account General policy for the protection of personal data B&B HOTELS Ljubljana, turizem in hotelirstvo, d.o.o.
Updated on 23/01/2024
Preamble
1. In the course of its business, B&B HOTELS collects and processes personal data relating to contacts, prospects, customers, service-providers and partners.
2. The main purpose of this document is to help you understand the conditions under which your data is processed.
3. This personal data protection policy is intended for users (hereinafter referred to as "Users" or "you") of the website https://www.hotel-bb.com/ (hereinafter the "Site") and the B&B HOTELS mobile application (hereinafter the "Application") presenting the online B&B hotel room reservation platform (hereinafter the "Platform").
4. Its purpose is to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation" or "GDPR"), about how your personal information may be collected and processed through our Website and the Mobile Application in connection with the booking of hotel rooms in the countries in which we have hotels and the B&B HOTELS Club and B&Me loyalty programmes.
5. The protection of your personal data is a priority for B&B HOTELS, which is why it undertakes to process such data in strict compliance with the Regulation and applicable national laws.
1. Definitions
6. Application: designates the B&B HOTELS mobile application available in IOS and Android versions.
7. Platform: refers to the online central reservation system operated by the B&B HOTELS Group on the Site and the Application.
8. Data controller: designates the companies B&B HOTELS Ljubljana, turizem in hotelirstvo, d.o.o., B&B HOTELS, TAKEOVER, DREAMLAND and TANDEM in their capacity as Data controllers managing processing operations carried out from the Site or the Application in Slovenia.
9. Services: refers to the services offered by B&B HOTELS via the Platform. The Services are described in detail in the General Terms and Conditions of Use ("GTCU"), which can be accessed here.
10. Site: means the website accessible at the URL address https://www.hotel-bb.com/.
11. User: means any person who accesses or browses the Site and the Application, whether a customer, an operator or an ordinary Internet user with or without an account.
2. Identity of data controllers
12. The data controllers responsible for the processing operations carried out on the Website and Application in Slovenia are:
- B&B HOTELS Ljubljana, turizem in hotelirstvo, d.o.o., a limited liability company, with its registered office at Tabor 9, 1000 Ljubljana, Slovenia, registered in the Business Register of Slovenia with registration number 8292965000;
- B&B DREAMLAND HOTEL, a simplified joint stock company, with its registered office at 271 rue du Général Paulet, 29200, Brest, registered in the Brest Trade and Companies Register under number 808 416 960;
- TANDEM SAS, a simplified joint stock company, with its registered office at 9 boulevard Romain Rolland 75014 Paris, registered in the Paris Trade and Companies Register under number 908 119 746;
- B&B TAKEOVER, a simplified joint stock company with its registered office at 271 rue du Général Paulet, 29200, Brest, registered in the Brest Trade and Companies Register under number 904 728 649;
hereinafter together referred to as "B&B HOTELS".
13. B&B HOTELS operates a central reservation system shared by the hotels listed here.
14. As part of the processing of bookings made via the Platform and the Application, B&B HOTELS is the joint data controller of your personal data with the companies that operate the hotels in which you book rooms (see the list of hotels here).
15. The list of companies is available by clicking here jointly manage the B&B HOTELS Club loyalty programme. In addition, B&B HOTELS has entered into a co-responsibility agreement with joint controllers, setting out their respective obligations, the broad outlines of which are available on request sent by mail to the Data Protection Officer of B&B HOTELS at the following address: miha.dvojmoc@infocenter.si.
16. The companies listed here jointly manage the B&Me loyalty programme. In addition, B&B HOTELS has entered into a co-responsibility agreement with joint controllers, setting out their respective obligations, the broad outlines of which are available on request sent by mail to the Data Protection Officer of B&B HOTELS at the following address: miha.dvojmoc@infocenter.si
3. Fair and transparent collection of your data
17. In the interests of fairness and transparency, B&B HOTELS takes care to inform the data subjects of the processing that it implements by means of information notices at the time of collection of personal data.
18. This data is collected fairly. No data is collected without the knowledge of or information to the individual concerned.
4. Legitimate and proportionate use of your data
19. When B&B HOTELS processes data, it does so for specific purposes: each data processing operation thus pursues a legitimate, specific and explicit purpose.
20. For each of the processing operations implemented, B&B HOTELS undertakes to only collect and use data that is adequate, relevant and limited to what is necessary with regard to the purposes for which it is processed. B&B HOTELS ensures that the data is kept up-to-date and implements procedures to enable the deletion or rectification of inaccurate data.
5. Data that is processed
21. B&B HOTELS collects and processes the following categories of data in connection with the processing of personal data for the purposes set out below:
● Data relating to your identity: title, surname, first name, address, telephone number, e-mail address, date of birth, age, customer code;
● Data relating to your professional life: company, location;
● Data relating to browsing: logs and connection data, computer hardware identification data, language preferences, geographical location data, data relating to your use of the Platform and Services, including data communicated to our teams when you make requests (language preference, etc.) data collected via cookies and other tracers;
● Data relating to your reservation: arrival and departure dates, details of other occupants of the rooms booked such as names and ages, preferences (smoking room, preferred floor, etc.), if billing to a different address is requested: company name, address, VAT number, etc. ;
● Data relating to transactions: transaction number, data relating to means of payment, details of the purchase, subscription or service subscribed to, data relating to invoice payments such as payment terms, discounts granted, receipts, balances and unpaid invoices. The bank card number, expiry date and cryptogram are processed exclusively by our service-provider Adyen, which only provides us with a token for guaranteeing and paying for bookings;
● Data relating to history of reservations in the B&B hotels.
