Personal Data Policy

Last update : 21/02/2025

PREAMBLE

Because respecting your privacy and Personal Data is essential to us and justifies the trust you place in us, LOUVRE HOTELS GROUP has implemented this personal data protection policy (hereinafter the "Policy"), which, in a transparency approach, aims to inform you about:

The methods of collecting and processing your Personal Data within the framework of the Services offered on our Sites by LOUVRE HOTELS GROUP (including browsing our Sites, booking overnight stays in our Hotels, registering and participating in the Loyalty Program or marketing operations, interacting on our Sites via social networks, etc.);
The commitments made by LOUVRE HOTELS GROUP and your obligations to ensure the security of your Personal Data and the fight against fraud;
The rights you have over your processed Personal Data and how to exercise them.

To facilitate the reading of our Policy, terms starting with capital letters and used in both singular and plural shall have the meaning defined in Article 12.

LOUVRE HOTELS GROUP is committed to processing the Personal Data of its Users and Clients in compliance with the General Data Protection Regulation (hereinafter "GDPR") and the French Data Protection Act.

As such, we implement privacy and Data protection principles from the design of our projects and by default, ensuring in particular:

The security of your Personal Data,
Compliance with the lawfulness of Data processing,
Processing your Data for a specific and transparent purpose,
Compliance with appropriate retention periods,
The accuracy of your Data,
Respect for your rights and fairness in Data processing,
Compliance with appropriate safeguards regarding the transfer of your Data outside the European Economic Area (EEA).

Article 1 – Who processes your Personal Data?

The processing of your Personal Data carried out as part of the Services offered on our Sites is operated by us, LOUVRE HOTELS GROUP, a simplified joint-stock company with a capital of €117,624,016, registered with the Nanterre Trade and Companies Register under number 309 071 942, whose registered office is located at 1 Place des Degrés, 92800 Puteaux, France, as the data controller.

Please note that the vast majority of Hotels in which you will stay do not belong to LOUVRE HOTELS GROUP. They are operated as franchised/managed hotels under one of our brands by an independent and autonomous entity. Therefore, when you stay in one of these Hotels, your Personal Data is processed both by LOUVRE HOTELS GROUP and by the Hotel concerned with your stay, each acting as a data controller pursuing its own purposes. Franchised/managed network Hotels are thus required to comply with the principles of Personal Data protection in accordance with the Applicable Regulations and to ensure the management of your rights when you exercise them.

Any processing of Personal Data carried out by the Hotels during your stay is governed by a data protection policy specific to each Hotel in its capacity as a data controller.

Article 2 – What Personal Data do we collect?

Personal Data collected directly from you

Personal Data may be collected at different times when you interact with us. They may concern you directly or the people accompanying you. These Data are grouped by type as follows:

Identity Data (such as your title, last name, first name, date of birth, nationality, customer ID, etc.)
Contact Data (such as your email address, postal address, landline and/or mobile phone number, etc.)
Payment Data (including information related to your bank card to guarantee your reservation or make the payment)
Data mentioned on official identity documents (such as those found on national ID cards, passports, etc.)
Preference Data (such as room type and bedding preferences, room location, presence of pets, parking, etc.)
Stay Data (such as date, location, booked services, etc.)
Data related to minor children (accompanying you and that you may provide us)
Commercial relationship tracking Data (such as documentation requests, subscribed services or subscriptions, your reviews and comments)
Geolocation Data (only with your consent) using the “destination around me” function to suggest Hotels near your location

Additionally, we may collect Data through the recording of your telephone conversations when you make a reservation by phone for training or evidentiary purposes.

Personal Data collected from Cookies and other trackers

We use cookies and similar technologies to operate, protect, improve, and understand how you use the Sites.

The following Data is automatically collected through the use of the Sites:

Technical Data related to your device and operating system (IP address, internet connection, browser type, information about the device used)
Data collected using cookies: for more information, see the Cookie Use Policy.

The User can manage their cookie preferences at any time via the "Manage Cookies" tab available in the footer of our Sites or directly from the cookie banner upon their first visit to each of our Sites.

