Privacy policy
At Epona (hereinafter " EPONA " or the " Company"), we take your trust and the protection of your privacy very seriously
Our concern for transparency and our desire to fully meet your expectations have led us to adopt and implement this privacy policy.this policy is designed to protect the personal data we collect (hereinafter referred to as " Personal Data ") in the course of providing our services (accommodation, catering, etc.)., hereinafter referred to as the " Services ")
Describing the terms and conditions for the use and protection of Personal Data, this charter sets out the commitments we make to you on these subjects (hereinafter referred to as the "Charter"). (hereinafter referred to as the " Privacy Policy" or the " Charter ").
Scope of application
The Charter applies to all processing of Personal Data by EPONA
It covers both online data collection (via our websites or our application, etc.) and offline data collection, in particular as part of the programmes and events organised within our establishments
Collection and processing of Personal Data
- Concept of Personal Data
For the purposes of the Charter, Personal Data is any information collected and recorded in a format that allows you to be identified personally - directly or indirectly - as an individual
- Categories of Personal Data collected
During the process of reserving a Service, our forms invite you to provide various information, some of which - generally indicated by an asterisk - is compulsory as it is necessary to process your request and provide the requested service
In addition to this mandatory information, we also collect other data, which you agree to communicate to us or which we collect either by virtue of a legal obligation or in our legitimate interest
In particular, the following data is collected directly from you or via our facilities (websites, tools used within our facilities, etc.), concerning you or the people accompanying you
- Information relating to your civil status, your identity and your contact details;
- Information appearing on an identity document (national identity card, passport, etc.);
- Information about your children or accompanying persons;
- Information about your drinks, preferences (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of newspapers read, sports, cultural interests, food and drink preferences, etc.), hobbies, interests, household composition, etc. ;
- Your credit card details (for transaction and booking purposes);
- Your arrival and departure dates from the establishments;
- Your image and voice (as part of the surveillance of our establishments);
- Information about your browsing via our cookies and similar technologies used on our websites,
- Your answers to our questionnaires or satisfaction surveys, your questions/comments, during or following a stay in one of our establishments;
- Technical and/or location information generated as part of the use of our website and/or application
The collection of information on minors under the age of 16 is limited to their surname, first name, nationality and date of birth, which can only be provided to us by an adult. It is your responsibility to ensure that your children do not communicate any personal data to us (in particular via the Internet) without your permission. In the event of such transmission, you may contact our Personal Data Protection department to have this information deleted
- Collection of Personal Data:
Personal Data may be collected on various occasions and in particular during the following events
- Hotel activities
- Booking a room;
- Registration and payment;
- Stay at the Hotel and services offered in the area of the stay;
- Consumption at the Hotel bar or restaurant during a stay;
- Requests, complaints and/or disputes.
- Participation in marketing programmes or events
- Registration in loyalty programmes;
- Contribution to questionnaires or satisfaction surveys;
- On-line competitions or games;
- Subscription to newsletters or information lists in order to receive by e-mail offers and promotions relating to EPONA services or those of its partners.
- Transmission of information from third parties
- Tour operators, travel agencies (online or offline), reservation systems;
- Commercial partners.
- Internet activities
- Connection to the website (IP address, cookies and other connection data) ;
- Online information collection forms (online reservations, questionnaires, EPONA pages on social networks, connection devices using your social network identifiers, exchanges with a conversational agent or "chatbot").
