PRIVACY POLICY
HOTELLERIE CHATEAUBRIAND

PREAMBLE


Article 1. Parties to this act

Between the undersigned :
1° The simplified joint-stock company HOTELIERE CHATEAUBRIAND with a capital of 62,146 Euros,
registered in the Paris Trade and Companies Register under number 444 297 352, whose
head office is located at 1 rue Bayard 75008 Paris, with VAT number FR33444297352.
Hereinafter referred to as the "Data Controller",
Firstly,
And
2° Any natural person
o Browsing on the website www.ledamantin.com;
AND OR
o benefiting from hotel services and/or related services offered by the
Data controller.
Hereinafter referred to as the “Data Subject”,
On the other hand,
It was explained and agreed as follows:


Article 2. Purpose

This Privacy Policy applies, without limitation or qualification between the Person
concerned and the Data Controller.
Its purpose is to provide information on how the Data Controller
collects and processes the Data of the Person concerned, in accordance with the legislation in force and
in particular European Regulation No. 2016/679 and Law No. 78-17 (hereinafter referred to as the
“Legislation”), in relation to:
- Hotel services and related services offered by the Head of
processing to the Data Subject (hereinafter referred to as the “Service”);
- The website www.ledamantin.com (hereinafter referred to as the “Site”).


Article 3. Definitions

- Supervisory authority means the National Commission for Computing and Liberties (CNIL),
French independent public data protection regulatory authority.
- Consent means any expression of will, free, specific, informed and unambiguous by
which the Data Subject accepts, by a declaration or by a clear positive act, that
Data concerning him are processed by the Data Controller.
- Recipient means any natural or legal person, public authority, service or other
organization that receives communication of the Data, whether or not it is a Third Party. However, the
public authorities who are likely to receive communication of the Data, in particular
within the framework of a fact-finding mission, are not considered as Recipients within the meaning
of this definition.
- Data means any information relating to the Data Subject.
- File designates any Data structure set accessible according to determined criteria, whether
this set is centralized, decentralized or distributed functionally or geographically.
- Legislation means any law and regulation relating to Data protection, and in particular the
European regulation n°2016/679 and law n°78-17.
- Browsing designates the consultation, knowledge, order and/or purchase of
Services on the Site.
- Person concerned means any natural person who browses the Site and/or benefits from the
Services of the Data Controller, as soon as it can be identified, directly or
indirectly, in particular by reference to an identifier, such as a name, a number
identification, location data, an online identifier, or to one or more elements
specific to his physical, physiological, genetic, psychic, economic identity,
cultural or social.
- Pseudonymization means the processing of Data in such a way that it can no longer
be attributed to the Data Subject without recourse to additional information.
- Data controller means the Simplified Joint Stock Company HOTELIERE
CHATEAUBRIAND with a capital of 62,146 Euros, registered in the Trade and
Paris companies under number 444 297 352, whose registered office is located at 1 rue Bayard 75008
Paris, and having as VAT number FR33444297352, which alone or jointly with others,
determines the purposes and means of the Processing
- Service means the provision of hospitality and related services offered by the Head of
processing to the Data Subject, in particular on the Site.
- Site means the infrastructure developed by the Data Controller according to the formats
computers usable on the Internet comprising data of different natures, and
including texts, sounds, still or moving images, videos, databases, intended to be
consulted by the Data Subject to find out about, reserve, order and/or purchase a
Service (www.ledamantin.com).
- Subcontractor means any natural or legal person, public authority, service or other
organization that the Data Controller who processes the Data on behalf of the
Data controller.
- Third party means any natural or legal person, public authority, service or other body
that the Data Controller, the Processor and the persons who, placed under the authority
directly from the Data Controller or the Subcontractor, are authorized to process the Data,
and in particular tour operators, travel agencies, and reservation systems.
- Processing means any operation or set of operations whether or not performed using
automated processes applied to the Data or sets of Data, such as the
collecting, recording, organizing, structuring, storing, adapting or
modification, extraction, consultation, use, communication by transmission,
dissemination or any other form of making available, bringing together or interconnecting,
limitation, erasure or destruction.

AGREEMENT

Article 4. Principles relating to Processing

In accordance with the Legislation, the Data Controller undertakes to respect the principles
following for each Treatment:
• Legality;
• Loyalty ;
• Transparency;
• Purpose limitation;
• Data minimization;
• Exactness ;
• Limitation of storage;
• Integrity ;
• Confidentiality ;
• Responsibility.


