Maison Nabis

Privacy Policy

PERSONAL DATA PROTECTION POLICY

When you use the https://www.maison-nabis.com/ website, HappyCulture may have to gather and manage your personal data, either by itself or in collaboration with other establishments that are members of the Honotel hotel network or the service programme known as Happyculture, enabling Our Users to take advantage of Our services and Our privileged offers.

The purpose of this personal data protection Policy is to inform users of the Service of the means used to gather and manage Your personal data, in compliance with the applicable French and European legislation, in particular Law No.78-17 dated 6 January 1978, concerning computers, files and liberties, amended by Law No.2004-801 dated 6 August 2004 and by Law No. 2018-493 dated 20 June 2018 (“Computer and Liberties Law”), European Parliament and Council Regulation (EU) 2016/679 dated 27 April 2016 concerning the protection of natural persons with regard to the management of personal data and the free circulation of such data (“GDPR”) and Directive 2002/58 dated 12 July 2002 amended by Directive 2009/136/CE (“ePrivacy Directive”), and all domestic texts that transpose these laws and any subsequent text that may replace them.

We attach great importance to Your privacy and to the protection of Your personal data.

By accessing and/or using the Service, You consent to Your personal data being gathered and managed under the conditions and modes set forth below. If You do not accept this Policy, You should stop using the Service entirely.

The Policy forms an integral part of the Legal Notices of the Service (General Conditions of Use or “GCU”) and should be read together with the GCU accessible at the following address: https://maison-nabis.com/en/privacy-policy.html, and also Our privacy protection policy, which is accessible below.

We may amend the Policy, in particular to adapt to all legislative, regulatory, jurisprudential, editorial and technical developments under the conditions described in the GCU. You should refer to the latest version of this Policy before browsing.

1. DEFINITIONS

The terms “personal data” (“Personal Data”), “manage/management ”, “data manager”, “sub-contractor”, “ addressee(s) ”, “consent”, “file”, have the same meaning as that set forth in Clause 4 of the GDPR.

2. DATA MANAGER

The personal responsible for Users’ Personal Data gathered from the Service is the company Honotel Développement SAS, 20 Rue Treilhard, 75008 PARIS, whose contact details can be found in Clause ‎10.

3. WHAT PERSONAL DATA IS GATHERED?

When Personal Data is collected, Users will be informed if certain Personal Data should necessarily be filled in or if it is optional. If any compulsory Personal Data is not provided, access to certain functionalities of the Service, such as booking rooms on line, and their use by the User, will be impossible.

In particular, We may have to gather the following kinds of Personal Data

• Identity: title, surname, first name, organization, telephone number, e-mail address;

• Interests declared on a form or deduced from the use made of the Service;

• Contacts and notifications sent to Us;

• Technical browsing and interaction data: frequency of visit statistics: IP address, cookies, for example, the pages consulted by the User, the date and time when they were consulted (please see the cookies Policy).

4. WHY DO WE GATHER YOUR PERSONAL DATA?

The Personal Data that You provide Us with, and the data that is gathered and/or managed within the framework of Your use of the Service, is managed in order to meet the following purposes:

Legal base Purpose

Contract between You and Us (GCU and this Policy) To make the Service available for You, ensuring it works correctly, in particular to deal with Your enquiries, to facilitate Your browsing, etc.

Our legitimate interest in improving Our Service To improve the Service, in particular to optimize and provide new functionalities in the Service, and to provide You with a simplified automatic input

Our legitimate interest in providing You with services and offers corresponding to Your preferences and interests To adapt and optimize the display of Service content and promotional offers, to Users’ parameters and preferences, wishes and interests, as encountered, supposed or deduced from Your use of the Service, the information You obtain Your browsing and Your interaction with the Service

 Our legitimate Interest in promoting Our Service and providing You with offers and news

 Your consent to receiving offers and news from Our partners To inform You of Our offers and news, unless you refuse this, and of the offers and news of Our partners, if You have given Your consent thereto

5. WHO SEES YOUR PERSONAL DATA?

The Personal Data database set up when You use the Service is strictly confidential. We undertake to apply all useful precautions, and the appropriate organizational and technical measures to preserve the security, integrity and confidentiality of the Personal Data, and in particular to avoid it being altered, or damaged and to avoid unauthorized third parties from having access thereto.

5.1 Data transferred to public authorities and/or bodies

In accordance with current regulations, Personal Data may be transferred to the competent authorities on request and in particular to public bodies, for the exclusive purpose of legal obligations, representatives of the law, judicial officers and bodies entrusted with the recovery of debt.

5.2 Data accessible to third parties

Personal Data may be used by Us, Our subcontractors, Our subsidiaries and/or, if necessary, Our commercial partners, for the purposes described in Clause 4 above.

