Protection of personal data and privacy charter

When using the https://www.grandluxuryhotels.com website and Grand Luxury mobile applications (the "Service(s)"), we ("GRAND LUXURY", "We", "Our") may collect and process your personal data.

The purpose of this Protection of Personal Data and Privacy and Charter (the "Charter") is to inform the users of the Services ("User(s)", "You", "Your") of the means used to:

  • collect and process Your personal data, in compliance with the applicable French and European legislation, including Act No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, amended by Act No. 2004-801 of 6 August 2004 and by Act No. 2018-493 of 20 June 2018 ("Law Informatique et Libertés"), Regulation (EU) No. 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("RGPD") and Directive 2002/58/EC of 12 July 2002 as amended by Directive 2009/136/EC ("ePrivacy Directive"), and any national transposition text or any subsequent text that may follow them ("Applicable Regulations");

  • view and retain information about Your browsing on the Services that may be saved in "cookie" files (defined in Article 10 below).

It is very important to us to respect your privacy and protect your personal data.

By accessing and/or using the Services, You agree that Your personal data will be collected and processed under the terms and conditions set forth below. If You do not agree to this Policy, You shall cease all use of the Services.

The Charter is an integral part of the Terms of Service ("TOS") and must be read together with such TOS.

We may amend the Charter, in order to comply with any legislative, regulatory, jurisprudential, editorial or technical changes under the conditions described in the TOS. Therefore, before browsing, You should refer to the latest version of the Charter.

  1. DEFINITIONS

    The terms "personal data" ("Personal Data"), "process/processing", "data controller", "processor", "recipient(s)", "consent", and "filing system", have the same meaning as in Article 4 of the GDPR.

  2. DATA CONTROLLER

    The controller of Users’ Personal Data collected on the Services is GRAND LUXURY, a limited liability company (SARL), registered in the Paris Trade and Companies Register under number 499330306, the head office of which is located at 11 rue Saint-Florentin, 75008 Paris, and the contact details of which can be found in Article “CONTACT INFORMATION”.

  3. WHAT PERSONAL DATA IS COLLECTED?

    During the collection of Personal Data, the User will be informed if certain Personal Data must be provided or if they are optional. If Personal Data that is required is not provided, access to certain features of the Services, such as the online partner hotel reservation service, and the use of such Services by the User will be impossible.

    In particular, GRAND LUXURY may be required to collect the following categories of Personal Data relating to the User or the person with whom he or she intends to travel and relative to whom he or she wishes to provide GRAND LUXURY, under his or her exclusive responsibility, Personal Data or information relating to travel documents, which includes the following categories:

    • Identity: title, nationality, surname, first names, postal address, telephone number (fixed and/or mobile), e-mail address, date of birth, internal processing code for client identification (this internal processing code is different from the registration number in the national directory of identification of natural persons, and the credit card number), digitization and/or data on proof of identity and/or passport data such as passport number, place of issue and expiration date;
    • Identifiers and encrypted password;
    • Payment data: transaction number, credit card details (credit card holder's details, number, expiry date and cryptogram);
    • Commercial relationship data: bookings made or in progress, wish lists, services subscribed, amount, periodicity, billing address, booking history, purchases and purchase history, lists of travellers, traveller preferences, user reviews and any problems encountered or reported by the User in the provision of services, correspondence with the after-sales service, food and/or drink preferences, and particular requests;
    • Invoice payment data: terms of payment, discounts granted, payments received, payments due, reminders, balances;
    • Contact data: messages sent to the Services via contact forms or online chats, correspondence that may be sent to Us;
    • Newsletter registration data;
    • Interests declared via a form or deduced from the use of the Services;
    • Contacts and exchanges with Us;
    • Technical navigation and interaction data: use statistics, IP address, cookies, for example, the pages visited by the User, the date and time of visits;
    • Location data, subject to Your free, specific and informed consent, which may be withdrawn at any time using the settings of Your mobile device;
    • Data on the conditions of mobility or access voluntarily provided by the User and making it possible to adapt the services that may be provided relative to his or her specific situation, including disabilities, support or care infrastructure. If applicable, the User shall acknowledge that he or she provides this type of information voluntarily and freely and consents to data processing by GRAND LUXURY at his or her request, particularly when such information constitutes sensitive data.
  4. WHY DO WE COLLECT YOUR PERSONAL DATA?

