The Templerie (MADAME NATHALIE POLOMACK) undertakes to ensure that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulation (RGPD) and Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms.
The collection of personal data of its customers is limited to what is strictly necessary, in accordance with the principle of data minimisation, and indicates the purposes pursued by the collection of this data, whether providing this data is optional or mandatory to manage requests and who will be able to see it.
I. About us
The Templerie (MADAME NATHALIE POLOMACK) is an IE with its registered office at 41 rue de la Tour d’Auvergne, 77200 La Flèche and registered at Le Mans under SIRET number 793 996 950 00036. Code APE 5520Z.
The Company offers the following services:
- Tourist and other short-term accommodation
“Site” means the Company’s website, namely, www.latemplerie-chambre-hote-la-fleche.fr
“Cookies”: A cookie is a piece of information deposited on the hard disk of an Internet user by the server of the site they are visiting. It contains several pieces of data: the name of the server that deposited it, an identifier in the form of a unique number or a text and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.
“Personal data” means any information relating to an identified natural person or a person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person. This is, for example, the User’s email address.
“Customer” means any natural or legal person who makes a reservation on the Site, with our partner service providers (e.g. Booking.com) or directly with the receptionist on duty at the establishment whose address is indicated in Article I;
“Reservation” means any reservation made by the User, Client, Professional, Consumer with a view to benefiting from the Company’s Services;
“General Terms and Conditions of Sale and Use” or “GTC/GU” means the general terms and conditions of sale and use of the Company;
“Consumer” means the buyer who is a natural person who is not acting for professional purposes and/or outside of his professional activity;
“Professional” means the buyer who is a legal or natural person acting in the course of his professional activity;
“Services” means all services and/or products offered to Client and Professional Users by the Company through the Sites held by the Company;
“Company” means the Company LA TEMPLERIE (MADAME NATHALIE POLOMACK), more fully referred to in Article I hereof;
“User” means any person who makes use of the Site.
“Account” means the client’s personal space with the Company’s partner providers.
“Quote” means a quote produced by the Company for a specific, bespoke service requested by the Client
“RGPD” means the General Data Protection Regulation applicable from 25 May 2018.
“Processing of personal data” means any operation or set of operations which is performed upon such data, whatever the process used (collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction…)
III. Protection of Personal Data
In accordance with the law known as “Informatique et Libertés” of 6 January 1978 and the General Data Protection Regulation 2016/679 (RGPD), the information concerning you is intended for the Company, which is responsible for processing. You have the right to access, rectify and delete data concerning you (details in article 7). You may exercise this right by sending an email to firstname.lastname@example.org
By connecting to the Company’s www.latemplerie-chambre-hote-la-fleche.fr website, you are accessing content protected by law, in particular by the provisions of the Intellectual Property Code. The Company only authorises strictly personal use of the information or content you access, limited to saving it on your computer for the purpose of displaying it on a single screen, as well as reproduction, where authorised (link or download button) for copying or printing on paper. Any other use is subject to our express prior authorization. By continuing your visit, you agree to abide by the above restrictions.
The Company commits its Clients, Users, Consumers, Professionals to respect the laws in force and the ethical rules of practice necessary for the establishment of a relationship of trust between the Company and its Clients, Users, Consumers, Professionals.
The Company commits its Users to respecting a set of obligations through its GTC/GU.
Any breach of these obligations may result in the cancellation without notice of a booking made on the Company’s website or directly with The Templerie.
NOTES THAT THE COMPANY DOES NOT TRADE OR RENT ITS CLIENTS’ AND PROSPECTS’ FILES.
The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data of minors without the prior consent of the holder of parental authoritý, we will take appropriate measures to delete such personal data from our servers.
- Data Controller
The person responsible for processing the personal data referred to herein is Ms. Nathalie POLOMACK, director of THE TEMPLERIE whose company information is stipulated in Article 1 on this page.
- Nature of the Data Collected
User information and rights.
The company hereby clearly informs you about the processing of personal data that it implements in the course of its activity, how the data is collected, used and protected.
