Retour

Privacy Policy

Customers, Prospects, Partners and Service Providers

 

  1. Preamble and object

Miléade is a simplified joint stock company operating under the trade name “L’Hôtel La Frégate” and is a professional in the organization, management and development of leisure, vacation, tourism and hospitality activities in all its forms and hotel stays. As such, Miléade provides reservation and organization services for tourist stays and accommodation.

As such and for the needs of its business, Miléade processes the data of people benefiting from its services (the ”  Customers  “), people likely to be interested in its services (the ”  Prospects  “), any natural person contact with a service provider or supplier providing services for its benefit as part of its services (the ”  Providers  “) or partners who market the services or present Customers to Miléade (the ”  Partners  “) (hereinafter referred to together as “you”, “your”).

Miléade undertakes to process your personal data in accordance with the applicable regulations, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (”  GDPR  “), the Data Protection Act of 6 January 1978 in its updated version and any recommendation or deliberation of the CNIL (the ”  Data Privacy Regulation  “).

The purpose of this privacy policy is therefore to detail the conditions under which Miléade carries out the processing described below (the “  Privacy Policy  ”).

This Privacy Policy is accessible via a hyperlink at the bottom of each page of the websites and from the Miléade mobile application (the “  Environments ”).

 

 

  1. Definitions

Capitalized terms, such as “Personal Data” (or “Data”), “Processing”, “Data Subjects”, “Data Controller”, “Subcontractor”, “Recipient”, “Data Breach”, without this list being limiting, have the meaning given to them by the Data Privacy Regulation, and in particular the GDPR.

  1. Identity of the Data Controller

SAS Miléade, a simplified joint stock company, with capital of 15,685,590.00 euros, registered in the Trade and Companies Register of Le Puy-en-Velay, under number 843 049 040, whose head office is located at 5 Avenue Victor Hugo, 43100 Brioude, acts as Data Controller with regard to the processing of Customers, Prospects, Partners and Service Providers implemented within the framework of its activity.

  1. Characteristics of Treatments

The Processing implemented by Miléade is presented in the table below, which includes the following information:

  • The purpose(s) of the Processing, i.e. the specific, explicit and legitimate objectives of the Processing which govern it throughout the duration of the Processing;
  • The legal basis for the Processing, i.e. the legal basis for the Processing which justifies its implementation and makes it legitimate;
  • The category of Personal Data processed;
  • The method of collecting Personal Data, which may be direct (i.e. communicated by you) or indirect (i.e. collected or generated, from any other means and via any other technology);
  • The retention period of Personal Data, which must be determined and proportionate to the purposes of the Processing, it being specified that at the end of the period, the Personal Data are either deleted or anonymized for statistical purposes. The deletion and anonymization operations are irreversible operations making the subsequent restoration of the Data impossible.

Regarding the collection forms, the Data collected whose provision is mandatory are identified by the presence of an asterisk (*). If this mandatory Data is not provided, the collection form cannot be sent. For example, the reservation of a stay by a Customer cannot be finalized.

 

Treatment Purposes Legal basis Method of collection and list of Data processed The duration of the conversation
Cookies – Use of Environments Deposit and reading of cookies essential to the provision and operation of the Environments (see Cookies Policy) Legitimate interest Data collected directly during your browsing on the Environments:

· Internet browser cookie data: cookie identifiers, time/date, services/products selected, consent and types of cookies approved;

· Device data: device type, screen resolution, operating system version, browser rendering core, its version and basic settings;

· Log data: time and duration of use of the Site and search data;

· Location data: data relating to your access country as indicated by your device;

· Behavioural data (as applicable): data relating to your use of the Site that we may process if you visit or use third party sites or applications to cooperate with us, and data relating to how you engage with the content of the Site (such as pages visited, whether you come from a marketing campaign, key clicks, etc.);

 

 13 months from the deposit of cookies
Delivery of personalized or non-personalized advertising. Consent 13 months from the date of collection of your consent

 

The retention periods of cookies placed on our Environments by third parties are determined by these third parties.
Audience measurement – Analysis of the performance of the content you view on our Environments Consent 13 months from the date of collection of your consent

 

The retention periods of cookies placed on our Environments by third parties are determined by these third parties.
Management of reservations, organization and progress of hotel stays

 

 – Organization and management of reservations – Execution of the contract

– Legal obligation

– Consent to the processing of sensitive data in the context of the reservation

 Data collected directly during the booking and organization of the stay:

– Identification: Name – first name – date of birth

– Contact details: postal address and email – mobile or landline telephone number – postal code – country of residence

– Personal life: family composition (name, first name and age)

– History: History of past stays, including loyalty and sponsorship, history of consumption on site, travel preferences, history of email openings / newsletter subscriptions / communications sent including brochures)

– Financial: payment methods / payment history

– Sensitive data: health data (disability, allergies, etc.) for the sole purpose of organizing the stay (choice of a room with special arrangements, meal planning).

