Privacy policy

At Epona (hereinafter " EPONA " or the " Company"), we take your trust and the protection of your privacy very seriously
Our concern for transparency and our desire to fully meet your expectations have led us to adopt and implement this privacy policy.this policy is designed to protect the personal data we collect (hereinafter referred to as " Personal Data ") in the course of providing our services (accommodation, catering, etc.)., hereinafter referred to as the " Services ")
Describing the terms and conditions for the use and protection of Personal Data, this charter sets out the commitments we make to you on these subjects (hereinafter referred to as the "Charter"). (hereinafter referred to as the " Privacy Policy" or the " Charter ").

Scope of application

The Charter applies to all processing of Personal Data by EPONA
It covers both online data collection (via our websites or our application, etc.) and offline data collection, in particular as part of the programmes and events organised within our establishments

Collection and processing of Personal Data

  • Concept of Personal Data

For the purposes of the Charter, Personal Data is any information collected and recorded in a format that allows you to be identified personally - directly or indirectly - as an individual

  • Categories of Personal Data collected

During the process of reserving a Service, our forms invite you to provide various information, some of which - generally indicated by an asterisk - is compulsory as it is necessary to process your request and provide the requested service
In addition to this mandatory information, we also collect other data, which you agree to communicate to us or which we collect either by virtue of a legal obligation or in our legitimate interest
In particular, the following data is collected directly from you or via our facilities (websites, tools used within our facilities, etc.), concerning you or the people accompanying you

  • Information relating to your civil status, your identity and your contact details;
  • Information appearing on an identity document (national identity card, passport, etc.);
  • Information about your children or accompanying persons;
  • Information about your drinks, preferences (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of newspapers read, sports, cultural interests, food and drink preferences, etc.), hobbies, interests, household composition, etc. ;
  • Your credit card details (for transaction and booking purposes);
  • Your arrival and departure dates from the establishments;
  • Your image and voice (as part of the surveillance of our establishments);
  • Information about your browsing via our cookies and similar technologies used on our websites,
  • Your answers to our questionnaires or satisfaction surveys, your questions/comments, during or following a stay in one of our establishments;
  • Technical and/or location information generated as part of the use of our website and/or application

The collection of information on minors under the age of 16 is limited to their surname, first name, nationality and date of birth, which can only be provided to us by an adult. It is your responsibility to ensure that your children do not communicate any personal data to us (in particular via the Internet) without your permission. In the event of such transmission, you may contact our Personal Data Protection department to have this information deleted

  • Collection of Personal Data:

Personal Data may be collected on various occasions and in particular during the following events

  • Hotel activities
    • Booking a room;
    • Registration and payment;
    • Stay at the Hotel and services offered in the area of the stay;
    • Consumption at the Hotel bar or restaurant during a stay;
    • Requests, complaints and/or disputes.
  • Participation in marketing programmes or events
    • Registration in loyalty programmes;
    • Contribution to questionnaires or satisfaction surveys;
    • On-line competitions or games;
    • Subscription to newsletters or information lists in order to receive by e-mail offers and promotions relating to EPONA services or those of its partners.
  • Transmission of information from third parties
    • Tour operators, travel agencies (online or offline), reservation systems;
    • Commercial partners.
  • Internet activities
    • Connection to the website (IP address, cookies and other connection data) ;
    • Online information collection forms (online reservations, questionnaires, EPONA pages on social networks, connection devices using your social network identifiers, exchanges with a conversational agent or "chatbot").

Processing purposes and legal bases

The purposes for which we process your data, the legal bases for their processing and the associated retention period are presented in the summary table below

Purpose/Activity

Legal basis for processing Process

Retention period

To fulfil our obligations to our customers
  • Processing necessary for the performance of contractual measures or the performance of a contract to which you are a party (hotel contract, etc.).
  • Processing necessary to comply with a legal obligation.
  • Processing necessary for the pursuit of our legitimate interest in ensuring the proper management of our business and the supply of the services and products requested.

10 years from the date of reservation, in accordance with our legal obligations

To manage room reservations and accommodation requests, in particular to draw up and keep legal documents in accordance with accounting standards

To manage your stay in our establishments

  • Managing access to rooms
  • Tracking your consumption (telephone, bar, optional services, etc.).
  • Processing necessary for the performance of a contract to which you are a party (hotel contract, etc.).
  • Processing necessary for the pursuit of our legitimate interest in ensuring the proper management of our business and the supply of the services and products requested.

