Customer Personal data policy

You will find in this Personal Data Protection Charter the following points:

TABLE OF CONTENTS

Our Commitment
The identity of the data controller
The personal data we collect
The different times when we may collect your personal data
The data that we collect directly and the purpose for which it is processed
Bookings management
Management of the security of people and property
Management of our guests' stay
Social network management
Management of the website functionalities
Treatments related to the management of legal obligations
Management of everyday activities
The data we collect indirectly
Data retention period
Security measures
The sharing of your personal data
Protection of your personal data when it is transferred outside the European Union
Your rights and choices
Cookies and other tracers

OUR COMMITMENT

Four stars, no cloud. This pledge also applies to our respect for your privacy. Which is why, here at OKKO HOTELS, we are committed to offering you a unique experience at each of our hotels while ensuring transparency, security and confidentiality as regards the use of your personal data.

This policy, which is openly available on our website at https://www.okkohotels.com, is regularly updated to reflect legislative and regulatory developments and any changes to our services. We recommend that you consult it regularly.

This general personal data protection policy is supplemented by:

The OKKO HOTELS General Terms and Conditions of Sale, available here.

OKKO HOTELS undertakes to collect only the minimum amount of data necessary to provide our services. No data will be collected without your knowledge.

THE IDENTITY OF THE DATA CONTROLLER

The data controller is the natural or legal person who determines the purposes and means of processing your personal data, i.e. the aim and how that aim will be achieved.

In most cases, the purposes and means of the data processing are determined by OKKO HOTELS, a simplified joint-stock company with a capital of 182,160 euros whose head office is located at 52 Boulevard Malesherbes, 75008 PARIS, FRANCE, registered in the Paris trade and companies register under number B 515 402 188 (hereinafter “OKKO HOTELS”).

Intra-community VAT number: FR 95 515 402 188.

Nevertheless, OKKO HOTELS may at times share the responsibility for data processing with its service providers, including in the context of the payment of your online bookings. In such an event, OKKO HOTELS will ensure that the service providers in question process your personal data in accordance with the requirements of the applicable regulations governing the protection of personal data and, in particular, the European General Data Protection Regulation (hereinafter "GDPR") and French Law No. 78-17 of 6 January, 1978 on information technology, data files and civil liberties, known as "Informatique et Libertés".

THE PERSONAL DATA THAT WE COLLECT

Personal data is any information relating to an identified or identifiable natural person. However, because the data relates to individual persons, the latter must retain control of it.

A natural person can be identified:

Directly (for example, by name and surname)

Indirectly (for example, by a telephone number or vehicle registration plate number, a piece of ID such as a social security number, a postal or email address, or by voice or image).

At OKKO HOTELS, we do not and will never voluntarily collect so-called “sensitive data”, i.e. items of data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning the sexual life or sexual orientation of a natural person.

Examples of the types of data that may be collected and processed by OKKO HOTELS include:

• Your contact information (surname, first name, telephone number, email address, etc.)
• Your identity data (date of birth, nationality, etc.)
• Your credit card number and/or other payment information
• Your OKKO HOTELS loyalty programme membership number and information relating to your activities as a member of the loyalty programme
• Your dates and times of arrival and departure and other information concerning your stays (booking numbers, hotels visited, etc.)
• Your preferences and interests (preferred floor, reading habits, cultural interests, food and drink preferences, etc.)
• Your answers to satisfaction questionnaires or other comments that you make during or following a stay at an OKKO HOTELS establishment
• Technical and geolocation information generated when you use our website (IP address, connection data and browsing data) for the purpose of optimising our online services so that they best correspond to your requirements.

An asterisk is used to indicate whether the information requested is compulsory or optional. Information marked with an asterisk is compulsory insofar as it is required to process your requests. All other information is intended to allow us to get to know you better and improve the services that we offer you. It is therefore optional.

Name, nationality and date of birth are the only items of information that will be collected about persons of less than 16 years of age. This information can only be provided by an adult who is the legal representative of the minor(s) in question. Please ensure that your children do not disclose any other personal data to us without your authorisation (including via the Internet).

In the event of such information being disclosed, you can contact our dedicated Data Protection Department (see the section below entitled "Your rights and choices") to inform us and ensure that the information is deleted.

