Book
Find your hotel:

Data protection declaration for France


Last update: 22.07.2024

In the frame of this website and of its activities, H-Hotels GmbH may collect and process personal data about you. H-Hotels GmbH is committed to protecting your privacy and to ensure the protection of your personal data (your “Personal Data”) in accordance with applicable regulations, and in particular European Regulation 2016/679 (“GDPR”) and the local applicable laws, such as the French Data Protection Act No. 78-17 in France (the “Loi Informatique et Libertés”) (together the "Applicable Regulations").

Please note that the terms such as “data controller”, “data processor”, “data subjects” and “processing” shall have the sense set out by Art. 4 of the GDPR.

1. What is the purpose of this document?

The purpose of this data protection notice (the “Privacy Policy”) is to inform you about the details of the processing of your Personal Data and about your legal rights in this regard.

We reserve the right to adapt this Privacy Policy statement with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the Applicable Regulations or the corresponding case law. You will be fully informed of any substantial amendment of this Privacy Policy.

We recommend that you take the time to carefully read this Privacy Policy, consult it from time to time and take a printout or a copy for your own records. If you have any questions about the processing of your personal data or wish to exercise your rights, please contact us in accordance with the information provided in the "contact" section below.

2. Data processing implemented by H-Hotels GmbH

2.1. Who is the data controller of your Personal Data?

The following party is known as the “controller” under the GDPR and is therefore responsible for the processing of your Personal Data performed strictly within the scope of this Privacy Policy:

H-Hotels GmbH
Braunser Weg 12
34454 Bad Arolsen
Allemagne
Tel.: +49 (0) 551 3057100
Email: [email protected]

2.2. Who you may contact, should you have any question about this Privacy Notice?

If you have any questions about data protection with regard to our company or our website or to exercise your rights, you can contact our data protection officer: 

Lars Hallier
H4 Hotel Paris Saint Denis Betrieb und Management SAS
149 boulevard Anatole France
93200 Saint-Denis
France
Tel : +33 1 80 60 96 66
Email : [email protected]

2.3. What are the categories of Personal Data we may process about you?

Depending on your status and your interactions with H-Hotels GmbH, the following personal data may be collected and processed in the frame of our website and our activities:

  • Connection data or data relating to your use of the website: such as Browser type/version, operating system used, language and version of the browser software, date and time of access, hostname of the accessing device, IP address, etc.
  • Identification data: such as your surname, first name, email address or telephone number, information about your message (such as the date and time of registration), content of your exchanges with H-Hotels GmbH, your address, your membership number if applicable, user ID, password, information about your loyalty program, etc.
  • Professional data when you apply for a job, such as your name, email address, data from your application documents, in particular certificates, CV, cover letter, date of birth and gender, and, if applicable, special categories of personal data such as marital status and degree of disability.
  • Paiement data: such as payment details, your bank, the payment service you use, etc.
  • Data about your booking: such as your reservation number, the date of the booking, the travel period, the name of the hotel booked and the amount of the room booking, if applicable with our partners, etc.
  • Data collected via cookies: please consult our Cookie Policy https://www.h-hotels.com/en/disclosure-of-cookies.

The Personal Data which are mandatory for the performance of our services, the answer to your requests, the compliance with a legal obligation or the normal functioning of our website are indicated as such. If you dot not provide this mandatory information, it may be not possible for H-Hotels GmbH to provide you with its full services or to answer your request.

For which purposes and on which legal basis is your Personal Data processed? For how long is it stored by H-Hotels GmbH?

The table below sets out the purposes for which we process your data, the legal basis for this processing and the associated retention periods. Please note that your Personal Data is generally stored by H-Hotels GmbH for the period necessary to achieve the purposes described below, except in cases where (i) you request H-Hotels GmbH to delete it before the expiration of this period, subject to the conditions imposed by applicable law, and/or (ii) the law permits or requires it to be kept for a longer period.

Purposes of the processing Legal basis of the processing Data retention period
Using our website Legitimate interests in ensuring the functionality, integrity and security of the website (Art. 6(1) Sentence 1(f) GDPR). The data will be erased as soon as it is no longer required for achieving the purpose of its processing described hereinabove.
Contacting our company
For example by email, telephone or using the contact form on the website
Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR). Legitimate interests in preventing any misuse of the contact form and to ensure the security of our information technology systems (Art. 6(1) Sentence 1(f) GDPR). As soon as processing is no longer necessary, we will erase the data generated here – usually two years after the end of the communication – or, if statutory retention obligations apply, restrict processing of the data.
Using our chat Quicktext
If you have any questions about our hotels, accommodation offers, leisure offers, your booking, or our company.
Legitimate interest in being able to offer you another communication channel and to improve our customer service (Art. 6(1) Sentence 1(f) GDPR). As soon as processing is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data accordingly.
Applying to a job Legitimate interest in being able to check your suitability for a position in our company and to conduct the application process (Art. 6(1) Sentence 1(f) GDPR).

Conclusion of a contract insofar as the data processing is necessary for hiring you and for carrying out the employment relationship (Art. 6(1) Sentence 1(b) GDPR)
We will store your data for as long as necessary in connection with the employment relationship. As a rule, we will erase your personal data as soon as it is no longer required for the purposes mentioned above and unless otherwise required by law. In particular, we store personal data for as long as we need it to establish legal claims or to defend against claims. Accordingly, in the event of a rejection we will erase the data of applicants two years after sending the end of the recruitment process
Using our voucher shop Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR). As soon as storage is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.
Booking Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR).

