PERSONAL DATA PROTECTION POLICY


Our philosophy and our commitments

Pley Hotel is committed to protecting your personal data and is committed to ensuring a high level of protection of your personal data in accordance with European Regulation 2016/679 and the Data Protection Act No. 78-17. 

As such, you will find below our policy for protecting your personal data explaining in particular what personal data we collect, how it is processed and on what basis, its retention and your personal rights. We invite you to read it. 

Our Personal Data Protection Officer is at your disposal to answer all your questions, you can contact him at the following address: RGPD@madeho.fr
You can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or question/contact the regulatory authority (CNIL) via its website  www.CNIL.fr.

This version of the personal data policy may be modified by us if necessary and you will be informed. 


Your data controller

Pley Hotel is the controller of your personal data and whose contact details you will find below: 214 Rue du Faubourg Saint-Honoré, 75008 Paris; it is referred to by name or “We” herein. 

Your personal data and their collection by Pley Hotel

Your personal data may be collected during: 

  • your visit to our site,
  • our exchanges, 
  • our prospecting actions, 
  • the formation or execution of our contracts. 

We do not collect any data not necessary for the processing purpose mentioned during collection or data prohibited by law or regulation. 

The collection of certain data may be mandatory or optional and you are informed of the mandatory information. Your personal data may be collected by third party providers or partners, who undertake to comply with European and national regulations on personal data. 

Our policy is not to transfer your data outside the European Union; if by exception we proceed, this transfer can only take place to a country or an organization covered by an adequacy decision (art.45 GDPR) or presenting sufficient appropriate guarantees (art.46 GDPR) . 

We do not make any automated decisions.

We may potentially collect the following personal data from you: 

  • Civil status, identity, contact details, images 
  • Personal life
  • Professional life
  • Personal economic and financial data 
  • Login details 
  • Unique National Identification Number 
  • Health data 
  • Criminal convictions or offenses 
     

Our processing of your personal data

We process your personal data by inserting them into databases; they are stored, retained and, where appropriate, rectified, deleted, archived, anonymized or pseudonymized, transferred to trusted third parties. 

We are required to process your personal data for the following processing purposes or for purposes specified to you at the time of collection: 

  • Your information on our commercial offers (products, services, etc.) and promotional offers – Communicate with you 

We may use your personal data for commercial prospecting purposes, and in particular to send you information about our products/services, our commercial and promotional offers, quotes and other pre-contractual documents, our news by email, post or telephone. 

  • Execution of your current contracts and customer follow-up 

We use your personal data to ensure the execution of current contracts in accordance with your requests. We may also send you any information about your order or your current contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees where applicable and our legal obligations. We also use your personal data to manage our customer relationship, your requests or complaints, disputes where applicable and to track your customer history. 

  • Improving the use of our services and improving our offers 

We process your personal data to enable you to make optimal use of our services, improve our offers and products/services, and to track your user journey, carry out satisfaction surveys, polls and anonymous statistics. 

  • Your payments 

Your banking details may be collected either directly by us or by a dedicated and selected service provider, who guarantees the complete confidentiality of your banking data and these details are only kept for the time necessary for the duration of the contractual relationship or in the legal limits. 

  • Protection against fraudulent initiatives 

The personal data collected may be used to combat fraud, particularly regarding payments or direct debits made. As such, our payment security providers may be made recipients of this data. 

  • Ensure compliance with the law and court decisions 

Your Data may be used to: 

  • respond to a request from an administrative or judicial authority, a representative of the law, a legal officer or comply with a court decision; 
  • ensure compliance with our general conditions of sale/service; 
  • protect our rights and/or obtain compensation for any damage we may suffer or limit the consequences; 
  • prevent any action contrary to the laws in force, particularly in the context of preventing the risks of fraud. 

We may still process your personal data for the following purposes: 

  • Business relationship
    Sending marketing campaigns by email, post or telephone (including via a service provider) 
     
  • Miscellaneous
    Electronic signature
     
  • Internet
    Create and manage your user account 
     
  • Cookie management
    - Performance cookies — (enabling anonymous statistics and traffic levels on the site) and tracking and personalization cookies collecting information on your use of the site and allowing individualization of our offers,
    - Third-party cookies — to target advertisements likely to interest you based on your identified interests (these cookies are subject to the policy applied by third parties and not to the policy of Pley Hotel for their issue and processing), 
    - Analytical cookies — allowing us to understand and analyze your browsing on our site. 

The basis for processing your personal data

In accordance with the regulations, the processing of your personal data by us is justified if it is based on one of the following grounds: 

  • Your consent to our processing of your data: you agree to the processing of your personal data by means of express consent. You may withdraw this consent at any time by contacting our DPO; or 
  • The existence of a contract between you and us: the processing of data is then justified by the needs of the execution of the contract; Or 
  • Our legitimate interest in processing your personal data where such proportionate interest respects your fundamental rights and privacy; or 
  • The Law or regulations in force when they oblige us to process and store your personal data. 