Personal Data collected indirectly from online sites other than our Sites

Our partners

We may collect your Personal Data from some of our partners who register your reservation through their own websites and may, in some cases, process or not process the payment for the reservation.

These partners include online hotel comparison platforms or search engines such as Booking.com, Expedia, Google Hotels Ads, TripAdvisor, or Trivago, etc.

These partners collect and transmit the necessary Personal Data for your reservation to us.

These partners collect certain information for their own use within their own databases, to which we do not have access. For these processes, our partners act as data controllers for the Personal Data you provide to them. Consequently, we encourage you to review their privacy policies to understand how and why they process your Personal Data and how to exercise your rights with them.

Social networks

When you create a Customer Account or book a room, you have the option to provide the necessary Personal Data for processing, particularly via your Facebook or Google account.

In this case, we become the recipient and controller of this Personal Data concerning your stay booking or Customer Account creation. We will be able to process any requests regarding your rights.

However, Facebook, Google, etc., remain data controllers for the processing of your Personal Data concerning the purposes they determine for their own use (management of your messaging, personal page, etc.). To effectively exercise your rights regarding this part of your Personal Data processing, please refer to their privacy policies and contact them directly.

Article 3 – When Do We Collect Your Personal Data?

Personal Data may be collected on various occasions, including in the context of:

Hotel Activities:

When making a reservation, checking in, and paying for a stay directly through our Sites or via our partners;
When managing services offered as part of your stay;
When creating a Customer Account;
When logging into your Customer Account and using our Sites;
When filling out online forms on our Sites;
When leaving a review on our Sites or on third-party partner sites regarding a reservation;
When interacting with our content on social media;
When making requests, complaints, and/or in the event of a dispute related to your reservation.

Participation in Our Loyalty Program or Marketing Operations:

When registering for our Loyalty Program;
When responding to satisfaction surveys;
When participating in contests or sweepstakes;
When subscribing to the newsletter.

Article 4 – On What Legal Grounds Do We Collect Your Personal Data?

We process your Personal Data based on the following legal grounds, in compliance with Applicable Regulations:

To fulfill our obligations under a pre-contract or contract with you (e.g., when you make a reservation with us or create a Customer Account, etc.);
To comply with a legal obligation (e.g., we must retain your transaction information to comply with our tax and financial reporting obligations);
When it is in our legitimate interest to use your Personal Data (e.g., to evaluate and improve our organization, prevent fraud, respond to complaints, etc.);
Based on your consent (e.g., when you choose to subscribe to our newsletters).

Article 5 – For What Purposes and How Long Do We Retain Your Personal Data?

The table below outlines the purposes for which we process your Personal Data, the legal basis for each processing activity, and the associated retention periods.