• Our personnel, the services entrusted with monitoring (in particular the accounts auditors) and Our subcontractors will enjoy access to the Personal Data gathered within the framework of the use of the Service;

• Our commercial partners, such as restaurants and spas, will enjoy access to Users’ Personal Data in particular for the purpose of managing their bookings and after-sales service;

• Social networks: if Users have an account on any of the social networks and use the Service, We may receive information from these social networks, and the social networks services may receive information about how Users use the Service. When Users use the Service via a social network website, Users allow Us to access certain information that they have supplied to the social network website, in particular their user name, name and surname, profile image, and Personal Data for the use of this service. By accessing the Service via a social network website, Users authorize Us to gather, keep and use all the information that the User has authorized the social network website to supply Us with.

5.3 Transfers outside the European Union

Users’ Personal Data may be managed outside the European Union, including by remote access. We hereby undertake not to transfer the Personal Data outside the European Union without applying the appropriate guarantees in conformity with the Applicable Regulations.

6. WHAT ARE YOUR RIGHTS CONCERNING YOUR PERSONAL DATA?

In conformity with the Applicable Regulations, subject to an express request to prove Your identity, You are entitled to access Your Personal Data, and to rectify it, oppose it, and delete it, under the conditions set forth in the Applicable Regulations.

Your right to delete Your Personal Data is applicable subject to certain needs We might have to keep the Personal Data, in particular Our legal obligations.

If you exercise your right to opposition, We will stop managing your Personal Data, unless there are legitimate and pressing reasons for management, or to ensure the observing, exercise or defence of these rights in law, in conformity with the Applicable Regulations.

Subject to the conditions in the Applicable Regulations, You may also request a limited management of Your Personal Data.

When the management of Your Personal Data is based on Your consent, You are entitled to withdraw Your consent at any time.

You also have the right to the portability of some of Your Personal Data, which allows you to request a computerized copy in a readable and editable format of Your Personal Data managed by Us within the framework of Your contractual relation with Us to supply products and services You have subscribed to, which excludes the Personal Data which We may have produced for Our own purposes, or which enables Us to respond to Our legal obligations, in particular accounting, social or fiscal, and information related to bookings made, amounts paid or payable, and any information which We may have generated within the framework of Our legitimate interests.

You have the right to inform Us of any direct relatives to replace You in Your Personal Data after Your death.

If necessary, We will inform You of the reasons why the rights You exercise may not be satisfied in part or in whole.

In order to exercise the rights mentioned in this Clause, You may contact Us and attach a copy of a valid ID to Your request and send it to the address given in Clause ‎10 below.

7. HOW LONG YOUR PERSONAL DATA WILL BE KEPT FOR

We hereby undertake not to conserve Your Personal Data any longer than is strictly necessary for the purposes for which it was gathered, and in conformity with the Applicable Regulations.

We undertake to make Your Personal Data anonymous or to delete it when the purpose and/or duration of conservation defined expires.

Nevertheless, Personal Data may be filed for longer than the duration foreseen for the purpose of research, observation, and following up on criminal infractions with the sole purpose of allowing, when necessary, access to the Personal Data by a judicial authority, in particular for accounting or fiscal purposes. Filing the Personal Data means it will subject to restricted access will no longer be available to consult on line and will be kept on an autonomous and safe support.

The maximum duration for conservation defined in the table below will be applied, in accordance with Clause 7 above, unless You request the deletion or the cessation of management of Your Personal Data before the duration expires.

Category Duration of conservation

Measurement of audience and customization of the Service, management of cookies and other tracers 13 months from the placing of the cookie or other tracer

The Personal Data We manage within the framework of promotional requests and operations, sending offers and news 3 years from the end of the relationship with the User or from the last interaction started by the User

Personal Data related to the management of requests to exercise rights and questions about Personal Data 3 years from the last interaction started by the User

8. PROTECTION OF THE PERSONAL DATA OF MINORS

The Service is not in general meant for minors under the age of 15. This is why We do not gather or conserve the Personal Data of children under the age of 15, unless we obtain verifiable consent from the parents, aware that the person holding parental authority may request information related to their child and request the suppression of the Personal Data.

When a User over the age of 18 provides Personal Data for a minor under the age of 15, he/she undertakes to provide verifiable parental consent, and to provide on request anything showing such proof of consent.

9. SECURITY

Taking into account the evolution of technology, the costs of application, the nature of the Personal Data to protect and any risks for personal rights and liberties, We apply the appropriate technical and organizational measures to guarantee the confidentiality of the Personal Data gathered and managed and a level of security adapted to risk, in conformity with this Policy.

The information gathered within the framework of the booking process is encrypted under the SSL (Secure Socket Layer) protocol on Internet. All useful precautions, as up to date as possible, regarding the nature of Personal Data and risks involved in the management thereof, will be taken to preserve the security of the Personal Data and, in particular, to avoid it being altered or damaged and to avoid unauthorized third parties from having access thereto.

10. CONTACT

For any questions You may have about the management of Your Personal Data, You can send your request or complaint directly to Us at Honotel Développement SAS, 20 Rue Treilhard, 75008 PARIS or by e-mail at dpo@honotel.fr

We will make every effort to find a satisfactory solution and ensure compliance with the Applicable Regulations.

If We do not reply or if the disagreement continues, You can lodge a complaint at the National Information and Liberties Commission (CNIL in French) or the corresponding European Union Member State control authority in the country where You habitually reside.