Legal

Oh Baby® Privacy Protection Policy

Important update (02/2022)

OHBABY HOTEL updates its Privacy Protection Policy respecting European regulation 2016/679 of 27 April 2017 relating to the protection of natural persons regarding the processing of their personal data and the free circulation of these data (the “Regulation”), as well as those of law no. 78-17 of 6 January 1978 relating to data protection, such that the latter has been modified and most recently completed by law no. 2018-493 of 20 June 2018 enacted on 21 June 2018 (the “Data Protection Law”), to inform you about the data relating to you that we collect and on the use that we make of them. Your user experience will remain unchanged and you can, at any time, exercise your rights relating to your data.

This Policy may be subject to updates. We ask you to regularly view our website, http://ohbaby.com/.

Table of contents
1. Introduction
2. Who are we?
3. How can you contact us?
4. Lawful basis for processing your personal data
5. A loyal and transparent collection
6. The principle of purpose
7. A balanced processing of data
8. The personal data that we collect and process
9. Personal data of minors
10. The origin of data that we process
10.1 Declarative personal data
10.2 Operational personal data
10.3 Personal data coming from third parties or other services
10.4 Personal data coming from automated means
11. Legal bases and the purposes of our data processing
12. Recipients of your data
13. Transfers of your data
14. The durations for which we keep your data
15. Resorting to profiling processing
16. The security of your data
17.1 Your right to correct your data
17.2 Your right to remove your data
17.3 Your right to limit data processing
17.4 Your right to oppose data processing
17.5 Your right regarding the portability of your data
17.6 Your right to withdraw your consent
17.7 Your right to lodge an appeal
17.8 Your right to define post-mortem directives
17.9 The methods of exercising your rights
18. Applicable law
19. Policy updates

Introduction

This Privacy Protection Policy (the “Policy”) describes the methods that OHBABY HOTEL, in its role as data controller, on its own behalf and on behalf of the companies of its group (“OHBABY HOTEL” or “us”) uses, for the collection, the use, the protection and the sharing of the personal data of clients who visit its hotels and restaurants, use its website and/or wi-fi terminals, and/or interact in any other way with OHBABY HOTEL, including consumer service, contractual and commercial relations, relationship or loyalty programmes, and/or on social networks.

Concerned about respecting the rights and freedoms of people, OHBABY HOTEL is committed regarding protecting personal data.
This Policy forms an integral part of the contractual relationship that we can have with our users, clients and partners (cookies, commercial contracts or partnerships, etc.).

For a good understanding of this Policy, it is specified that:

 

    • “client(s)”, “contact(s)”, “users”, “partners” means any natural person or legal entity in a relationship with OHBABY HOTEL or any other company of its group (clients, candidates, prospects, relations, partners, etc.);

    • “data controller” means any natural person or legal entity who/which determines the purposes and the means for processing personal data defined in this Policy;

    • “subcontractor” means any natural person or legal entity who/which processes personal data on behalf of the data controller (in practice, these are service providers, with which we work and which intervene on the personal data that they process);

    • “recipients” means natural persons or legal entities who/which receive communication of personal data, who/which can therefore also be internal recipients, as well as external bodies.

Who are we?

OHBABY HOTEL SAS, data controller, with a capital of 1000 euros, having its Head Office located in PARIS (75008) at 77 Boulevard Malesherbes, registered at the Paris Trade and Company Registry under the number 910 4157.107 385, represented by its president, the SERGE TRIGANO CONSEIL, LLC company, with a capital of 500 euros, registered at the Paris Trade and Company Registry under the number 803 955 236, having its Head Office located in PARIS (75008) at 77 Boulevard Malesherbes.

How can you contact us?

For any question regarding this Policy and the protection of personal data, you can contact us:

By email: data-privacy@oh-baby.com.

By letter:
OHBABY HOTEL SAS
Personal Data
24 rue des capucines
75002 Paris

Lawful basis for processing your personal data

Your personal data are processed based on

 

    • your consent under the terms of article 6(1)(a) of the Regulation (necessity to comply with a legal obligation);

    • the necessity to perform a contract concluded with you under the terms of article 6(1)(b) of the Regulation;

    • our legitimate interests in running our business and providing you with requested products and services when these prevail under the terms of article 6(1)(f) of the Regulation.

