The Grand Hôtel Thalasso & Spa
Luz Grand Hôtel (“we”, “our”) offers its guests and prospects (“you”, “your”) hotel services, room rentals, catering offers, promotional offers, gift packs, news and much more.
Luz Grand Hôtel is responsible for the processing of your personal data.
Given the great importance we attach to your trust, we are committed to respect your privacy, in particular by ensuring the protection of your personal data in accordance with the General Data Protection Regulation (GDPR).
2. Collection of your personal data
We may collect personal data that you provide directly to us as part of our contractual and precontractual relations (registration on forms, information provided at reception or during the booking process, etc.).
We may also collect your technical data by recording your interaction with our services using cookies and other technologies on our website (browser and device data such as your computer or mobile phone IP address and usage data such as connection dates, pages visited, services booked, etc.).
Some data may also be communicated to us by third-party sites (online booking sites, travel agencies, etc.) who provide us with contact details and booking information on behalf of a customer. We then inform the person concerned of this data collection.
We may also collect data from affiliates, business partners, subcontractors and service providers if their personal data protection policies permit.
3. Processing of your personal data
The term “personal data” refers to any information collected that allows a natural person to be identified directly or indirectly, for example: name, e-mail address, date of birth, payment information, language, booking details, etc.
Thus, we process the data you provide us about yourself and about the people who accompany you, such as:
– Name, first name, telephone number, e-mail address,
– Nationality, date of birth, gender,
– First name, age, date of birth of minors under your care,
– Credit card details used for booking transaction,
– IP addresses and connection details,
– Arrival and departure dates,
– Your preferences and interests,
– Your questions/comments, during or after a stay in one of our establishments,
– Images and video recordings collected during a hotel visit by means of video surveillance systems, where authorized by applicable law,
– Contact information for employees of client companies and suppliers and other individuals with whom we work (e.g., travel agents, online booking systems and travel management companies, event planners),
– And other types of information that you voluntarily choose to provide to us.
Data collected on minors (under 18 years of age) – necessarily limited to their name, nationality and date of birth – can only be transmitted to us by an adult declaring that he or she has the necessary authority to do so. It is important to ensure that your children do not transmit any personal data without your permission (especially via the Internet).
We do not voluntarily collect sensitive data, such as your religious belief or health details, dietary restrictions or sexual orientation, but we may process them if you voluntarily provide them to us and thereby express your consent to the processing.
4. When is your personal data collected ?
Personal data may be collected on various occasions, including via:
– Our hotel services: room reservation,
– Gift vouchers purchase,
– Event organization,
– Registration and payment,
– Consumption at the hotel bar or restaurant while staying at our hotel,
– Use of concierge, spa and activity booking services,
– Requests, complaints and/or disputes,
– Participation in marketing programs or promotional activities: contribution to satisfaction surveys,
– Subscription to newsletters, in order to receive offers and promotions by e-mail,
– Transmission of information from third parties: tour operators, travel agencies, online booking systems, others,
– Internet activity: connection to our website (IP address, cookies),
– Online collection forms (online booking, questionnaires, social networks).
5. Cookies and other Web technologies
We collect data via cookies and other similar technologies (Internet tags, web beacons). Cookies are small text files that are automatically copied to your computer or mobile device when you visit a website. These files are stored by your browser. These cookies contain basic information about your Internet usage. Your browser sends these cookies to our website each time you visit it so that your computer or mobile device is recognized and your browsing experience is personalized and improved.
You can control cookies with your browser settings and other tools, however, refusing to install a cookie may prevent you from accessing certain services.
As part of and for the purpose of providing WIFI services in our hotel, we may collect device identifiers (such as your IP address, or any other unique identifier).
6. How we use your personal data
We collect your personal data in a lawful manner and in particular:
– When you have given your specific consent,
– For the execution of precontractual measures requested by you,
– For the execution of contractual measures,
– In our legitimate interest or that of a third party,
– To comply with our legal obligations,
– In your vital interest or that of another person (medical emergency).
Our legitimate interest consists, for example, in providing a superior and personalized service or in improving our services.
We collect and process your data for specific, explicit and legitimate purposes:
– To fulfill our obligations towards our hotel guests,
– To perform and carry out our services (room reservation management, catering and other activity management),
– To improve our services,
– To manage our relationship with our hotel guests before, during and after their stay,
– To secure, manage and improve the usage of our Website,
– To improve our customer knowledge,
– To manage our relations with our partners and service providers,
– To comply with our legal obligations (e.g. keeping accounting records).
