account Privacy Policy (general data protection policy) of B&B HOTELS in Belgium
Updated on 20 June 2024
Recitals
1. In the context of its business activity, B&B HOTELS is led to collect and process personal data concerning its contacts, prospects, customers, suppliers and partners.
2. The main aim of this document is to allow you to understand the conditions for the processing of your data.
3. This privacy policy is intended for web users, customers and prospective customers (hereinafter “you”) in the scope of (i) the use of the website https://www.hotel-bb.com/ (hereinafter the “Site”) and the B&B HOTELS mobile application (hereinafter the ”App”) presenting the platform for the online reservation of B&B hotel rooms (hereinafter the “Platform”), (ii) the supply of our loyalty programmes in Belgium and (iii) stays in hotels operated by B&B HOTELS in Belgium.
Its aim is to inform you, in accordance with Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation” or the “GDPR”), as to the manner in which your personal data may be collected and processed in the context of (i) reserving your stay (whether via the Platform or not), (ii) managing your stay in one of our hotels in Belgium, (iii) managing the loyalty programmes, and (iv) evaluating and improving our services.
The precise purposes are listed and specified in detail in Article 6 of this policy.
4. When your personal data are collected, you will be informed if certain data items are required or if they are optional. The possible consequences of failing to provide information is indicated at the time the data is collected, on the associated forms.
5. The protection of your personal data is a priority for B&B HOTELS, and that is why it undertakes to process them in the strictest compliance with the Regulation and applicable domestic laws.
1. Definitions
6. App: means the B&B HOTELS mobile App, available in IOS and Android versions.
7. Platform: means the central online reservation system operated by the B&B HOTELS Group on the Site and via the App.
8. Controller: means the company B&B HOTELS BELGIUM.
9. Services: means the services offered by B&B HOTELS via the Platform. The Services are specified in detail in the general terms of use (“ToU”) accessible here.
10. Site: means the website accessible at the URL address: https://www.hotel-bb.com/
11. User: means any person who accesses or browses the Site and the App, whether a customer, operator or mere web user, with or without an account.
2. Identity of the controllers
The controller, within the meaning of the GDPR, is the person who determines the purposes and means of the processing of personal data. If more than one person jointly determine the purposes and means of processing, they are joint controllers for the processing (or co-controllers). For some purposes, the Belgian operating company of the B&B HOTELS group, cited below, will be the controller for a single act of processing. For others, the Belgian operating company of the B&B HOTELS group is a joint controller, acting jointly with other companies.
Single controller
- B&B HOTELS BELGIUM, a Belgian société à responsabilité limitée (limited liability company), having its registered offices at Place Marcel Broodthaers 8 (REGUS Brussels South Station – South Center Titanium), 1060 Saint-Gilles (Belgium), registered in the Banque-Carrefour des entreprises (BCE) under number 0693.764.388 (Telephone: +32 2.892 39 00 – E-mail address: bel-info@hotelbb.com – IBAN: BE57001833594535);
hereinafter referred to as “B&B HOTELS”, is the sole controller for the following purposes:
(1) Processing reservations not made via the Platform;
(2) Managing accommodation contracts;
(3) The exercise of the rights of data subjects under the GDPR;
(4) Managing insurance-related events;
(5) Managing individual police forms; and
(6) Putting a CCTV/videoprotection system in place.
Joint controllers
B&B SERVICES WESTERN EUROPE, a société par actions simplifiée (simplified form limited company) of the B&B HOTELS Group, having its registered offices at 271 rue du Général Paulet, 29200, Brest, France, registered in the Trade and Companies Register of Brest under the number 904 630 902, intervenes individually alongside each of the companies listed above as joint controller for the following purposes:
(1) Managing the wifi;
(2) Managing customer complaints and claims;
(3) Managing the collection of unpaid sums outstanding.
B&B HOTELS operates the Platform which constitutes the central reservation system, common to the hotels.
