Privacy Policy
PREAMBLE:
We respect and protect the privacy of our customers and business partners. We collect, use and store your personal data with due diligence, in accordance with applicable laws in the countries in which we operate.
This privacy policy (hereinafter the “Privacy Policy”) explains our policies and practices on how we collect, use and disclose your personal information.
We advise you to read the Privacy Policy carefully as it contains important information about your personal data. You can print the full text of our Privacy Policy.
This policy applies to all information and personal data provided by you, or collected when you stay at our establishment or when you browse the website (hereinafter “the Website”).
CLAUSE 1: Entity responsible for collecting data
L.HOTEL is a general partnership with capital of €12,128,788.00, having its registered office at 43 boulevard Raspail 75006 PARIS, listed on the Paris Trade and Companies Register under number 451 324 867 (hereinafter “HOTEL LUTETIA”). It publishes the Website at the following URL: hotellutetia.com.
CLAUSE 2: Data collected
We only collect information that is adequate, relevant and necessary in relation to the purposes for which your data is collected and processed, as described in clause 4 below.
We therefore only collect your information to operate efficiently and to provide you with the best experiences of our services.
The specific type of information collected will depend on the context of your interactions with us and the services you use. Examples of information that may be collected include:
- your identity (first name, last name, gender, date of birth, nationality);
- your contact details (e.g. postal address, telephone number, email);
- information about your children (e.g. first name, date of birth, age);
- your payment information for transaction, booking, guarantee and payment pre-authorisation purposes (number and expiry date, billing address and account information);
- your information on an identity document (e.g. identity card, passport or driving licence);
- information relating to your stay (arrival and departure dates, products and services purchased);
- your information necessary to respond to any special requests and/or requests for specific accommodation (preferences, leisure activities, guest name and number of children and ages);
- your questions/comments, during or following a stay;
- your purchases (including purchase history, order details);
- your health information corresponding to data relating to your past, present and future physical health, solely for membership of the AKASHA Club and any visits to the Spa, and in any event, subject to your explicit consent.
We collect your data in different situations, including when:
- you create an online account on our Website or in our store;
- you subscribe to our newsletter;
- you use our digital platforms;
- you participate in our events;
- you purchase products or services on our digital platforms or in our store.
We also collect your data automatically when you use or interact with our Website or use the applications available on our Website. We receive and store information generated by your activity from your browser or mobile device including, but not limited to, your IP address, browser type, operating system, mobile network data, pages viewed and times visited.
If you submit personal information about another person (e.g. if you make a booking on behalf of another person), you represent that you are authorised to do so by that person and allow us to use the information in accordance with this privacy policy. You also represent that the information provided is accurate.
Finally, when you need to enter your personal data on the Website, asterisks will indicate which information is mandatory and which is optional.
The collection of your data is based on one or more of the following legal bases:
- we have obtained your prior consent (e.g. when you subscribe to our newsletter). Please note that in this specific context, you have the right to revoke your consent at any time (see Clause 7 below “Rights of data subjects to the data collected”);
- processing is necessary pursuant to a contract between HOTEL LUTETIA and you (e.g. when you purchase or book a product or service);
- to comply with the laws and regulations in force.
CLAUSE 3: Specific information for minors under the age of 15
In accordance with Article 8 of the General Data Protection Regulation (GDPR) and the French Data Protection Act, the collection of information in France about persons under the age of 15 is limited solely to their name, nationality and date of birth, which can only be provided to us with the consent of the holder of parental authority.
In the event of the transmission of such information, minors have “the right to be forgotten”, provided for in Article 40(6) of the French Data Protection Act: “(…) The data controller is required to promptly erase personal data that have been collected as part of a company’s service offer when the data subject was a minor at the time of collection”.
Please ensure that your children do not send us any personal data without your permission (including via the Internet).
CLAUSE 4: Use of your personal data
We collect and use your personal data exclusively for the purpose of ensuring the efficient operation of our services and providing you with the best possible experiences.
Depending on the context, we use the information collected for the following purposes:
- Booking and purchases: to allow the booking of your room and/or suite and/or offer and/or Ancillary Services, as defined in our General Terms and Conditions of Sale, which are also available on our Website, or to complete your booking. It is hereby specified that, for membership of the AKASHA Club and access to the SPA, we may collect certain data relating to your health.
- Safety and security: to maintain your safety and security within HOTEL LUTETIA as well as the safety and security of staff.
- Customer relations: to offer personalised hospitality services and products, based on your preferences and previous stays at our establishment. The information may be used for voluntary loyalty programs that we operate.
- Internal business objectives: to develop our products, improve our website, improve our services, identify user trends and visitor habits, determine the effectiveness of our promotions, evaluate the performance of third parties (travel agencies), forecast our occupancy yield and meet our contractual obligations.
- Administrative and other communications: to send you important information about our Website, changes to our terms, conditions and policies, or other administrative information (e.g. information about your travel bookings, such as confirmation emails).
