Personal Data Protection Policy
Our philosophy and our commitments
Hôtel Edgar & Achille is committed to protecting your personal data and is committed to ensuring a high level of protection of your personal data in accordance with European Regulation 2016/679 and the Data Protection Act No. 78-17.
As such, you will find below our policy for protecting your personal data explaining in particular what personal data we collect, how it is processed and on what basis, its retention and your personal rights. We invite you to read it.
Our Personal Data Protection Officer is at your disposal to answer all your questions, you can contact him at the following address: RGPD@madeho.fr You can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or question/contact the regulatory authority (CNIL ) via its website www.CNIL.fr. This version of the personal data policy may be modified by us if necessary and you will be informed.
Your data controller
Hôtel Edgar & Achille is responsible for processing your personal data and whose contact details you will find below: 31 rue d'Alexandrie 75002 Paris; it is referred to by name or “We” herein.
Your personal data and their collection by Hôtel Edgar & Achille
Your personal data may be collected during:
- your visit to our site,
- our exchanges,
- our prospecting actions,
- the formation or execution of our contracts.
We do not collect any data that is not necessary for the processing purpose mentioned during collection or data prohibited by law or regulation.
The collection of certain data may be mandatory or optional and you are informed of the mandatory information. Your personal data may be collected by third-party service providers or partners, who undertake to comply with European and national regulations on personal data.
Our policy is not to transfer your data outside the European Union; if by exception we do so, this transfer may only take place to a country or organization subject to an adequacy decision (art. 45 GDPR) or presenting sufficient appropriate guarantees (art. 46 GDPR).
We do not make any automated decisions.
We may potentially collect the following personal data from you:
- Civil status, identity, contact details, images
- Personal life
- Professional life
- Personal economic and financial data
- Login details
- Unique national identification number
- Health data
- Criminal convictions or offenses
Our processing of your personal data
We process your personal data by inserting them into databases; they are stored, preserved and, if necessary, rectified, deleted, archived, anonymized or pseudonymized, transferred to trusted third parties.
We may process your personal data for the following processing purposes or for purposes specified to you during collection:
- Your information on our commercial offers (products, services, etc.) and promotions – Communicating with you
We may use your personal data for commercial prospecting purposes, and in particular to send you information about our products/services, our commercial and promotional offers, quotes and other pre-contractual documents, our news by email, post or telephone.
- Execution of your current contracts and customer follow-up
We use your personal data to ensure the execution of current contracts in accordance with your requests. We may also send you any information about your order or your current contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees where applicable and our legal obligations. We also use your personal data to manage our customer relationship, your requests or complaints, disputes where applicable and to track your customer history.
- Improving the use of our services and improving our offers
We process your personal data to enable you to make optimal use of our services, improve our offers and products/services, and to track your user journey, carry out satisfaction surveys, polls and anonymous statistics.
- Your payments
Your banking details may be collected either directly by us or by a dedicated and selected service provider, who guarantees the complete confidentiality of your banking data and these details are only kept for the time necessary for the duration of the contractual relationship or in the legal limits.
- Protection against fraudulent initiatives
The personal data collected may be used to combat fraud, particularly regarding payments or direct debits made. As such, our payment security providers may be made recipients of this data.
- Ensure compliance with the law and court decisions
Your Data may be used to:
- respond to a request from an administrative or judicial authority, a representative of the law, a judicial officer or comply with a court decision;
- ensure compliance with our general conditions of sale/service;
- protect our rights and/or obtain compensation for any damages we may suffer or limit the consequences;
- prevent any action contrary to the laws in force, particularly in the context of preventing the risk of fraud.
We may still process your personal data for the following purposes:
- Business relationship
Sending marketing campaigns by email, post or telephone (including via a service provider)
- Miscellaneous
Electronic signature
- Internet
Create and manage your user account
- Cookie management
- Performance cookies — (allowing anonymous statistics and traffic levels on the site to be established) and tracking and personalization cookies collecting information on your use of the site and allowing individualization of our offers,
- Third-party cookies — to target advertisements likely to interest you based on your identified interests (these cookies are subject to the policy applied by third parties and not to the policy of Hôtel Edgar & Achille for their issue and processing,
- Analytical cookies — allowing us to understand and analyze your browsing on our site.
The basis for processing your personal data
In accordance with the regulations, the processing of your personal data by us is justified if it is based on one of the following bases:
- Your consent to the processing of your data by us: you accept the processing of your personal data by means of express consent. You can withdraw this consent at any time from our DPO; Or
- The existence of a contract between you and us: the processing of data is then justified by the needs of the execution of the contract; Or
- Our legitimate interest in processing your personal data where such proportionate interest respects your fundamental rights and privacy; or
- The Law or regulations in force when they oblige us to process and store your personal data.