    Personal Data that You provide to Us relative to You or the persons with whom You intend to travel, as well as data that is collected and/or processed in connection with Your use of the Services, is processed in order to respond particularly to the following purposes:

    Legal Basis Purposes
    Contract between You and GRAND LUXURY (TOS and this Charter) - Put the Services at Your disposal, ensure their proper functioning, especially in order to provide You with information on reservations, treat Your requests, facilitate Your navigation, etc.
    - Allow You to create an account and join the Grand Luxury Club
    GRAND LUXURY's legitimate interest in improving its Services Improve the Services, in particular, to optimize or offer new features to the Services, or offer You a simplified automatic entry
    - Contract between You and GRAND LUXURY (TOS and this Charter)
    - Legitimate interest of GRAND LUXURY
    - Processing your reservations
    - Customer Relationship Management
    GRAND LUXURY's legitimate interest in offering You services and offers that correspond to Your preferences and interests Adapt and optimize the display of the content of Services and promotional offers, parameters or preferences, appetites and interests, proven, assumed or deduced, of the User, which may result from Your use of the Services, information. You enter, Your navigation and Your interactions with the Services
    - Legitimate interest of GRAND LUXURY to promote its services and propose You with offers and news
    - Your consent to receive offers and news from GRAND LUXURY partners
    Inform You of GRAND LUXURY offers and news, unless not consented to by You, as well as offers and news from GRAND LUXURY's partners, if You have provided Your consent
    Your consent to activate the geolocation function Optimizing the Services using the geolocation function by accepting or electing its activation allows You to be guided when booking hotels and stays, to take advantage of hotel reception services and other additional services, and to adapt and optimize the display of the content of the Services and the promotional offers to Your parameters or preferences, appetites and centres of interest, proven, supposed or deduced. Disabling geolocation on Services blocks geolocation services
  5. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?

    The database of Personal Data created for Your use of the Services is strictly confidential. GRAND LUXURY undertakes to take all the necessary precautions and organizational and technical measures in order to preserve the security, integrity and confidentiality of Personal Data, and, in particular, to prevent such data from being distorted or damaged, or unauthorized third parties having access thereto.

    1. Data transferred to the authorities and/or public bodies

      In accordance with the regulations in force, Personal Data may be forwarded to the competent authorities upon request and also to public bodies, exclusively to satisfy legal obligations, officers of the law, ministerial officers and debt collection bodies.

    2. Third party access to data

      Personal Data may be used by GRAND LUXURY, its subcontractors, affiliates and/or, if applicable, by its business partners, for the purposes described in Article 4 above.

      • GRAND LUXURY staff, the audit department (notably the auditor) and GRAND LUXURY’s subcontractors will have access to the Personal Data collected as part of the use of the Services;
      • GRAND LUXURY's business partners, such as hotels or restaurants, will have access to Users' Personal Data for the purposes of managing their reservations and after-sales service;
      • Social networks: if the User has an account on social network sites and accesses the Services, GRAND LUXURY may receive information from such social networks in order to facilitate the creation of an account on the Services, and the social network services may receive information relating to the use of the Services by the User. When the User uses the Services via a social network site, the User allows GRAND LUXURY to access certain information that he or she has provided to the social network site, such as his or her username, his family name and first name, profile picture, and Personal Data relating to the use of this service. By accessing the Services via a social network site, the User authorizes GRAND LUXURY to collect, store and use all information that the User has authorized the social network site to provide to GRAND LUXURY.
    3. Transfer outside of the European Union

      The User's Personal Data may be processed outside the European Union, including via remote access. GRAND LUXURY undertakes not to carry out any transfer of Personal Data outside the European Union without implementing the appropriate safeguards in accordance with the Applicable Regulations.

  6. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

    In accordance with the Applicable Regulations, subject to an express request and justification of Your identity with GRAND LUXURY, You have the right to access to Your Personal Data, a right of rectification, a right to object, as well as a right to erasure, under the conditions of the Applicable Regulations.