- Marketing and promotions: To provide you with news and promotions regarding products and services related to HOTEL LUTETIA that may be of interest to you; including Akasha Spa & Gym, Bars and Restaurants.
- To provide after-sales service and to manage refunds and litigation.
- Our legal obligations: To comply with legal or regulatory requirements or with any requests in accordance with applicable laws, regulations and other legal procedures, including to comply with our legal obligations on combatting and preventing fraud, money laundering and terrorist financing.
CLAUSE 5: Use and transmission of data
5.1. Data retention period
Your personal data is processed for the period required to achieve the purposes that led to the collection of such data, in order to comply with legal and regulatory obligations, as well as for the period necessary to establish, exercise and protect legal rights [Article 5 of the GDPR].
Your personal data will be retained for the entire duration of your stay or from the performance of any Services from which you benefited, and for ten years after the end of your last stay at HOTEL LUTETIA, unless you exercise your right to remove the data, or if a longer retention period is authorised or imposed by a legal or regulatory provision.
Data relating to payment methods will be kept by HOTEL LUTETIA and its partners until any sums due are paid in full.
5.3. Recipient of your personal data
Your personal data will only be disclosed to the parties named below:
- Employees of HOTEL LUTETIA who need access to your personal data and who are authorised to process it for the aforementioned purposes and who undertake to respect its confidentiality;
- The corporate departments of HOTEL LUTETIA, in charge of customer relations, retail, e-commerce, communication, legal affairs, finance, internal audit, IT management and security for the purposes set out in this privacy policy.
- Third parties acting on behalf of HOTEL LUTETIA, according to our prior instructions set out in a binding contract which complies with the requirements of applicable law and the signing and performance of which are essential for performance of the Services from which you benefit within the Hotel and for which your personal data is necessary.
Disclosure to such third parties is necessary for different reasons, including:
- IT development and support;
- Hosting and carrying out marketing and economic studies and marketing campaigns;
- Verifying your information, authenticating payments and processing orders and payments to third parties who provide credit reports, payment services and order fulfilment services;
- Disclosure to the competent authorities and/or bodies or to third parties, according to legal obligations or in the context of legal proceedings or other legal request.
5.4. Transmission of your data abroad
The majority of data processing operations are carried out within the borders of the European Union, which also includes processing carried out by our third-party partners.
However, some recipients of your data are located outside the European Union, in the United States as well as in the United Kingdom.
The following guarantee has been made to ensure an adequate level of protection of your information since the European Commission declared, by decision of 10 July 2023, that the United States offered a level of protection of personal data equivalent to the European Union and therefore adequate for any commercial activity. This was also the case for the United Kingdom pursuant to a decision of 28 June 2021. If this situation were to change, HOTEL LUTETIA would ensure that the transfer is regulated, in accordance with GDPR requirements (standard protection clauses adopted by the European Commission or the CNIL, binding corporate rules approved by the CNIL, code of conduct approved by the CNIL or certification issued by an accredited certification body).
Excluding the cases set out above, we undertake not to sell, lease, assign or allow third parties to access your data without your prior consent, unless forced to do so for a legitimate reason (legal obligation, fight against fraud or abuse, exercise of rights of defence, etc.).
CLAUSE 6: Protection of your personal data
All your personal data is treated as strictly confidential.
We follow appropriate security procedures in the retention and disclosure of your personal data in order to prevent unauthorised access and use by third parties and to prevent accidental loss of your data. The persons who access your data are subject to a confidentiality obligation towards Hotel Lutetia.
We also have procedures in place to address any suspected data security breach. We will notify you and any relevant supervisory authority of any suspected data security breach where we are required to do so by law.
We impose strict requirements on the recipients to whom we transmit your personal data to ensure that they respect the confidentiality of your data. However, it is important to note that the transmission of information via the Internet is not entirely secure. As a result, we cannot guarantee the complete security of personal data that you transmit to us via the Internet.
You acknowledge and agree that such transmission is at your own risk. We shall not be liable for any unauthorised use, distribution, damage or destruction of your data, except to the extent that we are liable by law or a breach of your personal data is related to the negligence or fault of HOTEL LUTETIA.
CLAUSE 7: Rights of data subjects to the data collected
Under applicable data protection laws, you have the following rights:
- right of access: right to receive a copy of your personal data;
- right to erasure: right to request the erasure of your personal data;
- right to rectification: right to request the rectification of any error in your personal data or to add to it;
- right to be forgotten: the right to ask us to remove your personal data in certain situations;
- right to restrict processing: right to request the restricted processing of your personal data in certain circumstances, for example if you dispute the accuracy of the data;
- right to data portability: right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format and/or to transmit such data to a third party, in certain situations;
- right to object to processing:
Where the processing of your personal data is based on your consent, you have the option to withdraw that consent at any time.If you no longer wish to receive our advertising or promotional communications, please note that you have the right to revoke your consent to direct marketing at any time. You can do this easily by using the unsubscribe link included in each advertising email we send you.
