You will find in this Personal Data Protection Charter the following points:
The identity of the data controller
The personal data we collect
The different times when we may collect your personal data
The data that we collect directly and the purpose for which it is processed
Management of the security of people and property
Management of our guests' stay
Social network management
Management of the website functionalities
Treatments related to the management of legal obligations
Management of everyday activities
The data we collect indirectly
Data retention period
The sharing of your personal data
Protection of your personal data when it is transferred outside the European Union
Your rights and choices
Cookies and other tracers
Four stars, no cloud. This pledge also applies to our respect for your privacy. Which is why, here at OKKO HOTELS, we are committed to offering you a unique experience at each of our hotels while ensuring transparency, security and confidentiality as regards the use of your personal data.
This policy, which is openly available on our website at https://www.okkohotels.com, is regularly updated to reflect legislative and regulatory developments and any changes to our services. We recommend that you consult it regularly.
This general personal data protection policy is supplemented by:
The OKKO HOTELS General Terms and Conditions of Sale, available here.
OKKO HOTELS undertakes to collect only the minimum amount of data necessary to provide our services. No data will be collected without your knowledge.
THE IDENTITY OF THE DATA CONTROLLER
The data controller is the natural or legal person who determines the purposes and means of processing your personal data, i.e. the aim and how that aim will be achieved.
In most cases, the purposes and means of the data processing are determined by OKKO HOTELS, a simplified joint-stock company with a capital of 136,782 euros whose head office is located at 52 Boulevard Malesherbes, 75008 PARIS, FRANCE, registered in the Paris trade and companies register under number B 515 402 188 (hereinafter “OKKO HOTELS”).
Intra-community VAT number: FR 95 515 402 188.
Nevertheless, OKKO HOTELS may at times share the responsibility for data processing with its service providers, including in the context of the payment of your online bookings. In such an event, OKKO HOTELS will ensure that the service providers in question process your personal data in accordance with the requirements of the applicable regulations governing the protection of personal data and, in particular, the European General Data Protection Regulation (hereinafter "GDPR") and French Law No. 78-17 of 6 January, 1978 on information technology, data files and civil liberties, known as "Informatique et Libertés".
THE PERSONAL DATA THAT WE COLLECT
Personal data is any information relating to an identified or identifiable natural person. However, because the data relates to individual persons, the latter must retain control of it.
A natural person can be identified:
Directly (for example, by name and surname)
Indirectly (for example, by a telephone number or vehicle registration plate number, a piece of ID such as a social security number, a postal or email address, or by voice or image).
At OKKO HOTELS, we do not and will never voluntarily collect so-called “sensitive data”, i.e. items of data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning the sexual life or sexual orientation of a natural person.
Examples of the types of data that may be collected and processed by OKKO HOTELS include:
An asterisk is used to indicate whether the information requested is compulsory or optional. Information marked with an asterisk is compulsory insofar as it is required to process your requests. All other information is intended to allow us to get to know you better and improve the services that we offer you. It is therefore optional.
Name, nationality and date of birth are the only items of information that will be collected about persons of less than 16 years of age. This information can only be provided by an adult who is the legal representative of the minor(s) in question. Please ensure that your children do not disclose any other personal data to us without your authorisation (including via the Internet).
In the event of such information being disclosed, you can contact our dedicated Data Protection Department (see the section below entitled "Your rights and choices") to inform us and ensure that the information is deleted.
THE DIFFERENT TIMES WHEN WE MAY COLLECT YOUR PERSONAL DATA
Your personal data may be collected at different times, including when:
THE DATA THAT WE COLLECT INDIRECTLY
If you use one of these services to make your booking, they will collect and share data with us, including the personal data required for your booking. These partners may collect other data on their own behalf, to which we have no access. Depending on the circumstances of your booking, they may or may not take payment on our behalf.
These companies process the Personal Data submitted to them on their own behalf. We therefore invite you to consult their privacy policies in order to understand how and why they process the Data that you share with them.