Corresponding to the duration of your stay in one of our establishments

To manage the relationship with our customers before, during and after your stay

  • Management of a loyalty programme
  • Qualification of the customer database
  • Segmentation operations based on booking history and your travel habits with a view to sending targeted communications, in compliance with the obligations arising from the European ePrivacy Directive (2002/58/EC)
  • Forecasting and anticipating future customer behaviour
  • Drawing up statistics and commercial scores and reporting actions
  • Provide contextual data to marketing tools (in particular when a customer visits our website or makes a reservation)
  • Knowing and managing customer preferences (loyal or not)
  • Send customers communications (newsletters, etc.) and service or promotional offers (hotel or service offers, tourism offers, promotional offers, offers from the Company's partners) or contact them by telephone.
  • Establishment of financial statistics concerning customers
  • Processing necessary for the performance of a contract to which you are a party (hotel contract) and for the management of your loyalty programme membership.
  • Processing necessary for the pursuit of our legitimate interest consisting of ensuring (i) the proper management of our business and the supply of the services and products requested and (ii) promoting and improving our services and/or products.
  • Processing based on your consent for direct marketing purposes.
  • If you are not a member of our loyalty programme: 3 years from the date on which you were last active, in any way whatsoever, with our Company.
  • If you are a member of the loyalty programme: 6 years from the date on which you were last active with our Company in any way.

To improve our hotel service, in particular

  • Personalising your welcome to the hotel, improving the quality of service and customer experience
  • Process your Personal Data in our customer marketing programme, in order to carry out marketing, promotional and/or brand operations by gaining a better understanding of your needs and wishes
  • Adapt our services and products in order to respond optimally to your requests
  • To personalise our commercial offers and our relational/promotional messages for you
  • To inform you of special offers and any new services deployed by EPONA, one of its sister companies or one of its partners.

Processing necessary for the performance of a contract to which you are a party in connection with the management of your loyalty programme membership
Processing necessary for the pursuit of our legitimate interest in promoting our services, carrying out direct marketing actions and improving our Services
  • If you are not a member of our loyalty programme:3 years from the date on which you were last active, in any way whatsoever, with our Company and, in any event, until you exercise your right to object or withdraw your consent
  • If you are a member of the loyalty programme: 6 years from the date on which you were last active with our Company in any way whatsoever.

To carry out cross-checks, analyses and combinations - via a trusted third party - of your data collected at the time of booking or during your stay, in order to determine your centres of interest, your customer profile and to enable us to send you personalised offers

Processing necessary for the pursuit of our legitimate interest in promoting and improving our services, as well as carrying out direct marketing actions
  • If you are not a member of our loyalty programme:3 years from the date on which you were last active, in any way whatsoever, with our Company and, in any event, until you exercise your right to object or withdraw your consent.
  • If you are a member of the loyalty programme: 6 years from the date on which you were last active with our Company in any way whatsoever.

To improve the Company's services, in particular by

  • Carrying out surveys, studies and analyses of questionnaires and customer comments;
  • Managing complaints;
  • Offering benefits as part of the Company's loyalty programme.
  • Processing necessary for the performance of a contract to which you are a party (hotel contract) and for the management of your loyalty programme membership.
  • Processing necessary to pursue our legitimate interest in promoting and improving our services, as well as to carry out direct marketing actions (taking into account your commercial relationship with our Company).
  • If you are not a member of our loyalty programme :3 years from the date on which you were last active, in any way whatsoever, with our Company and, in any event, until you exercise your right to object or withdraw your consent
  • If you are a member of the loyalty programme: 6 years from the date on which you were last active with our Company in any way whatsoever.

To secure and improve your use of the EPONA website and the Company's websites, in particular to allow

  • Improve navigation,
  • Assistance and maintenance,
  • Implementation of security and fraud prevention measures.

Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, carrying out IT, administration and network security services with the aim of preventing fraud

13 months from the date of collection of the information

Internal management of a list of customers who have behaved inappropriately or failed to comply with their contractual obligations (incidents of payment, aggression or incivility, failure to comply with the hotel contract, failure to comply with security rules, theft, damage or vandalism, etc.) during their stay with us.) during their stay in one of the Company's establishments

Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, carrying out IT, administration and network security services with the aim of preventing fraud

 
  • 5 years from the termination of the hotel contract.
  • In the event of unpaid invoices: 5 years from the due date of the unpaid invoice and 48 hours after the effective full settlement of the unpaid invoice.