Processing purposes and legal bases
The purposes for which we process your data, the legal bases for their processing and the associated retention period are presented in the summary table below
Purpose/Activity |
Legal basis for processing Process |
Retention period |
To fulfil our obligations to our customers |
|
10 years from the date of reservation, in accordance with our legal obligations |
To manage room reservations and accommodation requests, in particular to draw up and keep legal documents in accordance with accounting standards |
||
To manage your stay in our establishments
|
|
Corresponding to the duration of your stay in one of our establishments |
To manage the relationship with our customers before, during and after your stay
|
|
|
To improve our hotel service, in particular
|
Processing necessary for the performance of a contract to which you are a party in connection with the management of your loyalty programme membership |
|
To carry out cross-checks, analyses and combinations - via a trusted third party - of your data collected at the time of booking or during your stay, in order to determine your centres of interest, your customer profile and to enable us to send you personalised offers |
Processing necessary for the pursuit of our legitimate interest in promoting and improving our services, as well as carrying out direct marketing actions |
|
To improve the Company's services, in particular by
|
|
|
To secure and improve your use of the EPONA website and the Company's websites, in particular to allow
|
Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, carrying out IT, administration and network security services with the aim of preventing fraud |
13 months from the date of collection of the information |
Internal management of a list of customers who have behaved inappropriately or failed to comply with their contractual obligations (incidents of payment, aggression or incivility, failure to comply with the hotel contract, failure to comply with security rules, theft, damage or vandalism, etc.) during their stay with us.) during their stay in one of the Company's establishments |
Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, carrying out IT, administration and network security services with the aim of preventing fraud
|
|
To secure payment transactions by determining the level of fraud risk associated with each transaction. For this purpose, the Company and the hotels may use the services provided by the Company's or the group's risk prevention service provider to refine their analysis |
Processing necessary for the pursuit of our legitimate interest in ensuring the proper management of our business and preventing the risk of fraud |
|
Protecting people and property and combating non-payment |
Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, securing goods and persons and combating non-payment |
5 years from registration |
To use the services necessary to establish the identity of persons present in the Company's hotels in the event of serious events affecting the establishment concerned (natural disasters, attacks, etc.) |
Processing necessary to protect the vital interests of customers |
For the duration of the event |
To comply with any applicable legislation (e.g. retention of accounting documents), including with regard to
|
Processing required to comply with a legal obligation |
For the period set by the applicable legislation/regulations |
Information sharing - Conditions of access to your data by third parties
In order to provide you with complete satisfaction with our Services and to improve your customer experience, we may share your Personal Data with people inside and outside our Company
Internal recipients
This category of recipients is known as "Internal Recipients" and includes members of the Company's staff - including those of hôthis category of recipients is known as "Internal Recipients" and includes members of the Company's staff - including hospital staff - who are involved in enabling you to benefit from the Services offered by our establishments, namely :
- Hotel staff ;
- Reservation staff using EPONA reservation tools;
- Support services staff (such as IT, marketing and legal departments).
- specific recipients of personal data.
External recipients
Your data/information may, in order to ensure the proper performance of the Services you have requested from the Company's establishments as well as from third parties, be passed on to external recipients.tablishments and, more generally, to seek your full satisfaction by improving your experience, be communicated to third parties.
This category is known as "External Recipients"
- External service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, routers, printers.
- Commercial partners: Unless you notify our Personal Data Protection department to the contrary, the Company may enhance your profile by sharing certain information about you with its preferred commercial partners. In this case, your data may be cross-checked, analysed and combined via a trusted third party. This processing will enable the Company and its preferred contractual partners to determine your centres of interest and your customer profile in order to enable us to send you personalised offers.
- Social networking sites: the Company reserves the right to set up a system for connecting to its Internet sites via social networks in order to enable its customers to identify themselves easily on the said sites, without necessarily having to complete a registration form. any connection by you via this system will constitute explicit authorisation given to the Company to access the public data in your account for the social network concerned (e.g. Facebook, LinkedIn, Google, Instagram, etc.). facebook, LinkedIn, Google, Instagram, etc.), as well as any other data mentioned when using this social network connection system. The Company may also communicate your e-mail address, in a secure manner, to social networks in order to find out whether you are already a user of one of these networks.the Company may also communicate your e-mail address, in a secure manner, to social networks in order to find out whether you are already a user of one of these social networks and, if so, to display relevant personalised advertising on the said social network account(s).
Administrative and judicial authorities
Your data may also be communicated to administrative and judicial authorities insofar as such communication/disclosure is legally required in the context ofan investigation (administrative or judicial), a lawsuit, a governmental request, a legal order, the enforcement of legal rights (such as intellectual property rights, etc.), a matter relating to the protection of personal data (such as the right to access, rectify, correct or delete personal data), or a matter relating to the protection of personal data (such as the right to privacy).), anti-money laundering, security or similar legal or security issues
Transmissions of data in this context will be limited to what is reasonably necessary in the circumstances of the case
Cookies and other tracers
Our Company uses cookies on its websites to collect browsing data
What are cookies?
