Privacy Policy

DATA PROTECTION

CHARTER FOR THE PROTECTION OF PERSONAL DATA

CENTRALE DE PRESTATIONS HOTELIERES (also known as “CPH”) is committed to using your personal data in a proportionate and transparent manner.

This Privacy Policy explains the type of personal data we collect, why we collect it and how we use it. Please take the time to familiarize yourself with our privacy practices, and let us know if you have any questions via this email contact@smartlodge.fr

Definitions :

Personal data Any information that can be used to identify, directly or indirectly, a natural person.

Data processing A personal data processing operation is any operation, or set of operations, relating to personal data (collection, extraction, adaptation, storage, etc.).

Data controller In principle, the person responsible for processing personal data is the person, public authority, company or organization that determines the purposes and means of the file, decides on its creation and the way it is carried out.

Purpose The purpose of processing is the main objective of using personal data. Data is collected for a well-defined and legitimate purpose, and is not further processed in a way incompatible with that initial purpose.

Subcontractor The sub-processor, within the meaning of the RGPD, is the natural or legal person (company or public body) who processes data on behalf of another body (the controller), in the context of a service or provision.

Sensitive data This is information revealing a person’s alleged racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. The European regulation prohibits the collection or use of such data, except, in particular, in the following cases:

If the person concerned has given his or her express consent (an active, explicit and preferably written process, which must be free, specific and informed);
If the information is manifestly made public by the person concerned;
If it is necessary to safeguard human life;
If its use is justified by the public interest and authorized by the CNIL;
if it concerns members or adherents of an association or political, religious, philosophical, political or trade-union organization.

Data breach is characterized by the destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed, whether accidental or unlawful.

1. Identity and contact details of the data controller

When you visit our site, CENTRALE DE PRESTATIONS HOTELIERES, as the data controller, may collect personal data from you in connection with the performance of your insurance contracts.

All personal data provided to and/or collected is controlled by the aforementioned company located at 43, rue Jaboulay 69007 LYON.

2. Why and how is your personal data collected?

We may collect your data in different ways:

That you give us directly via :

– Website

– Personal space

– by telephone

That we collect automatically (cookies)
That we collect from other sources (prospecting, partners)

You are not obliged to provide CPH with the personal data we request, but if you choose not to, we may not be able to provide you with our products and services, or a very high quality of service, or to respond to any request. We only collect data that is strictly necessary for the purpose of the data processing.

Data processing and purpose	Legal basis	Data category	Recipient	Retention period
Reservation management	Contract performance Legitimate interests pursued by the data controller	Identification data: surname, first name, date of birth, address, e-mail address, telephone number Economic and financial information: bank details or credit card number	Employees and subcontractors authorized to manage them, solely within the framework of the necessary management of your contracts and services.	5 years from end of contract
Management of benefit reimbursements	Performance of a contract Legitimate interests pursued by the data controller	Identification data Economic and financial information	Employees and subcontractors authorized to manage them only in connection with the reimbursement of your benefits.	5 years from the end of the contract
Claims management	Contract performance Legitimate interests pursued by the controller	Identification data Economic and financial information	Employees and subcontractors authorized to manage them solely for the purpose of managing your claims	5 years from the end of the contract
Contact request : – Form – E-mail	Consent Legal obligation (telephone recording) Contract performance	Identification data Telephone recording	Internal staff authorized to manage them only in the context of managing your contracts and services	5 years from end of contract
Cookie management	Consent	Connection data: IP, logs, etc. Browsing data	Internal employees	13 months

How do we determine how long we keep your personal data?

We keep data only as long as it is required for the purposes for which it was collected, and in compliance with current regulations. The length of time we keep data varies and depends on its nature, its purpose and the legal and regulatory aspects to which it is subject. These periods are based on the legal requirements for legal action.

In this case, the first retention period takes into account your contractual commitment period. The retention period starts from the end of the contractual breaches.

In common law, article 2224 of the French Civil Code imposes a 5-year retention period, as “Personal or movable actions are prescribed by five years from the day when the holder of a right knew or should have known the facts enabling him to exercise it.”

3. Cookie policy

When you visit our website, cookies are sent to your computer, tablet or cell phone. Our policy on cookies allows you to better protect yourself while understanding their usefulness.

You can accept or refuse cookies directly from our site by expressing your choice using the banner that appears at the bottom of your screen.

What is a cookie?

A cookie is a text file that the site you are visiting stores on your hard disk or in your browser’s random access memory. It enables your computer to store various technical data, such as the number of visits, the frequency of exposure to an advertising banner, and your connection to other sites. It also enables us to personalize your future connections by memorizing your choice of site language, your connection information and your preferences.

Why does our site use cookies?

Our website collects cookies to ensure its smooth operation and to facilitate your browsing.

– Technical and browsing cookies: These cookies make it easier for you to navigate between pages on our site, and are necessary to enable you to take advantage of certain functions, such as using your user account. These cookies expire when you close your browser.

– Audience measurement cookies: To measure the audience of our website, we collect information such as the amount of time you spend on our website, which buttons you click, how you arrived on the website (referring sites, social networks, search engines, etc.). Thanks to these cookies, we can measure the effectiveness of our interactive content and improve our services.

– Cookies placed by third parties: These are cookies placed by third-party companies. Our site uses the FAZAE hosting provider, which automatically integrates a number of third-party cookies. These third-party companies collect cookies to feed their advertising targeting systems.