THE DIFFERENT TIMES WHEN WE MAY COLLECT YOUR PERSONAL DATA

Your personal data may be collected at different times, including when:

• You create your customer account (“My account”)
• You place an order/make a booking on the OKKO HOTELS Website or Online Store (online data collection form)
• You make a booking for a stay at one of our hotels, whether through a third party or not
• You browse our website and consult our products or services
• You stay at one of our hotels
• You contact one of our hotels or the OKKO HOTELS customer service team, by any means whatsoever
• You exchange messages with an agent or “chatbot” via our website
• You subscribe to our newsletter
• You answer a satisfaction questionnaire
• You contact us with respect to a dispute, request and/or complaint
• You take part in a competition or online game set up by OKKO HOTELS
• You contact us via the email address privacy@okkohotels.com to exercise, for legitimate reasons, your rights of access, rectification, deletion and opposition, or your right of opposition to commercial prospecting.

THE DATA WE COLLECT DIRECTLY AND THE PURPOSE FOR WHICH IT IS PROCESSED

Data processing	Purpose	Data that may be collected and processed	Legal basis and legitimate interest pursued by OKKO HOTELS
BOOKINGS MANAGEMENT
Management of requests to book guest rooms or meeting/Club spaces	To feed into our hotel management tool in order to process your booking and stay	Surname	Processing necessary for the performance of a contract to which you are a party
		First name
		Gender/Title
		Time and date of booking
		Hotel at which the stay is to take place
		Phone number
		Address
		Nationality
		Language
		Country of residence
		Email address
		Customer preference
		Company
		Total cost of booking and currency used
		Number of rooms booked and number of guests per room
		Type of room
		Chosen rate
		Signature
		Type of deposit
		Booking channel used
Management of bank guarantees/protecting against payment defaults and fraud	To guarantee that payment is made when you book a room at one of our hotels	Surname	Processing necessary to serve our legitimate interest in ensuring the payment of bookings made
		First name
		Means of payment
		Bank details
		Total cost of booking and currency used
Management of refund payments	To refund a booking that you cannot honour, in strict compliance with our General Terms and Conditions of Sale	Contact details (surname, first name, postal address, email address)	Processing necessary to serve our legitimate interest in making refund payments
		Bank account details
Management of face-to-face customer service	To offer you efficient and personalised customer service during your stays at our hotels	Re-use of the data submitted when the booking  was made	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
Management of orders made on the OKKO HOTELS online store	To ensure that your order is processed	Surname	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
	To ensure the delivery of your products	First name	Processing necessary for the execution of the contract of sale
		Email address
		Home address
		Delivery address
		Date and time of order
		Phone number
		Previous and ongoing orders
		Nature and quantity of products ordered
Management of payments	To enable secure payment when making a booking	Means of payment	Processing necessary for the performance of a contract to which you are a party
	To take payment for the services provided	Type of card	Processing necessary to comply with a legal obligation
		Cardholder's name
		Card-issuing bank
		“Valid From” date
		Card number (only the last 4 digits)
		“Valid To” date
		Invoice data/credit card receipts
MANAGEMENT OF THE SECURITY AND SAFETY OF PEOPLE AND PROPERTY
Management of badge encoding and control of access to rooms/the Club	To ensure that only authorised persons have access to the rooms	Surname	Processing necessary to serve our legitimate interest in managing the security and safety of people and property
Management of customers staying at the hotel		First name
		Room number
		Number of people in the room and their identity
		Date and time of arrival and departure
		Time of use of magnetic readers
		Hotel where the stay takes place
Video surveillance	To ensure the security and safety of people and property, including by preventing theft and, more generally, any offences or violent acts	Video recordings showing the physical characteristics of the persons filmed	Processing necessary to serve our legitimate interest in managing the security and safety of people and property
Management of customers present at the hotel	To use the necessary services to establish the identity of the persons present at the hotel in the event of serious events affecting the establishment (natural disasters, attacks, etc.).	Surname	Processing necessary to serve our legitimate interest in managing the security and safety of people and property
		First name
		Room number
		Number of people in the room and their identity
		Date and time of arrival and departure
		Time of use of magnetic readers
MANAGEMENT OF OUR GUESTS’ STAYS
Tracking of paid services (telephone calls, drinks, etc.)	To keep a record of paid services for billing purposes	Surname	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
		First name
		Date and time of arrival and departure
		Number and identity of persons in the room
		Booking channel used
		Means of payment and bank details
		Room number
		Products consumed
		Customer preference
		Time spent on calls from hotel telephones
Management of cleaning services	To manage the room cleaning services included in the price of a stay	Date and time of arrival and departure	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
		Surname
		First name
		Room number
		Customer preference
		Number of persons in room
Management of customer relations and marketing	To inform consenting guests about our hotels’ activities, discount deals and special offers	Email address	Processing necessary to serve our legitimate interest in promoting our services, carrying out direct marketing and improving our services
Emails	To request consent and monitor our marketing actions	Date and time of subscription to the newsletter
