+33 (0)1 42 78 55 29

Privacy Policy

INTRODUCTION

SOCIÉTÉ HÔTELIÈRE DU BOURG TIBOURG is committed to ensuring that the collection and processing of your data is carried out lawfully, fairly and transparently, in accordance with the General Data Protection Regulation (GDPR) and Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms.

The collection of its customers’ personal data is limited to what is strictly necessary, in accordance with the principle of data minimisation, and indicates what purposes are pursued by the collection of this data, whether providing this data is optional or mandatory in order to manage requests and who will be able to see it.

I. About us

SOCIÉTÉ HÔTELIÈRE DU BOURG TIBOURG is a limited liability company with its registered office at 42 bis Rue de Rivoli, 75004 Paris, France and registered in Paris under number 341 415 479, legal responsible: Ms RASIMI .

The Company offers the following services:.

  • Hotel accommodation service (3 stars)

II. Definitions

“Site” means the Company’s website, namely, hoteldenice.com
“Cookies”: A cookie is a piece of information deposited on an Internet user’s hard disk by the server of the site they are visiting. It contains several pieces of data: the name of the server that placed it, an identifier in the form of a unique number or a text and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.

“Personal data” means any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person. This is, for example, the User’s e-mail address.

“Customer” means any natural or legal person who makes a reservation on the Site, with our partner service providers (e.g. Booking.com) or directly with the receptionist on duty at the establishment whose address is indicated in Article I ;

“Booking” means any booking made by the User, Client, Professional, Consumer with a view to benefiting from the Company’s Services ;

“General Terms and Conditions of Sale and Use” or “GTC/GCU” means the Company’s general terms and conditions of sale and use ;

“Consumer” means the buyer who is a natural person and is not acting for professional purposes and/or outside their professional activity ;

“Professional” means the buyer who is a legal or natural person acting in the course of his professional activity ;

“Services” means all the services and/or products offered to Customer and Professional Users by the Company through the Sites held by the Company ;

“Company” means SOCIÉTÉ HÔTELIÈRE DU BOURG TIBOURG, more fully referred to in Article I hereof;

“User” means any person who makes use of the Site.

“Account” means the customer’s personal space with the Company’s partner service providers.

“Quotation” means a quotation produced by the Company for a specific, customised service requested by the Customer.

“RGPD” means the General Regulation on the Protection of Personal Data applicable from 25 May 2018.

“Processing of personal data” means any operation or set of operations relating to such data, regardless of the process used (collection, recording, organisation, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction…).

III. Protection of Personal Data

In accordance with the French Data Protection Act of 6 January 1978 and the General Data Protection Regulation 2016/679 (RGPD), information concerning you is intended for the Company, which is responsible for processing it. You have the right to access, rectify and delete data concerning you (details in article 7). You may exercise this right by sending an email to contact@hoteldenice.com

By connecting to the Company’s hoteldenice.com website, you are accessing content that is protected by law, in particular by the provisions of the French Intellectual Property Code. The Company only authorises strictly personal use of the information or content you access, limited to saving on your computer for display on a single screen and reproduction, where authorised (link or download button) for copying or printing on paper. Any other use is subject to our express prior authorisation. By continuing your visit, you agree to abide by the above restrictions.

The Company undertakes to ensure that its Customers, Users, Consumers and Professionals comply with the laws in force and the ethical rules of practice required to establish a relationship of trust between the Company and its Customers, Users, Consumers and Professionals.

The Company commits its Users to respecting a set of obligations through its GCS/GUU.

Any breach of these obligations may result in the cancellation without notice of a reservation made on the Company’s website or directly with Hôtel de Nice.

IT SHOULD BE NOTED THAT THE COMPANY DOES NOT EXCHANGE OR RENT ITS CUSTOMER AND PROSPECTIVE CUSTOMER FILES.

The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior authorisation of the holder of parental authority, we will take the appropriate measures to delete this personal data from our servers.

IV. Data controller

The person responsible for processing the personal data referred to herein is Ms RASIMI, whose company details are stipulated in Article 1 on this page.

V. Nature of the Data Collected

User information and rights.
The company hereby clearly informs you about the processing of personal data that it implements as part of its activity, how the data is collected, used and protected.