To secure payment transactions by determining the level of fraud risk associated with each transaction. For this purpose, the Company and the hotels may use the services provided by the Company's or the group's risk prevention service provider to refine their analysis

Depending on the results of the analyses carried out, the Company may take security measures, in particular requesting the customer to use another reservation channel or another payment method. The effect of these measures will be to suspend the execution of the booking or, if the result of the analysis does not guarantee the security of the order, to cancel it. Fraudulent use of a means of payment resulting in a payment default may result in the customer being entered in the Company's incident file, which may lead the Company to block future payments or carry out additional checks

Processing necessary for the pursuit of our legitimate interest in ensuring the proper management of our business and preventing the risk of fraud
  • 90 days for analysis and control purposes, then 2 years in a separate database for the purpose of improving the operation of the system.
  • In the event of registration in the incident file, 5 years from the date of registration or until the situation is regularised, whichever comes first.

Protecting people and property and combating non-payment
In this context, hotels have a function enabling them to register in the category of "inoperative" customers any customer with inappropriate behaviour corresponding to the following categories: payment incidents, assaults and incivilities, non-compliance with the hotel contract, non-compliance with security rules, theft, damage and vandalism.
The status of "inoperative" may lead the hotel to refuse to accept the guest's reservation if he or she is in breach of the hotel contract.servation to the customer when he/she returns to the same hotel or any other of the Company's establishments.

Processing necessary for the pursuit of our legitimate interest consisting of ensuring the proper management of our activities, securing goods and persons and combating non-payment

5 years from registration

To use the services necessary to establish the identity of persons present in the Company's hotels in the event of serious events affecting the establishment concerned (natural disasters, attacks, etc.)

Processing necessary to protect the vital interests of customers

For the duration of the event

To comply with any applicable legislation (e.g. retention of accounting documents), including with regard to

  • The management of requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys.
  • Managing requests from data subjects for protection of their personal data.

Processing required to comply with a legal obligation

For the period set by the applicable legislation/regulations

Information sharing - Conditions of access to your data by third parties

In order to provide you with complete satisfaction with our Services and to improve your customer experience, we may share your Personal Data with people inside and outside our Company

Internal recipients

This category of recipients is known as "Internal Recipients" and includes members of the Company's staff - including those of hôthis category of recipients is known as "Internal Recipients" and includes members of the Company's staff - including hospital staff - who are involved in enabling you to benefit from the Services offered by our establishments, namely :

  • Hotel staff ;
  • Reservation staff using EPONA reservation tools;
  • Support services staff (such as IT, marketing and legal departments).
  • specific recipients of personal data.

External recipients

Your data/information may, in order to ensure the proper performance of the Services you have requested from the Company's establishments as well as from third parties, be passed on to external recipients.tablishments and, more generally, to seek your full satisfaction by improving your experience, be communicated to third parties.

This category is known as "External Recipients"

  • External service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, routers, printers.
  • Commercial partners: Unless you notify our Personal Data Protection department to the contrary, the Company may enhance your profile by sharing certain information about you with its preferred commercial partners. In this case, your data may be cross-checked, analysed and combined via a trusted third party. This processing will enable the Company and its preferred contractual partners to determine your centres of interest and your customer profile in order to enable us to send you personalised offers.
  • Social networking sites: the Company reserves the right to set up a system for connecting to its Internet sites via social networks in order to enable its customers to identify themselves easily on the said sites, without necessarily having to complete a registration form. any connection by you via this system will constitute explicit authorisation given to the Company to access the public data in your account for the social network concerned (e.g. Facebook, LinkedIn, Google, Instagram, etc.). facebook, LinkedIn, Google, Instagram, etc.), as well as any other data mentioned when using this social network connection system. The Company may also communicate your e-mail address, in a secure manner, to social networks in order to find out whether you are already a user of one of these networks.the Company may also communicate your e-mail address, in a secure manner, to social networks in order to find out whether you are already a user of one of these social networks and, if so, to display relevant personalised advertising on the said social network account(s).

Administrative and judicial authorities

Your data may also be communicated to administrative and judicial authorities insofar as such communication/disclosure is legally required in the context ofan investigation (administrative or judicial), a lawsuit, a governmental request, a legal order, the enforcement of legal rights (such as intellectual property rights, etc.), a matter relating to the protection of personal data (such as the right to access, rectify, correct or delete personal data), or a matter relating to the protection of personal data (such as the right to privacy).), anti-money laundering, security or similar legal or security issues

Transmissions of data in this context will be limited to what is reasonably necessary in the circumstances of the case

Cookies and other tracers

Our Company uses cookies on its websites to collect browsing data

What are cookies?