Any User, Customer, Consumer, Professional has the right to request from the data controller, i.e. Ms. Nathalie POLOMACK access to the personal data provided;
- The rectification or deletion thereof;
- A limitation of the processing relating to his/her person;
- To object to the processing;
- To data portability;
- To lodge a complaint with the CNIL.
The Company undertakes to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the European Data Protection Regulation (see list of data recipients in Article 6).
Data collected on the website (contact form).
When a Client, User, Consumer, Professional, makes a booking request on the site via our contact form, the following data is collected and processed by the Company: email, first name, last name, telephone, country, arrival date, departure date, number of adult(s), number of child(ren), additional information that the Client, Professional, User, Consumer, deems necessary for his/her booking request.
Data collected on the site (via our service provider Alliance Réseaux)
When a Client, User, Consumer, Professional, makes a reservation request on the site, the following data is collected and processed by our subcontractor Alliance Réseaux: email, first name, last name, country, telephone number, IP address, type of room, reservation rate, date of stay, credit card number (16 digits + expiry date), and additional information that the Client, Consumer, Professional, User may transmit if he/she deems this information to be good and useful for his/her reservation.
The data is then transmitted to us by email with the exception of the bank card number (16 digits + expiry date) which remains in secure access on the Alliance Réseaux server. This data is only visible with a password and an identifier via the intranet between the Company and Alliance Réseaux.
Data collected at the Company’s Establishment.
When a customer arrives, the following data is collected and processed: date of arrival and departure from the establishment, room number, number of breakfasts, if any, order history, complaints, incidents, information relating to correspondence on our site or directly with the Company (email message sent directly).
Some data is collected automatically as a result of the user’s actions on the site (see the paragraph on cookies in Article 8).
Data collected by a Partner Provider.
Submitted data shall not include sensitive personal data, such as governmental identifiers (such as social security numbers, driving licence numbers, or taxpayer identification numbers), full credit card numbers (except as may be requested in particular in connection with a booking on the site by filling in the appropriate field on the booking form) or personal bank account numbers, medical records or health care claim information associated with individuals, but not limited to this list.
Concerning the collection of identity data
Prior identification for the provision of the desired service.
The provision of a room requires prior identification of the client using their identity card or any other document allowing them to be identified. The personal data (surname, first name, postal address) appearing on the identity document are used to carry out our legal obligations resulting from the provision of the service as set out in the reservation. The client, whether consumer or professional, must not provide false personal information and must not make a reservation for another person without their permission. The contact details provided must always be accurate and up to date.
Collection of terminal data.
Collection of profiling and technical data for the purpose of providing the service.
Some of your device’s technical data is collected automatically by the Site and server. This information includes, but is not limited to, your IP address, Internet service provider, hardware configuration, software configuration, browser type and language… The collection of this data is necessary for proper navigation of the Company’s website.
The Company also provides a personalised experience using automated decision making via its newsletter email messages.
Collection of technical data for commercial and statistical purposes.
Technical data from your device is automatically collected and stored by the server and our subcontractors for advertising, marketing and statistical purposes. This information helps us to personalise and continually improve your experience on our Site. We do not collect or store any personally identifiable information (first name, last name, address…) that may be attached to technical data.
- Purpose of the Processes
The main purpose of collecting your personal data is to provide you with a safe, optimal, efficient and personalised experience in the facility. To this end, you agree that we may use your personal data to:
- Provide and facilitate our services, including conducting checks on you to do so;
- Resolve any problems to improve the use of our site and services;
- Customise, evaluate, improve our services, content and documentation;
- Analyze the volume and history of your use of the Company’s services;
- To inform you about the Company’s services;
- Prevent, detect and investigate any potentially prohibited and illegal activities or activities contrary to good practice, and ensure compliance with the Company’s T&C/GU;
- Comply with our legal and regulatory obligations.
- For customers who have made a booking directly on the website, by telephone or via the Company’s partner service providers, we process their data for the performance of the service contract.
- For our newsletter, we process your personal data on the basis of the explicit consent you have given for this.