Other companies in the B&B Hôtels group intervene as joint controllers for the following purposes:
(1) Managing the Platform and processing reservations made through it;
(2) Managing direct marketing;
(3) Managing the centralisation of reservations;
(4) Managing the loyalty programmes.
The companies in the list accessible by clicking here intervene as joint controllers for (i) managing the Platform and the processing of reservations made through it, (ii) managing direct marketing and (iii) managing the centralisation of reservations.
The companies in the list accessible by clicking here intervene as joint controllers for managing the paying B&B HOTELS loyalty programme.
The companies in the list accessible by clicking here intervene as joint controllers for managing the free B&B HOTELS loyalty programme.
B&B HOTELS has entered into co-responsibility agreements with its joint controllers, determining their respective obligations, the broad outlines of which are available on request made to B&B HOTELS at the following address: privacy.belgium@hotelbb.com.
Information concerning the processing undertaken is provided in detail below.
3. Fair and transparent collection of your data
12. Out of concern for fairness and transparency, B&B HOTELS takes care to inform data subjects about the processing that it carries out by providing information at the time the personal data is collected.
13. These data are collected fairly. No collection is made without the knowledge of data subjects and without them being informed.
4. Legitimate and proportionate use of your data
14. When B&B HOTELS is induced to process personal data, it does so for specific purposes: each act of data processing is therefore for a legitimate, determined and explicit purpose, as specified in Article 6 of this policy.
15. For each act of processing carried out, B&B HOTELS undertakes to collect and exploit only data that are adequate, relevant and limited to what is necessary for the purposes for which they are processed. B&B HOTELS ensures that the data are updated and that processes are implemented to allow for the erasure or rectification of inaccurate data.
5. The processed data
16. In the framework of personal data processing for the purposes presented to you below in Article 6, B&B HOTELS collects and processes the following categories of data:
• Data concerning your identity and private life: title, surname, forename, telephone number, e-mail address, date and place of birth, sex, age, city, country, nationality, spoken language, postal address, post code, user name or pseudonym, video images from the videoprotection systems, photograph and signature (for releases that you have signed authorising the use of your likeness), unique serial number for the drafting of the individual police form;
• Data concerning your professional life: company, work e-mail address, work telephone number, work postal address, job title, status in the company, partner code,
• Data concerning browsing: logs and connection data (connection URL, date and time), data identifying computer hardware, language settings, geographical location data via your IP address when you connect to the Platform to adapt your browsing and use our Services), data concerning your use of the Platform and the Services, including the IP address, data communicated to our teams when calling upon them (preferred language, etc.), data collected via cookies and other trackers.
• Data concerning your reservation and your customer account: customer identifier, loyalty number, contract number (for BtoB partner contracts), hotel in question, dates of stay, room number, room access code, data concerning other occupants of the reserved rooms such as names and ages, features of the stay with any options (car parking, animal, preferred floor, etc.), reason for the stay (leisure, professional), if a request for invoicing at a different address: name of the company, address, VAT number, disability in the event of choosing the option of an adapted room, data concerning the grant and use of invitations and other vouchers;
• Data concerning transactions: transaction number, data concerning means of payment, bank concerned, details of the purchase, subscription, or service subscribed, date of the cheque, invoices, data concerning the payment of invoices such as method of payment, rebates granted, receipts, outstanding balances and unpaid amounts. The bank card number, expiry date and security code are processed exclusively by our service provider, Adyen, who only provides us with a token to proceed with warranties and reservation payments;
• Data concerning the history of reservations in B&B HOTELS hotels.
• Data concerning the management of social media and customer reviews: public data published on partner platforms (Facebook, Instagram, LinkedIn), interactions with a post or a page (reactions, shares), content of messages and comments made by web users, content of reviews,
• Data concerning the management of complaints and insurance-related events: complaint form, details of the complaint or harmful event (circumstances, date, place), exchanged with our departments, any substantiating documents and bank details to obtain a refund or compensation.