You will find more information on the collection of personal data in the section below entitled "Purposes and personal data that may be collected, by category of processing".
DATA RETENTION PERIODS
Data will be actively stored for a period that does not exceed the time required to achieve the purposes for which the data has been processed. At the end of this period, certain data will then be archived for an additional period, with restricted access, for reasons limited and authorised by law (payment, guarantee, litigation, etc.). After this period, the data will be deleted.
With regard to retention periods:
The personal data collected and processed for the provision of our services is kept for the duration of the contractual relationship and for five years after the completion thereof. However, it may be kept for a longer period when the circumstances warrant it (in the event of ongoing litigation, for example). In any event, where necessary, these periods may be extended until the end date of the statutory limitation period, after which personal data will be pseudonymised;
Your credit card information will not be kept after the payment is processed;
Information related to competitions will be kept until the competition ends and the prizes are awarded;
Personal data related to information requests, without a consecutive contract, is kept for the time necessary to respond, plus a maximum of 6 months;
Personal data processed in the context of prospecting or communication operations for which you have given your consent will be kept for no more than 3 years after the last contact you make; or it will be deleted as soon as you express your opposition to its use (see the section below entitled "Your rights and choices").
We take appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorised access.
However, the electronic transfer of information via the Internet entails risks that cannot be ruled out and we draw your attention to the existence of these inherent risks.
We also monitor the manner in which our service providers process your Personal Data in order to ensure that they provide sufficient warranties regarding the implementation of appropriate measures to protect your Personal Data, including data security measures.
THE SHARING OF YOUR PERSONAL DATA
OKKO HOTELS commits to taking the necessary measures to guarantee the confidentiality of the data and to prevent its disclosure to unauthorised third parties. OKKO HOTELS takes appropriate measures to ensure that any internal or external transfers of data comply with the applicable personal data protection legislation.
Your data may be shared with the following internal or external recipients:
The staff at hotel where you are staying;
All authorised personnel within the following departments: Marketing, Group Projects, Operations and Finance;
PROTECTION OF YOUR PERSONAL DATA WHEN IT IS TRANSFERRED OUTSIDE THE EUROPEAN UNION
OKKO HOTELS shares and will share your data only with service providers that have a data protection policy that complies with the requirements of the applicable personal data protection legislation and, in particular, of an equivalent level of protection if the data is transferred outside the European Union.
YOUR RIGHTS AND CHOICES
As provided for in the regulations on the protection of personal data, you have the right to access, rectify, oppose and delete your personal data, a right to the portability of your data, a right to restrict your treatment and a right to set guidelines for your digital heritage. You can exercise these rights by contacting the Data Protection Department:
OKKO HOTELS SAS – Service Protection des Données
52 Boulevard Malesherbes, 75008 Paris, FRANCE
In the interest of efficiency, when contacting the Data Protection Department, please specify the name of the hotel to which your request refers, if applicable.
In the interests of confidentiality and the protection of your personal data, OKKO HOTELS may ask you for a copy of an official ID document (identity card or passport) in order to verify your identity.
A response will be sent to you at the latest one month following receipt of your request, extendable by a further two months depending on the complexity of the request and/or the number of requests being handled. In such cases, you will nonetheless receive a provisional reply within one month following receipt of your request.
You also have the right to file a complaint with the Commission Nationale Informatique et Libertés (CNIL).
If you wish to submit your request to the CNIL, you can contact the organisation:
Please be aware: the CNIL is not open to the public and no information is available at its premises.
If you wish to file a complaint with the CNIL, you can submit an online form at the following address: https://www.cnil.fr/fr/plaintes.
If you have any questions about your IT rights and freedoms, please visit the CNIL website: www.cnil.fr.
COOKIES AND OTHER TRACKERS
When you visit the Website, certain information relating to the browsing carried out using your device may be recorded in files called Cookies or other trackers installed on your device, subject to the Cookie preferences that you have set and that you may modify at any time.