Legal
Privacy policy

scroll down

Introduction

This privacy policy applies to the company AU COEUR DE MEGEVE and all of its subsidiaries (hereinafter referred to as the "Group", "we", "us" or "our"), including the company HOTEL DE L ABBAYE ST GERMAIN, to which it provides operational or management services. The Group takes your privacy very seriously and treats all your personal data with the utmost care and in accordance with applicable data protection legislation. This privacy policy will inform you about how we treat your personal data and your rights in relation to the personal data you provide and/or have provided to us as a user of this website, subscriber to an e-mail, hotel guest, participant in an event, visitor in one of our restaurants or spas, customer or partner of the Group. Our websites are not directed to persons under the age of 16 and we do not knowingly collect data from children. If you are under 16, you should ask your parent or guardian to help you use the websites. If you enter personal data of a third party (for example, contact details of any other person in your group), you must obtain the express and unequivocal permission of the persons concerned before sharing this data with us. It is important that you read this privacy policy and any other privacy or consistent processing notices that we may provide on specific occasions when we collect or process personal data about you, so that you are fully aware of how and why we use your data.

Who are we?

This website is operated by the Group on behalf of HOTEL DE L ABBAYE ST GERMAIN, a "société par actions simplifiée" established in France under SIRET number 71206274400016 whose registered office is located at the following address: 10 rue Cassette, 75006 Paris, France.

Who is responsible for the processing of your personal data?

The Group, as the data controller, determines the purposes and means of processing personal data about you. For more information, please contact us by email at data@stellerhotels.com

What type of information is collected?

Depending on the nature of your interaction with us, we may collect, use, store and transfer the following types of personal data about you:

  • Identity data: first name, surname, date of birth, marital status and title.

  • Contact details: billing address, e-mail address, business address, home address and telephone numbers.

  • Financial data: encrypted bank account and payment card details.

  • Data on financial transactions carried out: details on payments issued and received by you and other details on the products and services you have purchased from us.

  • Technical data: the Internet Protocol (IP) address, your connection data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technologies on the devices you use to access this website.

  • Profile data: your social media channels, interests, preferences, comments and survey responses.

  • Usage data: information about how you use our website and services, including wifi.

  • Marketing and communication data: your preferences for receiving marketing communications from us and our third parties, as well as your communication preferences.

We also collect, use and share aggregate data, such as statistical or demographic data, for any purpose. Aggregate data may be derived from your personal data but is not considered personal data within the meaning of the law because it does not directly or indirectly reveal your identity. We own all right, title and interest in the aggregated data. However, if we combine or connect aggregated data with your personal data to identify you directly or indirectly, we treat the combined data as personal data that will be used in accordance with this privacy statement.

Except for specific information that you may provide to us as part of the services we provide to you (for example, in relation to your physical, health or dietary needs), we do not collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information and genetic and biometric data). Nor do we collect information on criminal convictions and offences.

If you do not provide personal data

When we need to collect personal data under the law or a contract we have with you and you do not provide such data upon request, we may not be able to perform the contract we have or are trying to conclude with you (for example, to complete your reservation). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at that time.

How is your personal data collected?

We use different methods to collect data about you, including:

  • Direct interactions : you can provide us with your identity, contact information and financial data by completing online forms or by contacting us by mail, telephone, e-mail or other means. This includes, but is not limited to, the personal data you provide when:

    • you make a reservation;

    • you are attending an event at one of our sites;

    • you receive a service from us;

    • you use our wifi service in one of our hotels;

    • you subscribe to our service or publications;

    • you ask for marketing offers to be sent to you;

    • you participate in a contest, promotion or survey;

    • you provide us with an opinion.

  • Automated technologies or interactions: as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and browsing habits. We collect this personal data using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites using our cookies. For more information, please consult our cookie policy.

  • Third parties or publicly accessible sources: we may receive personal data about you from various third parties and public sources such as technical data from the following parties:

    • analytics providers;

    • advertising networks;

    • information providers.

We also use video surveillance to prevent the use of our services and facilities for illegal purposes and to protect our employees and customers. In this context, personal data may be processed by the Group and its suppliers for these purposes.

Legal Basis

The use of personal data under applicable data protection laws must be justified on one of the legal grounds provided for in the GDPR. We are required to indicate the purpose for each use of your personal data in this policy. These are the main reasons for our use of your information:

Consent: where you have consented to our use of your personal information (you provide express, informed and freely given consent for such use, and you may withdraw your consent by notifying us).

Legitimate interests: the interest of our company in the conduct and management of our business in order to enable us to offer you the best service and experience under the best conditions. We ensure that we consider and manage any potential impact on you (positive or negative) and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities for our benefit that may affect you (unless we have your consent or as required or permitted by law).

