Privacy policy

PRIVACY POLICY

1. Introduction

As part of the Elancia group, Domaine du Mas de Pierre (“we”, “us”, “our”) offers its customers and prospective customers (“you”, “your”) hotel services, including in particular hotel, restaurant, and SPA services, as well as special offers, gift packs, and associated newsletters.

This privacy policy describes our practices for collecting, using, and transferring your data for all our activities.

We are committed to protecting your data by the General Data Protection Regulation (no. 2016/679) and the French Data Protection Act (no. 78-17).

The data controller is the Mas de Pierre corporation, registered in the Grasse Register of Trade and Companies under SIREN number 450.228.317. The address for all matters relating to personal data is 265 avenue des États du Languedoc, 34961 Montpellier Cedex 2, CS 99553.

The hotel manager, Audrey Jorge, represents the Data Controller.

2. DATA COLLECTION

Your data and that of the persons accompanying you may be collected directly from you on the Mas de Pierre website (via information or reservation forms, cookies, or the chatbot) or during your stay at Mas de Pierre (form filled in, data provided verbally, etc.).

Due to the nature of the services offered, your data may be collected by other entities for transmission to us, mainly reservation sites, service providers, and platforms. We may also collect data from affiliated entities, commercial partners, subcontractors, and service providers if their personal data protection policies permit. In any event, your data will not be collected from a publicly accessible source.

Given the above, this Privacy Policy aims to inform not only those whose data is directly collected but also those whose data is indirectly collected by and/or for Mas de Pierre by Articles 13 and 14 of the General Data Protection Regulation (no. 2016/679).

3. PROCESSED PERSONAL DATA

Your data and that of the persons accompanying you may be collected directly from you on the Mas de Pierre website (via information or reservation forms, cookies, or the chatbot) or during your stay at Mas de Pierre (form filled in, data provided verbally, etc.).

Due to the nature of the services offered, your data may be collected by other entities for transmission to us, mainly reservation sites, service providers, and platforms. We may also collect data from affiliated entities, commercial partners, subcontractors, and service providers if their personal data protection policies permit. In any event, your data will not be collected from a publicly accessible source.

Given the above, this Privacy Policy aims to inform not only those whose data is directly collected but also those whose data is indirectly collected by and/or for Mas de Pierre by Articles 13 and 14 of the General Data Protection Regulation (no. 2016/679).

Categories of Data Processd, purpose of processing and storage periods:

 

Goals Categories of data processed Shelf life
Video surveillance to protect the premises Images and any data derived from them 15 days on the Mas de Pierre servers
Booking, supply and payment of services Identification and contact details

Bank details

Health data

10 years from the date of the operation (billing data)

The data required for payment is kept from when the CB fingerprint is taken (where applicable) until the actual payment is made and may be kept longer if consent is given.

The duration of the service, in particular, the SPA or restaurant, and the retention of the health record for 13 months if the customer consents.

Managing and sending a newsletter Identification data, contact details, and data relating to newsletter follow-up (email opened, link clicked, etc.) As long as the person is registered, with an annual purge of “inactive” persons.

Deletion from the active database on receipt of a withdrawal of consent or a request to that effect, retention for probative purposes for 5 years

Carrying out satisfaction surveys by sending out questionnaires Identification and contact details

Responses to questionnaires (pre- and post-stay)

Responses to questionnaires (pre- and post-stay): After the service provider processes the data, it is anonymised before the notice is published.

Three years from the last service or contact

Claims management Identification details, contact details, details of the stay, and complaint content. Identification details, contact details, details of the stay, and complaint content.
Litigation management Any data relevant to the dispute At the latest until the corresponding action is time-barred.

Court decisions are kept indefinitely.

Digital marketing Targeting criteria The marketing service providers (social networks and search engines) will retain the data for periods defined by each of them.
Management of the Data Controller’s contractual partners Professional identification data of partners’ staff Duration of the contract with a contractual partner, then a 5-year probationary period
Website management and operation Connection data and necessary cookies are required to function correctly.

Data entered in the Velma chatbot

13 months maximum

6 months

Cookie management Necessary cookie data, in particular: location, page tracking, links clicked, etc. 6 months maximum
Communication management (social networks) Any public data posted online by users of social networks, and/or messages exchanged with the Data Controller’s accounts Data held and stored by each social network according to its procedures.
Drawing up a police form Data required by Article R814-2 of the Code on the Entry and Residence of Foreigners and the Right of Asylum. Duration imposed by Article R814-3 of the Code on the Entry and Residence of Foreigners and the Right of Asylum (6 months)
General accounting Items shown on invoices. Term imposed by Article L123-22 of the French Commercial Code (10 years).
Exercising your RGPD rights (listed below) Identification and contact details, data relevant to processing the request. While the application is being processed, then a 5-year probationary period.

Legal bases associated with each purpose:

Legal Basis Associated Objectives Details
Contractual performance Booking, provision, and payment of services

Managing contractual partners

N/A
Legitimate interest Video surveillance to protect the premises

Provision of a WiFi connection throughout the premises

Satisfaction survey

Managing cookies that are necessary or exempt from consent

Management of tracers and similar online tracking technologies (excluding cookies)

Management of social networks

Managing complaints and disputes

Digital marketing

Safety of property and people

Improving service by providing Internet access

Seeking to improve service by gathering feedback

Proper operation of the site and audience measurement

Management of external communications and personalised advertising

Monitoring, researching and improving the customer experience

Defending the Data Controller’s interests in court

Managing external marketing through targeted advertising

Consent All health data, regardless of purpose.