6. Purposes, legal bases and periods of storage of processing and data
17. Each act of processing carried out by B&B HOTELS corresponds to an explicit, legitimate and determined purpose, which is based on the performance of a contract, compliance with a statutory or regulatory obligation, your consent or legitimate interest. In addition, we store your personal data only for the time required for the stated purposes.
18. The purposes for which your data is processed, their legal basis and their period of storage are specified below:
| PURPOSE | LEGAL BASIS | PERIOD OF STORAGE |
|---|---|---|
Managing reservations made on the Platform, with the Reservations Call Centre or directly with the hotels, and managing your stay (including for stays reserved on third party partner sites (such as Booking.com, Expedia etc.)) and following up on commercial relations with customers in the context of their reservation This processing includes managing requests for information about the hotels (via the contact form available on the Site), managing online check-in, and offers for complementary e-conciergerie services in the hotels (local points of interest, online press etc.)
| Performance of the contract entered into between customers and B&B HOTELS and the legitimate interest of B&B HOTELS in providing a commercial follow-up with respect to our customers. Your consent for the management of requests for information and the processing of data for the personalisation of services during your stay (request for a room adapted for disabled persons).
| In an active database: The data used in the context of managing relations with the customer are stored throughout the entire period required for performance of the contract. The data concerning payments by bank card are stored until the effective payment of all sums due under the contract from reservation until the first day of the stay (in order to cover a possible "no show") or under the accommodation contract (including consumption, smoking damage charges). In intermediate archives: Data are kept for 10 years (to comply with obligations imposed by laws in matters of tax/accounting and/or pre-litigation). |
Managing customer complaints In particular:
| Performance of the contract entered into between customers and B&B HOTELS as well as the legitimate interest of B&B HOTELS in defending its rights concerning the management of litigation.
| In an active database: The data used in the context of managing customer relations are kept throughout the period required for processing the complaint. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period depending on the type of lawsuit concerned and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted. |
The supply and management of WIFI in the hotels, including the storage of connection data for the purposes of criminal proceedings, the prevention of threats to public safety and national security
| Performance of the contract entered into you and B&B HOTELS for the use of the WIFI provided in the hotel to allow you to connect to the internet
| In an active database: For the purposes of systems administration, supply of the WIFI service and to remedy any dysfunction of the used information systems: for a period of one year following the date the data are recorded. To optimise the use of the WIFI service and to maintain the User’s connection from one use to the next without having to log back in, the terminal identification number: for a period of 24 hours. |
| Improving the services of B&B HOTELS, in particular, • carrying out customer satisfaction surveys • managing reviews of the provided services | Legitimate interest of B&B HOTELS in improving its services, your consent for the management of customer reviews. | Period required to carry out and process the customer satisfaction survey or customer review and two years following publication of the review or until the person concerned withdraws their consent. |
Producing commercial statistics
| Legitimate interest of B&B HOTELS in having an overall view as to the commercial situation. | In an active database: Period required to attain the purpose sought by the statistics or until exercise of the right to object |
Keeping customer accounts and storing accounting documents (accounting and tax obligations) including the management of debt collection for unpaid amounts outstanding
| Compliance with legal obligation and the legitimate interest of B&B HOTELS in defending its rights in the event of litigation with respect to an unpaid amount.
| In an active database: The data required for accounting purposes are kept for the duration of each accounting year. The data required for the management and debt collection of unpaid amounts outstanding shall be kept until the amounts are collected and shall be erased at the latest 48 hours after the time were the unpaid amount was effectively paid off. In intermediate archives: For the legal duration of storage i.e. 10 years following the close of the reference accounting year. |
Carrying out direct marketing. In particular:
| Your consent: for carrying out operations via electronic means: e-mails, SMS Legitimate interest of B&B HOTELS in being able to propose its offers to its professional customers for operations by telephone giving rise to human intervention (non automated) or to its non-professional customers concerning analogous goods or services | In an active database: Until consent is withdrawn or 3 years following the last contact of the persons with B&B HOTELS or following the last reservation.
