Personal Data Protection Policy
Our philosophy and our commitments
Hotel Basss is committed to the protection of your personal data and strives to ensure a high level of protection of your personal data in accordance with European Regulation 2016/679 and the Data Protection Act No. 78-17.
As such, you will find below our policy for the protection of your personal data explaining in particular what personal data we collect, the processing which is done and on what basis, their conservation and your personal rights. We invite you to read it.
Our Personal Data Protection Officer is at your disposal to answer all your questions, you can contact him at the following address: RGPD@madeho.fr
You can find the text of the applicable European Regulation here: https://eur -lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or query/contact the regulatory authority (CNIL) via its website www.CNIL.fr.
This version of the personal data policy may be modified by us if necessary and you will be informed.
Your data controller
Hotel Basss is responsible for processing your personal data and whose contact details you will find below: 57 Rue des Abbesses 75018 Paris; it is referred to by name or “We” herein.
Your personal data and their collection by Hotel Basss
Your personal data may be collected during:
- your visit to our site,
- our exchanges,
- our prospecting actions,
- the formation or execution of our contracts.
We do not collect any data not necessary for the processing purpose mentioned during collection or data prohibited by law or regulation.
The collection of certain data may be mandatory or optional and you are informed of the mandatory information. Your personal data may be collected by third party providers or partners, who undertake to comply with European and national regulations on personal data.
Our policy is not to transfer your data outside the European Union; if by exception we proceed, this transfer can only take place to a country or an organization subject to an adequacy decision (art.45 GDPR) or presenting sufficient appropriate guarantees (art.46 GDPR) .
We do not make any automated decisions.
We may potentially collect the following personal data from you:
- Civil status, identity, contact details, images
- Personal life
- Professional life
- Personal economic and financial data
- Connection data
- Unique national identification number
- Health data
- Criminal convictions or offenses
Our processing of your personal data
We process your personal data by inserting them into databases; they are stored, preserved and, if necessary, rectified, deleted, archived, anonymized or pseudonymized, transferred to trusted third parties.
We may process your personal data for the following processing purposes or for purposes specified to you during collection:
- Your information on our commercial offers (products, services, etc.) and promotional offers – Communicate with you
We may use your personal data for commercial prospecting purposes, and in particular to send you information about our products/services, our commercial and promotional offers, quotes and other pre-contractual documents, our news by email, mail or by telephone.
- Execution of your current contracts and customer follow-up
We use your personal data to ensure the execution of current contracts in accordance with your requests. We may also send you any information on your order or your current contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees if applicable and our legal obligations. We still use your personal data to manage our customer relations, your requests or complaints, disputes where applicable and to track your customer history.
- Improving the use of our services and improving our offers
We process your personal data to allow you optimal use of our services, improve our offers and products/services, and to follow your user journey, carry out satisfaction surveys, surveys and anonymous statistics.
- Your payments
Your banking details may be collected either directly by us or by a dedicated and selected service provider, who guarantees the complete confidentiality of your banking data and these details are only kept for the time necessary for the duration of the contractual relationship or in the legal limits.
- Protection against fraudulent initiatives
The personal data collected may be used to combat fraud, particularly regarding payments or direct debits made. As such, our payment security providers may be made recipients of this data.
- Ensure compliance with the law and court decisions
Your Data may be used to:
- respond to a request from an administrative or judicial authority, a representative of the law, a judicial officer or comply with a court decision;
- ensure compliance with our general conditions of sale/service;
- protect our rights and/or obtain compensation for any damage we may suffer or limit the consequences;
- prevent any action contrary to the laws in force, particularly in the context of preventing the risk of fraud.
We may still process your personal data for the following purposes:
- Commercial relationship
Sending marketing campaigns by email, mail or telephone (including via a service provider)
- Miscellaneous
Electronic signature
- Internet
Create and manage your user account
- Cookie management
- Performance cookies — (allowing us to establish anonymous statistics and level of traffic on the site) and tracking and personalization cookies collecting information on your use of the site and allowing individualization of our offers,
- Third-party cookies — to target advertisements likely to interest you based on your identified interests (these cookies are subject to the issuance and processing of the policy applied by third parties and not the policy of Hotel Basss),
- Analytical cookies — we allowing us to understand and analyze your browsing on our site.
The basis for processing your personal data
In accordance with the regulations, the processing of your personal data by us is justified if it is based on one of the following bases:
- Your consent to our processing of your data: you agree to the processing of your personal data by means of express consent. You may withdraw this consent at any time by contacting our DPO; or
- The existence of a contract between you and us: the processing of data is then justified by the needs for the execution of the contract; Or
- Our legitimate interest in processing your personal data provided that this proportionate interest respects your fundamental rights and your privacy; Or
- The Law or regulations in force when they oblige us to process and store your personal data.