Processing Purpose	Legal Basis	Retention Period
Reservation Management [Booking, modification, cancellation]	Performance of pre-contractual or contractual measures (For the entire duration of the commercial relationship to ensure proper contract execution). Legitimate interest (After the commercial relationship for evidentiary purposes).	Duration of the commercial relationship, then: - Without Customer Account: 3 years from the end of the commercial relationship (stay end date, no-show date, cancellation date, or end of account usage). - With Customer Account: Duration of account usage + 3 years in case of continuous inactivity.
Commercial Prospecting via Electronic Means [Customers]	Consent (B2C) or legitimate interest (B2B)	Until consent withdrawal or 3 years from the end of the commercial relationship (stay end date, no-show date, cancellation date, or end of account usage).
Commercial Prospecting via Electronic Means [Prospects]	Consent (B2C) or legitimate interest (B2B)	Until consent withdrawal or 3 years from the last interaction from the prospect (e.g., clicking on a link in a prospecting email).
Loyalty Actions [Loyalty Program Membership]	Performance of contractual measures (For the entire duration of membership to ensure proper contract execution). Legitimate interest (After membership ends for evidentiary purposes or in case of disputes).	Duration of the contractual relationship or until account closure, then 3 years from the user's last login.
Satisfaction Surveys	Legitimate interest (for post-stay surveys to improve service quality). Consent (for non-stay-related surveys).	Duration necessary for survey completion or until the right to object or consent withdrawal is exercised.
Social Media Interaction	Legitimate interest (to allow login using public data from your social media account).	Until the end of interactions with the concerned individuals, subject to each social media platform’s policy.
Contests, Lotteries, Sponsorship Programs	Legitimate interest (to promote brands or services).	Until the completion of contest-related operations, then until consent withdrawal or 3 years from the last interaction with the company.
Complaint Management	Legal obligations (For the duration of the commercial relationship to ensure proper contract execution). Legitimate interest (After the commercial relationship for evidentiary purposes or in case of disputes).	Until the completion of complaint analysis and processing, then 3 years from case closure.
Exercising Data Subject Rights	Legal obligations (under GDPR).	Until the completion of rights-related operations, then: - For all rights except objection: 1 year from the request date. - For the right to object: 6 years from the request date. - Identity verification documents: deleted once the request is fulfilled unless litigation is ongoing.
Official Identity Data Consultation/Retention	Necessary verification (e.g., age requirement for services such as alcohol sales) and legal compliance in some European countries.	Until identity verification is completed and/or based on the retention period mandated by local regulations in certain countries.
Credit Card Payments	Contract execution (for payment of reserved and/or consumed services). Consent (for data storage to facilitate future transactions).	- CVV: Only during the transaction. - Transaction: Until actual payment completion, plus applicable withdrawal periods. Then, 13 months in intermediate storage (15 months for deferred debit cards) for evidentiary purposes, only accessible in case of disputes. - Customer Account: Until consent withdrawal, card expiration, account closure, or 3 years of inactivity.
Website & App Navigation via Cookies & Trackers	Legitimate interest (for functional cookies). Consent (for marketing, analytics, etc.).	- Cookies last 13 months from placement or until consent withdrawal (for non-functional cookies). - User cookie preferences stored for 6 months. - Application logs retained for 1 year.
Sales Analysis & Statistics	Legitimate interest (to analyze performance and improve offers).	Duration necessary to fulfill the analysis objectives.
Call Recording	Legitimate interest (for training and evidentiary purposes).	- Reservations: Until processing completion, then 90 days from the call date. - Customer Service: Until request resolution, then 30% of calls stored for a maximum of 30 days.
Dispute Management	Legitimate interest (to defend company interests).	Securely archived for 1 year from the closure of all legal recourse avenues.
Response to Competent Authorities' Requests	Legal obligation (Article 77-1-1 of the Criminal Procedure Code).	Until request completion, then 1 year from the date of submission to authorities.
Accounting Compliance (Invoices, etc.)	Legal obligation (Article L123-22 of the French Commercial Code).	Securely archived for 10 years from the issuance date (not subject to deletion rights).

Article 6 – With whom may we share your Personal Data?

The Personal Data we collect may be shared to ensure various purposes and enhance your stay:

With authorized personnel of LOUVRE HOTELS GROUP;
With authorized personnel of the Hotels;
With authorized personnel at our service providers acting as subcontractors of LOUVRE HOTELS GROUP, particularly those responsible for:
- Performing certain Services;
- Assisting us in managing reservations and handling any claims;
- Customer service;
- Processing and securing your payment data during a booking;
- Assisting us in conducting advertising campaigns, marketing content, contests, and analyzing their effectiveness;
- Providing platforms, hosting and maintenance services, software, and applications, and supporting our databases.
With companies with which we have commercial agreements to offer you bundled or personalized deals or as part of the Loyalty Program, unless you object;
With social networks acting as data processors: we may share your email address or phone number to determine whether you are already a user of one of these social networks (such as Facebook, Google) and display tailored advertisements on your social media account page.
With lawyers, auditors, or other advisors providing services on behalf of LOUVRE HOTELS GROUP.
With any regulatory, statutory, governmental, or other authority, agency, or competent sector regulator if required by law or as part of an investigation and in compliance with local regulations.