|
Managing communication In particular: • invitations to events;
| Your consent
| In an active database: For external communication: throughout the duration of commercial relations with B&B Hôtels or until unsubscribed. Throughout the duration of prize draws and competitions. In intermediate archives: For litigious or pre-litigious purposes, the data shall be stored until the expiry of the statute of limitations period depending on the type of lawsuit concerned and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted. |
Managing the B&me loyalty programme (managing membership of the B&me programme and subscription to B&me Club)
| Performance of the loyalty contract
| In an active database: For the entire duration of your membership of the programme. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period depending on the type of lawsuit concerned and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted |
Managing requests to exercise a right by data subjects concerned by the processing of personal data
| Compliance with legal obligation (Articles 15 et seq. of the GDPR)
| In an active database: For the entire duration required to process the request. In intermediate archives: Claims shall be archived for a period of 5 years (6 years in the event of exercise of the right to object) after the processing of the request for evidentiary purposes. |
The proper working, improvement and securing of our Platform and its functionalities, including Site audience measurement, support, maintenance and adaptation of your browsing
| The legitimate interest of B&B HOTELS to provide for the working and security of the Site and Platform. Consent of the user given on the deposit of non-necessary cookies.
| Lifetime of trackers limited to 6 months Period of storage of data collected via trackers: 25 months as a maximum Period of storage of browsing data via your IP address, when you connect to the Platform: throughout the duration of connection to the Platform and for a maximum of three (3) months |
| Recording of images via the videoprotection system | The legitimate interest of B&B HOTELS to provide for the safety of property and persons | If no incident is observed, the images will be kept only for a few days and in any event for a period which will not be longer than 1 month unless these images help to establish proof of an offence, damage or incivility or help to identify a perpetrator, the person breaching the peace, a witness or a victim.. In the event of incident relating to the safety and security of persons and property or in one of the cases referred to above, CCTV images may be extracted from the system. They shall then be kept on separate storage media for the time needed to settle proceedings pertaining to the incident and shall be accessible only to persons authorised in this context. |
| Producing and conserving individual police forms, responses to requisitions from the Police services and requests for information | Compliance with a legal obligation (Royal Order of 27 April 2007 concerning the registration and control of travellers residing in tourist accommodation) | The police forms completed by any foreign citizen staying in one of our Hotels shall be kept for 7 years after the departure of the traveller. |
Managing criminal proceedings (where B&B HOTELS is a victim) In particular: | The legitimate interest of B&B HOTELS to provide for its defence in pre-litigious and litigious cases
| In an active database: The data used in the context of managing criminal litigation shall be kept for the entire duration required to process the litigation. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted.
|
Managing third party claims for compensation connected with a harmful event In particular:
| The legitimate interest of B&B HOTELS to provide for its defence in pre-litigious and litigious cases
| In an active database: The data used in the context of managing criminal litigation shall be kept for the entire duration required to process the litigation. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted. |
IF YOUR PERSONAL DATA ARE PROCESSED FOR MARKETING PURPOSES, INCLUDING PROFILING, YOU MAY OBJECT AT ANY TIME BY CONTACTING privacy.belgium@hotelbb.com.
