1. SCOPE OF APPLICATION

In this policy, the terms "Colette Hôtel", "Hôtel" or "Company" refer to :

SAS VIET GOURMET, the company operating Colette Hôtel. located at 22, rue Mazagran 79000 Niort and whose website is https://www.colettehotelniort.com

The purpose of this Data Protection Policy is to provide you with simple, clear and complete information on how Colette Hôtel handles the personal information you provide to us.

2. OUR DATA PROTECTION PRINCIPLES

In accordance with the current regulations, especially the General Data Protection Regulation (GDPR) adopted in Europe, we have established the following principles for the processing of your data within our Hotel:

• Lawfulness: We only use personal data if:

o We have obtained the consent of the individual,

o OR it is necessary for the performance of a contract to which the individual is a party,

o OR it is necessary to comply with a legal obligation,

o OR to protect your vital interests in very limited cases,

o OR we pursue a legitimate interest in using personal data, and this use does not infringe upon the freedoms and interests of the individual.

• Fairness: We explain as clearly as possible what we do with the data.

• Specific Purposes and Data Minimization: We only collect the personal data that is genuinely necessary. If we can achieve the same result using less personal data, then we ensure that only that minimal data is used.

• Transparency: We inform the individuals concerned about how we use their data. We facilitate the exercise of their rights by the individuals concerned.

• Retention Periods: We only retain personal data for limited periods.

• We ensure the security of personal data, meaning its integrity and confidentiality.

• If a third party needs to use personal data, we ensure that the third party is capable of protecting the personal data.

• If personal data needs to be transferred outside the European Union, we ensure that such transfers are covered by appropriate legal mechanisms.

• If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify this breach to the competent data protection authorities and the individuals concerned, if the breach is likely to result in high risks for the rights and freedoms of individuals.

3. WHAT PERSONAL DATA IS COLLECTED?

At various times, we may collect information about you or the people accompanying you, including :

- contact details (e.g. surname, first name, telephone number, e-mail) - personal information (e.g. date of birth, nationality)

- information about your children (e.g. first name, date of birth, age)

- your credit card number, (for transaction and booking purposes); information contained on an identity document (e.g. identity card, passport or driving license)

- your arrival and departure dates

- your preferences and interests (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of newspapers read, sports, cultural interests, food and drink preferences, etc.).

- your questions/comments, during or following a stay in one of our branded establishments

- technical and location information generated in the course of using our websites and applications. In order to satisfy your requests or provide you with the appropriate service (e.g. a specific diet) we may need to collect sensitive information, including certain details about your health. In such cases, we will only collect this data with your express prior consent.

4. FOR WHAT PURPOSES IS YOUR DATA COLLECTED AND FOR HOW LONG IS IT STORED?

Purpose: Managing room and accommodation reservations

Legal Basis: Processing necessary for the performance of the contract between us

Retention Period: 3 years from the date you were last active with us, in any way, for the last time

Purpose: Completing the police registration form if you are a foreigner

Legal Basis: Legal obligation

Retention Period: 6 months

Purpose: Completing the check-in form upon your arrival at the hotel

Legal Basis: Execution of the contract

Retention Period: 3 years from the date you were last active with us, in any way, for the last time

Purpose: Managing various services offered during your stay (spa reservations, ski pass sales, etc.)

Legal Basis: Execution of the contract, Consent

Retention Period: Duration of your stay

Purpose: Sending satisfaction surveys or gathering your feedback on your stay and comments thereafter

Legal Basis: Consent

Retention Period: 3 years from the date you were last active with us, in any way, for the last time

Purpose: Sending newsletters, promotions, and tourist, hotel, or service offers, and/or contacting you by phone

Legal Basis: Consent

Retention Period: 3 years from the date you were last active with us, in any way, for the last time

Purpose: Personalizing the customer's welcome at the hotel, improving the quality of your service and experience

Legal Basis: Processing necessary for the performance of the contract between us

Retention Period: 3 years from the date you were last active with us, in any way, for the last time

Purpose: Handling complaints

Legal Basis: Legal obligation

Retention Period: 6 years from the date of closing your file in the context of a complaint or claim

Purpose: Securing and improving your use of the hotel's websites, including navigation improvement, assistance, maintenance, and implementation of security measures and fraud prevention

Legal Basis: Processing necessary for pursuing our legitimate interest in managing our activities, providing IT services, network administration, and security to prevent fraud.