6. Purposes, legal bases and retention periods for data processing
22. Each processing operation carried out by B&B HOTELS fulfils an explicit, legitimate and specific purpose, which is based on the performance of a contract, compliance with a legal or regulatory obligation, your consent or even legitimate interest. In addition, we only keep your data for as long as is necessary for the purposes for which it is to be used.
23. The purposes for which your data is processed, its legal basis and the duration for which it is kept are detailed below:
PURPOSE | LEGAL BASIS | RETENTION PERIOD |
Managing bookings and monitoring the commercial relationship with customers in connection with their booking, including the management of complaints
| The execution of the contract concluded between the customers and the entities of B&B HOTELS
| Active base:
The data used to manage the relationship with the customer is kept for as long as is necessary to execute the contract.
Intermediate archiving:
For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted.
Data concerning payments by bank card is kept for 13 months following the debit date, extended to 15 months for deferred debit cards.
|
Creating and managing user accounts on the website | Your consent | Active base:
The data used to manage the customer relationship is kept for as long as the user account is active
Intermediate archiving:
For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted.
|
The improvement of B&B HOTELS services, in particular,
| The legitimate interest of B&B HOTELS
| Time required to carry out and process the satisfaction survey or customer feedback |
Compiling commercial statistics
| The legitimate interest of B&B HOTELS
| Duration required to achieve the purpose of the statistics or until the right to object is exercised
|
Bookkeeping (accounting and tax obligations) | Compliance with a legal obligation | Intermediate archiving:
For the legal retention period (e.g. accounting obligation of 10 years).
|
Carrying out commercial prospecting operations. In particular:
| The consent of the data subject: for operations carried out by electronic means: emails, SMS (L.34-5 CPCE)
Legitimate interest for operations via post or calls involving human intervention (non-automated)
| Until consent is withdrawn or 3 years have elapsed since the individual's last contact with B&B HOTELS |
Administration and management of subscriptions to the B&B Hôtels Club loyalty programme | The performance of the contract concluded with B&B Hôtels and the other operating subsidiaries of the B&B Hôtels group
| Active base:
For the entire duration of your membership to the programme.
|
Intermediate archiving:
For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted.
| ||
The management of requests to exercise rights by data subjects concerned by the processing of personal data
| Compliance with a legal obligation (Articles 15 et seq. of the GDPR) | For as long as it takes to process the request.
|
The proper functioning and improvement of our Platform and its functionalities, including measuring the Site's audience | The legitimate interest of B&B HOTELS in ensuring the functioning and security of the Site
The User's consent given when unnecessary cookies are deposited.
| Tracer lifetime limited to 6 months
Retention period for data collected by means of tracers: Maximum 25 months
|
Managing the B&Me loyalty programme (granting loyalty benefits, awarding loyalty points) | The performance of the contract concluded with B&B Hôtels and the other operating subsidiaries of the B&B Hôtels group
| Active base:
For the entire duration of your membership to the programme.
Intermediate archiving:
For litigation or pre-litigation purposes, until the end of the legal requirement and for the duration of the proceedings until the ordinary and extraordinary remedies have been exhausted.
|
7. Data recipients
24. Within the limits of their respective attributions and for the purposes mentioned in article 6, the main persons who may have access to your data are as follows:
● authorised staff in our hotel reservations, marketing, sales, administrative, logistics and IT departments, who are responsible for improving our Services, customer relations, prospecting and quality control;
● authorised staff of our subcontractors and service-providers, including in particular hosting and cloud storage providers, payment service providers, suppliers of software for checking identity documents and verifying identity online by facial recognition, suppliers of mailing services, IT maintenance service-providers, marketing research service-providers;
● authorised staff of joint data controllers;
● the competent public authorities;
● where appropriate, the competent authorities, upon request, in particular public bodies, the courts concerned, as well as mediators, chartered accountants, auditors, lawyers, bailiffs, judicial officers, police officers, bodies responsible for debt recovery, exclusively to meet legal obligations, as well as in the case of searching for the perpetrators of offences committed on the Internet;
● third-parties likely to place cookies on your terminals with your consent. For more details, see our Cookies Management Policy.
8. Transfer of data outside the European Union
25. B&B HOTELS is a company belonging to the B&B HOTELS group, which provides its Services in numerous countries.
26. In this regard, and for the purposes indicated in article 6 of this policy, we may transfer your data to recipients within and outside the group located outside the European Union.
27. In the absence of an adequacy decision, B&B HOTELS only transfers data outside the European Union subject to appropriate guarantees, in this case the standard contractual clauses defined by the European Commission, and in strict compliance with the regulations in force.
