1. Our commitment
2. The scope
3. Our principles regarding the protection of your personal data
4. What personal data is collected?
5. For what purposes is your data collected and for how long is it kept?
6. Conditions of access by third parties to your personal data
7. The protection of your personal data during international transfers
8. Data security
9. Cookies and other tracers
10. Your rights
11. Updates
12. Questions and contacts

1. OUR COMMITMENT

Our ambition: to set the hotel industry in motion in order to grow together. Our goal is to set our offer in motion by breaking down the barriers between experiences serving the desires and aspirations of traveler customers, looking for your satisfaction. As part of our commitment, we present our policy related to the protection of your personal data. This policy describes our use of these sensitive information and the procedures and measures implemented by our Group to guarantee that your rights are respected.

2. THE SCOPE

In this policy, the terms "INDEVHO", "Group" or "Company" mean:

The company INDEVHO SAS, a company providing hotel management and having its registered office at the Domaine de la vallée verte Rue de la Vallée verte Bâtiment Bourbon 1 - 13011 MARSEILLE
The hotel establishments managed by INDEVHO, regardless of the brand under which the hotel is operated. This list of hotels is regularly updated on the site www.indevho.com/fr

The purpose of this Data Protection Policy is to provide you with simple, clear and complete information on how INDEVHO processes the personal information that you transmit to us.

INDEVHO: hotels in motion!

INDEVHO is a player at the service of investment and hotel development. As such, we inform you that the hotel in which you book is not the property of the company INDEVHO. Most hotels are in fact operated under a management mandate concluded between the hotel owner and INDEVHO. This is why, when you stay in one of these hotels, your personal data is processed both by INDEVHO and by the hotel.

To summarize :

INDEVHO processes your data because it is in charge of the management of the central reservation system which allows INDEVHO to collect the data necessary for the organization of your stays and to communicate this data to the hotels concerned.
Each hotel processes your data to manage its contractual relationship with you (invoicing, payment, booking management, etc.), to carry out marketing activities and to comply with its legal obligations. INDEVHO has communicated the principles set out in this policy to all the hotels it manages and to their respective managers. We will do everything in our power to ensure that all hotels comply with applicable data protection laws and this policy.

3. OUR PRINCIPLES IN THE PROTECTION OF YOUR PERSONAL DATA

In accordance with the regulations in force, in particular the General Data Protection Regulations adopted in Europe, we have established the following principles for the processing of your data within our Group:

Legality: we only use personal data if:
- o we have obtained the customer's consent,
- OR o this is necessary for the performance of a contract to which the person is a party,
- OR o this is necessary for compliance with a legal obligation,
- OR o to safeguard your vital interests in very limited cases,
- OR o we pursue a legitimate interest by using personal data and this use does not affect the liberties and interests of the person.
Loyalty: we explain as clearly as possible what we do with the data.
Determined purposes and minimization of data: we only collect personal data that we really need. If we can achieve the same result by using less personal data, then we make sure to use only that personal data.
Transparency: we inform data subjects of how we use their data.
We facilitate the exercise of their rights by data subjects.
Retention periods: we only store personal data for limited periods.
We ensure the security of personal data, that is to say their integrity and confidentiality.
If a third party has to use personal data, we ensure that that third party is able to protect personal data.
If personal data must be transferred outside the European Union, we ensure that this transfer is framed by the appropriate legal systems.
If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify this violation to the competent data protection authorities and to the persons concerned, if the violation is likely to generate high risks for the rights and freedoms of individuals .

4. WHAT PERSONAL DATA IS COLLECTED?

At various times, we are required to collect information about you or the people accompanying you, including:

contact details (for example surname, first name, telephone number, email)
personal information (e.g. date of birth, nationality)
information about your children (e.g. first name, date of birth, age)
your credit card number, (for transaction and reservation purposes)
information on an identity document (eg identity card, passport or driving license)
your arrival and departure dates
your preferences and interests (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of print media read, sports, cultural interests, food and drink preferences, etc.)
your questions / comments, during or following a stay in one of the establishments under a brand
technical and localization information generated in connection with the use of our websites and applications. In order to satisfy your requests or provide you with the appropriate service (for example a specific diet) we may be required to collect sensitive information, in particular certain details on your health. In this case, we will only collect this data with your prior express consent.

