1° MAIAN, joint stock company, registered on Annecy Trade and Companies Register under number 908 864 911, with registered office at 130 avenue de Genève, 74000 Annecy, and with VAT number FR17908864911.
Hereinafter referred to as the “Controller”
And
2° Any natural person
AND/OR
Hereinafter referred to as the “Data Subject”.
The parties have agreed as follows:
The present Privacy Policy shall apply, without restrictions or reservations, between the Data Subject and the Controller.
The purpose of the present Privacy Policy is to provide information regarding the way in which the Controller collects and processes the Data Subject's Personal Data, in compliance with the legislation in force, and in particular European Regulation n° 2016/679 and law n°78-17 (hereinafter referred to as the “Legislation”), in relation to:
In compliance with the Legislation, the Controller shall undertake to respect the following principles in the Processing of all Personal Data:
As the Data Subject browses the Website and/or in the Controller’s performance of a Service, the Controller is required to collect and process certain Personal Data, notably:
The Data Subject’s Personal Data may be collected and processed by the Controller on various occasions, notably:
Purpose of Processing
Legal basis for Processing
Duration of storage of Personal Data
Performance of the Services and compliance with accounting standards
10 years from the date of reservation
Management of consumption and access to rooms
3 years from the end of the Data Subject’s stay
Management of commercial relations and sales leads
3 years from the date of last contact with the Data Subject
Improvement and personalisation of the Services
3 years from the date of last contact with the Data Subject
Complaints management
3 years from the date of last contact with the Data Subject
Security of premises
1 month
Security and improvement of the Website
13 month
Statistics
3 years from the date of last contact with the Data Subject
Compliance with the Legislation
Duration defined by the Legislation
The Controller reserves the right to anonymise the personal data subject to Processing before erasing it.
In principle, the Controller is the sole Recipient of all Personal Data.
In its performance of a Service, the Controller may be obliged to transfer the Personal Data to external or internal Recipients.
The following Recipients may be required to process your personal data:
The Controller shall undertake to require sufficient guarantees from the Recipients that they will implement appropriate technical and organizational measures in such a manner that Processing meets the applicable legal and regulatory requirements and ensures the protection of the rights of the Data Subject.
The Controller may communicate the Personal Data that is subject to Processing with any Recipient or Third Party whenever there is a legal obligation to do so or when the Controller believes, in good faith, that it is necessary to do so in order to:
The Controller shall store all Personal Data on secure servers located within the European Union.
The Controller shall only transfer the Personal Data outside of the European Union if express prior authorisation is granted by the Data Subject.
The Data Subject has a number of rights over their Personal Data that he or she may exercise, unless otherwise stated in the applicable legislation or regulations, by submitting a request to the DPO.
The DPO shall assist the Data Subject in exercising their rights over their Personal Data with the Controller.
If there is reasonable doubt over your identity, the DPO may ask you to attach a copy of an official ID document to support your request.
Requests shall be processed as quickly as possible, and no later than the deadlines stipulated by the Legislation.
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the Personal Data and the following information:
The Controller shall provide a copy of the Personal Data undergoing Processing. For any further copies requested by the Data Subject, the controller reserves the right to charge a reasonable fee in line with administrative costs.
The Data Subject shall have the right to obtain from the Controller the rectification and/or erasure of inaccurate or outdated Personal Data without undue delay, unless the circumstances prevent the Data Subject from exercising this right, notably:
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the Processing of his or her Personal Data which is based on the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Controller.
The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims.
The Data Subject shall also have the right to object at any time to the Processing of his or her Personal Data by the Controller for the purpose of direct marketing, where the Data Subject is related to such direct marketing.
Finally, where Personal Data are processed for scientific or historical research purposes or statistical purposes, the Data Subject, on grounds relating to his or her particular situation, shall have the right to object to the Processing of his or her Personal Data, unless the Processing is necessary for the performance of a task carried out for reasons of public interest.
Any consumer has the option of registering free of charge on the BLOCTEL telephone cold calling opposition list
The Data Subject shall have the right to obtain from the Controller restriction of the Processing of his or her Personal Data where one of the following applies:
Any Data Subject who has obtained the restriction of Processing of their Personal Data shall be informed by the Controller before the restriction of Processing is lifted.
The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another controller without hindrance from the Controller, where:
In exercising his or her right to data portability, the Data Subject shall have the right to have their Personal Data transmitted directly from the Controller to another controller, where technically feasible.
The Data Subject shall have the right to lodge a complaint with the Supervisory Authority if he or she believes that the Controller is illegally Processing Personal Data.
The Data Subject shall have the right to define instructions for the management of his or her Personal Data following his or her death with the Controller, who will employ all available technical means to ensure that this wish is respected.
The Controller shall take all suitable technical and organizational measures to protect the Personal Data from destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether these actions are intentional or accidental.
The purpose of these technical and organizational measures is to ensure the confidentiality, integrity, availability and resilience of the Website and the information systems on which the Filing Systems are stored.
In order to provide the Data Subject with a secure Browsing experience, the Website is encrypted using SSL (Secure Socket Layer).
The Controller reserves the right to occasionally modify the present Privacy Policy.
In the event that the present Privacy Policy is modified significantly, the Data Subject will be personally informed of the new Privacy Policy.
All Data Subjects are invited to regularly consult the present Privacy Policy to familiarize themselves with any possible modifications.
Data Subjects may send any questions they have on the present Privacy Policy to the DPO at the following address: reservation@hoteltarentaise.com
Should any of the stipulations of the present Privacy Policy be found to be invalid in relation to a rule of law in force or a definitive legal decision, it shall be deemed unwritten, however the validity of the Privacy Policy as a whole and the remainder of its provisions shall not be affected.
In accordance with law no. 2020-901 of July 24, 2020 aimed at regulating telephone canvassing and combating fraudulent calls, any professional reserves the right to canvass a consumer registered on the telephone canvassing opposition list when the canvassing takes place as part of the performance of a current contract and is related to the subject of the said contract, including when it involves offering the consumer products or services related to or complementary to the subject of the current contract or of a nature to improve its performance or quality.