7. How we disclose personal data
Within our group, only a limited number of personnel can access your personal data and only when it is necessary to perform their duties.
Some data may be sent to third parties to comply with legal, regulatory or contractual obligations or to legally authorized authorities (police headquarters, town hall, anti-money laundering and anti-terrorist financing reporting obligations, TRACFIN statement, etc.).
We may also share your information with other entities, such as other companies within the group to which we belong and third parties listed below:
– Our service providers and subcontractors offering services or features on our behalf, including reservation and customer management software, payment processing and fraud prevention.
– Our business partners with whom we can jointly offer products or services (car rentals, restaurant reservations, entertainment reservations, etc.) and affiliated websites.
– If you are redirected to our website from another website, we may share your registration information, such as your name, e-mail and postal addresses, telephone number and travel preferences with that referring website. We strongly suggest you review the privacy policies of any website that redirects you to our website.
– We may share your personal data with any of our group affiliates. The disclosure of your information allows us to target our product and service offers (whether in hospitality or other) in accordance to your marketing preferences.
8. Personal data retention
We keep your personal data for as long as necessary for the purposes for which it was collected, including the fulfillment of any legal or accounting requirements and any legal reporting obligations.
9. Your rights and choices
In accordance with the data protection regulations, you have the following rights regarding our use and disclosure of your personal data:
– Right of access (right to obtain a copy of your personal data and to obtain confirmation that we are processing it lawfully),
– Right to rectification (right to modify or complete your data when they are inaccurate or incomplete),
– Right to be forgotten (right to request the deletion of your data from our processing),
– Right to restrict processing (right to request the limitation of processing operations concerning your data),
– Right to data portability (right to request a copy or transfer of your data from one IT environment to another),
– Right to object (right to object to certain processing operations, in particular those for marketing purposes),
– Right to appeal to the CNIL (French National Commission on Informatics and Liberty).
You can exercise your rights by proving your identity (e.g. Copy of your signed identity document) by email to the following address email@example.com or by mail to the following postal address: 43, boulevard Thiers 64500 Saint-Jean-de-Luz.
If you wish to exercise your data protection rights, we will comply with your request. However, please note that we will retain your request information during a 6-year period for monitoring and reference purposes.
We also would like to inform you that, despite your Right of deletion, we will retain some of your data as evidence in the event of a dispute or to comply with our legal and regulatory obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
10. Security of personal data
We attach the utmost importance to the protection of your privacy. We therefore act in accordance with the applicable laws on personal data and data security.
We have put in place technical and organizational measures appropriate to the sensitivity of personal data to ensure absolute integrity and confidentiality of your data and to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
We regularly carry out audits to ensure proper operational application of data security rules.
Thus, we take the necessary physical, technical and organizational security measures to:
‐ Protect our activities,
‐ Ensure personal data security of our customers, partners, Internet users, suppliers and service providers,
Against any unauthorized access, modification, distortion, disclosure, destruction or access to the personal data in our possession or under our control.
Nevertheless, the security and confidentiality of personal data are based on everyone’s best practices, which is why we urge you to remain vigilant.
In accordance with our commitments, we choose our subcontractors and service providers carefully and impose them:
‐ A level of personal data protection equivalent to ours,
‐ Access to and use of personal data or information strictly necessary for the services they are required to provide,
‐ Strict compliance with applicable laws and regulations regarding confidentiality, banking secrecy and personal data,
‐ The implementation of all appropriate measures to ensure the protection of personal data they may be required to process,
‐ The definition of the technical and organizational measures necessary to ensure safety.
We commit to conclude contracts with our subcontractors in accordance with legal obligations, defining precisely the terms and conditions for processing personal data.
11. International data transfers
Your personal data may be transferred to countries outside the European Economic Area (EEA). When we store or transfer your personal data outside the EEA, we comply with applicable laws to provide an adequate level of data protection (CNIL standard contractual clauses).
13. Contact us
If you have any questions or requests regarding the way we handle your personal data, please contact us by sending an e-mail to firstname.lastname@example.org or by mail to the following postal address: 43, boulevard Thiers 64500 Saint-Jean-de-Luz.
©2019 LuzGrandHôtel LLC. All rights reserved