28. You can access all the guarantees and documents relating to the transfer of your personal data outside the European Union by contacting our Data Protection Officer
● at the following email address: miha.dvojmoc@infocenter.si ;
● or the postal address: MD svetovanje d.o.o., Dunajska cesta 156, Ljubljana.
9. The security of personal data
29. B&B HOTELS attaches particular importance to the security of personal data. It implements technical and organisational measures that are appropriate to the degree of sensitivity of the personal data, with a view to ensuring the integrity and confidentiality of the data and protecting it against any malicious intrusion, loss, alteration or disclosure to unauthorised third-parties.
30. Nevertheless, data security and confidentiality depend on good practice on the part of each individual. Hence, the data subject is encouraged to remain vigilant about this issue.
10. Subcontracting
31. When B&B HOTELS uses a service-provider, it only communicates personal data to the latter after having obtained a commitment and guarantees on its capacity to meet these security and confidentiality requirements from it.
32. In compliance with its legal and regulatory obligations, B&B HOTELS concludes contracts with its subcontractors that precisely define the terms and conditions of data processing by the latter, in accordance with regulations on the protection of personal data.
11. Cookies
33. Cookies are the subject of a cookies policy.
12. Social networks
34. When browsing our Site or Application, you may click on the icons dedicated to the social networks Twitter, Facebook, Instagram, TikTok and YouTube.
35. Social networks help to improve the user-friendliness of the Site and our Application, and help to promote them through sharing.
36. When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Twitter, Facebook, Instagram, TikTok and YouTube profiles. However, we neither create or use any database independent of Twitter, Facebook, Instagram, TikTok and YouTube, nor do we use any data relating to your private life through this means.
37. In order to limit access by third-parties to your personal information on Facebook, Twitter, Instagram, TikTok or YouTube, we suggest you configure your profiles and/or the nature of your publications via the dedicated spaces on social media in order to limit their audience.
13. Exercising the rights of the data subject
38. B&B HOTELS is particularly concerned about respecting the rights granted to you in the context of the data processing that it implements, in order to guarantee fair and transparent processing, taking into account the specific circumstances and context in which your personal data is processed.
13.1 Right of access
39. In this regard, you have confirmation as to whether or not your data is processed, and where it is, you have the right to request a copy of your data and information concerning:
● the purposes of the processing;
● the categories of data concerned;
● the recipients or categories of recipients and, where appropriate, if such communications are to be made, the international organisations to which the data has been or will be communicated, in particular recipients established in third countries;
● where possible, the intended retention period for personal data or, where this is not possible, the criteria used to determine this period;
● the existence of the right to ask the data controller to rectify or erase your personal data, the right to request a restriction on the processing of your data, and the right to object to such processing;
● the right to lodge a complaint with a supervisory authority;
● information on the source of the data when it is not collected directly from the data subjects;
● the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and the expected consequences of this processing for the data subjects.
13.2 Right to rectify your data
40. You may request B&B HOTELS to rectify or complete any data that is inaccurate, incomplete, ambiguous or outdated.
13.3 Right to have your data deleted
41. You may request B&B HOTELS to delete your personal data in the cases provided for by the legislation and regulations.
42. Please note that the right to erasure of data is not a general right and can only be invoked if one of the grounds provided for in the applicable regulations is present.
13.4 Right to limit data processing
43. You may request that the processing of your data be restricted in the cases provided for by law and regulations.
13.5 Right to object to data processing
44. You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your data for which the legal basis is the legitimate interest pursued by the data controller.
45. If you exercise your right to object, B&B HOTELS will ensure that it no longer processes your personal data in connection with the processing concerned, unless B&B HOTELS can demonstrate compelling legitimate grounds for continuing such processing. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims.
13.6 Right to portability of your data
46. You have the right to the portability of your personal data. This is not a general right. Not all data from all processing operations is portable, and this right only applies to automated processing, to the exclusion of manual or paper-based processing.
47. This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.
48. This right does not include derived or inferred data, which is personal data created by B&B HOTELS.
13.7 Right to withdraw your consent
49. Where the processing of data by B&B HOTELS is based on your consent, you may withdraw it at any time. B&B HOTELS will then stop processing your personal data without affecting any previous operations for which you have given your consent.
13.8 Right to lodge a complaint
50. You have the right to lodge a complaint with the supervisory authority, namely at the Information Commissioner (Dunajska cesta 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.si, phone: 012309730, website: www.ip-rs.si)without prejudice to any other administrative or legal remedy.
13.9 Right to define advance directives
51. You have the possibility of formulating directives concerning the storage, deletion and communication of your personal data after your death and of designating a person to carry out these directives. The latter is then entitled to take cognisance of the directives and request their implementation from the data controller.
52. You may inform us of your directives concerning the fate of your personal data processed by B&B HOTELS in the manner described below. You can change or revoke your directives at any time.
13.10 How to exercise your rights
53. All the rights listed above may be exercised:
at the following email address: privacy.france@hotelbb.com
● or the postal address: B&B HOTELS Data Protection Officer, B&B Hotels Ljubljana d.o.o., Tabor 9, 1000 Ljubljana
by proving your identity by any means.