Terms and duration of storage of your personal data
We manage your personal data in three phases:
- An active phase where the data is kept for the time indicated below in an “active” basis: your personal data is then accessible only by people who have an operational need to access it in order to carry out the authorized processing.
- An archiving phase (for additional time to storage in an “active” database) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited period.
- A deletion or anonymization phase: at the end of the additional archiving within the time limits below, your personal data is deleted or anonymized (so that it can no longer constitute personal data identifying you).
Your personal data is kept for the time necessary for the needs of their processing, our customer relations where applicable and the execution of contracts and within the limits specifically established by regulations; we may keep your personal data in archives for the purposes of preserving accounting, tax or evidentiary supporting information for the duration of applicable requirements. As an example, we indicate below the storage periods applying to the following treatments (subject to regulations imposing a differentiated storage time):
Purpose of processing | Basis of processing | Conservation of personal data in the “active” database |
Additional archiving
|
Prospecting | Your consent | 3 years if you have not actively responded to any solicitation. The period starts again in the event of active solicitation on your part. | X |
Performance of our contractual obligations to you / services | Contract | The time required for the execution of the contract and 3 years from the end of the commercial relationship (last activity (such as end of contract execution (purchase, service, etc.), connection to the site as a registered user) | 5 years after the end of the contractual relationship |
Customer relationship | Contract | 3 years from the end of the business relationship (last activity on your part with us) | 5 years after the end of the contractual relationship |
Withdrawal of your consent to the collection or processing of your personal data
Your consent granted for the collection of your personal data can be withdrawn by writing to our DPO by email or by post to the addresses appearing in the header, mentioning your name, first name, email and address with the nature and precise purpose of the request. your withdrawal request.
You can also send us any comments on your personal data to the Hôtel Edgar & Achille, 31 rue d'Alexandrie 75002 Paris.
Exercising your rights over your personal data
You have :
- A right of access, which allows you to obtain:
- Confirmation as to whether or not data concerning you is being processed;
- Communication of a copy of all personal data held by the data controller.
- A right to request the portability of certain data: it allows you to retrieve your personal data in a structured, commonly used and machine-readable format.
- A right of opposition: this allows you to no longer be the subject of commercial prospecting from us or our partners, or, for reasons relating to your particular situation, to stop the processing of your data for research and development, anti-fraud and prevention purposes.
- A right of rectification: it allows you to have information concerning you rectified when it is obsolete or erroneous. It also allows you to have incomplete information concerning you completed.
- A right of erasure: it allows you to obtain the erasure of your personal data subject to legal retention periods. It may particularly apply in the event that your data is no longer necessary for processing.
- A right of limitation: It allows you to limit the processing of your data in the following cases:
In the event of unlawful use of your data;
If you dispute the accuracy of your data;
If you need to have the data to establish, exercise or defend your rights.
They will then no longer be actively processed, and may not be modified for the duration of the exercise of this right.
A right to obtain human intervention: the data controllers may use automated decision-making for the purpose of subscribing to or managing your contract. In this case, you can ask the Data Protection Officer what the determining criteria for the decision were. You
can exercise these rights by email to the attention of DPO: RGPD@madeho.fr or by letter to the following address: 31 rue d'Alexandrie 75002 Paris, France, indicating your surname, first name, address and email (your customer references where applicable) as well as the subject of your request in clear and legible terms. Hôtel Edgar & Achille undertakes to respond to your verified request within one month of receipt.
In case of difficulty, you can contact our personal data protection officer directly by email: RGPD@madeho.fr or contact the National Commission for Information Technology and Civil Liberties (CNIL).
Our subcontractors and partners
Hôtel Edgar & Achille may transmit your personal data to subcontractors carrying out services involving the processing of your data and in compliance with the purposes set out herein; these subcontractors must provide your personal data with the same level of confidentiality as Hôtel Edgar & Achille and have undertaken to be in full compliance with the regulations on personal data, in particular with the GDPR.
We do not trade in your personal data; if you would like to find out more and specifically know the identity of the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: RGPD@madeho.fr
The service providers or partners likely to access your personal data may in particular be:
- service providers likely to manage outsourced services for the execution of our services and contracts,
- service providers helping us to improve our services, carry out data analyzes and optimize our offers, carry out surveys and statistics,
- auditors, chartered accountants, consultants, lawyers, audit firms, IT and outsourcing providers, security providers,
- investors and buyers.
We may also be required to transmit your personal data to French authorities, administrations and courts, particularly in the context of legal action or legal formalities requiring this communication.