240 chemin du Petit-Fort, Cabasson 83230 Bormes-les-Mimosas - France

Privacy Policy

Name: Hôtel Les Palmiers
Address: 240 chemin du Petit-Fort, Cabasson, Bormes-les-Mimosas, Provence-Alpes-Côte d'Azur, 83230, FR
Telephone: +33 (0)4 94 64 81 94
Price range: €€

At Hôtel Les Palmiers, we are committed to protecting your privacy and processing your personal data transparently, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the French Data Protection Act (loi n° 78-17 of 6 January 1978, as amended).

1. DATA CONTROLLER

Hôtel Les Palmiers

240 Chemin du petit fort - Cabasson, F-83230 Bormes-les-Mimosas, France

Phone: +33 (0)4 94 64 81 94

Email: info@hotellespalmiers.com

For any questions regarding the protection of your personal data, please contact us at the address above.

2. DATA COLLECTED AND PURPOSES

We collect and process your personal data in the following circumstances:

a) Reservation Management

Data: first name, last name, email address, phone number, payment information (processed by Stripe), stay dates and preferences.

Legal basis: performance of a contract (Art. 6.1.b GDPR).

Retention period: 10 years from the end of the contractual relationship (statutory accounting obligation).

b) Contact Requests

Data: first name, last name, email address, message.

Legal basis: legitimate interest (Art. 6.1.f GDPR) — responding to your enquiries.

Retention period: 3 years from the last point of contact.

c) Newsletter and Marketing Communications

Data: email address, communication preferences.

Legal basis: consent (Art. 6.1.a GDPR).

Retention period: until consent is withdrawn, or 3 years without interaction.

You may unsubscribe at any time via the unsubscribe link included in every email.

d) Website Browsing

Data: anonymised browsing data (pages visited, session duration, browser type).

Legal basis: legitimate interest — improving our website (Art. 6.1.f GDPR).

Tool used: Umami Analytics (no personally identifiable data collected, no third-party tracking cookies).

Retention period: aggregated and anonymous data, no time limit.

3. RECIPIENTS AND DATA PROCESSORS

Your personal data is processed exclusively by Hôtel Les Palmiers and its technical service providers, strictly within the scope of the purposes described above. We do not sell or rent your data to third parties.

Our technical data processors are:

• Supabase, Inc. — database hosting

Servers located in Ireland (EU) — no transfer outside the European Economic Area.

https://supabase.com/privacy

• Google Firebase (Google LLC) — website hosting

Servers located in the United States. Google LLC participates in the EU-US Data Privacy Framework, ensuring an adequate level of protection under Art. 45 GDPR.

https://firebase.google.com/support/privacy

• Stripe Payments Europe, Ltd — online payment processing

European headquarters in Dublin, Ireland (EU). Stripe is PCI DSS Level 1 certified.

https://stripe.com/en/privacy

• Google LLC — mapping (Google Maps)

Location data displayed only after your consent.

https://policies.google.com/privacy

• Umami Analytics — audience measurement

No personally identifiable data collected. No third-party cookies.

https://umami.is/privacy

4. INTERNATIONAL DATA TRANSFERS

Data stored in our database (Supabase) is hosted in Ireland and does not leave the European Economic Area.

Some service providers (Google Firebase, Google Maps) are US-based companies. These transfers are governed by the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023), which ensures a level of protection equivalent to that applicable in the EU.

Stripe has its European headquarters in Ireland (EU) and processes payment data within the EEA.

5. DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction:

• Encryption of communications via HTTPS/TLS protocol.

• Encryption of payment data via SSL protocol (managed by Stripe, PCI DSS Level 1 certified).

• Access to data restricted to authorised personnel only.

• Infrastructure hosted on certified platforms (Firebase, Supabase).

In the event of a data breach likely to result in a risk to your rights and freedoms, we undertake to notify the CNIL within 72 hours in accordance with Art. 33 GDPR.

6. COOKIES AND TRACKERS

Our website uses cookies and similar technologies. We distinguish between:

• Strictly necessary cookies

Essential for the website to function (session management, security). Placed without prior consent.

• Analytics cookies — Umami Analytics

Umami is a privacy-friendly audience analysis tool: it collects no personally identifiable data and places no third-party cookies. No consent is required.

• Mapping cookies — Google Maps

Displaying the Google Maps map may result in third-party cookies being placed by Google LLC. These cookies are only activated after your explicit consent via our cookie manager.

Google cookie retention period: up to 2 years.

You may update your preferences at any time via our cookie manager or your browser settings. Refusing certain cookies may affect your browsing experience.

7. YOUR RIGHTS

Under the GDPR (Articles 15 to 22), you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of the data held about you.

• Right to rectification (Art. 16): correct inaccurate or incomplete data.

• Right to erasure (Art. 17): request deletion of your data ('right to be forgotten'), subject to statutory retention obligations.

• Right to object (Art. 21): object to the processing of your data, particularly for direct marketing purposes.

• Right to restriction of processing (Art. 18): temporarily suspend the use of your data.

• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.

• Right to withdraw consent: withdraw your consent at any time for consent-based processing, without affecting the lawfulness of prior processing.

To exercise these rights, please send your request along with a copy of your identity document to:

Email: info@hotellespalmiers.com

Post: Hôtel Les Palmiers, 240 Chemin du petit fort, Cabasson, F-83230 Bormes-les-Mimosas, France

We undertake to respond within one month (Art. 12 GDPR).

You also have the right to lodge a complaint with the French data protection authority (CNIL):

Website: www.cnil.fr

Address: 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07, France

8. CHANGES TO THIS POLICY

We reserve the right to update this privacy policy at any time to reflect legal, regulatory or technical developments. The 'last updated' date at the top of this page will be revised accordingly.

We encourage you to check this page regularly. In the event of a material change, we will notify you by email if you are subscribed to our newsletter, or via a prominent notice on our website.