Any banking data to be retained beyond the performance of the service, notwithstanding the purpose for which it was collected.

Cookie management (not required)

Managing and sending a newsletter

N/A
Legal obligation General accounting

Police file

Keeping a single staff register

Exercising the rights of individuals guaranteed by the RGPD.

This includes billing data resulting from certain contractual performances .

We also recommend that you provide as little information as possible about people other than yourself or your health and theirs when browsing the site (in particular when using the chatbot) and, in general, during your stay.

4.COOKIES AND OTHER WEB TECHNOLOGIES

We collect data via cookies and other similar technologies (web beacons).

Cookies” are small text files automatically copied to your computer or mobile device when you visit a website. These cookies contain basic information about your use of the Internet. Your browser sends these cookies to our website each time you visit it so that your computer or mobile device is recognised and your browsing experience is personalised and enhanced.

Some cookies are “necessary, ” meaning the website cannot function and display on your terminal. The others are “unnecessary” and intended to establish traffic statistics or personalise and improve your browsing experience and the targeting of the advertising you see. These will only be stored on your browser if you expressly accept them.

You can control your consent to unnecessary cookies using a drop-down banner displayed when you first visit the site and then at any time by clicking on the “cookie settings” bar displayed at the bottom right of your screen when browsing our site.

The lists of cookies and tracers, their purposes, and the partners installing them are available in the drop-down menu’s “Configure your choices” and “See partners” tabs.

In addition, our website may contain links to third-party websites, applications and plug-ins. If you access other websites from links provided on our website, the operators of those websites may collect or share information about you. These operators will use this information according to their privacy policy, which may differ from ours. We invite you to read these confidentiality policies and to refer directly to these third parties if you have any questions about their practices.

5. IDENTIFIED DATA SOURCES AND RECIPIENTS

When we do not collect your data directly, it is sent to us by our subcontractors and partners, i.e. mainly the booking platforms that offer our services: travel agencies, tour operators, online travel agencies (particularly online booking platforms), etc.

Access to your data within the Mas de Pierre corporation is restricted to those with a strict need-to-know, and it may only be shared with specific categories of recipients:

  • Intra-group: Other Elancia Group companies, particularly Socri Financière Hôtelière and Elancia, mainly for marketing, accounting, HR, and legal aspects.
  • Official bodies: To comply with our legal obligations, we may need to transmit your data to the following entities:
    • Police services may request access to video surveillance footage.
    • Legal bodies may require information, such as invoices and details of your stay, to defend Mas de Pierre in court.
    • Control bodies, such as statutory auditors, may require access to invoicing information.
  • Website: Your data may be shared with our service providers who operate our website (e.g., audience measurement) or enable us to offer our online services (e.g., automatic redirection to our online payment service provider).

Satisfaction surveys and newsletters: When you participate in these activities, some of your data may be shared with our service providers who conduct them

6. DATA SECURITY AND INTERNATIONAL TRANSFERS

We have implemented technical and organisational measures appropriate to the sensitivity of the personal data to ensure its integrity and confidentiality and protect it against malicious intrusion, loss, alteration, or disclosure to unauthorised third parties.

We conduct regular audits to check that data security rules are being applied correctly at the operational level.

To fulfil these commitments, we meticulously choose our service providers and subcontractors and require them to provide personal data protection that is at least equivalent to our own.

Our Consent Management Platform provider anonymises unnecessary cookie data before passing it on to Google Analytics via the banner that allows you to manage your cookie preferences.

In this way, your data does not pass through the United States (a country considered not to offer a level of data protection equivalent to that of the EU).

For certain service providers, data is transferred outside the European Union to countries that are not subject to the European Commission’s adequacy decisions, such as the United States.

In these cases, we only choose service providers who have adopted Standard Contractual Clauses (SCC) or obtained certifications (e.g., Data Privacy Framework) to protect your data as effectively as possible.

We also put in place organisational measures to limit and secure data transfers as much as possible.

7. YOUR RIGHTS

By data protection regulations, you have the following rights about your data:

  • Rights of access, rectification, and deletion,
  • Right to limit processing,
  • Right to object to processing,
  • The right to portability of your data,
  • The right not to be subject to automated processing or profiling. However, the processing carried out by (or on behalf of) Mas de Pierre is separate from automated processing or profiling and has a significant legal impact on you.

You can exercise your rights or request further information in the following ways:

  • By email to info@lemasdepierre.com
  • By post to the following address: 265 avenue des États du Languedoc, CS 99553, 34961 Montpellier Cedex 2.
  • At the hotel reception.

If you would like more information, or if, despite our replies, you feel that they are insufficient or that data processing is unlawful, you can contact the Commission Nationale Informatique et Libertés (https://www.cnil.fr/fr/plaintes).

8. PRIVACY POLICY UPDATES

We may modify, update and/or replace this confidentiality policy, particularly in the event of changes to regulations on protecting personal data. Therefore, we recommend that you consult this personal data protection policy regularly to ensure you are aware of the latest version.

2024 LeMasdePierre. All rights reserved.

DOWNLOAD THE PRIVACY POLICY