Data protection policy
Within the framework of its activity, NOCTIS EVENT is led to collect and process personal data relating to visitors to the hotelvillam-paris15.com website.
The main objective of this document is to gather in a concise, transparent, understandable and easily accessible format information concerning the data processing implemented to allow you to understand the conditions under which your data is processed.
2. Fair and transparent collection of your data
In a concern of loyalty and transparency towards its visitors, NOCTIS EVENT takes care to inform the persons concerned of each processing that it implements by information mentions.
This data is collected fairly. No collection is made without the knowledge of the persons and without their being informed.
3. Legitimate and proportionate use of your data
When NOCTIS EVENT is led to process data, it does so for specific purposes: each data processing implemented pursues a legitimate, determined and explicit purpose.
For each of the processes implemented, it undertakes to collect and use only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
NOCTIS EVENT ensures that data is updated as necessary and implements procedures to enable deletion or correction of inaccurate data.
4. The personal data we process
Within the framework of the processing of personal data, the purposes of which will be presented to you below, NOCTIS EVENT collects and processes the following categories of data:
5. Legal basis and purposes of our data processing
The data processing implemented by NOCTIS EVENT pursues the purposes identified below and is founded on the following legal bases:
- Collect subscriptions to the newsletter(s),
- Highlighting the place, the services, the news,
- Management of information requests,
- Access portal to the d-edge website for hotel reservations,
- Access portal to the sevenrooms website for restaurant reservations,
- Access portal to the websites of other hotels in the Group,
6. The recipients of your data
The following are recipients of your data, each for what concerns them
- the subcontractors of NOCTIS EVENT, the suppliers and providers of the website,
- Google, Facebook, Axeptio,
- The management of the hotel, the restaurants and bars, the organization of events and in general those responsible for the services and activities offered,
- the hotel management,
- the direction of the restoration,
- the event management department,
- the communication department,
- the information systems department,
- the digital marketing department,
- other entities of the Paris Society group, where applicable.
We make sure that only authorized persons have access to this data.
7. Transfers of your data
- In the context of the use of Google's services for audience measurement and authentication (Google connect), data (click here for more information) is transferred outside the European Union to the United States, a country which does not provide an equivalent level of data protection to that applied at European level.
- The European Commission's standard contractual clauses have been signed to govern this transfer of data and additional safeguards have been taken to ensure that the data is transferred with a level of protection equivalent to that practiced in Europe.
8. The periods for which we keep your data
NOCTIS EVENT ensures that data is only kept in a form that allows the identification of the data subjects for as long as is necessary for the purposes for which they are processed.
The retention periods we apply to your personal data are proportionate to the purposes for which they were collected.
Specifically, we organize our data retention policy as follows:
9. Security of personal data
NOCTIS EVENT has put in place technical and organizational measures appropriate to the sensitivity of the personal data, in order to ensure the integrity and confidentiality of the data and to protect it against malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
Nevertheless, the security and confidentiality of personal data depend on the good practices of each person, so the person concerned is invited to remain vigilant on the issue.
When NOCTIS EVENT uses a service provider, it only communicates personal data to the latter after having obtained a commitment and guarantees on its capacity to meet these security and confidentiality requirements.
We enter into contracts with our subcontractors in compliance with our legal and regulatory obligations, which precisely define the terms and conditions of the processing of personal data by the latter.
12. The rights you are entitled to
NOCTIS EVENT is particularly concerned about respecting your rights in the context of the data processing that it implements, in order to guarantee fair and transparent processing, taking into account the particular circumstances and context in which your personal data are processed.
12.1 Your right of access
As such, you have the confirmation that your personal data is or is not processed and when it is, you have the right to request a copy of your data and information about :
- the purposes of the processing ;
- the categories of personal data concerned;
- the recipients or categories of recipients and, if applicable, if such communications are to be made, the international organizations to which the personal data have been or will be communicated, in particular those recipients who are established in third countries;
- where possible, the period of time for which the personal data will be retained or, where this is not possible, the criteria used to determine this period;
- the existence of the right to ask the data controller for the rectification or erasure of your personal data, the right to request a limitation of the processing of your personal data, the right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- information about the source of the data when not collected directly from the data subjects;
- the existence of automated decision-making, including profiling, and in the latter case, relevant information about the underlying logic and the significance and intended consequences of such processing for data subjects.
12.2 Your right to rectify your data
You can ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.
12.3 Your right to erasure of your data
You can ask us to delete your personal data in the cases provided for by the legislation and regulations.
Please note that the right to the deletion of data is not a general right and can only be exercised if one of the reasons provided for in the applicable regulations is present.
12.4 Your right to limit data processing
You may request the restriction of the processing of your personal data in the cases provided for by the laws and regulations.
12.5 Your right to object to data processing
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, the legal basis of which is the legitimate interest pursued by the controller (see article above on the legal basis of processing).
If you exercise such a right to object, we will ensure that we no longer process your personal data in connection with the processing concerned unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds will have to outweigh your interests and rights and freedoms, or the processing will be justified for the establishment, exercise or defence of legal claims. You have the right to object to personalized solicitation.
12.6 Your right to portability of your data
You have the right to the portability of your personal data. We draw your attention to the fact that this is not a general right. Indeed, not all data from all treatments are portable and this right concerns only automated treatments to the exclusion of manual or paper treatments.
This right is limited to processing operations whose legal basis is your consent or the performance of pre-contractual measures or a contract.
This right does not include derived or inferred data, which are personal data created by NOCTIS EVENT.
12.7 Your right to withdraw your consent
Where the data processing operations we carry out are based on your consent, you may withdraw it at any time. We will then stop processing your personal data without affecting the previous operations to which you have consented.
12.8 Your right to appeal
You have the right to lodge a complaint with the Cnil (3 place de Fontenoy 75007 Paris) on French territory, without prejudice to any other administrative or legal recourse.
12.9 Your Right to Set Post-Mortem Instructions
You have the possibility of defining particular directives relating to the conservation, the erasure and the communication of your personal data after your death according to the methods defined below. These special instructions will only concern the processing carried out by us and will be limited to this scope.
You will also have, when this person has been designated by the Executive, define general guidelines for the same purpose.
12.10 How to exercise your rights
All the rights listed above can be exercised at the following e-mail address firstname.lastname@example.org or by mail to NOCTIS EVENT 38 avenue des Champs Elysées 75008 PARIS, by proving your identity by any means.
13. Amendment of this document
We invite you to consult this policy regularly on our website. It may be updated from time to time.
Updated on 13/03/2023.