PERSONAL DATA PROTECTION POLICY

Preamble

NAOS HOTEL GROUPE ensures it complies with European General Data Protection Regulation (GDPR) no. 2016/679 on the protection of individuals with regard to the processing of personal data and with French Data Protection Act no. 78-17 of 6th January 1978 on data protection, computer files and civil liberties, as amended by French Executive Order no. 2018-1125 of 12th December 2018.

This personal data protection policy (referred to hereafter as the Policy) applies to the processing of data by NAOS HOTEL GROUPE via the tours-centre-lifestyle.naoshotel.com website. It informs you of the purposes of the processing carried out, their legal basis, the data recipients, data storage duration, security measures (general description), the existence of any data transfers outside the European Union or any automated
decision-making, the use and management of cookies, your data protection rights and the means of exercising said rights.

 

Who is the Data Controller, responsible for the processing of your data?

NAOS HOTEL GROUPE (Avenue du Futuroscope – Téléport 1 – Bat. Arobase 3 – 4th Floor – 86360 Chasseneuil du Poitou, France) is the Data Controller and main recipient of your data. This means that NAOS HOTEL GROUPE (referred to hereafter as the Data Controller) determines the purposes and means of processing your data.

 

What data do we collect about you?

We use the phrase “personal data” to mean any information that allows you to be identified, whether directly or indirectly, in the sense of GDPR Article 4.1. NAOS HOTEL GROUPE collects personal data about you notably through the cookies and trackers we use on the website. We guarantee transparency regarding the processing of your data by informing you, clearly and precisely, before putting cookies on your terminals and collecting data concerning you. Where necessary, we seek and receive your consent, given freely and unambiguously in an informed way.

Data collected about you are appropriate, useful, necessary and limited to the strict minimum. They notably concern browsing data gathered through cookies and trackers.

 

What are the purposes of data collection?

The collection of data concerning you is carried out for the following purposes:

  • To record your consent and log your preferences in relation to the cookies used;
  • To monitor the performance of pages viewed by website users;
  • To analyse the way in which visitors use the website;
  • To optimize your experience and facilitate browsing of our website, in particular by determining “technical routes” for browsing;
  • To compile statistics and analyses on visitor frequency and site usage, browsing, and audience measurement for the website and its various sections, notably with a view to improving it;
  • To distinguish between website users;
  • To optimize the user experience based on your preferences.

What are the legal bases for processing your data?

Your personal data are processed in compliance with GDPR Article 6. It is based, in particular, on:

  • Either your consent when you accept the cookies and trackers we use. In this event, your consent is obtained in an obvious, free, informed and transparent way, through a cookies banner which is displayed when you visit our website. Your consent may, of course, be withdrawn at any time.
  • Or the pursuit of a legitimate interest, notably regarding management of technical and functional cookies

Who receives your data?

Your personal data are intended for the NAOS HOTEL GROUPE, the website publisher and Data Controller. They are processed solely by personnel in our various departments, such as departments in charge of communications and marketing. They are processed solely for the aforementioned purposes.

Your personal data may be transferred to our technical subcontractors acting as Data Processors (in the sense of GDPR Article 4.8) in a strictly regulated way. If data are transferred, we make sure that the Data Processors comply with GDPR and implement appropriate technical and organisational measures to guarantee data protection (GDPR Art. 28).

 

Are your data transferred outside the European Union?

We use the Google Analytics app on our website, primarily for audience measurement purposes. This service is published and managed by Google LLC, a company whose registered office is in the USA. Consequently, the browsing data collected about you may be transferred to the USA. This transfer is governed by the Google Workspace usage policy and by the Privacy Shield framework to which Google adheres.

 

How are your personal data kept secure?

NAOS HOTEL GROUPE undertakes to protect your data in compliance with GDPR and in accordance with best practices. For example, all of the pages of our website use the https protocol and are protected by the SSL certificate. We also ensure secure hosting of our website. These and other measures help to guarantee the security of your browsing of our website.

 

What is the storage duration for your data?

We only process browsing and audience measurement data via the website. The cookies used for this processing may be limited to the duration of your browsing or for a period of up to 13 months, in compliance with the recommendations of the French Data Protection Authority (CNIL). Analytical cookies, on the other hand, are kept for 20 months.

 

Can you refuse to accept the cookies we use?

If you do not want our website to place cookies on your computer, you can block them:

  • By using a browser which, by default, rejects cookies;
  • By configuring your browser appropriately or by installing an additional component on your browser, specifically designed to manage cookies;
  • By deleting the cookies used, at any time, via your browser (to find out how to do this, click on your browser’s Help tab);
  • By configuring your browser so that it sends your “Do not track” instruction to the website.

We will, in any event, respect your decision.

 

What are your rights and how can you exercise them?

In compliance with the European General Data Protection Regulation (GDPR), introduced on 25th May 2018, and French Data Protection Act no. 2018-493 of 20th June 2018, known as LIL3, as well as Executive Order no. 2018-1125 of 12th December 2018, in implementation of Article 32 of French Data Protection Act no. 2018-493 of 20th June 2018, amending Data Protection Act no. 78-17 of 6th January 1978 on data protection, computer files and civil liberties, you have the right to access, rectify or erase your personal data, the right to restrict or object to the processing of said data and a right to data portability.

Your requests must always be accompanied by proof of identity in order to check your identity. This check is necessary as it helps protect your personal data. Communicating your data to a third party, or rectifying or erasing them at the request of anyone other than yourself would be a breach of your data.

You can exercise your rights by writing to contact@naoshotelgroupe.com or by sending a registered letter to the following address: NAOS HOTEL GROUPE, Avenue du Futuroscope – Téléport 1 – Bat. Arobase 3 – 4th Floor – 86360 Chasseneuil du Poitou, France.

NAOS HOTEL GROUPE may demand payment of reasonable fees based on the administrative costs for any additional copy of Data Subject Access Requests (GDPR Article 15.3).

In the event of manifestly unfounded or excessive requests, we can demand payment of reasonable fees that take account of the administrative costs incurred in supplying the information or refuse to comply with these requests (GDPR Article 12.5).

In the event of NAOS HOTEL GROUPE being entitled to refuse to grant your request, you will be notified of this refusal and the reasons for it within the allotted time limit.

 

If you wish to contact the hotel regarding any other query or request, please contact: tours-centre-lifestyle@naoshotel.com directly

 

Have we appointed a Data Protection Officer (DPO)?

In compliance with GDPR, we are supported by Agence RGPD (22 Rue de Bignoux, 86000 Poitiers), an organisation that specializes in data protection and compliance with the General Data Protection Regulation (GDPR).

For any further questions relating to the General Data Protection Regulation (GDPR) and our approach to compliance, please contact Agence RGPD at any time at the following address: dpo@agencergpd.eu

 

Updated on June 6, 2022.