A loyal and transparent collection

Concerned about transparency, we attach particular care to the information of our contacts regarding processing, which relates to them. To this end, OHBABY HOTEL (for itself and on behalf of the companies of its group) has defined this Policy, which is moreover brought to the knowledge of its contacts on the data collection media used.

The principle of purpose

When we are led to processing data, we do so for specific purposes. Each processing of data implemented pursues a legitimate, determined and explicit purpose.

A balanced processing of data

For each of the processing events implemented, we are committed to only collecting and utilising suitable, relevant and limited data, which are necessary regarding the purposes for which they are processed.

We ensure that the data are, if necessary, updated and implemented from processes to enable the removal or the correction of inaccurate data.

The personal data that we collect and process

In the scope of processing personal data for which the purposes will be presented to you below in the paragraph Legal bases and the purposes of our data processing, we can collect and process, in particular, the following categories of data:

 

    • contact details (for example, surname, forename, telephone no., email);

    • personal information (for example, date of birth, nationality);

    • information about your children (for example, forename, date of birth, age);

    • your credit card no. (for purposes of transaction and booking);

    • information appearing on an identity document (for example, ID card, passport or driving licence);

    • your Accor loyalty programme member no., or member no. of another partner programme (for example, the loyalty programme of an airline) and information relating to your activities in the scope of the loyalty programme;

    • your arrival and departure dates;

    • your preferences and areas of interest (for example, smoking or non-smoking room, preferred floor, type of bedding, type of written/read media, sports, cultural interests, food and drink preferences, etc.);

    • your questions/comments, during or following a stay in one of the establishments;

    • technical and localisation information generated in the scope of using our website;

    • any other personal data that you communicate to us.

We can also collect complementary personal data relating to you directly within our hotels and restaurants and/or during events that we organise, under the conditions and for uses which are particularly notified to you on this occasion.

The fields above with a (*) can be made compulsory for the correct operation of the service in question (there are, in particular, our relationship programmes or our recruitment operations), or to respond to legal or regulatory obligations.

You can refuse to communicate to us your personal data. However, when data are compulsory to respond to your request, to access the service requested or to respond to legal or regulatory obligations, collection forms will specify it by this asterisk (*). With no communication of this information, your request cannot be examined or its analysis will be delayed.
When a password is compulsory, it remains totally unknown, except for the contact that it relates to.

We will not process personal data which reveal the racial or ethnic origin, political opinions, religious or philosophical beliefs or also union membership, nor processing of genetic data, biometric data for the purpose of identifying a natural person uniquely, data relating to heath, sex life or sexual orientation of a natural person. However, on the occasion of exchanges with you, if you communicate to us such information, and in particular data relating to your health, then a particular procedure will be monitored, in order to collect your express consent to such a collection.

In the case where you communicate to us the personal data of a third party, you must inform them beforehand about your process and you ensure that you have their authorisation and their agreement to do so.

Personal data of minors

We know when it is important to protect your privacy and that of your children when you use our online services. We are committed quite particularly to protecting the privacy of children who access our services.

Collecting information about people less than 16 years old is limited to only their surname, nationality and date of birth, which can only be provided to us by an adult. Please ensure that your children send no personal information to us without your authorisation (in particular, over the internet).

In the case where a parent or a guardian having parental authority finds out that their child has provided us with personal data without their consent, please contact us by referring to the paragraph, How can you contact us?. We take the necessary measures to remove this information from our database according to the applicable legal requirements.

We highly recommend parents and guardians having parental authority to regularly control and monitor the online activities of their children.

If you have even the slightest question relating to our confidentiality rules relating to children, you can contact us on the contact details outlined above in the paragraph, How can you contact us?

The origin of data that we process

Declarative personal data

We can directly collect personal data from our contacts, in particular when:

 

    • you create an account or you connect to our website;

    • you make a booking with one of our hotels or our bars and restaurants;

    • you register in one of our establishments (check-in and check-out), benefit from services during your stay (meals, food and/or drink at the bar, Photobooth, and any other service offered by Ohbaby Hotel);

    • you pay for your stay and/or services within one of our establishments;

    • you book through a third party (tour operators, travel agencies which are online or not, GDS booking systems and others);

    • you interact in any other way with us, including in particular through our consumer service, our relationship programme and/or on social networks;

    • you subscribe to our information letters (newsletter);

    • you use our relationship or loyalty programme;

    • you write an opinion or comment on our site, on our social networks or on third-party social networks and you contribute to satisfaction surveys;

    • you contact us through different channels, including in particular contact forms, by email, through the post or over the telephone;

    • you contact us via our consumer service, our chatbot, our social networks or via third-party social networks;

    • you take part in a game or a competition, in a prize draw, satisfaction surveys, polls;

    • you communicate with us in any other way.

