Luxury hotels - Lartisien

Protection Of Personal Data And Privacy Charter

When you use the website and the Lartisien mobile applications and/or in connection with the subscription of services offered by telephone or email (together, the "Service"), we ("LARTISIEN", "We", "Our") may be required to collect and process your personal data.

The purpose of this Protection of Personal Data and Privacy Charter (the "Charter") is to inform users of the Service ("User", "You", "Your”) of the methods implemented to:

  • collect and process Your personal data, in compliance with applicable French and European legislation, in particular French Data Protection Act No. 78-17 of 6 January 1978, as amended by Law No. 2004-801 of 6 August 2004 and by Law no. 2018-493 of 20 June 2018 ("French Data Protection Act"), Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("GDPR") and Directive 2002/58 of 12 July 2002 as amended by Directive 2009/136/EC ("ePrivacy Directive"), and any national transposition legislation or any subsequent legislation which may replace them ("Applicable Regulations");

We attach the utmost importance to the respect of Your privacy and the protection of Your personal data.

By accessing and/or using the Service, You understand that Your personal data may be collected and processed in accordance with the terms and conditions set out below. If You do not agree to this Charter, You must cease to use the Service.

The Charter forms an integral part of the Terms of Service ("TOS”) and must be read in conjunction with these TOS and our Privacy Charter accessible here: Cookies Policy.

1. Definitions

The terms "personal data" ("Personal Data"), "process/processing", "data controller," "data processor," "recipient", "consent", "file", have the same meaning as set out in Article 4 of the GDPR.

2. Data Controller

The data controller of the User's Personal Data collected for the purposes of the Service is LARTISIEN, a French limited liability company (SARL), registered with the Paris Trade and Companies Register under number 499330306, whose registered office is located at 82 rue Henri Farman, 92130 Issy-Les-Moulineaux, whose contact details can be found in Clause 11.

3. Which Personal Data are collected?

When collecting Personal Data, the User will be informed whether certain Personal Data must be provided or if they are optional. If Personal Data that must be collected are not provided, access to certain parts of the Service, such as the service for booking partner hotels online, and its use by the User will be impossible.

In particular, LARTISIEN may be required to collect the following categories of Personal Data relating to the User or the person with whom he/she intends to travel and for whom he/she wishes to provide LARTISIEN, under its exclusive responsibility, with Personal Data or information relating to travel documents, among the following categories:

  • Identity: surname, first names, telephone number (landline and/or mobile), email address, proof of identity and/or passport;
  • Payment method data: transaction number, credit card data (credit card holder details, expiry date and cryptogram);
  • Business relationship data: bookings made or in progress, wish list, subscribed services, amount, frequency, billing address, booking history, after-sales service correspondence, food and/or beverage preferences, and special requests;
  • Data relating to payment of invoices: payment terms, discounts granted, receipts, outstanding amounts, reminders, balances;
  • Contact data: messages sent on the Service via contact forms or online chats, correspondence that may be sent to Us;
  • Newsletter registration data (surname, first names, telephone number (landline and/or mobile), email address, company);
  • Contacts and exchanges with Us;
  • Browsing and interaction technical data: traffic statistics: IP address, cookies, for example, the pages visited by the User, the date and time of the visit (see the Cookies Policy);
  • Location Data, subject to Your free, specific and informed consent, which may be removed at any time using the settings of Your mobile device.

4. Why do We collect Your Personal Data?

The Personal Data You provide to Us about You or the persons with whom You intend to travel, as well as those that are collected and/or processed in connection with Your use of the Service, are processed, among others, for the following purposes:

Legal basisPurposes
Contract between You and LARTISIEN (TOS and this Charter)Making the Service available to You, ensuring its proper functioning, particularly to process Your requests, facilitate your browsing, etc.
Necessity for the performance of a contract entered into between You and LARTISIEN (e.g. service subscription)Processing Your bookings.
Legitimate interest of LARTISIEN in managing its customer relationshipManaging the customer relationship.
Legitimate interest of LARTISIEN in promoting its services and offering You offers and newsInforming You of the offers and news of LARTISIEN, unless You object.
Compliance with a legal obligation[Include potential purposes relating to accounting obligations, anti-money laundering, etc.]
Compliance with a legal obligationResponding to your requests to exercise your rights (access, objection, portability, etc.)