Article 5. Data processed

As part of its Navigation on the Site and / or the performance of a Service, the Person in charge of
processing is required to collect and process a certain amount of Data, and in particular:
• Personal information (surname, first name, pseudonym, gender, postal address, address
email, telephone number, date of birth, nationality, identity card number or
passport, video surveillance, room access logs);
• Banking information (credit card number, invoices);
• Information about your stay (date of arrival and departure, history of stays, number
reservation, room number, table number, billable supplements, amount of
stay) ;
• Preferences (type of bedding, smoker, diet, allergies, special requests,
opinion, satisfaction);
• Technical information (browsing behavior on the Site, IP address, user agent,
cookie ID).


Article 6. Context of the Processing

The Data of the Person concerned may be collected and processed by the Data Controller.
treatment on different occasions, including:
• Execution of a Service:
o Reservation of a room, a table or a treatment;
o Registration and payment;
o Requests and complaints;
• Browsing on the Site:
o Connection to the Site;
o Contact with the Data Controller on the Site.


Article 7. Purpose of Processing and Data Storage

RGDP
RGDP
rgdp

The Data Controller reserves the right to anonymize the data which is subject to
 Treatment before deleting them.
 Anonymized Data may then be processed for statistical purposes.

Article 8. Recipients of Data

In principle, the Data Controller is the sole Recipient of the Data.
 As part of the performance of a Service, the Data Controller may be required to
 transfer the Data to external or internal Recipients.
 The following Recipients may in particular be required to process your data:
 • The Data Controller's hotel staff, including restaurant staff,
 the bar and the spa;
 • The Data Controller's IT subcontractor;
 • The banks ;
 • Credit card issuers;
 • The Site host;
 • The Data Controller's business partners;
 • Police services and gendarmerie units;
 • Administrations.
 The data controller undertakes to require Recipients - in particular Subcontractors -
 sufficient guarantees as to the implementation of technical and organizational measures
 appropriate so that the Processing meets legal and regulatory requirements and
 guarantees the protection of the rights of the Person concerned.
 The Data Controller may communicate to any Recipient or Third Party the Data that is
 object of Processing when a legal obligation to do so exists or when the Data Controller
 processing considers in good faith that it is necessary to:
 • Respond to any complaint against it;
 • Comply with legal and/or administrative requirements;
 • Enforce any contract to which the Data Subject is a party;
 • Safeguard the vital interests of any natural person;
 • The execution of a mission of public interest.
 In the event of purchase of the Data Controller by a Third Party, the Data Controller reserves the
 possibility of sharing the Data with the Third Party Purchaser subject to compliance with this
 Privacy Policy by this Third Party.


 Article 9. Transfer of Data outside the European Union

The Data Controller stores all the Data on secure servers located at
 within the European Union.
 No transfer of Data outside the European Union will be carried out by the Data Controller.
 processing without the express prior consent of the Data Subject.
 Article 10. Rights of the Data Subject to the Data
 The Person concerned has a certain number of rights on the Data that he can assert,
 except for applicable legislative or regulatory exceptions, by making a request to the
 Data controller at the following address:
 HOTEL CHATEAUBRIAND
 1 rue Bayard 75008 PARIS
 contact@ledamantin.com
 In the event of reasonable doubt about the identity of the Data Subject making a request to exercise
 of his rights to the Data, the Data Controller may request to attach a copy
 an official identity document in support of the application.
 Requests will be processed as soon as possible and at the latest in accordance with the deadlines set
 by legislation.


 Section 10.1. Permission to access

The Data Subject has the right to obtain from the Controller confirmation that
 Data are or are not processed and, when they are, access to said Data as well as the
 following information:
 • The purposes of the processing;
 • Data categories;
 • The Recipients or categories of Recipients to whom the Data have been or will be
 communicated, in particular Recipients who are established in third countries or
 International organisations ;
 • When possible, the retention period of the Data or, when it is not
 possible, the criteria used to determine this duration;
 • The existence of the right to ask the Data Controller to rectify or
 the erasure of Data, or a limitation of the processing of Data, or of the right to
 object to this processing;
 • The right to lodge a complaint with a supervisory authority;
 • When the Data is not collected from the Data Subject, any
 information available as to their source;
 • The existence of automated decision-making, including profiling, and, at least in such
 cases, useful information regarding the underlying logic, as well as the importance and
 intended consequences of such processing for the Data Subject.
 The Data Controller provides a copy of the Data subject to Processing and
 reserves the right, in return for the supply of this copy, the payment of reasonable costs based
 on administrative costs for any additional copies requested by the Data Subject.