 – 5 years from the last contact with the customer

– At the end of the stay for sensitive data

– Until the conclusion of the claim or dispute with regard to data processed in the context of a claim or dispute.
– Collection of satisfaction at the end of the stay – Execution of the contract
– Management of complaints and disputes – Execution of the contract

– Legitimate interest
Management of Service Provider relations  (NB: in this case, the personal data concerns the natural person contacts with whom Miléade communicates and not the service providers as such when they are legal entities). – Measures for selecting service providers and establishing service provision contracts – Pre-contractual measures Data collected directly from the Service Provider during the preparation and/or execution of the contract:

– Identification: Name – first name –

– Professional contact details: professional postal address and email and professional telephone number

– Professional life: Function – job title

 

 – 5 years from the end of the contractual relationship

– 3 years from registration on the blacklist

– Until the conclusion of the dispute with regard to data processed in the context of a dispute
– Implementation and monitoring of the provision of services, monitoring of contract execution – Execution of the contract
– Black list – Legitimate interest
– Audits (contracts, GDPR, etc.) – Execution of the contract

– Legal obligation
– Dispute management – Legitimate interest
Compliance with our legal and regulatory obligations & defense of our rights Retention of mandatory documents (incl. invoices) as part of the management of Miléade’s accounting and tax obligations.

 

 Compliance with Miléade’s legal obligations For the duration of the current financial year, and 10 years from the end of that financial year.
Managing your requests to exercise your rights Compliance with Miléade’s legal obligations For 1 year to 6 years from your request, depending on the right exercised.
Establishment and conservation of any means of proof necessary for the defense of Miléade’s rights in the context of claims or actions brought against it by you.

 

 Legitimate interest For the duration of the applicable legal requirements or for the entire duration of the dispute, where applicable.
Management of communications and requests from public, judicial or any other competent regulatory authority.

 

 Legitimate interest During the duration of the procedure before the relevant authority.

 

  1. Recipients of Personal Data

As part of its activities, Miléade may communicate the Personal Data of Customers, Prospects, Partners or Service Providers to authorized Recipients subject to an appropriate obligation of confidentiality as well as to rules of access, use of Data and strict security.

 

Internal recipients

  

External recipients
Miléade personnel whose duties, functions and missions justify their processing of the Personal Data of Customers, Prospects, Partners and Service Providers (department or team in charge of marketing and management of Customer and Prospect relations, Service Provider contracts, management of online services, IT, etc.)

 

 Service providers and, where applicable, Subcontractors that Miléade may use in the context of managing relationships with Customers, Prospects, Partners and Service Providers (IT service provider, service provider responsible for invoicing, activities such as transport companies, insurance, etc.)

 

Public, administrative or judicial authorities within the framework of their attributions.

 

Accountants, lawyers and legal and financial service providers; tax and financial service providers, brokers, banks, insurance agents

 

In the event of a fundraising project, acquisition or sale of a Miléade business or assets by any means whatsoever, including by sale of the company carrying out this business or owning these assets, the potential purchaser(s) and their advisors as part of an audit preceding the transaction. In the context of one of the aforementioned activities, Personal Data may be part of the transferred assets and will be processed as such by the purchaser, who will act as the new data controller in accordance with its own privacy policy.

 

In any event, the above Recipients only access the Data to achieve the purposes listed above and within the limits set by the Data Privacy Regulations. For all useful purposes, it is specified that the Subcontractors only process the data on the instructions of the data controller.

  1. Cookies

Miléade uses Cookies on the Environments under the conditions indicated in its Cookies Policy .

 

  1. Rights of Customers, Prospects, Partners and Service Providers & terms of exercise

In accordance with the Data Privacy Regulation, Customers, Prospects, Partners and Service Providers benefit from the following rights over their Personal Data.

  • A right to request Miléade to access the Data processed concerning them and to obtain information on the characteristics of these Processings. This right includes the right to access a copy of the Data. (Right of access and copy);
  • A right to have your Data concerning them rectified or completed to the extent that it is erroneous or obsolete;
  • A right to obtain the erasure of your Data under the conditions provided for by the Data Privacy Regulation (i.e. when they (i) are no longer necessary for the purposes for which they were collected, (ii) are based exclusively on consent, (iii) are the subject of a request for opposition (right of erasure) except in the case where the law requires us to keep them for a specific period, or when they are necessary for the execution of the contract that binds us, or for a compelling legitimate reason such as the defense of a legal claim.;
  • A right to object, at any time, to the Processing of your Personal Data under the conditions provided for by the Data Privacy Regulations, and in particular when the Processing is based on our legitimate interest or is carried out for commercial prospecting purposes, in which case Miléade:
  • either will have to delete your Data, if you are a Prospect,
  • may either retain your Data but no longer process it for this purpose, if you are a Client or a Service Provider. (

