Personal data protection policy
Versailles Personal Data Protection Policy
The privacy of its guests is important to the Hotel the end of the park.
This is why, in compliance with the regulations in force on the protection of personal data, in particular the General Data Protection Regulation «GDPR» we have appointed a Data Protection Officer and are making every effort to implement the recommendations of the CNIL.
1. Collected data
The personal data collected on this site are as follows:
Account opening: when creating the user’s account, his name, first name, email address.
Login: when the user connects to the site, it records, in particular, his name, first name, login data, use, location.
Profile: the use of the services provided on the site makes it possible to fill in a profile, which may include an address and a telephone number.
Payment: as part of the payment of products and services offered on the site, it records financial data relating to the bank account or credit card of the user.
Cookies: Cookies are used in connection with the use of the site. The user has the possibility to disable cookies at the first connection and then from the settings of his browser. Cookies are essential to the proper functioning of the site and allow the user to improve his browsing experience, to use certain sharing features on social networks and to have access to content and advertisements based on his interests.
Some cookies are essential to the functioning of the site and are installed automatically. At the first login on the site, the user can accept or refuse the installation of non-essential cookies for which his consent is required. At any time, the user can change their cookie preferences by clicking on the link «manage consent», a link at the bottom of the page on most of our sites.
The purpose of the personal data collected from users is to provide the site’s services, improve them and maintain a secure environment. Specifically, the uses are:
– Access and use of the site by the user;
– Site operation management and optimization;
– Verification, identification and authentication of the data transmitted by the user;
– Implementation of user support;
– Personalizing services by displaying advertisements based on the user’s browsing history, according to their preferences;
– Prevention and detection of fraud, malware (“malicious software”) and security incident management;
– Management of any disputes with users;
– Sending commercial and advertising information, based on user preferences.
3. Shelf life
Personal data are kept for a limited period that does not exceed the time necessary for the purposes of collection.
4. Legal basis
The legal basis is for the processing operations listed below:
– Lead management: the legitimate interest
– Newsletter registration and management: consent
– Analysis of purchasing behaviour: legitimate interest
– Managing a stay (booking, invoicing): necessary for the execution of a contract
– Customer satisfaction: the legitimate interest
5. Sharing Personal Data with Third Parties
Personal data may be shared with third party companies where:
– When the user uses payment services, for the implementation of these services, the site is in contact with third-party banking and financial companies with which it has contracts;
– When the user publishes publicly available information in the free comments areas of the site;
– When the user authorizes a third party’s website to access their data;
– When the site uses the services of providers to provide user support, advertising and payment services. These providers have limited access to the user’s data, as part of the performance of these services, and have a contractual obligation to use them in accordance with the provisions of the applicable regulations on the protection of personal data;
– If required by law, the Site may transmit data to respond to claims made against the Site and comply with administrative and judicial procedures;
– If the site is involved in a merger, acquisition, transfer of assets or insolvency proceedings, it may assign or share all or part of its assets, including personal data. In this case, users would be informed, before the personal data is transferred to a third party.
6. Personal Data Transfer
The data collected on this site are not transmitted outside the European Union.
In the United States, it should be noted that since 16 July 2020 the Privacy Shield has been invalidated by the European Court of Justice, that is to say that it is no longer recognized as a legal framework ensuring adequate protection of personal data.
In Canada and the province of Quebec, personal data is used in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s private sector privacy law.
Versailles informs you that it implements the same level of personal data protection worldwide, regardless of the regulatory framework.
7. Security and Privacy
The site implements organizational, technical, software and physical measures related to digital security to protect personal data against unauthorized alterations, destruction and access. However, it should be noted that the internet is not a completely secure environment and the site cannot guarantee the security of the transmission or storage of information on the internet.
8. Implementing Data Subject Rights
You have a number of legal rights with regard to your personal data. You can obtain further information and advice on your rights from the data protection authority in your country (in France, the Commission Nationale Informatique et Libertés (CNIL: https://www.cnil.fr/).
1- The right to information – You have the right to receive clear, transparent and easily understandable information about how we use your data, and about your rights. That is why we provide you with this information through this privacy policy.
2- The right of access – You have the right to access your information (if we process it), and some others (such as those provided here). The purpose is for you to be fully aware and to be able to verify that we are using your information in accordance with data protection laws.
3- The right to rectification – You have the right to have your information corrected if it is inaccurate or incomplete.
4- The right to erasure – This right is also known as the “right to be forgotten” and, simply put, it allows you to request the erasure or deletion of your data when there is no compelling reason for us to continue using it. However, this is not a general right to data erasure and there are exceptions.
5- The right to restrict processing – You have the right to “block” or remove any further use of your information. When processing is restricted, we can store them, but cannot continue to use them. We keep the list of persons who have requested that the further use of their data be blocked, in order to ensure compliance with the restriction measure.
6- The right to data portability – You have the right to obtain and reuse your personal data for your own purposes and in other services. This allows you to easily swap, copy or transfer them between our computer systems and third parties securely, without affecting their ability to be used.
7- The right to object – You have the right to object to certain types of processing, including processing for direct marketing purposes (which is only possible with your consent).
8- The right to complain – You have the right to complain about how we process or manage your personal data to the relevant national authority (in France, the Commission Nationale Informatique et Libertés (CNIL: https://www.cnil.fr/).
9- The right to withdraw your consent – If you have given your consent to the processing or use of your personal data, you may withdraw it at any time (although, if you do, it does not mean that anything we did with your consent up to that date was illegal). This includes your right to withdraw consent to the use of your personal data for commercial purposes.
We respond to requests and provide information free of charge; however, we may charge a reasonable fee to cover our administrative costs in case of repeated request.
We may also be entitled to refuse a request. Please judge your request responsibly before submitting it. We will respond as soon as possible, usually within one month from the date of receipt; but if the processing of the request takes longer, we will let you know.
9. Evolution of this policy
Versailles reserves the right to make any changes to this Privacy Policy at any time. If a change is made to this personal data protection policy, Versailles undertakes to publish the new version on its website.