VII. Recipients of Data
Personal data about you collected on the website, at the facility and from partner service providers is intended for use by the Company and may be passed on to subcontracting companies that the Company may use in the course of providing its services. The Company ensures compliance with data protection requirements for all its subcontractors. The Company does not sell or rent your personal data to third parties for marketing purposes. As a matter of ethics consistent with our values, we do not enter into strategic partnerships to share your data by promoting a service or product of a Third Party company.
The Company does not disclose your personal data to third parties unless:
- you request or authorise the disclosure;
- disclosure is required to process transactions or provide services you have requested (i.e., for purposes of verifying your good shipping practices or in connection with purchase card processing with credit card companies);
- the Company is compelled to do so by a governmental authority or regulatory body, in the event of a judicial requisition, subpoena or other similar governmental or judicial requirement, or to establish or defend a legal claim;
- the third party is acting as an agent or subcontractor of the Company in the performance of the Services.
Currently the recipients of the data are:
- MIXIT7: Server Outsourcing
- Mrs. Nathalie POLOMACK: Website editing
- ALLIANCE NETWORKS: Payment Management
- GOOGLE ANALYTICS: Statistics and Technical Analysis of the site
- GOOGLE / GMAIL: Exchange by email between the Company and its Users, Consumers, Clients, Professionals
VIII. Right of access, rectification and deletion
In accordance with the French Data Protection Act and the General Data Protection Regulation 2016/679 (RGPD), you have the rights of access, rectification and deletion of your personal data, which you can exercise by sending an email to email@example.com
Your request will be processed within 30 days. We may ask that your request be accompanied by a photocopy of proof of identity or authority.
You can also change your personal data yourself at any time, in relation to our newsletter, by clicking on the link at the bottom of each email in our newsletter to either unsubscribe or update your details.
Cookie retention period
In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of 13 months after they are first deposited in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User’s consent will therefore have to be renewed at the end of this period.
Finality of cookies
Cookies may be used for statistical purposes, in particular to optimise the services rendered to the User, based on the processing of information concerning the frequency of access, the personalisation of the pages as well as the operations carried out and the information consulted.
You are informed that the Company may place cookies on your terminal. The cookie records information relating to navigation on the site (the pages you have consulted and can consult) which we can read during your subsequent visits.
The cookie will allow the Company, during the period of validity or recording of the cookie, to identify your computer during your next visits. Partners or service providers of the Company, or third party companies may also be required, subject to your choices, to place cookies on your computer.
There are two main categories of cookies:
So-called “Technical” cookies. These cookies are essential for browsing our site, in particular for the proper execution of the ordering process;
So-called “Optional” cookies. These cookies are not essential to navigation on our site but may allow, for example, to facilitate your searches, to optimise your user experience, and for us: to better target your expectations, to improve our offer, or to optimise the functioning of our site.
The length of time this information is kept on your computer is one year. Only the issuer of a cookie is likely to read or modify the information contained in this cookie.
No cookie allows us to identify your civil status.
Deactivation may result in degraded functioning of the service.
If you do not want cookies to be used on your terminal, most browsers allow you to disable cookies through the settings options.
You can object to cookies being stored by setting your browser as follows:.
- On your computer, open Chrome.
- On the top right, click Settings (the 3 little dots)
- Click on Advanced Settings and then Content Settings
- At the top of the page, disable “Allow sites to save and read cookie data”
For Mozilla Firefox:
- Choose the “Tool” menu then “Options”
- Click on the “Privacy”
- Find the “Cookie” menu and select the options that suit you
For Microsoft Internet Explorer:
- Choose the “Tools” menu, then “Internet Options”.
- Click on the “Privacy” tab.
- Select the desired level with the slider.
- Go to Settings
- Under Clear Browsing Data, select Choose Items to Clear.
- Check the boxes next to each type of data you wish to delete, then select Delete.
- Choose the menu “File” > “Preferences” > Privacy
Warning: If you choose to refuse the recording of cookies on your computer or if you delete those recorded there, we decline all responsibility for the consequences related to the degraded functioning of our services resulting from the impossibility for us to record or consult the cookies necessary for their functioning and that you would have refused or deleted.