Newsletter management		Consent to receive our emails for promotional or information purposes
Sales promotions
Management of the security and performance of the OKKO HOTELS website	To improve the browsing experience on the OKKO HOTELS website	Connection identifiers (IP address, type of browser, information about the device used, internet connection)	Processing necessary to serve our legitimate interest in managing our activities and in carrying out IT, administration and network security services in order to prevent fraud
	Website assistance and maintenance	Browsing data
	To implement security and fraud prevention measures	Shopping basket
		Storing of user Cookie preferences
MANAGEMENT OF SOCIAL NETWORKS
Organisation of online competitions	To monitor the awarding of prizes	Username of participants	Processing necessary to serve our legitimate interest in organising online competitions, subject to the consent of participants and their acceptance of the applicable conditions
		Name and surname of winners
		Hotel to be the location of the prize
		Type and dates of the stay won
Production of statistics related to our social networks (conversion rates, etc.).	To measure and analyse marketing and communications operations via social networks	Data on people who have shared or liked our posts	Processing necessary to serve our legitimate interest in promoting our services, carrying out direct marketing and improving our services
MANAGEMENT OF WEBSITE FEATURES
Contact form	To allow you to send messages to a relevant hotel or department of OKKO HOTELS	Surname	Consent to the use of the data necessary to process your message
		First name
		Company
		Phone number
		Date and time of message
		Email address
		Hotel or department in question
		Message contents and, consequently, all the data contained therein
Management of the loyalty programme via the "My Account" space on the OKKO HOTELS website	Operations aimed at building customer loyalty	Surname	Processing necessary for the management of your account following your subscription to the loyalty programme on the basis of your consent
	To grant a 10% discount on stays booked on the website	First name
	To facilitate your future bookings made on our website by automatically filling in certain fields of the data collection forms	Email address
	To make a summary of your previous and upcoming bookings available	Telephone number
	To allow you to modify your personal information directly from your account	Address
		Loyalty account number
		Consent linked to acceptance of the Privacy Policy and the creation of an account
Management of the online chat tool	To improve the features and performance of the website	Surname	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
	To respond to customers initiating an online conversation with our agents (request for information, technical problems, etc.)	First name
		Visitor number
		Email address
		Chat history
		IP address
		Browsing data
		Web browser used
		OKKO agent
		Operating system
		Number of previous visits and chats
		Geographical location
DATA PROCESSING LINKED TO THE MANAGEMENT OF LEGAL OBLIGATIONS
Management of personal data protection rights	To manage requests to unsubscribe from newsletters, promotions, offers and satisfaction surveys	Retention of your consent to let us collect and process your personal data for specific purposes	Processing necessary to comply with a legal obligation
	To manage requests from individuals concerning the protection of their personal data	All the data related to your request to exercise your rights
Financial management and accounting	To manage debtors and the collection of outstanding payments	Receipts, outstanding payments, reminders, balances and the relevant data therein	Legitimate interest in recovering outstanding payments
Management of police forms	To complete police forms for non-French nationals	Information on the police form required for foreign guests: surname, first name, name and address of the hotel, date and place of birth, usual place of residence, nationality, mobile phone number, email address, expected date of departure	Processing necessary to comply with a legal obligation
Quality control and customer satisfaction management	To send post-stay satisfaction questionnaires to measure the quality of our services and receive your feedback	Hotel where the stay took place	Processing necessary to serve our legitimate interest in promoting our services, carrying out direct marketing and improving our services
		Email address
		Your impressions
		Your comments
MANAGEMENT OF EVERYDAY ACTIVITIES
Email management	To manage activities such as messaging services, email inboxes, the Cloud (SharePoint), Excel, Word, etc.	Message subject for specific requests (booking a taxi, a meeting space, etc.)	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
		Email address
		Surname
		First name
		Room number
		Debit authorisation when the cardholder is not the person benefiting from the services
Management of online internal guidelines	To facilitate the internal exchange of guidelines aimed at optimising our services and responding to your requirements (special requests, technical problems, etc.)	Message subject for specific requests (booking a taxi, a meeting space, etc.)	Processing necessary to serve our legitimate interest in managing our activities and offering you the products and services that you request
		Surname
		First name
		Room number

 

THE DATA THAT WE COLLECT INDIRECTLY

If you use one of these services to make your booking, they will collect and share data with us, including the personal data required for your booking. These partners may collect other data on their own behalf, to which we have no access. Depending on the circumstances of your booking, they may or may not take payment on our behalf.

These companies process the Personal Data submitted to them on their own behalf. We therefore invite you to consult their privacy policies in order to understand how and why they process the Data that you share with them.

You will find more information on the collection of personal data in the section below entitled "Purposes and personal data that may be collected, by category of processing".