– Social networking cookies: Cookies may also be used on sites that offer the possibility of sharing our content, notably social networking sites. Cookies deposited by social networking sites are their sole responsibility. You can consult the privacy conditions of each of these sites at the following addresses:

Facebook: https://www.facebook.com/about/privacy/

Instagram: https://privacycenter.instagram.com/policy/

YouTube and Google +: https://www.google.fr/intl/fr/policies/privacy/

LinkedIn: https: //www.linkedin.com/legal/privacy-policy

How long we keep our cookies

The cookies we collect are kept for a maximum of 13 months.

Necessary

Necessary cookies are crucial for the basic functions of the website and it will not function as intended without them.

These cookies do not store any personally identifiable data.

Cookie	duration	description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.

Functional

Functional cookies enable certain features such as sharing website content on social media platforms, collecting comments and other third-party functionality.

Cookie	duration	description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__sharethis_cookie_test__	session	ShareThis sets this cookie to track which pages are being shared and by whom.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on the number of visitors, bounce rate, source of traffic, etc.

Cookie	duration	description
_ga	1 year 1 month 4 days	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.

4. With whom do we share your personal data?

CPH may share your personal information internally and with selected third parties. For example, we may share your personal information with third-party service providers, other third parties, partners or legal disclosures.

Third-party service providers: In order to fulfill your requests, respond to your inquiries, process your contracts, provide you with other features, services and materials on our sites, we share your personal data with third-party service providers who perform functions on our behalf. These companies: host or operate sites, process payments, analyze data, provide customer service, postal or delivery services. They have access to personal information needed to perform their functions, but may not use it for any other purpose. In addition, they must treat such personal information in accordance with this Privacy Policy and in compliance with applicable data protection laws and regulations.

List of service providers: EXPERIENCE HOTEL, D-EDGE, MISTERBOOKING.

Legal disclosure. We may transfer and disclose your personal data to third parties

– In order to comply with a legal obligation;

– When we believe in good faith that the law requires it;

– At the request of government authorities conducting an investigation;

– To verify or enforce our “Terms of Use” or other applicable policies.

– To detect and protect against fraud or technical or security vulnerabilities;

– to respond to an emergency; to protect the rights, property, safety or security of third parties or visitors to CPH sites.

International data transfers

CPH shares personal data internally or with third parties for the purposes described in this Privacy Policy.

CPH Company will only transfer personal data collected in the European Economic Area (EEA) to foreign countries in situations such as:

Following your instructions ;
To comply with a legal obligation
To work with our employees and advertisers who we use to help us manage our group and our services.

If we need to transfer personal data outside the EEA, CPH will ensure that it is protected in the same way as in the EEA. We will use one of the following safeguards:

Transfer to a country outside the EEA whose privacy legislation guarantees an appropriate level of protection for personal data as in an EEA country;
Put in place a contract with the foreign third party which means that it must protect personal data to the same standards as the EEA.
Transfer personal data to organizations that are part of specific agreements relating to cross-border data transfers with the European Union (e.g. the Privacy Shield or Data Protection Shield is a framework that defines privacy standards for data transferred from European Union countries to the United States).

5. How do we protect your personal data?

CPH takes the security of your personal data very seriously. We strive to protect your personal data against any data breach: misuse, interference, loss, unauthorized access, modification or disclosure.

Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the IT environments we operate.

Access to your personal data is permitted only among our employees and agents on a need-to-know basis and is subject to strict contractual confidentiality obligations where data is processed by third parties.

6. What are your rights?

In accordance with the French Data Protection Act of January 6, 1978, as amended, and European Regulation No. 2016/679/EU of April 27, 2016, you may access your personal data, rectify it, request its deletion or exercise your right to portability or limitation of the processing of your data. You may also withdraw your consent at any time. To exercise these rights or if you have any questions about the processing of your data under this scheme, you can contact us electronically by clicking on the following link.

If, after contacting us, you feel that your rights with regard to data processing, data files and individual liberties have not been respected, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) either via the following URL: https://www.cnil.fr/fr/plaintes, or by e-mail at the following address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.

You may refuse to have your browsing on this website tracked. This will protect your privacy, but will also prevent the owner from learning about your actions and creating a better experience for you and other users.

7. How do we update this Privacy Policy?

This Privacy Policy is updated as necessary to incorporate customer feedback and changes to our products and services. When we make changes to this statement, we will correct the “last updated” date at the top of this document. If the changes are substantial, we will propose a more extensive Privacy Policy (including, for certain services, e-mail notification of changes to the Privacy Policy). We will also archive previous versions of this Privacy Policy for your review.

8. Treatment of telephone calls

The information collected by CPH is processed exclusively for internal authorized persons. The purpose of this processing is the continuous improvement of our services. This data will be kept for as long as is necessary for this purpose. In accordance with the French Data Protection Act of January 6, 1978, as amended, and European Regulation No. 2016/679/EU of April 27, 2016, you may access your personal data, rectify it, request its deletion or exercise your right to portability or limitation of the processing of your data. You may also withdraw your consent at any time. To exercise these rights or if you have any questions about the processing of your data under this scheme, you can contact us electronically by following this link.

If, after contacting us, you feel that your rights with regard to data processing, data files and individual liberties have not been respected, you may submit a complaint to the Commission Nationale de l’Informatique et des Libertés (CNIL) via the following URL: Online complaints | CNIL, or by e-mail to the following address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.