Article 7 – How do we protect your Personal Data?

We implement appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access.

In particular, we use data systems and networks protected by industry-standard security measures, and we employ secure protocols on unsecured networks to safeguard the transmission of your Data. Additionally, access to your Data is limited to authorized personnel and service providers.

While we strive to continuously protect our Sites, systems, and operations, we do not control all risks related to the functioning of the Internet and draw your attention to the potential inherent risks.

When we share your Personal Data to perform certain Services, we take all necessary measures to ensure that third-party recipients have implemented appropriate technical and organizational measures to protect your Personal Data.

Article 8 – How is the transfer of your Personal Data outside the EEA managed?

As part of our Service delivery, we may transfer your Personal Data to recipients, particularly Hotels in our network, which may be located outside the European Economic Area (EEA) in countries where Personal Data protection regulations may differ.

In the event of a Personal Data transfer outside the EEA, we commit to complying with Applicable Regulations and implementing appropriate safeguards necessary for such a transfer.

Article 9 – What are your rights, and how can you exercise them?

You have the right to access, rectify, erase, restrict processing, object to processing, and the right to data portability. You can also request at any time to no longer receive marketing communications from us or our brands.

If you wish to exercise your rights, you can contact our Data Protection Officer:

By email: dpo@groupedulouvre.com
By mail at the following address:
LOUVRE HOTELS GROUP – DPO
Tour Voltaire, 1 place des degrés
92800 PUTEAUX, France

You can exercise these rights at any time and free of charge, except in cases of manifestly unfounded or excessive requests (particularly due to their repetitive nature). In such exceptional cases, we reserve the right, in accordance with the GDPR, to charge a reasonable fee or refuse your request.

Following your rights request, a response will be provided within one (1) month from the receipt of the request, which may be extended by two (2) months depending on the complexity of your request.

You also have the right to file a complaint with the relevant supervisory authority (in France, the Commission Nationale de l’Informatique et des Libertés (CNIL) at www.cnil.fr).

You can also exercise your rights concerning your Personal Data processed by a Hotel as the data controller. We invite you to exercise your rights directly with the Hotel and refer to its data protection policy if needed.

Fate of Personal Data in the event of death

In accordance with Article 85 of the French Data Protection Act, we inform you that, as an individual:

You have the right to define directives with us regarding the retention, deletion, and communication of your Personal Data after your death;
You may modify or revoke these directives with us at any time;
You may designate a person responsible for executing these directives, who, after your death, will have the authority to review these directives and request their implementation from us.

You are also informed that if no specific instructions regarding your Personal Data are provided to LOUVRE HOTELS GROUP, your heirs may exercise, after your death, the rights related to retention, deletion, and communication of your Personal Data to the extent necessary for the administration and settlement of your estate and for LOUVRE HOTELS GROUP to acknowledge your passing.

Article 10 – What are your commitments?

Accuracy of Personal Data

You declare, as a User of the Site or a Customer of LOUVRE HOTELS GROUP, that you are informed of the importance of the accuracy of the Personal Data concerning you.

Therefore, you commit to providing only accurate Personal Data when interacting with us, during the contractual process, when requesting Services, and throughout the use of the Site, and to updating it as necessary.

In this regard, you may request correction or deletion as outlined in Article 9.

Management of Personal Data of Minors

We do not knowingly collect or solicit Personal Data from minors and do not allow them to book a room in one of our Hotels independently.

The collection of information about minors is limited, as part of the booking process, to their first name, last name, nationality, and date of birth, which can only be provided by an adult.

We kindly ask you to ensure that your children do not transmit any Personal Data without your consent. If such transmission occurs, you may contact the data protection officer whose contact details are provided in Article 9 to have this information deleted.

Free-Text Fields

In general, failure to fill in the fields marked with an asterisk (*) on the Sites will prevent us from providing you with all or part of the Services we offer and the functionalities of the Site. Your requests may not be processed optimally.