Terms and periods of retention of your personal data
We manage your personal data in three phases:
- An active phase where the data is kept for the time indicated below on an “active” basis: your personal data is then accessible only by people with an operational need to access it in order to carry out authorized processing.
- An archiving phase (for additional time to storage in an “active” database) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited period.
- A deletion or anonymization phase: at the end of the additional archiving within the time limits below, your personal data is deleted or anonymized (so that it can no longer constitute personal data identifying you).
Your personal data is kept for the time necessary for the purposes of its processing, our customer relationship where applicable and the execution of contracts and within the limits specifically set out by regulation; we may keep your personal data in archives for the purposes of retaining accounting, tax or evidentiary supporting documents for the duration of the applicable requirements. As an example, we indicate below the retention periods applicable to the following processing operations (subject to regulations imposing a differentiated retention period):
Purpose of processing |
Basis of treatment |
Conservation of personal data in the “active” database |
Additional archiving |
Prospecting |
Your consent |
3 years if you have not actively responded to any request. The period runs again in the event of active request on your part. |
X |
Performance of our contractual obligations towards you / services |
Contract |
The time necessary for the execution of the contract and 3 years from the end of the commercial relationship (last activity (such as end of execution of contract (purchase, service, etc.), connection to the site as registered user) |
5 years at the end of the contractual relationship |
Customer relationship |
Contract |
3 years from the end of the commercial relationship (last activity on your part with us) |
5 years at the end of the contractual relationship |
Withdrawal of your consent to the collection or processing of your personal data
Your consent granted for the collection of your personal data can be withdrawn by writing to our DPO by email or by post to the addresses appearing in the header, mentioning your name, first name, email and address with the nature and precise purpose of the request. your withdrawal request.
You can also send us any comments on your personal data to the Hotel Basss, 57 Rue des Abbesses 75018 Paris
Exercising your rights over your personal data
You have :
- A right of access, which allows you to obtain:
- Confirmation that data concerning you is or is not processed;
- Communication of a copy of all personal data held by the data controller.
- A right to request the portability of certain data: it allows you to retrieve your personal data in a structured, commonly used and machine-readable format.
- A right of opposition: it allows you to no longer be the subject of commercial prospecting from us or our partners, or, for reasons relating to your particular situation, to stop the processing of your data for research and development, anti-fraud and prevention purposes.
- A right of rectification: it allows you to have information concerning you rectified when it is obsolete or erroneous. It also allows you to have incomplete information concerning you completed.
- A right of erasure: it allows you to obtain the erasure of your personal data subject to legal retention periods. It may particularly apply in the event that your data is no longer necessary for processing.
- A right of limitation: It allows you to limit the processing of your data in the following cases:
In the event of illegal use of your data;
If you dispute the accuracy of your information;
If you need to have the data to establish, exercise or defend your rights.
They will then no longer be the subject of active processing, and cannot be modified during the exercise of this right.
A right to obtain human intervention: data controllers may use automated decision-making for the purpose of subscribing or managing your contract. In this case, you can ask the Data Protection Officer what the determining criteria for the decision were.
You can exercise these rights by email to the attention of DPO: RGPD@madeho.fr or by letter to following address: 57 Rue des Abbesses 75018 Paris, indicating your name, first name, address and email (if applicable your customer references) as well as the subject of your request in clear and readable terms. The Basss Hotel undertakes to respond to your verified request within one month of receipt.
In the event of difficulty, you can contact our personal data protection delegate directly by email: RGPD@madeho.fr or contact the National Commission for Information Technology and Liberties (CNIL).
Our subcontractors and partners
Hotel Basss may transmit your personal data to subcontractors carrying out services involving processing of your data and in compliance with the purposes set out herein; these subcontractors must give your personal data the same level of confidentiality as the Basss Hotel and are committed to being in full compliance with the regulations on personal data, in particular with the GDPR.
We do not trade in your personal data; If you wish to find out more and specifically know the identity of the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: RGPD@madeho.fr
Service providers or partners likely to access your personal data may in particular be:
- service providers likely to manage outsourced services for the execution of our services and contracts,
- service providers helping us to improve our services, carry out data analyzes and optimize our offers, carry out surveys and statistics,
- auditors, chartered accountants, consultants, lawyers, audit firms, IT and outsourcing providers, security providers,
- investors and buyers.
We may also be required to transmit your personal data to French authorities, administrations and courts, particularly in the context of legal action or legal formalities requiring this communication.