These data are collected in particular through our forms and our questionnaires, in paper or electronic format.

We only collect your personal data when this is strictly necessary and legal. We are committed to only collecting the minimum amount of personal information necessary for purposes covered by this Policy.
In the event where we would need to use your personal data for purposes not covered by this Policy, an additional consent will be requested of you. Such a consent is not compulsory, but will sometimes be necessary such that we are able to meet your needs/requests.
Please note, however, that your consent will not be necessary if the processing that we carry out of your personal data is justified by a legitimate reason, on the condition that this use has no damaging effect on your own rights and interests.

Operational personal data

The operations carried out when we supply you with services generate and produce data relating to you. The same goes during the use of our website. These data coming from the operation of our products and services form the subject of a processing event.

Personal data coming from third parties or other services

We are likely to collect data relating to you from other companies and entities, among which our hotels, subsidiaries and other companies of our group, our franchises, public databases, social networks or also third-party commercial partners, such as service providers of analysis or marketing services with which you have been in relations with and that you have authorised to share personal data relating to you with us for commercial canvassing or advertisement targeting purposes. These communications are governed, if necessary, by the privacy protection policies of these social networks or third-party partners, to which we return you.

Moreover, we can collect public information, accessible to all, for example on your profile, when you interact with us on social networks. The latter furthermore allow us to collect communications which are sent to us or which relate to us.

In certain cases, we can also be led to collect information that you provide about other people. We use said information, only to respond to your requests and will not send commercial communication to your contacts unless they themselves choose to receive communications from us.

We can associate and combine the data that you communicate to us online and offline with the data from your account when you have an account or that you are registered to our relationship or loyalty programmes, or that you use one of our services, and/or those collected automatically and from other sources.

Personal data coming from automated means

We can be led to use automated technologies to collect data from your computer or from your mobile device (phone or tablet) when you visit our establishments and when you use our online services or services onsite within our hotels and restaurants.

These automated technologies in particular comprise cookies, shared local objects or also web beacons.

More detailed information is available in our Cookies Notice available HERE.

We are thus likely to collect the following data:

 

    • your IP (Internet Protocol) address;

    • the dates and times at which you access our online services or services onsite;

    • the names and URL addresses of files viewed using our online services;

    • the type of operating system and browser of the computer or mobile phone used;

    • the type of mobile device used and its parameters;

    • the Unique Device Identifier (UDID) or Mobile Equipment Identifier (MEID) associated with your mobile phone.

Legal bases and the purposes of our data processing

We collect personal data only when we have a legal basis to do so.

The processing that we implement are in particular necessary:

 

    • for providing our services (bookings, managing your stay, shop, portal and wi-fi supply, etc.);

    • for executing a contract or executing precontractual measures;

    • for improving our services and client and user experience;

    • for managing the relationship with our clients before, during and after your stay;

    • for fulfilling our obligations to our clients;

    • for managing CCTV for your own security, like that of the premises and staff of our hotels and restaurants;

    • for securing payment operations by determining the level of fraud risk associated with each transaction, and for securing property and people by fighting against non-payments;

    • for using the services necessary for searching the identity of the people present in one of our establishments in case of serious events impacting the establishment in question (natural disasters, attacks, health crisis, etc.);

    • for achieving our legitimate interests, in particular regarding the knowledge of our contacts, or also the management, the monitoring, the control and the development of our activities;

    • for leading our recruitment operations;

    • for complying our legal obligations.

We can thus use personal data that we collect for the purposes described below.

We do not use personal information for purposes which are incompatible with those for which they have been collected unless these have not been subsequently approved by you. If we needed to use information relating to you collected by us in another way, we will inform you about it at the time of the collection or we will request authorisation from you.