Retention Period: 13 months from the date of information collection

Purpose: Securing property and individuals and combating non-payments - Video surveillance

Legal Basis: Processing necessary for pursuing our legitimate interest in managing our activities, securing property and individuals, and combating non-payments.

Retention Period: 30 days

Purpose: Using necessary services to identify people present in the hotel, especially in the event of serious incidents affecting the establishment (natural disasters, attacks, etc.)

Legal Basis: Processing necessary for protecting the vital interests of clients.

Retention Period: For the entire duration of the event.

Purpose: Complying with any applicable legislation, including: Managing requests to unsubscribe from newsletters, promotions, tourist offers, and satisfaction surveys, Managing requests from individuals regarding the protection of their personal data, Retention of accounting documents

Legal Basis: Processing necessary for compliance with a legal obligation.

Retention Period: For the duration specified in the applicable legislation.

5. CONDITIONS OF ACCESS BY THIRD PARTIES TO YOUR PERSONAL DATA

We need to share your personal data with internal and external recipients, under the following conditions. We share your data with a limited number of authorized individuals and departments within our Hotel, in order to provide you with the best possible experience in our Hotel. The following teams may access your data:

- Hotel staff

- Reservation staff using reservation tools

- IT departments

- Business partners and marketing departments

- Medical services, where applicable

- With service providers and partners: your personal data may be passed on to third parties in order to provide you with services and improve your stay, including IT subcontractors, banks, credit card issuers, external lawyers, routers and printers.

- Local authorities: we may also transmit your information to local authorities, if required by law or as part of an investigation and in accordance with local regulations.

6. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

For the purposes indicated in article 5, the Hotel endeavors to keep your personal data in France, or at least within the European Economic Area (EEA). Where we transfer your personal data to recipients outside the EEA, we guarantee that the transfer is made: - Either to a country ensuring an adequate level of protection, i.e. a level of protection equivalent to what European regulations require - Or the transfer is governed by standard contractual clauses Flows to the United States may also be made to entities that have joined the Privacy Shield program.

7. DATA SECURITY

The Hotel takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular Article 32 of the RGPD), to protect your personal data against destruction, loss or alteration, misuse and unauthorized access, modification or disclosure, whether such actions are unlawful or accidental. To this end, we have put in place technical measures (such as firewalls) and organizational measures (such as a login/password system, physical safeguards, etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. When you transmit credit card information when booking, SSL (Secure Socket Layer) encryption technology is used to secure your transactions. Organizational measures ensure secure processing.

8. COOKIES AND OTHER TRACKERS

What is a cookie? A cookie is a small text file stored in the browser directories of your computer, tablet or cell phone. Cookies can be deposited on your device when you visit a website, and can serve a number of purposes, such as ensuring the smooth operation of websites and obtaining information about visitor habits. When browsing the L'Hôtels website, you can decide whether or not to allow cookies to be deposited on your computer.How to configure cookies? You can configure cookies directly via your Internet browser and, depending on the type of browser used, you can choose whether to systematically refuse cookies during browsing or to authorize them on a case-by-case basis. To find out how to configure your browser, visit the dedicated page on the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

9. YOUR RIGHTS

You have the right to obtain information and access to your personal data collected by the Hotel, subject to applicable legal provisions. You also have the right to have your data rectified, erased, or its processing limited. Additionally, you have the right to data portability and the right to define instructions for the processing of your data after your death. You may also object to the processing of your data, particularly object to the sharing of data related to your stays, preferences, and satisfaction with other establishments. If you wish to exercise these rights, please contact the department responsible for personal data via email at colettehotel79@gmail.com or by writing to the following address:

SAS VIET GOURMET

Galerie N°40 et 41 Centre Commercial 4 Ânes

17300 Rochefort, France

In order to ensure confidentiality and protection of your personal data, we will need to identify you to respond to your request. Therefore, if there are reasonable doubts about your identity, you may be asked to provide a copy of an official identification document (ID card, driver's license, passport) to support your request.

You can also exercise your rights regarding your personal data held and processed by a hotel as the data controller. For this purpose, you must directly contact that hotel. For any assistance in your procedures, please write to the Department for Personal Data Protection at colettehotel79@gmail.com or at the postal address mentioned above.

If you believe that your rights have not been respected or that a response provided by the Hotel is not satisfactory, you have the right to file a complaint with the CNIL (French data protection authority).

10. UPDATES

We may modify this policy from time to time and we invite you to consult it regularly, particularly when you make a reservation.

11. CONTACT

If you have any questions about the Hotel's personal data policy, please contact the Personal Data Protection Department (see "Your rights").