Any User, Customer, Consumer, Professional has the right to request from the data controller, i.e. Ms RASIMI, access to the personal data provided;

  • The rectification or erasure thereof;
  • A limitation of the processing relating to his/her person;
  • To object to the processing;
  • To the portability of data;
  • To lodge a complaint with the CNIL.

Subcontracting
The Company undertakes to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the European Data Protection Regulation (see the list of data recipients in Article 6).

Data collected on the site (contact form)
When a Customer, User, Consumer, Professional, makes a booking request on the site via our contact form, the following data is collected and processed by the Company: email, first name, last name, telephone, country, arrival date, departure date, number of adult(s), number of child(ren), additional information that the Customer, Professional, User, Consumer, deems necessary for their booking request.

Data collected at the Company’s Establishment
When a Customer arrives, the following data is collected and processed: date of arrival and departure from the establishment, room number, number of breakfasts if any, order history, complaints, incidents, information relating to correspondence on our website or directly with the Company (email message sent directly).

Some data is collected automatically as a result of the user’s actions on the site (see the paragraph on cookies in Article 8).

A customer, consumer or professional may book a service provided by the Company through a partner service provider. The data collected by this means (e.g. Booking.com) is subject to the GTC/GCU and Privacy Policy of these Partner Providers and those of the Company.

The data submitted must not include sensitive personal data, such as government identifiers (such as social security numbers, driving licence numbers, or taxpayer identification numbers), full credit card numbers (except where requested in particular in connection with a booking on the site by filling in the field provided on the booking form) or personal bank account numbers, medical records or information relating to care requests associated with individuals, without this list being exhaustive.

Concerning the collection of identity data

Prior identification for the provision of the desired service.
The provision of a room requires prior identification of the customer using their identity card or any other document enabling them to be identified. The personal data (surname, first name, postal address) appearing on the identity document are used to fulfil our legal obligations resulting from the provision of the service as set out in the reservation. The customer, whether a consumer or a professional, must not provide false personal information and must not make a reservation for another person without their authorisation. The contact details provided must always be accurate and up to date.

Collection of terminal data
Collection of profiling data and technical data for the purposes of providing the service.

Some of the technical data of your device is collected automatically by the Site and the server. This information includes in particular your IP address, Internet service provider, hardware configuration, software configuration, browser type and language… The collection of this data is necessary for proper navigation on the Company’s website.

The Company also offers a personalised experience by using the principle of automated decision-making via its newsletter email messages.

Collection of technical data for commercial and statistical purposes
Technical data about your device is automatically collected and recorded by the server and our subcontractors for advertising, commercial and statistical purposes. This information helps us to personalise and continually improve your experience on our Site. We do not collect or store any personal data (surname, first name, address, etc.) that may be attached to technical data.

VI. Purpose of processing

The main purpose of collecting your personal data is to provide you with a safe, optimal, efficient and personalised experience in the establishment. To this end, you agree that we may use your personal data to:

  • Provide our services and facilitate their operation, including conducting checks on you to do so;
  • Resolve any problems in order to improve the use of our site and services;
  • To personalise, evaluate and improve our services, content and documentation;
  • Analyse the volume and history of your use of the Company’s services;
  • To inform you about the Company’s services;
  • Prevent, detect and investigate any potentially prohibited and illegal activities or activities contrary to good practice, and ensure compliance with the Company’s T&C/GU;
  • Comply with our legal and regulatory obligations.
  • For customers who have made a booking directly on the website, by telephone or via the Company’s partner service providers, we process their data for the performance of the service contract.
  • For our newsletter, we process your personal data on the basis of the explicit consent you have given to this effect.

VII. Recipients of Data

The personal data concerning you collected on the site, at the establishment and from partner service providers is intended to be used by the Company and may be transmitted to subcontracting companies that the Company may call upon in the context of the performance of its services. The Company ensures compliance with data protection requirements for all its subcontracting companies. The Company does not sell or rent your personal data to third parties for marketing purposes. In keeping with our values, we do not enter into strategic partnerships to share your data in order to promote a service or product of a third party company.