Providing our services and executing our contractual or precontractual relationship

 

    • responding to your requests, honouring your bookings and processing payments relating to our products and services;

    • managing your online account and our relationship or loyalty programmes, and to make you benefit from the advantages which are associated with them;

    • communicating with you regarding your orders, bookings and purchases, accounts that you create or hold with us, of our relationship or loyalty programmes;

    • ensuring the management of your complaints, of your requests for information, of your questions and of your concerns;

    • providing you with our services in our hotels and restaurants or online;

    • providing you with our assistance, in particular when you contact our consumer service, and more generally, respond to all your concerns relating to our services and products.

Informing you and improving our services – Monitoring our legitimate commercial interests

 

    • managing our relationship with you by updating a database which comprises current and potential contacts, and which allows us to proactively manage our relationship or loyalty programmes;

    • letting you discover our products and services and sharing games, offers, promotions or events with you, which in our opinion, are likely to interest you;

    • offering you a personalised experience in our hotels and restaurants and with our services and online selling of products;

    • ensuring your browsing on our website, and improving your user experience;

    • personalising our website and our commercial offers according to your affinities;

    • managing our activities, in particular developing new products and services, carrying out studies on consumers and operations, evaluating the effectiveness of our sales, marketing and advertising activities;

    • using analysis and profiling technologies in order to personalise your experience, developing content (including advertisements), adapted to your interests and the use that you make of our online services or in our hotels and restaurants, managing our activities, diagnosing possible technical problems, or problems relating to services, administering our online services and services onsite, identifying users of our online services, identifying a device for purposes of preventing against fraud, collecting demographic information relating to our contacts and determining use habits associated with our services;

    • maintaining, managing and improving our products, offers, promotions, online services and other technologies;

    • guaranteeing the security of our networks and systems.

We ensure in this case, to consider any potential impact that this collection can have on our contacts. If we think that your interest or your basic rights and freedoms exceed our legitimate interest, then we will not use your personal data on these grounds and can ask you for your specific consent.

Leading recruitment operations

 

    • proceeding with examining, studying, evaluating and processing application forms;

    • communicating with candidates;

    • managing the relationship with candidates.

Complying with applicable legislation

 

    • identifying, preventing and protecting us against cases of fraud and any other violations, claims and liabilities;

    • respecting our legal obligations and our policies;

    • observing, exerting or defending legal rights;

    • ensuring our audit, inspection and communication activities;

    • monitoring and highlighting problems with non-compliance;

    • more generally, responding to our legal obligations and ensuring the defence of our interests in case of dispute or court action.

On the condition that you authorise us with regards to this, when applicable legislation imposes it, we can moreover use personal data that we collect for the following purposes:

 

    • sending us emails or text messages (SMS) regarding our products and services, as well as games, competitions, offers, promotions or event which, in our opinion, are likely to interest you;

    • sending you emails or text messages (SMS) regarding products and services of our commercial partners;

    • activating cookies and similar technologies;

    • providing you with our online services (in particular, website, online booking and e-shop).

Recipients of your data

The personal data that we collect, likewise those which are subsequently collected, are sent to us in our roles as data controller, except for when we intervene as an intermediary to offer you ancillary products or services to our offers. In this case, the data controllers are named in the pertaining information notices.

We sell none of your personal data and share them only according to the methods stipulated in this Policy or if the law imposes this on us. We are prohibited from renting, distributing or selling your personal information to third parties, except for if you have authorised us in this regard beforehand.

We ensure that your data are only accessible to authorised internal or external recipients outlined below.

Your data may be subject to communication towards directors, employees, shareholders and corporate representatives of the company OHBABY HOTEL, its subsidiaries, and other companies of its group, as well as to the hotels and restaurants of the Ohbaby Hotel® network and their staff.

We are also likely to share your data with service providers, which provide us with services, such as honouring bookings and orders, ensuring advertising services (in particular, in the scope of a relationship or loyalty programme), processing data and other services linked to information technologies, managing promotions, competitions, raffles and lotteries, carrying out studies and analyses, offering a personalised experience to our contacts, processing and managing application forms for our job offers, etc. We forbid our service providers from using or sharing this information for purposes other than that of providing services on our behalf.