Cookies are small files stored on your terminal (computer, tablet, smartphone, etc.) when you visit a website or view an advertisement. Their main purpose is to collect and analyse information about the terminal you are using and the sites you visit, in order to provide you with personalised services or make your browsing easier
How long does a cookie last?
With the exception of technical cookies, the storage of cookies on your terminal requires your consent. This consent will be considered valid for a period of 13 months
What categories of cookies are used on our sites?
Subject to your choices resulting from the settings of the browser software you used when visiting our websites - which you can change at any time - the cookies we issue are used for the purposes listed below
What categories of cookies are used on our websites?
Technical cookies
These cookies are necessary for browsing and for the smooth operation of the websites. Without them, the site will not function properly. These cookies enable us, for example, to adapt the presentation of our sites to the display preferences of your terminal (language used, display resolution), to memorise passwords and other information relating to a form that you have filled in on the sites (registration or connection to your account)
Statistical cookies
These cookies make it possible to compile statistics and volumes of visits to and use of the various elements that make up our websites (sections and content visited, route taken, visiting time), enabling us to improve the interest and ergonomics of our services
Social network cookies
These cookies enable our content to be shared with other people on social networks such as Facebook, X, LinkedIn, etc. Even if you have not used these sharing buttons or the associated applications, your social networks can track your browsing if your account is active or a session is opened on your terminal during your browsing. If you do not want the social network to link the information collected via our sites to your user account, you must disconnect from the social network before using our websites
Advertising cookies
This category includes cookies used to display advertisements or send you information tailored to your interests on or off our sites, when you are browsing the Internet. They are used in particular to measure the effectiveness of an advertising campaign
Cookie management: acceptance or refusal
You may choose to deactivate the various cookies mentioned above at any time. Please note that you can accept or refuse cookies on a case-by-case basis or systematically refuse them once and for all. You can change your mind at any time by clicking on the appropriate button directly on our sites
Data transfers outside the European Union
If the processing of your data were to involve a transfer outside the European Union, this would only be carried out in return for appropriate guarantees
Data security
The Company implements appropriate means to preserve the security and confidentiality of data, through physical and logical protection procedures, including data encryption
Your rights
In accordance with the provisions of the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation (2016/679), you have the following rights as a "data subject"
- The right to obtain information and access, within the framework of the applicable legal provisions, to the Personal Data that our Company collects about you.
- The right to have your data rectified, erased or the processing thereof restricted.
- The right to the portability of your data as well as the right to define instructions for the processing of your data after your death.
- The right to object to the processing of your data, and in particular to your data relating to your stays, preferences and satisfaction being shared between our Company's establishments.
- the right to lodge a complaint with a regulatory authority, namely in France the CNIL (https://www.cnil.fr/fr/plaintes);
Any of these rights may be exercised at any time, by e-mail sent to sens@eponahotels.fr or by post sent to the following address
EPONA - DPO DEPARTMENT
26, rue de Montevideo
75116 Paris, France
In order to ensure the confidentiality and protection of your Personal Data, we may have to identify you beforehand in order to investigate and respond to your request. In this context, if we have reasonable doubts about your identity, we may ask you to provide a copy of an official identity document (identity card or passport) in support of your request
All requests sent to the Data Protection Officer will be processed by the Company as quickly as possible and in accordance with applicable law
Contact details for our Data Protection Officer (DPO)
If you have any questions or complaints either about the Privacy Policy or about the Company's processing of your Personal Data, you can contact the Company's Data Protection Officer (DPO).data Protection Officer by e-mail to sens@eponahotels.fr or by post to the following address:
EPONA - DPO DEPARTMENT
26, rue de Montevideo
75116 Paris, France
UPDATES
The present Charter(version dated 16/07/2024) may be modified and updated by our Company without prior notice or information
We invite you to consult our Privacy Policy regularly, especially when making a reservation at one of our hotels