Été | Hiver

Auberge de Piau

Personal Data Protection Policy

Skylodge Personal Data Protection Policy

The privacy of our customers is important to us.
That’s why, in accordance with the applicable regulations on the protection of personal data, particularly the General Data Protection Regulation (‘GDPR’), we have appointed a Data Protection Officer and strive to follow the recommendations of the CNIL, the French data protection authority.

The following personal data is collected on this website:

Account creation: the first names, surnames and email addresses of users when they create an account.
Login: when a user logs in to the site, it records information including their first name, surname and login details as well as information on their use of the site and location.
Profile: the use of the services provided on the site allows us to create a profile, which may include an address and a telephone number.
Payment: during payment for the products and services offered on the site, it records financial information relating to the user’s bank account and card.
Cookies: cookies are used during use of the site. The user has the option to deactivate cookies the first time they access the site and thereafter from their browser settings. Cookies are important to the proper functioning of the site and allow users to improve their browsing experience, use certain functionalities for sharing on social media and have access to content and advertising based on their interests.
Some cookies are essential for the site to function and are installed automatically. When a user first accesses the site, they can accept or reject the installation of non-essential cookies for which consent is required. The user can change their cookie preferences at any time by clicking on ‘Manage consent’, a link at the bottom of the page on most of our websites.

The personal data collected from users is for the purpose of providing the services on the site, improving them and maintaining a secure environment. More specifically, it is used for the following:

– Access to and use of the site by the user;
– Ensuring the correct functioning and optimisation of the site;
– Verification, identification and authentication of data submitted by the user;
– Providing user assistance;
– Personalising services by showing advertising based on the user’s browsing history, depending on their preferences;
– Preventing and detecting fraud and malware (‘malicious software’) and managing security incidents;
– Handling any disputes with users;
– Sending marketing and advertising material in line with the user’s preferences.

The personal data is retained for a limited period not exceeding the time needed to fulfil the purposes for which it was collected.

The legal basis for each of the types of processing listed below is:
– Prospect management: legitimate interests
– Newsletter subscriptions and management: consent
– Analysis of purchasing behaviour: legitimate interests
– Managing bookings (booking process, billing): necessary for the performance of a contract
– Customer satisfaction: legitimate interests

Personal data may be shared with third-party companies in the following cases:

– When the user uses payment services. In order to provide these services, the site communicates with third-party banking and financial companies with which it has entered into contracts;
– When the user posts information accessible to the public in areas of the site where free-form comments can be entered;
– When the user authorises a third-party website to access their data;
– When the site outsources user assistance, advertising or payment services to third-party service providers. These providers have limited access to the user’s data in the context of carrying out these services, and have a contractual obligation to use it in accordance with the provisions of the applicable regulations on the protection of personal data;
– If required by law, the site may transmit data to follow up on complaints made against the site and to comply with administrative or legal proceedings;
– If the site is involved in a merger, an acquisition, an asset sale or insolvency proceedings, it may need to transfer or share some or all of its assets, which could include personal data. In this case, the users would be informed before the personal data was transferred to a third party.

The data collected on the site is not transferred outside of the European Union.

In the US, it should be noted that on 16 July 2020, the Privacy Shield was invalidated by the European Court of Justice, meaning that it is no longer recognised as a legal framework ensuring adequate protection of personal data.

In Canada and the province of Quebec, personal data is used in compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector.

Skylodge hereby informs you that it applies the same level of personal data protection everywhere in the world, regardless of the regulatory framework.

The site has organisational, technical, software and physical digital security measures in place to protect personal data against unauthorised access, alteration or destruction. However, it should be noted that the internet is not a completely secure environment and the site cannot guarantee the security of the transmission or storage of information on the internet.

You have a number of legal rights in relation to your personal data. You can obtain more detailed information and advice on your rights from the data protection authority in your country (in the UK, the Information Commissioner’s Office, ICO: https://ico.org.uk/).

1- The right to be informed – You have the right to receive clear, transparent and easy-to-understand information on the way that we use your data and on your rights. That’s why we are giving you this information in this privacy policy.

2- The right of access – You have the right to gain access to information concerning you (if we are processing it), and to certain other information (such as that given here). The goal is for you to be well informed and to be able to check that we are using your information in accordance with the laws on data protection.

3- The right to rectification – You have the right to have your information corrected if it is inaccurate or incomplete.

4- The right to erasure – This right is also known as the ‘right to be forgotten’ and, in simple terms, it enables you to request that your data be deleted where there is no essential reason for us to continue to use it. This is not, however, an absolute right to the erasure of data and there are exceptions.

5- The right to restrict processing – You have the right to ‘block’ or prevent any further use of your information. When processing is restricted, we can store the data but cannot continue to use it. We keep a list of the people who have requested that further use of their data be blocked, in order to ensure compliance with this restriction measure.

6- The right to data portability – You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer it easily between our IT environments and those of third parties in a safe and secure way, without affecting its usability.

7- The right to object – You have the right to object to certain types of processing, including processing for direct marketing purposes (which is only possible with your consent).

8- The right to lodge a complaint – You have the right to complain about the way we process or manage your personal data to the relevant national supervisory authority (in the UK, the Information Commissioner’s Office, ICO: https://ico.org.uk/).

9- The right to withdraw consent – If you have given your consent to the processing or use of your personal data, you can withdraw it at any time (although, if you do so, it does not mean that anything we did with your consent before such time was illegal). This includes the right to withdraw consent to the use of your personal data for marketing purposes.

We respond to requests and provide information free of charge; however, we may charge a reasonable fee to cover our administrative costs in the event of repeated requests.

We may also be entitled to refuse to act upon a request. Please consider your request carefully before sending it. We will respond as soon as possible, usually within one month from the date we receive it. If it is going to take longer to process the request, we will let you know.

Skylodge reserves the right to make any type of change to this personal data protection policy at any time. If a change is made to this personal data protection policy, Skylodge will publish the new version on its website.