The list of our subsidiaries, establishments and services providers likely to have access to your data can be communicated on simple request to the address appearing above in the paragraph, How can you contact us?.
Furthermore, we can be led to share information, without this allowing to identify you directly, like anonymous approved statistics relating to the use that you make of our services. We can also conjugate information relating to you with that relating to other contacts and sharing it such that it is impossible to associate it with a particular contact.

Finally, we have the right to use or to share personal data to the local authorities as needed, for the effect of respecting any law, regulation or legal requirement, of protecting our online services and services onsite, of initiating a legal procedure or of defending a legal right, of protecting the rights, interests and security of our organisation, of our collaborators, of our franchises or of the general public, or in the scope of an investigation about a case of fraud or about any other breach or violation of our policies.

For strategic reasons or other professional reasons, we can decide to give or transfer some or all of our activities. In the scope of such a cession or of such a transfer, we are likely to transmit information that we have collected and kept (including personal data) to any person or entity involved in the operation in question. In case of merger, acquisition, cession or transfer of part or all of our activities, your data may be subject to communication to people or entities in question.

Transfers of your data

We do not transfer your data outside of the European Union, except for in situation where this is necessary to respond to any request or to provide you with the services requested (i.e. booking in a hotel outside of the European Union). In this scope only, personal data relating to you can be led to be transferred outside of the European Union, to countries of which the applicable legislation regarding protection of personal data differs from that applicable within the European Union or country of residence.

If you needed to transfer data outside of the European Union outside of these cases necessary for providing our services, we only do so after having taken the measures necessary and suitable for ensuring a level of protection and of security of personal data equivalent to that proposed in Europe.

When the recipient is located in a country of which the legislation has not formed the subject of an adequacy finding from the European Commission, we ensure that the transfer is governed by European Commission-type contractual clauses which allow to guarantee a sufficient level of privacy protection and basic rights of people or equivalent guarantees, or, for the United States, that the recipient adheres to Privacy Shield principles.

On simple request to the address appearing above the paragraph, How can you contact us?, we can provide you with the list of the countries where we keep and process your data and those where they occasionally pass through.

The durations for which we keep your data

We ensure that personal data relating to you are kept in a form allowing the identification of people in question that during a period necessary regarding purposes for which they are processed. The retention period that we apply to your personal data are proportioned for the purposes for which they have been collected.

Generally, your personal data are kept for the whole duration of your relationship with us, increased by a duration of three (3) years coming from the end of our relationship. They then form the subject of archiving in order to respond to our legal obligations or for probing purposes, or are anonymised for purposes of studies and statistics. However, we keep certain data after removing your account when such a conservation is provided by law, or when this conservation is necessary to allow us to manage litigations and disputes.

In certain cases, we can keep certain personal data relating to you, even if you remove your account, by legal obligation, or if a problem persist that relates to this account, for example, an unresolved complaint or dispute. In this case, the data necessary for the resolution of the problem, of the complaint or of the dispute will be kept, as long as it will be short-term, however within the limit of the applicable rules regarding stipulation.

Other data can be kept after having formed the subject of processing intended to prevent their reallocation to an identified person for purposes of studies and statistics.

More specifically, we organise our data conservation policy in the following way:

Purpose Categories of data in question
Signing up to a newsletter Information relating to your email address and to your options regarding electronic canvassing
Booking data and accommodation requests Information relating to booking rooms in view of the establishment and keeping legal documents complying with the applicable standards
Data relating to your stay in one of our establishments Information relating to your room access, monitoring your consumption (phone, TV, wi-fi, services used, bar, restaurant, etc.)
Internal management of the list of clients having had an unsuitable behaviour during their stay at the hotel Information linked to assaults and incivilities, not respecting the hotel contract, not respecting security rules, thefts, damage and vandalism or payment incidents of a client
Data of your client account Data of your profile, data relating to your browsing, your use or our website
Your transaction history Bookings and orders made
Statistical data Audience measurement statistics and raw visit data of our sites and applications
Geolocation Localisation in real time when the contact activates this service in order to offer products and services according to the place where it is located
Proof data Data allowing to establish the proof of a right or of a contract, or kept to respect a legal obligation
Security of the site and of the Services Identification data, connection data, including IP address
Applications Data about your profile, contact details, professional life, family and patrimonial situation

Resorting to profiling processing

We could resort to profiling techniques for marketing purposes to personalise and adapt to your needs, our offers of products and services and to establish marketing profile models.

