CONFIDENTIALITY POLICY

INTRODUCTION

Within the context of personal data protection, Les Lanternes, SAS MONT CINDRE, registered under number 327 612 602 00018, shall ensure total transparency with respect to the collection, analysis and processing of personal data from its customers.
“Personal data” is all information collected and recorded in a format that enables identifying you as a physical person, either directly (e.g., using your name) or indirectly (e.g., your phone number). Before you send this information to us, we recommend that you read the rest of this document describing our policy to protect the privacy of our guests.
This Confidentiality Policy is an integral part of the General Terms that govern our hotel services. By accepting these General Terms, you expressly accept the provisions of this document.
SAS MONT CINDRE is part of the èhotels-Lyon Group (SAS MISE EN ŒUVRE), which may be required to centralize and process data for the purposes listed below.

COLLECTION OF PERSONAL DATA

For various purposes, we may sometimes be required to ask you, as a customer of SAS MONT CINDRE, for information about yourself and/or members of your family, such as:
• Contact information (last name, first name, phone number, email address, etc.);
• Personal information (date of birth, nationality, etc.);
• Information about your children(first name, date of birth, age, etc.);
• Your credit card number (for bank transactions and reservations);
• Your arrival and departure dates;
• Your preferences and centers of interest (smoking or nonsmoking room, preferred floor, type of bed, newspapers you read, your sports and cultural interests, etc.);
• Your questions/comments, during or after a stay in our establishment.
Information collected on individuals under 18 years of age is limited to first name, nationality and date of birth, which may be given to us by an adult only. Please ensure that your children do not send us personal data without your permission (in particular via internet). If this type of transmission occurs, you may contact the hotel directly to have the information removed.
We do not collect sensitive information, such as racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health information or sexual orientation.
Personal data may be collected for various purposes, in particular:
• Hotel activities:
> Booking a room;
> Registration and payment;
> Consumption at the hotel bar and restaurant during a say;
> Requests, claims and/or disputes.
• Participation in marketing programs or activities:
> Contribution to satisfaction surveys;
> Subscription to newsletters to receive offers and promotions via email;
• Transmission of information from third parties:
> Channel manager, tour operator, travel agency, OTA, metasearch, GDS reservation systems, etc.
• Internet activities:
> Connection to the Les Lanternes website (IP address, cookies, web tracers);
> Online collection forms (online booking, questionnaires, SAS MONT CINDRE pages on the social networks, means of connection such as Facebook Login, etc.).

PURPOSE OF PERSONAL DATA PROCESSING

We collect personal data to:
• Meet our obligations to customers
• Manage room reservations and requests for accommodations:
> Establishment and conservation of legal documents in compliance with accounting standards
• Manage your stay at the hotel:
> Tracking of your consumption (phone, bar, restaurant, etc.)
> Management of access to rooms
> Internal management of lists of customers with inappropriate behavior during their stay at the hotel (aggressiveness and incivility, failure to comply with the hotel contract, failure to follow safety rules, theft, deterioration and vandalism or payment incidents)
• Improve our hotel service, in particular by:
> Processing your personal data in the context of customer marketing programs, carrying out customer marketing programs, promoting brands and having a better understanding of your needs and desires;
> Adapting our products and services to respond more fully to your requests;
> Personalizing commercial offers and relational messages sent to you;
> Informing you of special offers and of new services created for our establishment
• Manage our relationship with our customers before, during and after a stay
• Manage a loyalty program:
> Qualify the customer database
> Carry out operations and segmentation based on the customer’s reservation history and travel habits with the aim of sending targeted communications
> Anticipate and plan for future behavior
> Establish statistics and commercial scores and prepare reports
> Supply contextual data to the tool for pushing offers when a customer visits the hotel website or makes a reservation
> Know and manage the preferences of customers, whether loyal or not
> Send you newsletters, promotions and tourist, hotel and service offers or the offers of SAS MONT CINDRE partners, or contact you by phone
> Manage requests for canceling newsletter subscriptions, promotions, tourist offers and satisfaction surveys
> Take into account the right to opposition
> Use a dedicated phone service, look for individuals present at the hotel in case of serious events that severely impact the site concerned (natural catastrophes, terrorist attacks, etc.)
• Carry out cross-checking, analyses and combinations through a trusted third party of the data collected when you book or stay at the hotel to determine your centers of interest and customer profile and enable us to send you personalized offers
• Improve SAS MONT CINDRE services, in particular by:
> Making studies and analyses of customer questionnaires and comments
> Handling claims
> Enabling you to benefit from the advantages of our loyalty program
• Secure and improve your use of the SAS MONT CINDRE websites, in particular by:
> Improving the browsing experience
> Implementing security measures and fraud prevention
• Comply with the legislative dispositions of French law

CONSERVATION OF PERSONAL DATA

Data may be kept only for as long as it is needed for data processing purposes. The minimum conservation period is one year.

THIRD PARTY ACCESS CONDITIONS

To provide you with the best possible service at SAS MONT CINDRE, we may share your personal data and provide access to it by authorized personnel from our establishment, most notably:
> Hotel personnel
> Reservation personnel
> IT services
> Commercial partners and marketing services
> Medical services if necessary
> Legal services if necessary
> In general, any appropriate individual from the èhotels Group entities for certain specific categories of personal data
We may also be required to transmit your personal data to local authorities if this is required by law or in the context of an inquiry and in compliance with local regulations.

RIGHT TO ACCESS, MODIFY AND REMOVE

We commit to recognizing your right to access and rectify your data if you wish to consult, modify or remove the information concerning you.
You may exercise this right by contacting the hotel directly.
All requests will be processed as soon as possible and in compliance with applicable law.

RIGHT TO OPPOSE

We guarantee you the right of opposition with respect to your personal information.
The right to oppose is the possibility offered to customers to refuse that their personal information be used for certain purposes mentioned when the data is collected.
You may exercise this right by contacting the hotel directly.
All requests will be processed as soon as possible and in compliance with applicable law.

SECURITY

We commit to ensuring the proper application of security measures related to the processing of our customers’ personal data, in particular to protect this data from non-authorized or illicit processing, loss, destruction, accidental damage or disclosure to non-authorized individuals.
To ensure the security of personal information, we implement the following measures:
• Saving of incremental computer information on dedicated servers
+ copy of information saved on NAS
+ copy of NAS on another NAS
• Physical firewall (Stormshield)
> authorized VPN access via Microsoft according to the user/Active Directory for consulting data outside the establishment enclosure
• Main dedicated server for customer base / software base
> Implementation of an Active Directory system (a system that enables giving rights to files according to users)
> Protel encrypted software with document access according to user + user pathway tracer log
• Secondary server for TSE system connected to the Active Directory
> Internal exchange system for messaging linked to the Active Directory