Other fields are optional and are intended to improve the quality of the Services offered to you.

When a form includes a free-text field, we ask that you only provide strictly objective and necessary information for your request and never submit sensitive data (such as passwords, credit card numbers, health data, etc.).

Sensitive Personal Data

We do not collect Sensitive Personal Data.

We remind you that data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of identifying a person uniquely, health data, or data concerning a person’s sexual life or sexual orientation, are considered Sensitive Personal Data.

If you voluntarily provide us with Sensitive Personal Data, particularly in connection with special requests related to your booking, you acknowledge that you have given your explicit consent for us to process these special categories of Personal Data.

Article 11 – General Provisions and Modification of Our Policy

If any clause of this Policy is invalid, notably due to a change in legislation, Applicable Regulation, or a court decision, this shall in no way affect the validity of the other clauses of the Policy.

This Policy and the documents referenced therein are governed by French law.

This Policy is subject to updates, which will be made available online. The previous version of the Policy will be automatically replaced by the new version. The updated Policy will be immediately enforceable. Your use of the Site is subject to the Policy in effect at the time of use.

To stay informed of any modifications or updates, it is recommended that you regularly consult the Policy. LOUVRE HOTELS GROUP may, but is not obliged to, inform you of updates by displaying a message on the Site or by sending an email.

Article 12 – Definitions

"Customer": a natural person, whether or not holding a Customer Account, residing in France and/or abroad who uses the Site.

"Customer Account": a space provided to a Customer on the Site following their registration according to the terms specified in the T&Cs and the Terms of Use. This Customer Account is strictly personal, individual, non-assignable, and non-transferable to a third party. The Customer Account is accessible via the Customer’s login credentials and password.

"Personal Data" or "Data": refers to "any information relating to an identified or identifiable natural person; an 'identifiable natural person' is a person who can be identified, directly or indirectly, notably by reference to an identifier, such as a name, identification number, location data, an online identifier, or one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural, or social identity" according to Article 4 of the GDPR. For example, data allowing for your identification such as gender, name, surname, and email address are Personal Data.

"Hotels": any franchisee of LOUVRE HOTELS GROUP or managed by LOUVRE HOTELS GROUP, or any subsidiary of LOUVRE HOTELS GROUP operating under one of LOUVRE HOTELS GROUP’s brands, as well as partner establishments as defined in the general terms and conditions of sale of LOUVRE HOTELS GROUP. The brands of LOUVRE HOTELS GROUP include, notably: Campanile, Première Classe, Kyriad, Kyriad Direct, Golden Tulip, Royal Tulip, and Tulip Inn.

"French Data Protection Act": Law No. 78-17 of January 6, 1978, relating to computers, files, and freedoms.

"Loyalty Program": refers to LOUVRE HOTELS GROUP's loyalty programs. The general terms and conditions of use of the program are accessible via links located in the footer of the Sites.

"Applicable Regulation": refers to all existing or upcoming regulations and standards applicable to Users and the Site, notably: legislation and regulations related to Internet platforms such as the Site, and concerning the protection of personal data, including the French Data Protection Act and the GDPR.

"General Data Protection Regulation": Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.

"Service(s)": hotel services and all services offered to Customers by LOUVRE HOTELS GROUP via the Site.

"Site(s)": any website or mobile application published by LOUVRE HOTELS GROUP, presented under the LOUVRE HOTELS GROUP domain name or under the domain name of its brands. Non-exhaustively, the term "Site" refers to the Louvrehotelsgroup app and the following sites: Louvrehotels.com, Campanile.com, Premiereclasse.com, Kyriad.com, Goldentulip.com, flavoursbenefit.com, and associated subdomains.

"Terminal": any technical means that allows Users to access the Site. Terminals can include smartphones, Apple or Android tablets, microcomputers via the Internet, and any connected objects capable of interacting with another object and with the Internet.

"User": any natural person accessing the Site, either for their own account or on behalf of a legal entity, and who has the capacity and/or authority to contract via the Site, whether they are a simple visitor or a customer.