confidentiality policy or any legal or regulatory provision or any provision resulting from an applicable international agreement.
The User, Client, Consumer or Professional indemnifies the Company against any prejudice, claim or recourse by third parties resulting from a breach by the User, Client, Consumer or Professional of these General Terms and Conditions of Sale and Use, the Company’s Confidentiality Policy or any legal or regulatory provision or any provision resulting from an applicable international agreement.
The Company undertakes to offer you the possibility of having all your personal data returned to you on request. In this way, the User is guaranteed greater control over his or her data and retains the possibility of re-using it. This data must be supplied in an open and easily reusable format, directly into the hands of another data controller where this is desired and technically possible.
1. Deletion of Data
Deleting data on request
Users, Customers, Consumers and Professionals have the option of deleting their Data at any time, by simply requesting it from the Company or directly via a link at the bottom of each of our newsletter emails.
Cancellation of a reservation in the event of a breach of the Confidentiality Policy
In the event of a breach of one or more of the provisions hereof or of any other document incorporated herein by reference, the Company reserves the right to cancel your booking without refund if payment has already been made.
The Company undertakes to comply with the applicable regulations on data transfers, even though it does not currently transfer data to foreign countries for almost all of its processing. Where necessary to provide our services, this is done as follows:
At present, the only processing operations concerned by this provision relate to :
The booking of services offered by the Company to the user who has decided to make a booking via the D-EDGE subcontractor from the Company’s website. Only the following data is transferred: CUSTOMER ID, email address, purchase amount, product description, email address, telephone number, postal address (if indicated), 16-digit bank card number and its validity date.
Management of the ethical and personalised commercial relationship using information provided by Facebook via the “Personalised Audience” function offered by Facebook.
The email address is the only data transferred to enable Facebook to identify its users and build up an audience.
Questionnaires filled in by the customer on Google services (Google Doc, Google Drive, Google Form, Google Sheet, etc.). The Personal Data depends on what the customer wishes to share (company name, SIRET number, surname, first name, email).
For a list of countries with a sufficient level of legal protection : CNIL – La protection des données dans le monde
The Company reserves the right to amend this Privacy Policy at any time, in particular in application of changes to the laws and regulations in force. Any changes will be notified to you via our website and/or by email, wherever possible at least thirty (30) days before they come into effect. We recommend that you check these rules from time to time to remain informed of our procedures and rules concerning your personal information.
In the event of a change to these rules, the Company undertakes not to lower the level of confidentiality substantially without first informing the persons concerned.
This Privacy Policy is governed by French law. This reference document is written in French. In the event that it is translated into one or more languages, only the French text will be deemed authentic in the event of a dispute. The nullity of a clause does not entail the nullity of the Confidentiality Policy. The temporary or permanent non-application by the Company of one or more of the clauses herein shall not constitute a waiver on its part of the other clauses herein, which shall continue to have full effect.
Any dispute to which the confidentiality policy may give rise, in particular concerning its validity, interpretation and performance, their consequences and their aftermath, shall be submitted to the competent courts within the jurisdiction of the city of Versailles.
1. Contact
Any questions regarding the Company’s Confidentiality Policy may be sent by email to contact@hotel-roys-versailles.com or by post to the following address:
Hôtel Des Roys Versailles, 14, Avenue de Paris 78000 Versailles, France.
Phone :+33(0)1 39 50 56 00
Email address : contact@hotel-roys-versailles.com