7. Recipients of the data
19. Within the limit of their respective remits and for the purposes recalled in Article 6, the main persons who may have access to your data are as follows:
• the authorised personnel of our hotel reservation, marketing, sales, administrative, logistics and I.T. departments, responsible for improving our services, customer relations and direct marketing and quality control; the representatives and employees of the hotels in the B&B HOTELS network where you will stay, including franchisee companies and hotel management companies;
• the authorised personnel of our subcontractors and service providers such as, inter alia, accommodation suppliers and cloud storage, suppliers of payment services, suppliers of mailing services, suppliers of IT maintenance services, suppliers of marketing studies;
• the authorised personnel of the joint controllers;
• where relevant, the competent authorities on request and in particular public bodies, the relevant courts, as well as mediators, chartered accountants, statutory auditors, lawyers, bailiffs, law officials, police officers, organisations responsible for collecting debts, exclusively in order to comply with legal obligations, as well as for cases of seeking the perpetrators of offences committed over the internet;
• third parties who may place cookies on your terminals where you have consented to this. For more details, consult our Cookie management policy.
8. Transfer of data outside the European Union
20. B&B HOTELS is a company belonging to the B&B HOTELS group, which provides its Services in numerous countries.
21. In this respect, and in the framework of the purposes described in Article 6 of this policy, we may transfer your data to recipients within and without the group, located outside the European Union.
22. In the absence of an adequacy decision, B&B HOTELS shall not make transfers outside the European Union unless appropriate safeguards are obtained, in this case standard contractual clauses defined by the European Commission, and in strict compliance with regulations in force.
23. You may obtain access to all of the safeguards and documents concerning transfers of your personal data outside the European Union by contacting us at the following e-mail address: privacy.belgium@hotelbb.com.
9. The security of personal data
24. B&B HOTELS attaches particular importance to the security of personal data. It puts appropriate technical and organisational measures according to the level of sensitivity of the personal data, in order to ensure the integrity and confidentiality of the data and to protect them against malicious intrusion, or any loss, alteration or unauthorised disclosure to third parties.
25. Nevertheless, the security and confidentiality of the data depend on each person applying good practices, and you are advised to remain attentive to the matter. In particular, it is your responsibility to ensure that any chosen password is sufficiently long and complex and regularly updated, and to ensure the confidentiality of your login and password. In the event of loss, abuse or fraudulent use of your user name and/or password, you undertake to inform B&B HOTELS immediately at the address: privacy.belgium@hotelbb.com.
10. Subcontracting
26. Some hotels in Belgium are operated under a management mandate agreement entered into between B&B HOTELS and the hotel management company which operates the hotel where you are staying.
27. If B&B HOTELS uses a service provider, it will only transmit personal data after having received a commitment and safeguards from it concerning its ability to meet these requirements of security and confidentiality.
28. B&B HOTELS enters into contract with its subcontractors, in compliance with its statutory and regulatory obligations, which precisely define the terms and conditions for processing data by these subcontractors, in compliance with the GDPR.
11. Cookies
29. Please note that if you use our Site or partner websites or reservation tools provided by B&B HOTELS for your reservation, cookies may be used which may also involve the processing of personal data. In this respect, we refer you to our Cookie Management Policy.
12. Social media
30. When you browse our Site or our App, you may click on the icons dedicated to the Twitter, Facebook, Instagram, TikTok and YouTube social media.
31. Social media make it possible to improve the conviviality of the Site and our App, and assist with their promotion via shares.
32. When you use these buttons, you may access the personal information that you have indicated as being public and accessible from your Twitter, Facebook Instagram, TikTok and YouTube profiles. However, we do not create or use any database independent of Twitter, Facebook Instagram, TikTok and YouTube and do not exploit any data pertaining to your private life via this method. Please note that we are not the controller of processing for these various social media, and that privacy policies that are independent of B&B HOTELS will apply to these services.
33. In order to limit third party access to your personal information on Facebook, Twitter, Instagram, TikTok or YouTube, you should configure the settings of your profiles and/or the nature of your publications via the dedicated spaces on the various social media in order to limit their audience.
13. Exercise of the rights of data subjects
34. B&B HOTELS is particularly attentive to respect for the rights that you are granted in the context of its data processing, to ensure that you benefit from fair and transparent processing considering the particular circumstances and the context in which your personal data are processed.