In the event of revocation, we will update our databases promptly and take all necessary steps to process your request as soon as possible. However, we may continue to contact you to the extent necessary in relation to any product or service subsequently requested.
To exercise your rights, please read Clause 9 below.
If you choose to exercise any of the rights set out above, you will need to inform us of the right you wish to exercise and provide us with certain information (such as a copy of your identity card, passport, or any other document legally recognised as an identity document) for identification purposes. This is essential to process your request and to protect us from any fraudulent requests from third parties.
You also have the right to lodge a complaint with a data protection supervisory authority in the event of an alleged breach of the applicable data protection rules. The French supervisory authority is the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL).
CLAUSE 8: Updates to the Privacy Policy
Our Privacy Policy reflects our current practices and may be amended and updated from time to time. When changes are made, the “Date updated” at the bottom of the Privacy Policy is amended to indicate the effective date of such changes. We advise you to regularly consult our Privacy Policy.
If we intend to use your personal data in a different manner to the one specified in the Privacy Policy in force at the time of collection, or if substantial changes are made to the Privacy Policy, we will visibly notify you on the Website. This will be via a notice of change at the beginning of the Privacy Policy and on the home page of the Website.
CLAUSE 9: Contact us
For any questions relating to your data, to exercise any of the rights mentioned in Clause 7, to ask any general questions or for any complaint, please contact our teams:
- Our Data Protection Officer by email at [email protected],
- By post: Hotel Lutetia Paris, 45 boulevard Raspail, 75006 Paris,
For any additional information or complaint, please contact the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL) (more information at www.cnil.fr).
CLAUSE 10: COOKIES
To improve your experience on our Website, some of our pages on the Website may use “cookies”.
Cookies are managed by your web browser. This identifier may allow the Website to recognise your computer, browser, mobile or tablet each time you visit.
Article 82 of the French Data Protection Act transposes Article 5.3 of Directive 2002/58/EC “privacy and electronic communications” (or “ePrivacy”) into French law. In particular, it provides for an obligation, subject to exceptions, to obtain the consent of Internet users prior to any operation to write or read cookies and other trackers.
10.1. Definition of a cookie
A cookie is a small file stored by a server in a user’s terminal (computer, telephone, etc.) and associated with a web domain (i.e. in most cases, all the pages of the same website). That file is automatically resent when subsequent contact is made with the same domain.
Cookies have multiple uses, including to record and track data concerning a user’s login and use of the Website.
Some of these uses are strictly necessary for functionalities expressly requested by the user or for the establishment of communication and are therefore exempt from consent. Others, which do not meet these criteria, require user consent prior to reading or writing (see 11.2. User Consent).
10.2. Mandatory user consent
Simply continuing to browse a website cannot be deemed to be a valid expression of a user’s consent to the website’s cookie policy.
Users must consent to the deposit of cookies by a clear affirmative action (such as clicking on “I accept” in a cookie banner). If they fail to do so, no cookies that are not essential for operation of the service may be placed on their device.
You can refuse cookies.
You can withdraw your consent at any time.
You can change your preferences at any time by going to the “Manage your cookie preferences” section.
Some uses are strictly necessary for functionalities expressly requested by the user or for the establishment of communication and are therefore exempt from consent.
10.3. Cookies used
First, the banner on our Website, when you connect to it, allows you to find out specific information about cookies and to select your own cookies by refusing some (with the exception of the necessary cookies below) or by accepting them in whole or in part.
Strictly necessary cookies
Some cookies are necessary for the operation of the website and cannot be disabled in our systems. They improve and personalise the functionalities of the website. They are usually set up as a response to actions you have taken that constitute a request for services, such as setting your privacy preferences, logging in or filling out forms. The information collected via these cookies is anonymous and does not allow us to identify the user. You can configure your browser to block or to be notified of these cookies, but certain areas of the website may be affected.
Cookies exempt from consent include, for example, cookies intended for authentication with a service, those intended to remember the content of a shopping cart on a merchant site, certain cookies intended to generate traffic statistics, or those allowing paid websites to limit free access to a sample of content requested by users.
10.4. Right to object
You have the choice to refuse cookies on our Website, as well as by configuring your browser.
The methods for configuring and removing cookies are different for each browser. These procedures are described in the help menu of your browser. Remember that you should configure each of the browsers on your different terminals (tablets, smartphones, computers, etc.). The ways of configuring cookies for the most well-known browsers are below:
Depending on your settings, your browsing will be modified and access to our services will be more or less restricted. In particular, disabling certain cookies will alter or even make it impossible to visit our Website.
If your device is used by several people or has several web browsers, it is possible that certain cookie choices may not be taken into account permanently, either because you have used another browser or because a third party has changed your browser settings. We are not able to prevent these external elements or to guarantee the permanence of any choices initially expressed.
Date last updated: 12 March 2024