- Data Retention
The Company collects and retains your personal data for the purposes of fulfilling its contractual obligations as well as information on how and how often you use our services. Personal data shall be retained only for as long as is necessary to fulfil the purpose for which it was collected. The Company only stores your data for as long as is necessary to provide the service, and as such, the Company deletes your bank details after the service has been completed. The retention of our clients’, professionals’, consumers’ and users’ data varies according to the type of data concerned. For example, your statistical data that is older than 13 months will be deleted. Other data may be deleted at any time, in accordance with the provisions set out above.
Storage period for personal and sensitive data.
Data retention for the duration of the contractual relationship and beyond.
In accordance with Article 6-5° of Law n°78-17 of 6 January 1978 relating to information technology, files and freedoms, sensitive data (Bank Card) that is subject to processing is not kept beyond the time required to fulfil the obligations defined when the contract was concluded or the predefined duration of the contractual relationship.
Personal data (surname, first name, email, postal address) being processed are kept for a period of 3 years in our booking software.
Deletion of data after account deletion.
Means of data purging are put in place in order to provide for the effective deletion of data as soon as the period of retention or archiving necessary for the fulfilment of the determined or imposed purposes is reached. In accordance with the law n°78-17 of January 6, 1978 relating to data processing, files and freedoms, you also have a right to delete your data that you can exercise at any time by contacting the Company.
Deletion of data after 3 years of inactivity.
For security reasons, if you have not visited our facility for more than 3 years, your personal data will be deleted.
Deletion of Data after 12 months in the Newsletter.
If you have not had an active behaviour within the newsletter, i.e. opened and/or clicked in a link present in an email, for a period of 1 month, you will receive an email inviting you to perform an action (click on a link) before final deletion in the relevant list.
- Location of Data Storage and Transfers
The hosting servers on which the Company processes and stores your data on the site are located exclusively in the European Union.
The Company undertakes to inform you immediately, to the extent that we are legally entitled to do so, in the event of a request from an administrative or judicial authority relating to your data.
Within the framework of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its clients, consumers, professionals and users. Thus, and in accordance with the RGPD, the Company undertakes to take all useful precautions to preserve the security of the data and in particular to protect them against any accidental or illicit destruction, accidental loss, alteration, distribution or unauthorised access, as well as against any other form of illicit processing or communication to unauthorised persons.
To this end, the Company implements digital industry standard security measures to protect personal data from unauthorised disclosure. Using the encryption methods recommended by the digital industry, the Company takes the necessary measures to protect payment information knowing that the Company does not offer on-site payment directly but goes through an external secure service by our subcontractor ALLIANCE NETWORKS.
Furthermore, in order to avoid, in particular, any unauthorised access, to guarantee the accuracy and proper use of the data, the Company has put in place electronic and manual procedures with a view to safeguarding and preserving the data collected through its services.
Despite everything, no one can consider themselves completely safe from a hacker attack. That is why, in the event that a security breach should impact you, the Company undertakes to inform you as soon as possible and to make its best efforts to take all possible measures to neutralise the intrusion and minimise its impact.
In the event that you suffer damage as a result of the exploitation of a security breach by a third party, the Company undertakes to provide you with all necessary assistance so that you can assert your rights.
You should bear in mind that any user, customer or hacker who discovers a security breach and exploits it may be subject to criminal sanctions and that the Company will take all measures, including filing a complaint and/or taking legal action, to preserve the data and rights of its users and its own and to limit the impact as much as possible.
Informing the User in the event of a security breach.
We undertake to implement all appropriate technical and organisational measures through physical and logistical security means to ensure an appropriate level of security with regard to the risks of accidental, unauthorised or unlawful access, disclosure, alteration, loss or even destruction of your personal data. In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or unauthorised access resulting in the risks identified above, we undertake to:
- Notify you of the incident as soon as possible if this meets a legal requirement;
- Examine the causes of the incident;
- Take the necessary measures within reason to mitigate the negative effects and harm that may result from the said incident.