13.1 Right of access (GDPR Article 15)
35. In this respect, you have the right to obtain confirmation that your data are or are not processed and, if they are, you have the right to request a copy of your data and various other information concerning the processing of your personal data, and in particular:
• the purposes of the processing;
• the categories of data concerned;
• the recipients or categories of recipients and, where relevant if such communication is to be carried out, the international organisations to which the data have been or will be communicated, in particular the recipients who are located in third countries;
• where this is possible, the planned duration of storage of the personal data or, if this is not possible, the criteria used to determine this duration;
• the existence of the right to ask the controller to proceed with the rectification or erasure of your personal data, the right to require a restriction on the processing of your data, the right to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• information concerning the source of the data if they are not directly collected from data subjects;
• the existence of automated decision-making, including profiling, and in this last case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects.
13.2 Right to the rectification of your data (GDPR Article 16)
36. You may request of B&B HOTELS that your data be, as relevant, rectified, completed if inaccurate or incomplete.
13.3 Right to the erasure of your data (GDPR Article 17)
37. You may request of B&B HOTELS the erasure of your personal data in the cases laid down by laws and the GDPR, and specifically where (a) data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (b) you withdraw the consent on which the processing is based, (c) you object to the processing, on grounds relating to your particular situation, to processing which is based on Article 6.1 (e) (necessary for the performance of a task carried out in the public interest) or 6.1 (f) (legitimate interests), including profiling based on those provisions, and there are no compelling legitimate grounds for the processing, or you object to processing for marketing purposes.
38. Your attention is drawn to the fact that the right to erasure of the data is not a general right and your request may only be upheld in the presence of one of the grounds set out in applicable regulations.
13.4 Right to the restriction of data processing (GDPR Article 18)
39. You may request the restriction of processing of your data in the cases laid down by law and by the GDPR, specifically where (a) you dispute the accuracy of the data, for a period enabling the Controller to verify the accuracy of the personal data, (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (c) the Controller no longer needs the personal data for the purposes of the processing, but you still require them for the establishment, exercise or defence of legal claims, (d) you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.
13.5 Right to object to data processing (GDPR Article 21)
40. You have the right at any time to object, on grounds relating to your particular situation, to processing of your personal data which is based on Article 6.1 (e) (necessary for the performance of a task carried out in the public interest) or 6.1 (f) (legitimate interests), including profiling based on those provisions, if there are no compelling legitimate grounds for the processing, or you object to processing for marketing purposes.
41. In the event that this right to object is exercised, B&B HOTELS will ensure that it no longer processes your personal data in the context of the processing in question unless B&B HOTELS can show that it has compelling legitimate grounds to continue with the processing. These grounds must override your interests, rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims.
13.6 Right to the portability of your data (GDPR Article 20)
42. You have the right to portability of your personal data. This is not a general right. Indeed, not all data from all processing are portable and this right only concerns automated processing, to the exclusion of manual or paper-based processing.
43. This right is limited to processing on the legal basis of your consent or the performance of steps prior to entering into a contract or the performance of a contract.
13.7 Right to withdraw your consent (GDPR Article 7)
44. Where the data processing implemented by B&B HOTELS is based on your consent, you may withdraw consent at any time. B&B HOTELS will then stop the future processing of your personal data, without this undermining any prior operations to which you had given your consent.
13.8 Right not to be the subject of a data based exclusively on automated processing (GDPR Article 22)
No decision-making of this type is currently applied by B&B Hôtels.
13.9 Right to lodge a complaint
45. You have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy, at the following address.
Autorité de protection des données
Rue de la Presse, 35, 1000 Brussels
+32 (0)2 274 48 00
+32 (0)2 274 48 35
contact@apd-gba.be +32 (0)2 274 48 00
13.10 Methods for exercising your rights
46. All of the rights enumerated above may be exercised:
• by message to the following e-mail address: privacy.belgium@hotelbb.com
• while providing proof of your identity by any means, and legitimate grounds if this is required by law.