The Company does not disclose your personal data to third parties, except if:

  • you make the request or authorise the disclosure;
  • disclosure is required to process transactions or provide services you have requested (i.e., for the purposes of verifying your good shipping practices or as part of purchasing card processing with credit card companies);
  • the Company is compelled to do so by a governmental authority or regulatory body, in the event of a judicial requisition, subpoena or other similar governmental or judicial requirement, or to establish or defend a legal claim;
  • the third party is acting as an agent or subcontractor of the Company in the performance of the services.


Currently the recipients of the data are:

  • MIXIT7: Server outsourcing
  • SOCIÉTÉ HÔTELIÈRE DU BOURG TIBOURG: Operations related to bookkeeping
  • MIXIT7: Site editing
  • GOOGLE ANALYTICS: Site statistics and technical analysis
  • SOCIÉTÉ HÔTELIÈRE DU BOURG TIBOURG: Wi-Fi service in the hotel available to clients, employees, consumers and professionals

VIII. Right of access, rectification and deletion

In accordance with the French Data Protection Act and the General Data Protection Regulation 2016/679 (RGPD), you have the rights of access, rectification and deletion of your personal data, which you may exercise by sending an email to contact@hoteldenice.com.

Your request will be processed within 30 days. We may ask that your request be accompanied by a photocopy of proof of identity or authority.

You may also modify your personal data yourself at any time, in relation to our newsletter, by clicking on the link at the bottom of each email in our newsletter either to unsubscribe or to update your details.

Consumers who do not wish to be the subject of commercial canvassing by télphonic means may, free of charge, register on an opposition list for télphonic canvassing .
For more information: BLOCTEL
https://www.bloctel.gouv.fr/

IX. Use of Cookies

How long cookies are kept
In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of 13 months after they are first deposited in the User’s terminal, as is the period of validity of the User’s consent to the use of these cookies. The lifespan of cookies is not extended with each visit. The User’s consent will therefore have to be renewed at the end of this period.

Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, based on the processing of information concerning the frequency of access, the personalisation of pages as well as the operations carried out and the information consulted.

You are informed that the Company may place cookies on your terminal. The cookie records information relating to navigation on the site (the pages you have consulted and may consult) which we will be able to read during your subsequent visits.

For the duration of the cookie’s validity or recording period, the cookie will enable the Company to identify your computer on future visits. Partners or service providers of the Company, or third-party companies may also be required, subject to your choices, to place cookies on your computer.

There are two main categories of cookies:

Technical” cookies. These cookies are essential for browsing our site, in particular for the proper execution of the order process ;

Optional” cookies. These cookies are not essential for browsing our site, but may, for example, facilitate your searches, optimise your user experience, and for us: better target your expectations, improve our offer, or optimise the operation of our site.

This information is stored on your computer for one year. Only the sender of a cookie is likely to read or modify the information contained in this cookie.

No cookie allows us to identify your marital status.

The User’s right to refuse cookies
Deactivation may result in degraded operation of the service.
You acknowledge that you have been informed that the Company may use cookies, and authorise it to do so.

If you do not wish cookies to be used on your terminal, most browsers allow you to disable cookies via the settings options.

You can oppose the saving of cookies by setting your browser as follows:

For Chrome

  • On your computer, open Chrome.
  • On the top right, click Settings (the 3 little dots)
  • Click on Advanced Settings and then Content Settings
  • At the top of the page, deactivate “Allow sites to save and read cookie data”


For Mozilla Firefox:

    • Choose the “Tool” menu then “Options”
    • Click on the “Privacy”

icon.

  • Find the “Cookie” menu and select the options that suit you


For Microsoft Internet Explorer:

    • Choose the “Tools” menu, then “Internet Options”.
    • Click on the “Confidentiality” tab

.

  • Select the desired level using the slider.


For Edge:

  • Go to Settings
  • Under Clear browsing data, select Choose items to clear.
  • Check the boxes next to each type of data you wish to delete, then select Delete.


For Opera:

  • Choose the menu “File” > “Preferences” > Privacy

Please note: If you choose to refuse the storage of cookies on your computer or if you delete those stored there, we decline all responsibility for the consequences related to the degraded operation of our services resulting from the impossibility for us to store or consult the cookies necessary for their operation and which you would have refused or deleted.