 Section 10.2. Right to erasure and rectification

The Data Subject has the right to obtain from the Data Controller the rectification and/or
 the erasure of inaccurate or obsolete Data as soon as possible unless otherwise stated
 preventing the exercise of this right, and in particular:
 • Exercise of the right to freedom of expression and information;
 • Compliance with a legal obligation;
 • The public interest in the field of public health, archives, scientific research
 or historical or statistical;
 • The establishment, exercise or defense of legal rights.
 34


 Section 10.3. Right of objection

The data subject has the right to object at any time, for reasons relating to his or her situation.
 particular, to Data Processing based on the performance of a task in the public interest or the
 necessity of the legitimate interest of the Data Controller.
 The Data Controller then undertakes to no longer process the Data, unless he demonstrates
 that there are legitimate and compelling reasons for the Processing which prevail over the interests and
 rights and freedoms of the Person concerned, or for the recognition, exercise or defense of rights
 in justice.
 Furthermore, the Data Subject has the right to object at any time to the Processing of Data.
 carried out for prospecting purposes by the Data Controller, insofar as the Person
 concerned is linked to such prospecting.
 Finally, when Data is processed for scientific or historical research purposes or for
 statistical purposes, the Data Subject has the right to object, for reasons relating to his or her situation
 particular, to the processing of Data, unless the Processing is necessary for the execution
 of a mission of public interest.


 Section 10.4. Right to limitation

The Data Subject has the right to obtain from the Controller the limitation of the Processing
 Data when:
 • The accuracy of the Personal Data is disputed by the Data Subject,
 for a period allowing the Data Controller to verify the accuracy of the
 Data ;
 • The processing is unlawful and the Data Subject opposes their erasure and requires the
 places the limitation of their use;
 • The Data Controller no longer needs the Data for the purposes of the Processing but they are still necessary for the Data Subject for the establishment, exercise or
 legal defense;
 • The Data Subject has objected to the Processing in accordance with Article 10.3, during
 verification of whether the legitimate reasons pursued by the Data Controller
 of the processing take precedence over those of the Data Subject.
 The Data Subject who has obtained the restriction of Data Processing is informed by the
 Controller before the restriction of processing is lifted.


 Section 10.5. Right to Data Portability

The Data Subject has the right to receive the Data that he has provided to the Data Controller.
 processing, in a structured, commonly used and machine-readable format, and has the right to
 transmit this data to another data controller without the Data Controller
 obstructs it, when:
 • The Processing is based on the Consent of the Person concerned or on the execution of a
 contract to which the Data Subject is a party;
 • The Processing is carried out using automated processes.
 The Data Subject, when exercising his/her right to Data portability, has the right to obtain
 that the Data be transmitted directly from the Data Controller to another controller
 treatment, where technically possible.


 Section 10.6. Right to lodge a complaint with the Supervisory Authority

The Data Subject has the right to lodge a complaint with the Supervisory Authority if he
 considers to be the subject of illegal Data Processing by the Data Controller.


 Section 10.7. Right to set guidelines on the fate of Data

The Person concerned has the right to define directives on the fate of the Data after his death
 with the Data Controller who will use all his technical means to enforce
 this will.


 Article 11. Data Security

The Data Controller takes the appropriate technical and organizational measures to
 protect Data against destruction, loss, alteration, misuse and unauthorized access
 authorised, modification or disclosure, whether such actions are intentional or accidental.
 These technical and organizational measures are intended to ensure the confidentiality, integrity,
 the availability and resilience of the Site and the information systems where the Files are stored.
 In order to secure the Navigation of the Person, the Site is encrypted SSL (Secure Socket Layer).


 Article 12. Modification of the Privacy Policy

The Data Controller reserves the right to occasionally modify this
 Privacy Policy.
 In the event of a substantial modification to this Privacy Policy, the Data Subject
 will be personally informed of the new Privacy Policy.
 The Data Subject is invited to consult this Privacy Policy regularly.
 to find out about any changes to it.
 The Data Subject may send questions about this Privacy Policy to
 Data controller at the following address: contact@ledamantin.com.

Article 13. Nullity of the Privacy Policy

If any of the stipulations of this Privacy Policy prove to be invalid with regard to
of a rule of law in force or of a judicial decision that has become final, it would then be deemed
unwritten, without thereby invalidating the entire Privacy Policy or
affect the validity of its other provisions.

Share by: