Personal data protection policy
IDENTITY AND CONTACT INFORMATION OF ROYAL-RIVIERA HOTEL – CONTROLLER
Identity: ROYAL RIVIERA HOTEL SAS
No SIRET: 48136314100021
Address: 3, Jean Monnet Avenue – 06230 ST-JEAN CAP-FERRAT
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
You can contact our Data Protection Officer (DPO) by the following means:
Phone: +33 4 93 76 31 00
The ROYAL-RIVIERA hotel processes the personal data of its customers and website visitors. All information required in accordance with the General Data Protection Regulations (GDPR) is provided below. Our DPO is at your disposal for any questions or additional information to facilitate the quality of the information transmitted to you.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
Dear clients, we process your personal data for different reasons, mainly for:
• manage transactions in our establishments, reservations and services in general,
• manage your stay and your visit in our establishments, such as: monitoring your consumption (telephone, bar, …), management of access to rooms,
• manage the sending of commercial and marketing offers, target the offers according to your preferences
• cross-check or enrich your data collected during the booking or your stay in order to specify your interests, your customer profile and allow us to provide you personalized services and send you dedicated offers,
• carry out satisfaction surveys, studies and statistics,
• improve our services by taking into account all the comments you would leave during your stay or visit in our establishments,
• to respect our obligations of vigilance towards our customers and public bodies
• manage your requests for the exercise of your rights,
• manage claims and litigation,
• internal management of the list of clients having behaved inappropriately during their stay in our establishments or having an access restriction (aggression, degradation, cheating …),
• ensure the supervision of our establishments, the safety of property and people, and the fight against fraud.
In order to properly provide its services, the ROYAL-RIVIERA hotel processes the following categories of data:
• identity: first name, last name, company name, identity card, passport, signature, address, nationality, date of birth, sex.
• contact information: e-mail address, postal address, telephone number.
• transactions for goods and services of the hotel ROYAL-RIVIERA hotel: Products and services purchased or those to which you have expressed an interest.
• stay preferences
Dear visitors of our website, we process your personal data for specific purposes, in order to:
• personalize and optimize the comfort of the use of our websites,
• identify you in order to answer your requests through the contact form
• answer your requests and questions through the website
For this, the ROYAL-RIVIERA hotel processes the following data:
• navigation data
• last name, first name, email, country, phone (in a mandatory way to identify you and answer your requests)
• message subject
• content of the message
ROYAL-RIVIERA hotel undertakes not to process data belonging to minors under 18 years old. ROYAL-RIVIERA hotel undertakes not to collect data considered sensitive, unless with an express consent or justifying it strictly within this framework. Moreover, no automatic decision or profiling is done with your data.
LAWFULNESS OF PROCESSING
The lawfulness of the processing of your personal data will be based firstly on the execution of the contract signed by both parties in order to personalize the services provided to you, ensure your welcome within our establishment as well as the follow-up of your stay.
On the other hand, and specifically with regard to commercial prospecting, the lawfulness of the processing of your personal data will also be based on your consent. You will be asked before using your data and you will be able to withdraw it at any time.
Dear visitors of our website,
On the one hand, your personal data are processed on the basis of our legitimate interest since in order to answer as best as we can the questions asked via the site, we must necessarily collect the information described above to be able to contact you in return. The mandatory data so that we can answer you are indicated with an asterisk.
On the other hand, we treat your browsing data and cookies on the basis of your consent following the functioning described in the corresponding form.
In the unique framework of being able to give you any satisfaction in the use of our services, we may communicate your personal data to internal and external persons.
This is all the internal staff who have authority to intervene to enable you to benefit from the services of our establishments: staff of customer reception desks / receptions, support services staff, such as IT departments, marketing departments, and the legal service.
These are subcontractors, service providers, business partners or banks. The transmission of information is for the sole purpose of the perfect execution of the services you have requested and the exclusive search of your satisfaction.
Administrative and judicial authorities, local or national could also request the communication of your personal data if law required it. This type of disclosure may be required in any lawsuit, petition or inquiry, government request, legal order, enforcement of legal rights (eg, contractual terms, intellectual property rights, etc.), money laundering, security issue or other similar legal or security issue. Sharing your information in this context is not a regular event, but can occur at any time. We will seek to limit the types and volumes of information we may have to share for legal purposes to what is reasonably necessary and will ensure that any transfer outside the European Union is carried out on an appropriate legal basis.
CROSS-BORDER DATA TRANSFERS
In the case of data transfers outside the European Union and / or to countries that do not have adequate protection, these will be carried out in accordance with the procedures in force (ie in particular the standard contractual clauses of the European Commission, etc.).
DURATION OF DATA CONSERVATION
We store your information for a period of time proportionate with the purpose for which we are processing it, to meet legal and regulatory requirements and within the limits imposed by them. In order to define adequate storage periods, we take into account the legal deadlines imposed in tax, financial and commercial matters as well as the purpose of the corresponding processing.
For your perfect information, the video recordings made in our hotel are kept for a period of 15 days. The data concerning your credit card are deleted from our operational databases 7 days after the completion of the transaction, but may be kept in archiving to guard against eventual dispute of the transaction for a period of 13 months after their collection.
YOUR RIGHTS ABOUT YOUR PERSONAL DATA
The Royal Riviera Hotel informs you of your rights in accordance with the legislation in force:
• the right of access: You have the right to obtain confirmation that your personal data are or are not processed and, when they are, to obtain access to such data and a copy of these last.
• the right of rectification: You have the right to obtain the rectification of inaccurate personal data concerning you.
• the right to erasure: In some cases, you have the right to obtain the erasure of your personal data. Nevertheless this right is not absolute, indeed the hotel Royal Riviera can have legal reasons or legitimate to preserve those personal data.
• the right to data portability: in some cases, you have the right to receive the personal data that you have provided us in a structured, commonly used format and the right to transmit this data to another person in charge of treatments, where technically possible. This right applies only when the processing of your personal data is based on your consent or the performance of a contract and it is performed using automated processes.
• the right to object: You have the right to object at any time, for reasons related to your particular situation, to processing of your personal data when the processing is based on the legitimate interest of the Royal Riviera hotel.
• the right to lodge a complaint with a supervisory authority: You have the right to contact the French data protection authority (National Commission for Informatics and Freedoms (CNIL)) in order to lodge a complaint concerning the Hotel Royal Riviera’s practices relating to personal data protection.
In addition, and regarding the process for which your consent was asked you can withdraw it at any time thanks to the corresponding links placed at your disposal.
To exercise your rights, you can send a request to our DPO by writing to the e-mail address firstname.lastname@example.org, quoting the reference “Data protection”, justifying your identity.
You can also send us a written request by sending your request to: 3, avenue Jean Monnet – 06230 Saint-Jean-Cap-Ferrat.
The ROYAL-RIVIERA hotel has taken all the technical and organizational measures necessary to ensure the security of personal data and to prevent any alteration, loss, treatment or unauthorized access thereof, taking into account the evolution of technology, the nature of the stored data and the risks to which they are exposed, through human actions or physical or natural influences.
Indeed, we determine and implement enhanced security measures to ensure the security and confidentiality of your personal data, in accordance with the requirements of the CNIL and the RGPD. Thus, we have in particular:
• appointed a DPO responsible for our compliance with the legislation on the protection of personal data
• make our staff aware of the right to the protection of personal data
• calls on a specialized IT service provider to secure our networks and workstations (backups, antivirus, etc.)
• implement physical security measures such as video surveillance
WHAT HAPPENS WHEN THIS POLICY IS CHANGED?