You can oppose, at any time, processing of personal data relating to you for purposes of commercial canvassing under the conditions defined in the paragraph, Exercising your rights in relation to your personal data below.

The security of your data

We attach a particular importance to the security of personal data.
Suitable technical and organisational measures are implemented such that data are processed so as to guarantee their protection against accidental loss, destruction or damage which could harm their confidentiality or their integrity.

During the development of the design, or during the selection and the use of different tools which allow the processing of personal data, we ensure that they allow to ensure an optimal level of protection for the data processed.

Thus, we implement measures which respect the principles of protection as of the design of these tools and protection by default of data processed. In this regard, we are able to resort to data pseudonymisation or encryption techniques when this has proved to be possible and/or necessary.

When we resort to a service provider, we only communicate personal data after having obtained from the latter, a commitment and guarantees on its capacity to respond to these security and confidentiality requirements. We conclude with our subcontractors, respecting to our legal and regulatory obligations, contracts specifically defining the conditions and methods for processing data by the latter.

Likewise, we perform audits and our own services as well as those of our service providers, and this in order to verify the application of the rules regarding data security.

In case of violation of personal data, we are committed to notifying it to the CNIL (the National Commission on Computer Technology and Freedoms) under the conditions stipulated by the Regulation. If said violation imposes a higher risk for our contacts and that the data have not been protected, we will advise the contacts in question about this, and we will communicate the necessary information and recommendations to them.

Exercising your rights in relation to your personal data

We are particularly concerned about respecting rights which are agreed to you in the scope of processing data that we implement, to guarantee you fair and transparent processing, given the particular circumstances and the context in which your personal data are processed.

In this regard, you have the confirmation that your personal data are or are not processed, and when they are processed, you have the right to request a copy of your data and information relating to:

 

    • the purposes of the processing;

    • the categories of personal data in question;

    • the recipients or categories of recipients as well as, if necessary, if such communications had to be made, the international organisations to which personal data have been or will be communicated, in particular the recipients which are established in third-party countries;

    • when this is possible, the duration for keeping personal data considered or, when this is not possible, the criteria used to determine this duration;

    • the existence of the right to request the data controller to correct or remove your personal data, of the right to request a limitation of processing your personal data, of the right for you to oppose this processing;

    • the right to lodge a complaint with a control authority;

    • information relating to the data source when they are not collected directly from the people in question;

    • the existence of making an automated decision, including profiling, and in the latter case, useful information relating to the underlying logic, as well as the importance and the consequences provided of this processing for the people in question.

Your right to correct your data

You can request to us that your personal data are, as the case may be, corrected, completed if they are inaccurate, incomplete, ambiguous, out-of-date.

Your right to remove your data

You can request us to remove your personal data when one of the following reasons applies:

 

    • the personal data are no longer necessary regarding purposes for which they have been collected or processed in another way;

    • you remove the consent previously given;

    • you oppose the processing of your personal data when there is no compelling legitimate reason for the processing;

    • the processing of personal data does not comply with the provisions of the application legislation and regulations.

Your attention is attracted to the fact that the right to remove data is not a general right and that it can only comply with this, if one of the reasons provided in applicable regulations is present.

Thus, if none of these reasons is present, we cannot respond favourably to your request. Such will be the case if we are bound to keep data, due to a legal or regulatory obligation or for the observing, exercising or defending of legal rights.

Your right to limit data processing

You can request to limit the processing of your personal data in the cases provided by legislation and regulations.

Your right to oppose data processing

You have the right to oppose at any time, for reasons extending to your particular situation, to processing your personal data, of which the legal basis is of legitimate interest monitored by the processing manner (see the paragraph above, Legal bases and the purposes of our data processing).

In case of exercising such a right of opposition, we ensure that we no longer process your personal data in the scope of the processing in question, except for if we can demonstrate that we can have legitimate and compelling reasons to maintain this processing. These reasons must be greater than your interests and to your rights and freedoms, or the processing being justified for the observing, exercising or defending of legal rights.

You have right to oppose commercial canvassing as well as the profiling insofar as it is linked to such canvassing.

In particular, regarding commercial canvassing, it is reminded that you can oppose receiving canvassing through the post, electronically or over the telephone.