Contract: processing your data when necessary to perform a contract with you or taking steps at your request before entering into such a contract.

Legal obligation: processing your personal data when necessary to comply with a legal or regulatory obligation to which we are subject.

Legal claims: when your information is necessary for us to defend, sue or make a claim.

Purposes for which we will use your personal data

Below is a description of all the ways in which we plan to use your personal data, as well as the legal bases on which we rely to do so. We also identify our legitimate interests.

Purpose / Activity

Type of data

Lawful basis for processing

To process your reservation, including:

  • Management of payments, fees and charges

  • Recovery and refund of amounts due to us

  • Identity

  • Contact

  • Financial

  • Financial transactions

  • Execution of a contract with you

  • Necessary for our legitimate interests (to collect the receivables due to us)

Manage our relationship with you that will include:

  • Inform you of any changes to our terms of use or privacy policy

  • Ask you to leave a comment or answer a survey

  • Identity

  • Contact

  • Profile

  • Marketing and communications

  • Necessary to comply with a legal obligation

  • Necessary for our legitimate interests (keeping our files up to date and studying how clients use our services)

To allow you to participate in a draw, contest or survey.

    • Identity

    • Contact

    • Profile

    • Usage

    • Marketing and communications

    Necessary for our legitimate interests (to study how customers use our services, develop them and develop our business)

      To administer and protect our company and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting)

        • Identity

        • Contact

        • Technical

        • Necessary for our legitimate interests (for the conduct of our business, the performance of administrative and IT services, network security, fraud prevention and in the context of a corporate reorganisation or group restructuring)

        • Necessary to comply with a legal obligation (to prevent fraud)

        To provide you with relevant website content and advertising and to measure or understand the effectiveness of the advertising we serve you.

          • Identity

          • Contact

          • Profile

          • Usage

          • Marketing and communications

          • Technical

          Necessary for our legitimate interests (studying how customers use our services, developing them, developing our business and informing our marketing strategy)

            To use data analysis to improve our website, services, marketing, customer relations and experiences

              • Technical

              • Usage

              Necessary for our legitimate interests (defining the types of customers for our services, maintaining our website up to date and relevant, developing our business and informing our marketing strategy)

                To make suggestions and recommendations to you on goods or services that may be of interest to you

                  • Identity

                  • Contact

                  • Technical

                  • Usage

                  • Profile

                  • Marketing and communications

                  Necessary for our legitimate interests (to develop our services and develop our activity)

                  Consent, when we send you marketing from third parties

                    Change of purpose

                    We will only use your personal data for the purposes for which we have collected them, unless we reasonably believe that we should use them for another reason and that this reason is consistent with the original purpose. If you would like an explanation on how the processing for the new purpose is compatible with the original purpose, please contact us.

                    If we need to use your personal data for other purposes, we will inform you and explain the legal basis for doing so.

                    Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, when required or permitted by law.

                    Marketing

                    We strive to provide you with choices about certain uses of personal data, particularly with respect to marketing communications and advertising. We have implemented the following personal data control mechanisms:

                    Promotional offers

                    You will receive marketing communications from us, including newsletters and marketing e-mails relating to our services, if (i) you have requested information from us, (ii) used our services, or (iii) provided us with your contact information when you entered a contest or registered for a promotion and, in each case, if you have not chosen not to receive such marketing information.

                    Marketing by third parties

                    We will obtain your express consent before sharing your personal data for marketing purposes with any company outside the Group.

                    Disengagement

                    You may ask us to stop sending you marketing messages at any time by following the exclusion links on any marketing message sent to you or by contacting us at any time.

                    Cookies

                    You can set your browser to refuse all or some cookies, or to notify you when websites are configured or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not work properly. For more information about the cookies we use, please refer to the dedicated page.

                    How do we protect your data?

                    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or obtained in an unauthorized manner, modified or disclosed. In addition, we limit access to your personal data to employees, agents, companies and other third parties who have a business need to access it. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

                    We have procedures in place to deal with any alleged breach of personal data protection and will notify you and any applicable regulatory body of any breach of personal data protection where required by law.

                    Disclosure of your personal data

                    We may share your personal data with the parties mentioned below for the purposes indicated in the table above.

                    • Internal third parties (as indicated in the glossary). Legal framework: legitimate interests (to operate the business and provide related services)

                    • External third parties (as indicated in the glossary). Legal framework: legitimate interests (to operate the business and provide related services)

                    • Third parties to whom we may choose to sell, transfer or merge all or part of our business or assets. We may also seek to acquire or merge with other companies. If there is a change in our company, the new owners may use your personal data in the same way as described in this privacy notice. Legal framework: legitimate interests (to operate the business and provide related services)

                    We ask all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes (unless permitted by law for compliance purposes) and we only allow them to process your personal data for specific purposes and in accordance with our instructions.

