Personal Data Protection Policy
Hôtel Coeur Marin is committed to the protection of your personal data and ensures a high level of protection of your personal data in accordance with the European Regulation 2016/679 and the French Data Protection Act No. 78-17.
Below, you will find our personal data protection policy, explaining what personal data we collect, how it is processed and on what basis, its retention, and your personal rights. We invite you to read it.
Our Data Protection Officer is at your disposal to answer all your questions, you can contact them at the following address: RGPD@madeho.fr
You can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or consult/contact the regulatory authority (CNIL) via its website www.CNIL.fr.
This version of the personal data policy may be modified by us if necessary and you will be informed.
Your Data Controller
Hôtel Coeur Marin is the data controller of your personal data, and its contact details are as follows: 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE; referred to in this document as its name or "We".
Your Personal Data and its Collection by Hôtel Coeur Marin
Your personal data may be collected during:
your visit to our website,
our exchanges,
our prospecting actions,
the formation or execution of our contracts.
We do not collect any data that is not necessary for the purpose of processing mentioned at the time of collection or data prohibited by law or regulation.
The collection of some data may be mandatory or optional, and you are informed of the mandatory information. Your personal data may be collected by third-party providers or partners, who undertake to comply with European and national data protection regulations.
Our policy is not to transfer your data outside the European Union; if by exception we proceed with such transfer, it can only occur to a country or organization subject to an adequacy decision (Art. 45 GDPR) or offering sufficient appropriate guarantees (Art. 46 GDPR).
We do not make any automated decisions.
We may potentially collect the following personal data from you:
Civil status, identity, contact details, images
Personal life
Professional life
Personal economic and financial data
Connection data
Unique national identification number
Health-related data
Criminal convictions or offenses
Our Processing of Your Personal Data
We process your personal data by entering it into databases; it is stored, retained, and if necessary rectified, erased, archived, anonymized or pseudonymized, transferred to trusted third parties.
We process your personal data for the following processing purposes or for purposes specified to you at the time of collection:
Your information on our commercial (products, services...) and promotional offers – Communicating with you
We may use your personal data for commercial prospecting purposes, particularly to send you information about our products/services, our commercial and promotional offers, quotes, and other pre-contractual documents, our news by email, mail, or telephone.
The execution of your ongoing contracts and customer follow-up
We use your personal data to ensure the execution of ongoing contracts in accordance with your requests. We may also send you any information regarding your order or ongoing contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees if necessary, and our legal obligations. We also use your personal data to manage our customer relationship, your requests or complaints, potential disputes, and to follow your customer history.
Improving the use of our services and enhancing our offers
We process your personal data to enable you to optimally use our services, improve our offers and products/services, track your user journey, conduct satisfaction surveys, polls, and anonymous statistics.
Your payments
Your banking details may be collected either directly by us or by a dedicated and selected provider, who guarantees the complete confidentiality of your banking information and these details are retained only for the necessary duration of the contractual relationship or within legal limits.
Protection against fraudulent initiatives
The personal data collected may be used to combat fraud, especially regarding payments or debits made. To this end, our payment security providers may be the recipients of this data.
Ensure compliance with law and judicial decisions
Your Data may be used to:
respond to a request from an administrative or judicial authority, a law representative, a legal assistant, or to comply with a court decision;
ensure compliance with our general sales/service conditions;
protect our rights and/or obtain compensation for damages we may suffer or limit their consequences;
prevent any conduct contrary to current laws, particularly in the context of fraud prevention risk.
We may also be required to process your personal data for the following purposes:
Commercial relationship
Sending marketing campaigns by email, mail, or phone (including via a provider)
Miscellaneous
Electronic signature
Internet
Create and manage your user account
Cookie Management
- Performance cookies — allowing to establish anonymous statistics and traffic level on the site and tracking and personalization collecting information on your site usage and allowing individualization of our offers,
- Third-party cookies — to target advertisements that may interest you based on your detected interests (these cookies fall within the policy applied by third parties for their issue and processing, not the policy of Hôtel Coeur Marin,- Analytical cookies — allowing us to understand and analyze your site navigation.
The Basis for Processing Your Personal Data
In accordance with regulations, the processing of your personal data by us is justified if it is based on one of the following grounds:
Your consent to the processing of your data by us: you agree to the processing of your personal data through express consent. You can withdraw this consent at any time from our DPO; or
The existence of a contract between you and us: the data processing is then justified by the needs of the contract execution; or
Our legitimate interest in processing your personal data as long as this proportionate interest respects your fundamental rights and privacy; or
The Law or prevailing regulation when it obliges us to process and retain your personal data.