In all other cases, you may exercise this right of opposition for reasons relating to their particular situation, in which case Miléade will grant this request unless the Processing is justified by legitimate and compelling reasons. However, your request must be accompanied by an explanation in order to clarify the reasons, if applicable. (Right of opposition for legitimate reasons);

  • A right to obtain the limitation of the Processing of your Data temporarily in the event of a request for rectification or opposition for legitimate reasons while Miléade analyzes the request, which means in practice that the Personal Data is retained, but that Miléade cannot process it (right to limitation);
  • A right to Data portability, i.e. a right to obtain from Miléade the restitution of your Personal Data in a commonly used format provided that the Processing is automated and based on consent or on the performance of a contract (right to portability);
  • A right to formulate directives concerning the conservation, deletion and communication of their Data post-mortem, it being specified that as soon as Miléade becomes aware of the death of a Prospect, Client, Service Provider or Partner and, in the absence of instructions from them, it undertakes to destroy your Data, unless their conservation proves necessary for evidentiary purposes or to meet a legal obligation.

The request must come exclusively from the Client, Prospect, Service Provider or Partner, unless a mandate is given to a third party in good and due form or recourse is made to a beneficiary, and must be as clear and exhaustive as possible in order to allow Miléade to respond as quickly as possible, between one (1) and three (3) months depending on their level of complexity.

In addition, any request must specify (i) the right you wish to exercise, (ii) the Data concerned by your request and (iii) your contact details (name/first name and email address).

Miléade may possibly ask the Client, Prospect or Service Provider to complete their request if it is not sufficiently precise, if the right they wish to exercise is not easily identifiable or if it is unable to establish their identity, in which case Miléade may be required to ask them to provide additional information and in particular proof of identity, which would be deleted after verification of their identity.

Furthermore, Miléade will not be required to respond to the request of the Client, Prospect, Service Provider or Partner if it is manifestly unfounded or excessive, and in particular if it makes repetitive requests which would have the object or effect of destabilizing the activities of Miléade.

You also have the right to ask any questions and/or file a complaint with the National Commission for Information Technology and Civil Liberties at the following address: Service des plaintes de la Cnil, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22 or online by clicking on the following link:  https://www.cnil.fr/fr/plaintes 

  1. Security

Miléade implements the technical and organizational security measures that it deems appropriate taking into account the Personal Data processed to preserve the confidentiality and security of the Personal Data that it processes and to combat their destruction, loss, alteration or unauthorized disclosure.

For example, the following measures have been put in place by Miléade:

  • Hosting of Personal Data on servers located within the European Union on the soil of a member country;
  • Awareness and training of Miléade employees required to process the Personal Data of Customers, Prospects, Partners and Service Providers as part of their duties;
  • User authentication devices with personal and secure access via strong, confidential and frequently changed identifiers and passwords;
  • Authorization management procedure (definition and review of authorization profiles according to the profile of Miléade employees, removal of obsolete accesses);
  • Access tracking devices, connection logging, incident management;
  • Regular implementation of internal audits and, where appropriate, differentiated penetration tests to monitor and evaluate the effectiveness of the security measures implemented;
  • Physical security of premises (alarm) and workstations (automatic session locking, antivirus and firewall).

When Miléade uses subcontractors, i.e. service providers to whom it has delegated all or part of a Processing and who process the Personal Data of Customers, Prospects, Partners and Service Providers in accordance with its instructions, Miléade undertakes to contractually impose security guarantees on them similar to those it implements to protect their Personal Data and reserves the right to carry out an audit with them in order to ensure that they comply with their obligations.

In the event of a Data Breach, Miléade undertakes to notify the CNIL under the conditions prescribed by the GDPR and, if said breach poses a high risk to Customers, Prospects, Partners and Service Providers, to notify them and, where appropriate, provide them with the necessary information and recommendations.

  1. Transfer of Data outside the European Union

For the purposes of our business, we reserve the right to transfer certain personal data outside the European Union, for example in the event of using a subcontractor whose servers are located outside the European Union.

In addition, your Personal Data related to cookies may be transferred outside the European Union, if you give us your explicit consent to do so or if we ensure adequate guarantees for the protection of data relating to the transferred data.

If you use the Environments while you are outside of France and the EEA, your information will be transferred outside of these territories in order to allow you to access them.

  1. Update

The Privacy Policy may be modified, supplemented or updated at any time by Miléade, in particular to take into account technical, legal and/or jurisprudential developments and/or the implementation of new Processing. Customers, Prospects, Partners or Service Providers are invited to consult it regularly on the environments to be aware of the latest version in force. Miléade will make its best efforts to bring any new version of this policy to your attention by any means of its choice.

  1. Contact Miléade

Prospects, Customers, Partners or Service Providers may address any questions or complaints relating to this Privacy Policy to Miléade or exercise their rights at the following contact details:

  • By mail: Miléade, BP 85 – 43102 BRIOUDE CEDEX
  • By email: rgpd@mileade.com

 

Last updated  : July 2024

Cookies Policy
Actualise cookies preferences