                    Transferring your data outside Europe

                    The Group operates only at the European level, but it may sometimes be necessary to transfer personal data to another recipient (such as third party partners or service providers) in a country outside the country where it was originally collected or outside your country of residence or nationality. For many of our business activities, we use cloud services. Therefore, for technical and organisational reasons, it may be necessary for your personal data to be transferred to servers based outside the European Economic Area (EEA).

                    When we transfer your personal data outside the EEA, we ensure that they are afforded a similar level of protection by ensuring that at least one of the following safeguards is implemented:

                    Please contact us if you would like more information about the specific mechanism we use when transferring your personal data outside the EEA.

                    Storage period for personal data

                    We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting or reporting requirements.

                    In determining the appropriate retention period for personal data, we take into consideration the amount, nature and sensitivity of the personal data, the potential risk of harm resulting from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these purposes by other means, as well as applicable legal requirements.

                    In some cases, you may ask us to delete your data: see "Deletion Request" below for more information.

                    In certain circumstances, we may make your personal data anonymous (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely.

                    Your legal rights

                    In certain circumstances, you have rights under the laws on the protection of your personal data. Please refer to the "Your Legal Rights" section of the glossary below for more information on these rights:

                    • Request access to your personal data.

                    • Request the correction of your personal data.

                    • Request the deletion of your personal data.

                    • Oppose the processing of your personal data.

                    • Request to limit the processing of your personal data.

                    • Request for transfer of your personal data.

                    • Right to withdraw your consent.

                    • Right to file a complaint.

                    Procedure and timetable for exercising rights

                    You can contact us at the following address data@stellerhotels.com in order to exercise these rights. We will ask you for information to identify you.

                    Requests will be processed within one month. We are authorized to extend this period by an additional two months if the complexity of the situation so requires and we will inform you if the period is extended. If your request is clearly unfounded or excessive, we may either charge you a fee or refuse to process your request. For access requests, we may also charge you for additional copies. If we decide not to honour your request or not to respond to your request, we will explain the reasons in our response.

                    Glossary of terms

                    Internal third parties

                    Any company in the Group providing intra-group services, including marketing, finance, IT, system administration, HR services and leadership reports.

                    External third parties

                    • Service providers acting as processors that provide IT, system administration, analysis, marketing, reservation and other business services.

                    • Professional advisors, including lawyers, bankers, auditors and insurers who provide consulting, banking, legal, insurance and accounting services.

                    • All authorities and public administrations that require the declaration of the company's activities and its possible transformation in certain circumstances.

                    Your legal rights

                    You have the right to:

                    • Request access to your personal data (commonly referred to as the "data subject's request for access"). This allows you to receive a copy of the personal data we hold about you and to verify that we are processing them legally.

                    • Request the correction of your personal data. This allows you to have incomplete or inaccurate data about you corrected, although we need to verify the accuracy of the new data you provide us.

                    • Request deletion of your personal data. This allows you to ask us to modify or delete personal data when there is no valid reason for us to continue processing them. You also have the right to ask us to delete your personal data when you have successfully exercised your right to object to the processing (see below), when we have processed your information unlawfully or when we are required to delete your personal data to comply with applicable legislation. Please note, however, that we are not always able to respond to your request for deletion for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

                    • Oppose the processing of your personal data when we rely on a legitimate interest (or those of a third party) and there is something in your particular situation that prompts you to oppose processing on this ground, as you consider that it affects your fundamental rights and freedoms. You also have the right to object to the processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate reasons to process your personal information, which takes precedence over your rights and freedoms.

                    • Request restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) if our use of the data is illegal but you do not want us to delete it; (c) if you need us to keep the data even if we no longer need it because you need it to establish, exercise or defend rights; or (d) if you have challenged our use of your data, but we must check whether we have compelling legitimate reasons to use it.

                    • Request the transfer of your personal data to you or a third party. We will provide you or the third party you have chosen with your personal data in a structured, commonly used and machine-readable format. Please note that this right only applies to automated information that you initially authorized us to use or when we used it to perform a contract with you.

                    • Withdraw your consent at any time when we need your consent to the processing of your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain services. We will notify you if this is the case when you withdraw your consent.

                    • File a complaint. You have the right to file a complaint with the competent supervisory authority such as the Commission Nationale de l'Informatique et des Libertés in France (see https://www.cnil.fr). We encourage our customers to contact us first if they have any concerns or complaints.

                    We reserve the right to modify or amend this Privacy Policy at any time or for any reason. The changes will take effect on the posting date.

                    By using our website, you accept our privacy policy. Feel free to contact us if you have any questions about our practices. You can contact us at the following address data@stellerhotels.com.

                    Last updated on: January 2021