Methods and Retention Periods for Your Personal Data
We manage your personal data in three phases:
An active phase where the data is retained for the time specified below in the "active" base: your personal data is then accessible only by persons with an operational need to access it in order to carry out authorized processing
An archiving phase (for an additional time to retention in the "active" base) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited duration.
A deletion or anonymization phase: after the additional archiving periods below, your personal data is deleted or anonymized (so that it can no longer constitute personal data identifying you).
Your personal data is retained for as long as necessary for processing needs, our potential customer relationship, and contract execution within the regulatory limits; we may retain your personal data in archive to meet accounting, tax, or evidential retention needs during applicable prescription periods. For example, below are the retention periods applicable to the following processing (subject to regulation imposing a different retention time):
Processing purpose | Processing basis | Retention of personal data in the "active" base | Additional Archiving |
Prospecting | Your consent | 3 years if you have not actively responded to any solicitation. The period renews in case of active solicitation from you. | X |
Execution of our contractual obligations to you / services | Contract | The time necessary to execute the contract and 3 years from the end of the commercial relationship (last activity (such as end of contract execution (purchase, service...), login to the site as a registered user) | 5 years after the end of the contractual relationship |
Customer relationship | Contract | 3 years from the end of the commercial relationship (your last activity with us) | 5 years after the end of the contractual relationship |
Withdrawal of Your Consent to the Collection or Processing of Your Personal Data
Your consent given for the collection of your personal data can be withdrawn by writing to our DPO by email or by mail at the addresses listed on the header, mentioning your name, first name, email, and address with the precise nature and object of your withdrawal request.
You can also send us any comments on your personal data to Hôtel Coeur Marin, 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE.
The Exercise of Your Rights on Your Personal Data
You have:
A right of access, allowing you to obtain:
The confirmation whether data concerning you is being processed or not;
The communication of a copy of all personal data held by the data controller.
A right to request the portability of certain data: it allows you to retrieve your personal data in a structured, commonly used, and machine-readable format.
A right of opposition: it allows you to no longer be subject to commercial prospecting from us or our partners, or, for reasons related to your particular situation, to stop the processing of your data for research and development, combating fraud and prevention purposes.
A right of rectification: it allows you to rectify information about you when it is outdated or incorrect. It also allows you to complete incomplete information about you.
A right to erasure: it allows you to obtain the erasure of your personal data subject to legal retention periods. It may apply particularly if your data is no longer necessary for processing.
A right to restriction: It allows you to restrict the processing of your data in the following cases:
In case of unlawful use of your data;
If you dispute their accuracy;
If you need the data to establish, exercise, or defend your rights.
They will then no longer be subject to active processing and cannot be modified during the duration of this right's exercise.
A right to obtain human intervention: data controllers may use automated decision-making in view of subscription or management of your contract. In this case, you can ask what the determining criteria of the decision were from the Data Protection Officer
You can exercise these rights by email: RGPD@madeho.fr or by letter at the following address: 8 Boulevard Franklin Roosevelt, 85100 Les Sables d'Olonne, FRANCE, indicating your name, first name, home address, and email (your client references if applicable), and the object of your request in clear and readable terms. Hôtel Coeur Marin commits to respond to your verified request within one month from its receipt.
In case of difficulty, you can contact our data protection officer directly by email: RGPD@madeho.fr or refer to the Commission Nationale de l'Informatique et des Libertés (CNIL).
Our Subcontractors and Partners
Hôtel Coeur Marin may share your personal data with subcontractors performing services involving the processing of your data in compliance with the purposes stated in this document; these subcontractors must provide your personal data the same level of confidentiality as Hôtel Coeur Marin and commit to full compliance with data protection regulation, including the GDPR.
We do not trade your personal data; if you wish to know more and specifically identify the providers or partners to whom your personal data was transmitted, you can contact our DPO at the following address: RGPD@madeho.fr.
Providers or partners that may access your personal data may include:
service providers managing outsourced services for the execution of our services and contracts,
providers assisting us in improving our services, performing data analyses and optimizing our offers, conducting surveys and statistics,
auditors, accountants, consultants, lawyers, audit firms, IT and management service providers, security providers,
investors and buyers.
We may also be required to share your personal data with French authorities, administrations, and jurisdictions, particularly in the context of legal actions or formalities requiring such communication.