List of cookies:

X. Data retention

General
The Company collects and retains your personal data for the purposes of fulfilling its contractual obligations as well as information on how and how often you use our services. Personal data must be kept only for as long as is necessary to fulfil the purpose for which it was collected. The Company only stores your data for as long as is necessary to provide the service, and as such, the Company deletes your bank details once the service has been completed. The storage of our customers’, professionals’, consumers’ and users’ data varies according to the type of data concerned. For example, your statistical data that is more than 13 months old will be deleted. Other data may be deleted at any time, in accordance with the provisions set out above.

Storage period for personal and sensitive data
Data retention for the duration of the contractual relationship and beyond.
In accordance with article 6-5° of law no. 78-17 of 6 January 1978 relating to information technology, files and civil liberties, sensitive data (Bank Card) that is the subject of processing is not kept beyond the time required to fulfil the obligations defined when the contract was concluded or the predefined duration of the contractual relationship.

Personal data (surname, first name, email, postal address) that is processed is kept for a period of 3 years in our booking software.

Deletion of data after account deletion
Means of purging data are put in place to provide for its effective deletion once the retention or archiving period required to fulfil the purposes determined or imposed has been reached. In accordance with Act no. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, you also have the right to delete your data, which you may exercise at any time by contacting the Company.

Deletion of data after 3 years of inactivity
For security reasons, if you have not visited our establishment for more than 3 years, your personal data will be deleted.

XI. Location of Data Storage and Transfers

The hosting servers on which the Company processes and stores your data on the site are located exclusively in the European Union.

The Company undertakes to inform you immediately, insofar as we are legally authorised to do so, in the event of a request from an administrative or judicial authority relating to your data.

XII. Security

As part of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Accordingly, and in compliance with the RGPD, the Company undertakes to take all necessary precautions to preserve the security of the data and in particular to protect it against any accidental or unlawful destruction, accidental loss, alteration, unauthorised distribution or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.

To this end, the Company implements industry-standard security measures to protect personal data from unauthorised disclosure. By using the encryption methods recommended by the digital industry, the Company takes the necessary measures to protect payment information, bearing in mind that the Company does not offer payment directly on site but uses an external service secured by our subcontractor D-EDGE.

Furthermore, in order to prevent any unauthorised access and to guarantee the accuracy and proper use of the data, the Company has put in place electronic and manual procedures to safeguard and preserve the data collected through its services.

Even so, no one can consider themselves completely safe from an attack by hackers. This is why, in the event of a security breach affecting you, the Company undertakes to inform you as soon as possible and to make its best efforts to take all possible measures to neutralise the intrusion and minimise its impact.

In the event that you suffer damage as a result of the exploitation of a security vulnerability by a third party, the Company undertakes to provide you with all necessary assistance so that you can assert your rights.

You should bear in mind that any user, customer or hacker who discovers a security vulnerability and exploits it is exposed to criminal sanctions and that the Company will take all measures, including filing a complaint and/or taking legal action, to preserve the data and rights of its users and its own and to limit the impact as far as possible.

Informing the User in the event of a security breach.
We undertake to implement all appropriate technical and organisational measures through physical and logistical means of security in order to guarantee an appropriate level of security with regard to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or even destruction of your personal data. In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or unauthorised access resulting in the risks identified above, we undertake to:

    • Notify you of the incident as soon as possible if this meets a legal requirement;
    • Examine the causes of the incident;
    • Take the necessary measures within reasonable limits in order to mitigate the negative effects and harm that may result from the said incident.
    • Limit liability

.

Under no circumstances may the commitments defined in the point above relating to notification in the event of a security breach be assimilated to any acknowledgement of fault or responsibility for the occurrence of the incident in question.

XIII. Responsibilities and Guarantees

Except in the case of force majeure, the Company guarantees the User, Consumer, Client, Professional the proper performance of its service in compliance with these General Terms and Conditions.

Any compensation owed by the Company to the User or to a third party as a result of the liability of the Company, its subsidiaries or its partners in respect of the performance of these General Terms and Conditions may not exceed the price paid by the User, Client, Professional or Consumer in return for the service(s) giving rise to said liability (e.g. the price of a room).