DATA RETENTION PERIODS

Data will be actively stored for a period that does not exceed the time required to achieve the purposes for which the data has been processed. At the end of this period, certain data will then be archived for an additional period, with restricted access, for reasons limited and authorised by law (payment, guarantee, litigation, etc.). After this period, the data will be deleted.

With regard to retention periods:

The personal data collected and processed for the provision of our services is kept for the duration of the contractual relationship and for five years after the completion thereof. However, it may be kept for a longer period when the circumstances warrant it (in the event of ongoing litigation, for example). In any event, where necessary, these periods may be extended until the end date of the statutory limitation period, after which personal data will be pseudonymised;

Your credit card information will not be kept after the payment is processed;

Information related to competitions will be kept until the competition ends and the prizes are awarded;

Personal data related to information requests, without a consecutive contract, is kept for the time necessary to respond, plus a maximum of 6 months;

Personal data processed in the context of prospecting or communication operations for which you have given your consent will be kept for no more than 3 years after the last contact you make; or it will be deleted as soon as you express your opposition to its use (see the section below entitled "Your rights and choices").

SECURITY MEASURES 

We take appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorised access.

However, the electronic transfer of information via the Internet entails risks that cannot be ruled out and we draw your attention to the existence of these inherent risks.

We also monitor the manner in which our service providers process your Personal Data in order to ensure that they provide sufficient warranties regarding the implementation of appropriate measures to protect your Personal Data, including data security measures.

 

THE SHARING OF YOUR PERSONAL DATA

OKKO HOTELS commits to taking the necessary measures to guarantee the confidentiality of the data and to prevent its disclosure to unauthorised third parties. OKKO HOTELS takes appropriate measures to ensure that any internal or external transfers of data comply with the applicable personal data protection legislation.

Your data may be shared with the following internal or external recipients:

Internal recipients:

The staff at hotel where you are staying;

All authorised personnel within the following departments: Marketing, Group Projects, Operations and Finance;

External recipients:

• Our business partners (hotel management tool, CRM tool, communication and marketing tool, delivery service, etc.);
• Our subcontractors (including companies providing hotel cleaning services);
• Local Authorities: we may also pass your information to local authorities, if required to do so by law or as part of an investigation and in accordance with local regulations.

 

PROTECTION OF YOUR PERSONAL DATA WHEN IT IS TRANSFERRED OUTSIDE THE EUROPEAN UNION

OKKO HOTELS shares and will share your data only with service providers that have a data protection policy that complies with the requirements of the applicable personal data protection legislation and, in particular, of an equivalent level of protection if the data is transferred outside the European Union.
 

YOUR RIGHTS AND CHOICES

As provided for in the regulations on the protection of personal data, you have the right to access, rectify, oppose and delete your personal data, a right to the portability of your data, a right to restrict your treatment and a right to set guidelines for your digital heritage. You can exercise these rights by contacting the Data Protection Department:

• by writing to the following address:

OKKO HOTELS SAS – Service Protection des Données

52 Boulevard Malesherbes, 75008 Paris, FRANCE

• or by sending an email to the following address: privacy@okkohotels.com

In the interest of efficiency, when contacting the Data Protection Department, please specify the name of the hotel to which your request refers, if applicable.

In the interests of confidentiality and the protection of your personal data, OKKO HOTELS may ask you for a copy of an official ID document (identity card or passport) in order to verify your identity.

A response will be sent to you at the latest one month following receipt of your request, extendable by a further two months depending on the complexity of the request and/or the number of requests being handled. In such cases, you will nonetheless receive a provisional reply within one month following receipt of your request.

You also have the right to file a complaint with the Commission Nationale Informatique et Libertés (CNIL).

If you wish to submit your request to the CNIL, you can contact the organisation:

• by writing to CNIL (Commission Nationale de l’Informatique et des Libertés) at the following address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, FRANCE
• by calling +33 (0)1 53 73 22 22 (Monday to Thursday 09:00–18:30 / Friday 09:00–18:00);
• or by sending a fax  +33 (0)1 53 73 22 00.

Please be aware: the CNIL is not open to the public and no information is available at its premises.

If you wish to file a complaint with the CNIL, you can submit an online form at the following address: https://www.cnil.fr/fr/plaintes.

If you have any questions about your IT rights and freedoms, please visit the CNIL website: www.cnil.fr.

 

COOKIES AND OTHER TRACKERS

When you visit the Website, certain information relating to the browsing carried out using your device may be recorded in files called Cookies or other trackers installed on your device, subject to the Cookie preferences that you have set and that you may modify at any time.

For more information, please see our Cookie Policy.