In the case of canvassing by emails (email, SMS, MMS), we can resort to this if you have given your agreement at the time of the collection. Subsequently, you can, at any time, oppose to it by the link found in the message which you have been sent or by contacting us on the contact details given above in the paragraph, How can you contact us?

If you have accepted a commercial canvassing from one of our partners, and that you want to oppose it, you must send your request directly to the partner in question.

Finally, if you have accepted a commercial canvassing over the telephone, by a box to be ticked appearing in the documentation communicated in the scope of using our services, you have the possibility of requesting for free of charge, the registration of your telephone number on the list opposing telephone canvassing with the body OPPOSETEL through the following link: www.bloctel.gouv.fr. However, it must be noted that this canvassing will not interrupt the receiving of commercial canvassing electronically if this method of canvassing has been expressly agreed to and that consent has not be removed from the data controller according to the abovementioned methods.

It must also be noted that, if you oppose receiving commercial canvassing, we will however continue to send you communications relating to the operations to which we are registered (games, competitions, etc.).

Your right regarding the portability of your data

From 25 May 2018, you will have the right to the portability of your personal data. We attract your attention to the fact that this is not a general right. Indeed, the data from all processing are not portable and this right only relates to automated processing, excluding manual or paper processing.

This right is limited to processing of which the legal basis is your consent or the execution of precontractual measures or of a contract.

This right does not include derivative data, nor inferred data, which are personal data created by OHBABY HOTEL or its subsidiaries.

The data on which this right can be exercised are:

 

    • only your personal data, which excludes anonymised personal data or data which do not relate to you;

    • declarative personal data, as well as personal operational data mentioned above.

The right to portability cannot damage the rights and freedoms of third parties, such as those protected by business secrecy.

You can request the portability of data according to the procedure defined below, by specifying if you want to receive them yourself or if this is technically possible for us, that we transmitted them directly to another data controller.

In the latter case, you ensure to indicate to us the precise name of this manager, their contact details, as well as the service or the person which/who should be their recipient. In order to facilitate the exercising of this right, you must inform this recipient of your request to our services.

Your right to lodge an appeal

You have the right to lodge an appeal with the CNIL (the National Commission on Computer Technology and Freedoms) in the French territory and this, without prejudice of any other administrative or jurisdictional appeal.

By post: CNIL – Complaints Department: 3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07

Online, through the following link: https://www.cnil.fr/fr/cnil-direct/question/844 or https://www.cnil.fr/fr/plaintes

Your right to define post-mortem directives

You have the possibility to define particular directives relating to the conservation, the removal and the communication of your personal data after your death with our services according to the methods defined below. These particular directives will only relate to the processing implemented by us and will be limited to this sole parameter.

You will also have this right, when this person has been named by the executive power to define general directives for the same purposes.

The methods of exercising your rights

All the rights listed above can be exercised by contacting us on the contact details outlined in the paragraph, How can you contact us? above, by attaching to your request, the copy of an identity document including your signature.

By email:
data-privacy@oh-baby.com

By letter:
OHBABY HOTEL
Personal Data
24 Rue des Capucines
75002 Paris

For all the rights mentioned that the contact benefits from and according to the legislation on privacy protection, you are informed that these are rights of an individual nature which can only be exercised by the person in question, relating to their own information. To satisfy this obligation, we will verify the identity of the person in question.

It is reminded that if the requests of a person in question are clearly unfounded or excessive, in particular due to their repetitive character, we can, either request the payment of reasonable costs which take into account the administrative costs covered for providing the information, proceed with communications or take the measures requested, or refuse pursuing these requests.

For any other more general information about privacy protection, you can view the CNIL site (www.cnil.fr).

Applicable law

This Policy is governed by French law, independently of disputes of legal provisions. The French courts are solely competent for any dispute relating to this Policy.

In the event where one of the clauses of this Policy would be null and void due to a change in legislation, regulation or by a court decision, this could not in any case affect the validity and the respect of the other clauses of the Policy.

Policy updates

We can, at our sole discretion, modify this Policy. Modifications are applicable and effective from their date of publication. By continuing using our Services after the publication of modifications, you accept to comply with these. We ask you to view the Policy regularly in order to be informed of any possible modification. The most recent version of our Policy remains permanently available on the Site.