The Company does not systematically control the way in which its services are used, in particular the use of the equipment available in the room and the common areas, which remains the responsibility of the Client, Consumer or Professional.

Under no circumstances can the Company be held liable to third parties for any prejudice resulting from the use of the services on behalf of the User, Client, Consumer, Professional in any capacity whatsoever.

Responsibility of the User
The Customer, Consumer, Professional, User is solely responsible for the way in which it uses the room, the common areas and the equipment at its disposal in the context of the performance hereof.

The User, Customer, Consumer, Professional may be held liable for failure to comply with these General Terms and Conditions of Sale and Use, the confidentiality policy or any legal or regulatory provision or any provision resulting from an applicable international agreement.

The User, Customer, Consumer, Professional guarantees the Company against any prejudice, claim or recourse by third parties resulting from a breach, by the User, Customer, Consumer, Professional, of these General Terms and Conditions of Sale and Use as well as the Privacy Policy, of the Company or of any legal, regulatory provision or provision resulting from an applicable international convention.

XIV. Portability of Data

The Company undertakes to offer you the possibility of having all the data concerning you returned to you on simple request. In this way, the User is guaranteed greater control over his or her data and retains the possibility of re-using it. This data must be provided in an open and easily reusable format, directly into the hands of another data controller where this is desired and technically possible.

XV. Deletion of Data

Deletion of data on request.
The User, Customer, Consumer, Professional has the possibility of deleting his Data at any time, by simple request to the Company.

Deletion of a reservation in the event of a breach of the Privacy Policy
In the event of a breach of one or more of the provisions hereof or of any other document incorporated herein by reference, the Company reserves the right to cancel your booking without the possibility of a refund if payment has already been made.

XVI. Transfer of Data to Countries with an Equivalent Level of Protection

The Company undertakes to comply with applicable regulations relating to data transfers, even though the Company does not currently transfer data to foreign countries for almost all of its processing. Where necessary to provide our services, this is done as follows:

  • The Company transfers the personal data of its Users, Customers, Consumers, Professionals to countries recognised as offering an equivalent level of protection and recognised by the CNIL as having a sufficient level of protection.
  • The Company transfers the personal data of its Users, Clients, Consumers, Professionals to recipients that can present sufficient guarantees of RGPD compliance.
  • The Company only transfers the personal data of its Users, Clients, Consumers, Professionals with regard to what is strictly necessary for the purpose of the processing concerned, i.e. booking a room at the Hotel de Nice.

Currently, the only processing operations affected by this provision concern:

The reservation of services offered by the Company to the user who has decided to make a reservation via the subcontractor Booking.com from their website. Only the following data is transferred: CUSTOMER ID, email address, purchase amount, product description, email address, telephone number, postal address (if indicated), 16-digit credit card number and its validity date.

For a list of countries with a sufficient legal level: CNIL – Data protection around the world

XVII. Modification of the Privacy Policy

The Company reserves the right to change this Privacy Policy at any time, in particular in application of changes to the laws and regulations in force. Any changes will be notified to you via our website and/or by email, wherever possible at least thirty (30) days before they come into force. We recommend that you check these rules from time to time to remain informed of our procedures and rules concerning your personal information.

In the event of a change to these rules, the Company undertakes not to lower the level of confidentiality substantially without informing the persons concerned in advance.

XVIII. Applicable Law and Language

This Privacy Policy is governed by French law. This reference document is written in French. In the event that it is translated into one or more languages, only the French text will be deemed authentic in the event of a dispute. The nullity of a clause does not entail the nullity of the Confidentiality Policy. The temporary or permanent non-application of one or more clauses hereof by the Company shall not constitute a waiver on its part of the other clauses hereof, which shall continue to have effect.

XIX. Disputes and Assignment of Jurisdiction

Any dispute to which the Privacy Policy may give rise, in particular concerning its validity, interpretation and execution, their consequences and their aftermath shall be submitted to the competent courts within the jurisdiction of the city of Paris.

XX. Contact

Any questions regarding the Company’s Privacy Policy may be addressed by email to contact@hoteldenice.com or by sending a letter to the following address:

Hôtel de Nice, 42 bis Rue de Rivoli, 75004 Paris, France