    Your right to the erasure of Your Personal Data applies subject to the necessities that may justify GRAND LUXURY to store Personal Data, particularly with respect to its legal obligations.

    In the event of exercise of the right to object, GRAND LUXURY will cease processing the Personal Data, except in case of legitimate motive(s) and motive(s) imperative for the processing, or to ensure the observation, the exercise or the defence of its rights in court, in accordance with the Applicable Regulations.

    Subject to the terms of the Applicable Regulations, You may also request a restriction to the processing of Your Personal Data.

    When the processing of Your Personal Data is based on Your consent, You have the right to withdraw Your consent at any time.

    You also have the right to the portability of some of Your Personal Data, allowing You to request, in a readable and usable form, a computer copy of Your Personal Data that is processed by GRAND LUXURY as part of Your contractual relationship with Us for the provision of products or services to which You have subscribed, which excludes the Personal Data that GRAND LUXURY may have produced for purposes specific to it or to meet its legal, accounting, social or tax obligations, as well as information relating to booking history, any amounts paid or payable, as well as all the information that GRAND LUXURY may have generated as part of the legitimate interests that it pursues.

    You have the option to provide GRAND LUXURY with instructions regarding the use of Your Personal Data after Your death.

    If necessary, GRAND LUXURY will inform You of the reasons for which any rights you exercise cannot be satisfied in whole or in part.

    To exercise the rights mentioned in this Article, You may contact GRAND LUXURY at the location indicated in Article “CONTACT INFORMATION” below, enclosing a copy of a valid ID with your request.

  7. RETENTION PERIOD OF YOUR PERSONAL DATA

    GRAND LUXURY undertakes not to keep Your Personal Data beyond the period strictly necessary for the purposes for which it was collected, and in accordance with the Applicable Regulations.

    GRAND LUXURY undertakes to anonymize or delete Your Personal Data as soon as the purpose and/or the duration of their established retention expire.

    Nevertheless, Personal Data may be archived beyond the applicable periods for the purposes of researching, investigating, and prosecuting criminal offenses with the sole purpose of allowing, as needed, the provision of such Personal Data to the judicial authorities, or for other retention obligations, in particular for accounting or fiscal purposes. Archiving implies that this Personal Data will be subject to access restrictions and will no longer be available online but will be retrieved and kept on a secure and independent device.

    The maximum retention periods set out in the table below apply unless You request that your Personal Data be erased before the expiry of these periods, in accordance with Article 7 above.

    Category Retention period
    Audience measurement and service customization, management of cookies and other trackers 13 months from the receipt of the cookie or other tracker
    Information relating to transactions carried out by credit card Such data is not retained beyond payment, which may include the regularization of any fees applicable during a check-out, unless You have consented to the saving of such data.
    Information about bookings made or services purchased 10 years from the date of the last purchase or the last full payment of the last service provided
    User preference information 5 years from full payment of the last service provided
    Personal Data processed as part of solicitations and promotional operations, sending offers and news 3 years from the end of the relationship with the User or from the last interaction initiated by the User
    Personal Data relating to the management of requests for the exercise of rights and questions on Personal Data 3 years from the last interaction initiated by the User
    Information about managing customer service interactions 3 years from the last interaction initiated by the User
    Geolocation data Such data is not retained beyond the period of use of the feature by the User
  8. PROTECTION OF THE PERSONAL DATA OF MINORS

    The Services are generally not intended for minors under the age of 15. We do not collect or store Personal Data on children under 15 years of age without obtaining verifiable parental consent, knowing that the holders of parental authority will be able to request to receive information relating to their child and ask for its removal.

    When an adult User enters Personal Data relating to a minor under the age of 15, he or she undertakes to have the verifiable consent of the holders of parental authority, and to provide upon request any element of proof of such consent.

  9. SECURITY

    Given the evolution of technologies, the implementation costs, the nature of the Personal Data to be protected as well as risks to the rights and freedoms of individuals, GRAND LUXURY implements the appropriate technical and organizational measures to guarantee the confidentiality of Personal Data collected and processed and a level of security adapted to the risk, in accordance with this Charter.