Legitimate interests in processing bookings quickly and in a customer-friendly manner (Art. 6(1) Sentence 1(f) GDPR).
As soon as storage is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and booking data for a period of up to ten years.
Creating an account
It is necessary to create a customer account in order to make full use of our online services. You will need to register to do this.
Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR). If the customer account is cancelled, the stored data will be erased after the date of cancellation, unless it is stored for purposes other than the provision of the customer account or must be stored for legal reasons (such as internal storage of customer data, order processes or invoices). The data is not backed up, so if you want to continue using it, you should back it up yourself.
Participating to our loyalty program “HotMiles account” Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR). Your data will be erased as soon as it is no longer required for the processing purpose. This is the case after deletion of the customer account, unless we are obliged to retain the data due to legal regulations. In such cases we restrict the processing. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and booking data for a period of up to ten years. We will process your data for the purposes of our loyalty programme until you delete your customer account.
Complying with our legal obligations
Under French laws governing the entry and residence of foreign nationals and the right of asylum, commercial providers of accommodation, such as hotels in particular, are obliged to collect data from guests on the day of their arrival and to have the registration form signed by hand.
Comply with a legal obligation (Art. 6(1) Sentence 1(c) GDPR). We will erase this data or restrict its processing as soon as this is permitted under the provisions of applicable law.
Implementing our marketing activities
We may use the email address you provide when booking in accordance with the statutory provisions in order to send you the following content by email at the time of or after your booking, unless you have already objected to this processing of your email address:
  • Interesting aspects and information from our portfolio, in particular on holiday regions, hotels and accommodation, leisure activities and musicals, conference and catering services;
  • Special/time-limited offers, in particular highlights and deals;
  • Personalised customer advice and support;
  • Invitations to company events;
  • Customer feedback/satisfaction queries;
  • Information on arriving by public transport.
We reserve the right to use the email address you provide when booking in accordance with the statutory provisions in order to send you the following content by email at the time of or after your booking, unless you have already objected to this processing of your email address:
  • Interesting aspects and information from our portfolio, in particular on holiday regions, hotels and accommodation, leisure activities and musicals, conference and catering services
  • Special/time-limited offers, in particular highlights and deals
  • Personalised customer advice and support
  • Invitations to company events
  • Customer feedback/satisfaction queries
Information on arriving by public transport.
Legitimate interests in enhancing and optimising our services, conducting direct marketing and ensuring customer satisfaction (Art. 6(1) Sentence 1(f) GDPR). We will process your data for the marketing purposes until you object to this processing, you unsubscribe from our newsletter or three years after the last active contact with you in accordance with applicable law.
Managing customer feedback
The purpose of this processing is the regular improvement of our products and purchasing in our online shop.
Legitimate interests are in receiving customer feedback to regularly improve our products and services (Art. 6(1) Sentence 1(f) GDPR). -
Managing your payment Conclusion of a contract (Art. 6(1) Sentence 1(b) GDPR). As soon as storage is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.
Managing the enforcement of rights, address investigation, debt collection, litigation Legitimate interests in fraud prevention, avoiding default risks and managing possible litigation (Art. 6(1) Sentence 1(f) GDPR). We have a legitimate interest in the processing for the purpose of enforcing our rights. As soon as storage is no longer necessary, we will erase the data generated or, if statutory retention obligations apply, restrict processing of the data.

3. Transfer and recipients of your personal data

Personal data may be accessible to H-Hotels GmbH’s internal teams (to ensure the proper functioning of the website and manage the relationship with users and clients, for example), as well as to H-Hotels GmbH’s service providers (in particular our technical service providers) or third parties for legal reasons or the purposes described hereinabove (for example to judicial or public authorities, if required by law, or regulated professions such as lawyers, notaries or auditors).

Where strictly necessary for the purposes of managing the website or operating our activities, Personal Data may be transferred outside the European Union. When your Personal Data is transferred outside the European Union, these transfers are governed by the mechanisms provided for by the RGPD and validated by the European Commission, such as the Standard Contractual Clauses, a copy of which you may request (see Section 2 “contact” hereinabove).

4. Security of your Personal Data

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption in accordance with Art. 32 GDPR. To this end, we regularly review our security measures and adapt them to the latest standards and the sensitivity of the personal data we process.

5. Your rights

Under the conditions stipulated in the applicable data protection regulation and laws, you have the following rights with regard to the processing of your Personal Data:

  • Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR and subject to the conditions of the GDPR. 
  • Right to rectification: If the information concerning you is not or is no longer correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
  • Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms. Processing will also continue if the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy statement, we draw your attention to this right to object when describing each processing operation.
  • Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
  • Right to data portability: Subject to the conditions set forth by the GDPR, you have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can exercise your rights by informing us using the contact details specified under “Controller” above or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This includes the data protection supervisory authority responsible in Francer: Commission Nationale Informatique et Libertés, 3 Pl. de Fontenoy, 75007 Paris, www.cnil.fr 

Book now