- Limit liability
Under no circumstances shall the undertakings set out in the above point relating to notification in the event of a security breach amount to any admission of fault or liability for the occurrence of the incident in question.
XIII. Liabilities and Warranties
Unless there is force majeure, the Company guarantees to the User, Consumer, Client, Professional the proper performance of its service in compliance with these General Conditions.
The compensation possibly due by the Company to the User or to a third party, due to the liability of the Company, its subsidiaries or its partners, in respect of the performance of the present Terms and Conditions shall not exceed the price paid by the User, Client, Professional or Consumer in consideration of the service(s) at the origin of said liability (e.g. the price of a room).
The Company does not systematically control the way in which its services are used, in particular the use of the equipment available in the room and the common areas which remains the responsibility of the Client, Consumer, Professional.
Under no circumstances shall the Company be liable to any third party for any loss or damage resulting from the use of the services on behalf of the User, Client, Consumer, Professional in any capacity whatsoever.
Responsibility of the User
The Client, Consumer, Professional, User shall be solely responsible for the manner in which he/she uses the room, the common areas and the equipment at his/her disposal in the performance of the present.
XIV. Data Portability
The Company undertakes to offer you the possibility of having all of your data returned to you upon request. The User is thus guaranteed a better control of his data, and keeps the possibility of reusing them. Such data shall be provided in an open and easily reusable format, directly into the hands of another data controller where desired and technically possible.
Deletion of Data
Deletion of data on request
The User, Client, Consumer, Professional has the possibility to delete their Data at any time, by simple request to the Company or directly via a link present at the bottom of each of our newsletter emails.
In the event of a breach of any provision(s) hereof or any other document incorporated herein by reference, the Company reserves the right to cancel your booking without refund if there has already been a payment.
XVI. Transfer of Data to Countries with an Equivalent Level of Protection
The Company is committed to complying with applicable regulations regarding data transfers, although the Company does not currently transfer data to foreign countries for substantially all of its processing. Where necessary to provide our services, this is done in the following ways:
- The Company transfers the personal data of its Users, Clients, Consumers, Professionals to countries recognised as offering an equivalent level of protection and recognised by the CNIL as having a sufficient level of protection.
- The Company transfers the personal data of its Users, Clients, Consumers, Professionals to recipients that can present sufficient guarantees of RGPD compliance.
- The Company only transfers the personal data of its Users, Clients, Consumers, Professionals with regard to what is strictly necessary for the purpose of the processing concerned, i.e. booking a room at The Templerie
At present, the only processing operations concerned by this provision, concern:
The booking of services offered by the Company to the user who has decided to make a booking via the subcontractor ALLIANCE NETWORKS from the Company’s website. Only the following data are transferred: CUSTOMER ID, email address, purchase amount, product designation, email address, telephone, postal address (if indicated), 16 digits of the credit card and its validity date.
Ethical and personalised business relationship management through information powered by Facebook via the “Personalised Audience” feature offered by Facebook.
The email address is the only data transferred to allow Facebook to identify its users and build an audience.
Questionnaires completed by the customer on Google services (Google Doc, Google Drive, Google Form, Google Sheet etc..). The Personal Data depends on what the customer wants to share (company name, SIRET number, last name, first name, email).
For a list of countries with a sufficient legal level: CNIL – Data Protection Around the World
In the event of any changes to this policy, the Company will not lower the level of privacy substantially without prior notification to affected individuals.
XVIII. Applicable Law and Language
XIX. Disputes and Jurisdiction
The Templerie, 41 rue de la Tour d’Auvergne, 72200 La Flèche
Telephone: + 33 (0) 6 87 84 34 06
Email address: firstname.lastname@example.org
Seizure of the Consumer Ombudsman
After having referred the matter to the customer service department and failing a satisfactory response within 15 days, the customer may refer the matter to the Tourism and Travel Mediator, whose contact details are given below:
Tourism and Travel Mediation
PB 80 303
75 823 Paris Cedex 17