Terms and periods of retention of your personal data 

We manage your personal data in three phases: 

  • An active phase where the data is kept for the time indicated below on an “active” basis: your personal data is then accessible only by people with an operational need to access it in order to carry out authorized processing. 
  • An archiving phase (for additional time to storage in an “active” database) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited period. 
  • A deletion or anonymization phase: at the end of the additional archiving within the time limits below, your personal data is deleted or anonymized (so that it can no longer constitute personal data identifying you). 

Your personal data is kept for the time necessary for the purposes of its processing, our customer relationship where applicable and the execution of contracts and within the limits specifically set out by regulation; we may keep your personal data in archives for the purposes of retaining accounting, tax or evidentiary supporting documents for the duration of the applicable requirements. As an example, we indicate below the retention periods applicable to the following processing operations (subject to regulations imposing a differentiated retention period): 

Purpose of Processing Basis of Processing Retention of Personal Data in the "Active" Database Additional Archiving
Prospecting Your consent 3 years if you have not actively responded to any solicitations. The period starts anew in case of active solicitation from you. X
Execution of our contractual obligations towards you / services Contract The time necessary to perform the contract and 3 years from the end of the commercial relationship (last activity such as end of contract execution (purchase, service...), login to the site as a registered user) 5 years after the end of the contractual relationship
Customer relationship Contract 3 years from the end of the commercial relationship (last activity from you towards us) 5 years after the end of the contractual relationship

Withdrawal of your consent to the collection or processing of your personal data 

Your consent granted for the collection of your personal data can be withdrawn by writing to our DPO by email or by post to the addresses appearing in the header, mentioning your name, first name, email and address with the nature and precise purpose of the request. your withdrawal request. 
You can also send us any comments on your personal data at Pley Hotel, 214 Rue du Faubourg Saint-Honoré, 75008 Paris

Exercising your rights over your personal data

You have :

  • A right of access, which allows you to obtain: 
  • Confirmation that data concerning you is or is not processed; 
  • Communication of a copy of all personal data held by the data controller. 
  • A right to request the portability of certain data: it allows you to retrieve your personal data in a structured, commonly used and machine-readable format. 
  • A right of opposition: it allows you to no longer be the subject of commercial prospecting from us or our partners, or, for reasons relating to your particular situation, to stop the processing of your data for research and development, anti-fraud and prevention purposes. 
  • A right of rectification: it allows you to have information concerning you rectified when it is obsolete or incorrect. It also allows you to have incomplete information concerning you completed. 
  • A right of erasure: it allows you to obtain the erasure of your personal data subject to legal retention periods. It may particularly apply in the event that your data is no longer necessary for processing. 
  • A right of limitation: It allows you to limit the processing of your data in the following cases: 

In the event of illegal use of your data;
If you dispute the accuracy of your information; 
If you need to have the data to establish, exercise or defend your rights. 
They will then no longer be the subject of active processing, and cannot be modified during the exercise of this right. 
A right to obtain human intervention: data controllers may use automated decision-making for the purpose of subscribing or managing your contract. In this case, you can ask the Data Protection Officer what were the determining criteria for the decision. 

You can exercise these rights by email: RGPD@madeho.fr or by letter to the following address: 214 Rue du Faubourg Saint-Honoré, 75008 Paris, indicating your name, first name, address and email (if applicable your customer references) as well as the subject of your request in clear and readable terms. Pley Hotel undertakes to respond to your verified request within one month of receipt. 
In the event of difficulty, you can contact our personal data protection delegate directly by email: RGPD@madeho.fr or contact the National Commission for Information Technology and Liberties (CNIL). 

Our subcontractors and partners

Pley Hotel may transmit your personal data to subcontractors carrying out services involving the processing of your data and in compliance with the purposes set out herein; these subcontractors must provide your personal data with the same level of confidentiality as Pley Hotel and have undertaken to be in full compliance with the regulations on personal data, in particular with the GDPR. 

We do not trade in your personal data; if you would like to find out more and specifically know the identity of the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: RGPD@madeho.fr .

The service providers or partners likely to access your personal data may in particular be: 

  • service providers likely to manage outsourced services for the execution of our services and contracts,
  • service providers helping us to improve our services, carry out data analyzes and optimize our offers, carry out surveys and statistics,
  • auditors, accountants, consultants, lawyers, audit firms, IT and outsourcing service providers, security service providers,
  • investors and buyers. 

We may also be required to transmit your personal data to French authorities, administrations and courts, particularly in the context of legal action or legal formalities requiring this communication. 

 

Contact us

* Required fields

Contact us

* Required fields

Quick Response Code