Cookies are small files stored on your terminal (computer, tablet, smartphone, etc.) when you visit a website or view an advertisement. Their main purpose is to collect and analyse information about the terminal you are using and the sites you visit, in order to provide you with personalised services or make your browsing easier

How long does a cookie last?

With the exception of technical cookies, the storage of cookies on your terminal requires your consent. This consent will be considered valid for a period of 13 months

What categories of cookies are used on our sites?


Subject to your choices resulting from the settings of the browser software you used when visiting our websites - which you can change at any time - the cookies we issue are used for the purposes listed below

What categories of cookies are used on our websites?

Technical cookies

These cookies are necessary for browsing and for the smooth operation of the websites. Without them, the site will not function properly. These cookies enable us, for example, to adapt the presentation of our sites to the display preferences of your terminal (language used, display resolution), to memorise passwords and other information relating to a form that you have filled in on the sites (registration or connection to your account)

Statistical cookies

These cookies make it possible to compile statistics and volumes of visits to and use of the various elements that make up our websites (sections and content visited, route taken, visiting time), enabling us to improve the interest and ergonomics of our services

Social network cookies

These cookies enable our content to be shared with other people on social networks such as Facebook, X, LinkedIn, etc. Even if you have not used these sharing buttons or the associated applications, your social networks can track your browsing if your account is active or a session is opened on your terminal during your browsing. If you do not want the social network to link the information collected via our sites to your user account, you must disconnect from the social network before using our websites

Advertising cookies

This category includes cookies used to display advertisements or send you information tailored to your interests on or off our sites, when you are browsing the Internet. They are used in particular to measure the effectiveness of an advertising campaign

Cookie management: acceptance or refusal


You may choose to deactivate the various cookies mentioned above at any time. Please note that you can accept or refuse cookies on a case-by-case basis or systematically refuse them once and for all. You can change your mind at any time by clicking on the appropriate button directly on our sites

Data transfers outside the European Union

If the processing of your data were to involve a transfer outside the European Union, this would only be carried out in return for appropriate guarantees

Data security

The Company implements appropriate means to preserve the security and confidentiality of data, through physical and logical protection procedures, including data encryption

Your rights

In accordance with the provisions of the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation (2016/679), you have the following rights as a "data subject"

  • The right to obtain information and access, within the framework of the applicable legal provisions, to the Personal Data that our Company collects about you.
  • The right to have your data rectified, erased or the processing thereof restricted.
  • The right to the portability of your data as well as the right to define instructions for the processing of your data after your death.
  • The right to object to the processing of your data, and in particular to your data relating to your stays, preferences and satisfaction being shared between our Company's establishments.
  • the right to lodge a complaint with a regulatory authority, namely in France the CNIL (https://www.cnil.fr/fr/plaintes);

Any of these rights may be exercised at any time, by e-mail sent to sens@eponahotels.fr or by post sent to the following address

EPONA - DPO DEPARTMENT
26, rue de Montevideo
75116 Paris, France

In order to ensure the confidentiality and protection of your Personal Data, we may have to identify you beforehand in order to investigate and respond to your request. In this context, if we have reasonable doubts about your identity, we may ask you to provide a copy of an official identity document (identity card or passport) in support of your request

All requests sent to the Data Protection Officer will be processed by the Company as quickly as possible and in accordance with applicable law

Contact details for our Data Protection Officer (DPO)

If you have any questions or complaints either about the Privacy Policy or about the Company's processing of your Personal Data, you can contact the Company's Data Protection Officer (DPO).data Protection Officer by e-mail to sens@eponahotels.fr or by post to the following address:

EPONA - DPO DEPARTMENT
26, rue de Montevideo
75116 Paris, France

UPDATES

The present Charter(version dated 16/07/2024) may be modified and updated by our Company without prior notice or information

We invite you to consult our Privacy Policy regularly, especially when making a reservation at one of our hotels

Subscribe to our newsletter

Receive our newsletter and be the first to know about our exclusive offers, events and news.

* Required fields

The information collected on this form that concerns you is solely intended for the treatment of your request. The maximum conservation time for your personal data is 3 years. You have the right of accessibility of this data, rectification, portability, deletion or limitation of further treatment of this data. You may object to the processing of your data and have the right to withdraw your consent at any time by contacting us directly. You also have the possibility to lodge a complaint with a supervisory authority if you consider that this processing of personal data does not meet the legal requirements in force.

Epona Sens - 97 rue de la République, 89100 Sens
- sens@eponahotels.fr
Quick Response Code