    The information collected as part of the booking process is transmitted encrypted on the basis of the SSL (Secure Socket Layer) protocol over the Internet. All necessary existing precautions will be taken, with regard to the nature of Personal Data and the risks presented by processing, in order to preserve the security of Personal Data and, in particular, to prevent it from being distorted or damaged, and from unauthorized third parties having access thereto.

  10. COOKIE POLICY

    When using the Services, navigation information relating to Your computer, tablet, smartphone, etc. ("Terminal") may be stored in text files called "cookies" installed on your Terminal, subject to the choices you have expressed about "cookies" and which You can change at any time (see Article 10.4 below).

    1. What are cookies?

      A "cookie" is a small text, image or software file that We may record on the hard disk of Your Terminal through your Internet browser when You use the Services, subject to Your agreement and unless You do not allow it.

      During its period of validity, a "cookie" allows its issuer to recognize the relevant Terminal each time this Terminal accesses digital content containing "cookies" of the same issuer.

      Once installed, the "cookies" allow us to recognize you at each visit to the Services, and thus they allow you to enjoy all of the features of the services, to save your visit to a particular page and to provide you with additional services. They also allow us to improve your ease of browsing, securing your connection or adapting the content of a page to your interests or usage preferences.

      The information recorded by the "cookies", for a period of limited validity, include the pages visited, the advertisements You click on, the type of browser you use and other data that Our online services automatically process such as the identity of Your ISP, Your IP address or the information you enter on the Services (in order to avoid re-entering).

      "Cookies" are not active files, and therefore cannot host viruses. To learn more, You can visit www.allaboutcookies.org.

    2. What are the "cookies" on the Services used for?

      Only the issuer of a "cookie" may read or modify the information contained therein.

      "Cookies" are used for the purposes described below, subject to Your choices that You may express and modify at any time via the settings of the browser software used when browsing the Services.

      1. Navigation "cookies"

        Navigation "cookies" improve the performance of the Services in order to provide the User with a better use of the Services. These "cookies" do not require the informing and the prior consent of the User to be deposited on the User's Terminal.

        More precisely, these navigation "cookies" make it possible:

        • to adapt the presentation of the Services to the display preferences of Your Terminal (language used, display resolution, operating system used, etc.) when You use the Services, depending on the viewing or reading hardware or software that your terminal has;
        • to allow access to a reserved area subject to username and password;
        • to save information about the forms you completed when using the Services;
        • to save Your usage preferences, display settings and readers you use to facilitate your navigation during your next visit to the Services;
        • to adapt the informational or promotional content of the Services according to Your assumed interests and preferences, either declared or resulting from Your use of the Services, and according to Your place of connection to the Services;
        • to implement security measures, for example when a User is asked to reconnect to a Service after a certain period of time.
      2. Statistical "cookies"

        The statistical "cookies" issued on the Services make it possible to establish statistics and measures of visit frequency and use the various elements composing the Services (headings and content visited, routes, etc.), allowing us to improve the use and the ergonomics of the Services.

        The results of statistical "cookies" analyses are processed anonymously for exclusively statistical purposes.

        Issuer of them "cookie" Name of the "cookie" Purpose of the "cookie" Opt-out (referral to opt-out procedures if applicable) Lifetime of "cookie "
        NewRelic login_idle_session_timeout To collect data to track proper functioning (tracking page views, error pages, page https://newrelic.com/termsandconditions/privacy
        Google Analytics _ga Statistical tracking of real-time visits
      3. Advertising "cookies" and third party "cookies"

        Advertising "cookies" and third party "cookies" are primarily used:

        • to determine, in real time, which advertising to display based on your recent browsing history in order to limit the number of times an ad is displayed and to help measure the effectiveness of an ad campaign;
        • to personalize Your browsing experience on the Services, to maintain and improve the quality of Our Services and protect You from any fraudulent activity. When third party sites, such as social networking sites, receive information contained in the "cookies" through the use of a specific module of the Services, this information is anonymous and is only for the purpose of permitting Your identification on the Services.
        Issuer of the "cookie" Name of the "cookie" Purpose of the "cookie" Opt-out (referral to opt-out procedures if applicable) Lifetime of "cookie"
        AdRoll __adroll Customizing the advertising experience and monitoring the performance of advertising campaigns https://app.adroll.com/optout
        PubMatic KRTBCOOKIE_*SPugT Customizing the advertising experience and monitoring the performance of advertising campaigns https://pubmatic.com/legal/opt-out/
        LinkedIn
        • JSESSIONID
        • Bscookie
        • Sl
        • li_at
        • visit
        • UserMatchHistory
        • Lidc
        • Li_oatm
        • BizoID
        Customizing the advertising experience and monitoring the performance of advertising campaigns https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
        PubMatic
        • KRTBCOOKIE_*
        • SPugT
        Customizing the advertising experience and monitoring the performance of advertising campaigns https://pubmatic.com/legal/opt-out/
        LinkedIn
        • JSESSIONID
        • Bscookie
        • Sl
        • li_at
        • visit
        • UserMatchHistory
        • Lidc
        • Li_oatm
        • BizoID
        Customizing the advertising experience and monitoring the performance of advertising campaigns https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
        https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
        Facebook fr Customizing the advertising experience and monitoring the performance of advertising campaigns https://www.facebook.com/help/146952742043748?helpref=related
        RubiconProject
        • put_*
        • khaos
        • rpbaudit
        Customizing the advertising experience and monitoring the performance of advertising campaigns https://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/
        https://rubiconproject.com/rubicon-project-yield-optimization-privacy-policy/
        Criteo criteo Customizing the advertising experience and monitoring the performance of advertising campaigns https://www.criteo.com/privacy/opt-out
        Google (DoubleClick)
        • IDE
        • NID
        • SID
        • SSID
        • HSID
        • APISID
        Customizing the advertising experience and monitoring the performance of advertising campaigns https://policies.google.com/privacy?hl=en
        http://www.google.com/intl/en/privacypolicy.html
      4. Period of validity of "cookies"

        The "cookies" issued on the Services are session "cookies" (the duration of which is limited to the time of a connection to the Services) and persistent "cookies" (the duration of which, however limited, is greater than the duration of a connection).

        Session cookies are only active for the duration of your visit and are deleted when you close your browser. Persistent "cookies" remain stored on your Terminal's hard drive once Your browser is closed.

        In accordance with the Applicable Regulations and the recommendations of the Commission Nationale Informatique et Libertés ("CNIL"), "cookies" are kept for a maximum of 13 (thirteen) months after their first receipt. At the end of this period, Your consent must be obtained again for the collection of cookies subject to consent.

      5. Your choices regarding "cookies":

        All User rights set forth in the Charter are also applicable to the use of "cookies".

        Several possibilities are offered to you to manage cookies. The user understands that "cookies" improve the ease of navigation on the Services. Any configuration that the User may undertake may modify his or her browsing on the Services and his or her conditions of access to certain services requiring the use of "cookies". GRAND LUXURY cannot be held responsible for the consequences of a less efficient operation of the Services due to the impossibility to install or read the "cookies" necessary for their proper functioning, to the extent that the User has not accepted or deleted them.

        Users may configure their browsing software so that "cookies" are saved or rejected on their Terminal either systematically or according to their issuer. Users can also configure their browsing software so that the acceptance or rejection of "cookies" are proposed to them punctually, before a cookie is likely to be registered on their Terminal.

        The exercise of the right of opposition will not prevent the display of advertisements. Only advertisements using the personalization services of the Services will cease. In other words, the User will no longer be exposed to advertising adapted to his or her interests through the use of "cookies" on the Services but will continue to be displayed advertisements the content of which will not necessarily be in line with his or her centres of interest, or may even be questionable.

        The help menu or the dedicated section of your browser will allow you to know how to express or modify your "cookie" preferences:

  11. CONTACT INFORMATION

    For any questions concerning the treatment of Your Personal Data, You can address Your request or Your complaint directly to GRAND LUXURY by contacting it at its headquarters at 11 rue Saint-Florentin, 75008 Paris or at the email address [email protected]

    GRAND LUXURY will endeavour to find a satisfactory solution to ensure compliance with the Applicable Regulations.

    In the absence of a response from GRAND LUXURY or if the dispute persists, You have the possibility to lodge a complaint with the CNIL or the supervisory authority of the Member State of the European Union in which you habitually reside.