5. FOR WHAT PURPOSES IS YOUR DATA COLLECTED AND FOR WHAT TIME ARE THEY SAVED?

Objective(s)	Basis for processing	The duration of the conversation
Managing room and accommodation reservations	Processing necessary for the performance of the contract binding us	3 years from the date you were last active with us in any way.
Completing the police form if you are a foreigner	Legal obligation	6 months
Completing the check-in form upon arrival at the hotel	Execution of the contract	3 years from the date you were last active with us in any way.
Management of the various services offered during your stay (reservation at the spa, sale of ski pass, etc.)	Execution of the contract	Consent Duration of your stay
Sending of satisfaction questionnaire or to collect your expectations on your stay and your comments following it	Consent	3 years from the date you were last active with us in any way.
Sending you newsletters, promotions and tourist, hotel or service offers and / or contact you by phone	Consent	3 years from the date you were last active with us in any way.
Personalizing customer reception at the hotel, improve the quality of your service and your experience	Processing necessary for the execution of the contract binding us	3 years from the date you were last active with us in any way.
Managing complaints	Legal obligation	6 years from the closing date of your file in the context of a complaint or complaint.
Securing and improve your use of INDEVHO websites, in particular: improvement of navigation, assistance and maintenance and implementation of security and fraud prevention measures.	Processing necessary for the pursuit of our legitimate interest consisting in managing our activities, providing IT, administration and network security services in order to prevent fraud.	13 months from the collection of information.
Securing goods and people and fighting unpaid videos	Processing necessary for the pursuit of our legitimate interest consisting in managing our activities, securing goods and people and combating arrears.	30 days
Using the services necessary to find the identity of people present in the Group's hotels, particularly in the event of serious events affecting the establishment concerned (natural disasters, attacks, etc.).	Treatment necessary to protect the vital interests of customers.	For the duration of the event.
Complying with all applicable laws, including: Management of unsubscribe requests to newsletters, promotions, tourist offers and satisfaction surveys Management of requests from data subjects for the protection of their personal data. Retention of accounting documents	Processing necessary to comply with a legal obligation.	For the entire duration fixed in the applicable legislation.

6. CONDITIONS OF ACCESS BY THIRD PARTIES TO YOUR PERSONAL DATA

We must share your personal data with internal and external recipients, under the following conditions:

1. We share your data with a limited number of authorized people and services within our Group, in order to offer you the best possible experience in our hotels. The following teams can access your data:

o Hotel staff
o Reservation staff using the reservation tools
o IT services o Business partners and marketing services
o Medical services possibly
o Generally, any appropriate person from our Group entities for certain specific categories of personal data.

2. With suppliers, service providers and partners: your personal data may be transmitted to a third party in order to provide you with services and improve your stay, in particular IT subcontractors, banks, credit card issuers, external lawyers, routers, printers.

Local authorities: we may also be required to transmit your information to local authorities, if required by law or within the framework of an investigation and in accordance with local regulations.

7. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

For the purposes indicated in article 6, INDEVHO endeavors to keep your personal data in France, or at least within the European Economic Area (EEA). When we transfer your personal data to recipients located outside the EEA, we guarantee that the transfer is carried out:

Either to a country providing an adequate level of protection, that is to say a level of protection equivalent to what European regulations require
Either the transfer is framed by standard contractual clauses Transfers to the United States can also be made to entities that have joined the Privacy Shield program.

8. DATA SECURITY

INDEVHO takes the appropriate technical and organizational measures, in accordance with the applicable legal provisions (in particular article 32 of the GDPR), to protect your personal data against destruction, loss or alteration, misuse and unauthorized access. authorized, modification or disclosure, whether these actions are unlawful or accidental. To this end, we have implemented technical measures (such as firewalls) and organizational measures (such as an identifier / password system, means of physical protection, etc.) in order to '' ensure constant confidentiality, integrity, availability and resilience of processing systems and services. When you transmit your credit card information during your reservation, SSL (Secure Socket Layer) encryption technology helps secure your transactions. Organizational measures ensure the security of processing.

9. COOKIES AND OTHER TRACKERS

What is a cookie ?

A cookie is a small text file placed in the directories of the browser on your computer, tablet or mobile phone. Cookies can be placed on your device when you visit a website and can have several objectives such as ensuring the proper functioning of websites and obtaining information on the habits of visitors. When browsing the INDEVHO and hotels websites, you can decide whether or not to allow the deposit of cookies on your computer.

How to configure cookies ?

The setting of cookies is done directly via your Internet browser and, depending on the type of browser used, allows you to choose the systematic refusal of cookies during browsing or their authorization on a case-by-case basis. To find out about the configuration to follow, see the dedicated page on the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

10. YOUR RIGHTS

You have the right to obtain information and access your personal data collected by INDEVHO, subject to the applicable legal provisions. You also have the right to have your data corrected, to have it erased or to limit its processing. In addition, you have the right to the portability of your data and the right to define instructions for the processing of your data on your death. You can also object to the processing of your data, in particular to object to the fact that data concerning you relating to your stays, your preferences and your satisfaction are shared between the Group's establishments. If you wish to exercise these rights, contact the department responsible for personal data directly by email at contact.dpo@indevho.com or by writing to the following address:

INDEVHO SAS
A l’attention du Délégué à la Protection des Données
Domaine de la vallée verte
Rue de la Vallée verte Bâtiment Bourbon 1
13011 MARSEILLE

In the interests of confidentiality and the protection of your personal data, we will have to identify you in order to respond to your request. For this, in case of reasonable doubts about your identity, you may be asked to enclose with the support of your request, a copy of an official identity document (CNI, permit, passport) You can also exercise your rights with regard to your personal data stored and processed by a hotel in its capacity as data controller. To do this, you must contact this hotel directly. For any assistance in your efforts, please write to the Personal Data Protection Department at contact.dpo@indevho.com or at the postal address above. If you believe that your rights have not been respected or that an answer provided by INDEVHO is not satisfactory, you can lodge a complaint with the CNIL.

11. UPDATES

We can modify this policy and invite you to consult it regularly, in particular when you make a reservation in one of our hotels.

12. QUESTIONS AND CONTACTS

For any questions concerning the personal data policy within the Group, please contact the Personal Data Protection Department (see article 10 "Your rights").

Latest version: December 5, 2019