5. Who are the recipients of Your Personal Data?

The Personal Data base created during Your use of the Service is strictly confidential. LARTISIEN undertakes to take all appropriate precautions, organisational and technical measures to protect the security, integrity and confidentiality of Personal Data, and in particular prevent it from being distorted, damaged or accessed by unauthorized third parties.

5.1. Data transferred to public authorities and/or bodies

In accordance with the regulations in force, Personal Data may be transmitted to the competent authorities upon request and in particular to public bodies, exclusively to meet legal obligations, judicial officers, ministerial officers and bodies responsible for collecting debts.

5.2. Data accessible to third parties

The Personal Data may be used by LARTISIEN, its subcontractors, its affiliates and/or, where applicable, its business partners, for the purposes described in Article 4 above.

  • LARTISIEN's staff, the services responsible for auditing (statutory auditor in particular) and LARTISIEN’s subcontractors will have access to the Personal Data collected as part of the use of the Service;
  • Any third party required to be involved in the provision of the services subscribed by You;
  • Subject to Your consent when required, we may disclose Your Personal Data to our partners, including for direct marketing purposes.

5.3. Transfers outside the European Union

The User's Personal Data may be processed outside the European Union, including via remote access. LARTISIEN undertakes not to transfer Personal Data outside the European Union without implementing the appropriate guarantees in accordance with the Applicable Regulations.

6. What are Your rights regarding Your Personal Data?

In accordance with the Applicable Regulations, subject to an express request and to prove, as necessary, Your identity to LARTISIEN, You have a right of access to Your Personal Data, a right of rectification, a right of objection, as well as a right to erasure, under the conditions of the Applicable Regulations.

Your right to erasure of Your Personal Data applies subject to the requirements that LARTISIEN may justify in order to store Personal Data, in particular with regard to its legal obligations.

In the event of exercise of the right of objection, LARTISIEN shall cease processing the Personal Data, except in case of legitimate and compelling reason(s) for the processing, or to ensure the establishment, exercise or defence of its legal rights, in accordance with the Applicable Regulations.

You may also, subject to the terms of the Applicable Regulations, request a restriction on the processing of Your Personal Data.

Where the processing of Your Personal Data is based on Your consent, You have a right to withdraw Your consent at any time.

You also have a right to the portability of some of Your Personal Data, allowing You to request a digital copy in a legible and usable form of Your Personal Data processed by LARTISIEN (a) in an automated way and (b) (i) on the basis of Your consent or (ii) as part of Your contractual relationship with Us for the supply of products or services to which You have subscribed, which excludes Personal Data that LARTISIEN may process manually or has produced for purposes specific to it or to meet its legal obligations, including accounting, employment or tax obligations, as well as information relating to the history of bookings made, amounts paid or payable, as well as all information that LARTISIEN may have generated in the legitimate interests it pursues.

You may provide LARTISIEN with instructions on how to process Your Personal Data after Your death.

If applicable, LARTISIEN will inform You of the reasons why the rights You exercise cannot be satisfied in whole or in part.

To exercise the rights mentioned in this Clause, You may contact LARTISIEN by attaching to Your request a copy of a valid identity document using the contact details provided in Article 11 below.

7. Retention period of Your Personal Data

LARTISIEN undertakes not to retain Your Personal Data beyond the period strictly necessary for the purposes of use for which they were collected, and in accordance with the Applicable Regulations.

Nevertheless, Personal Data may be archived beyond the periods provided for the purposes of research, finding, and prosecution of criminal offences with the sole aim of allowing, as needed, the provision of such Personal Data to the judicial authority, or for other retention obligations, in particular for accounting or tax purposes. Archiving implies that these Personal Data will be subject to access restrictions and will no longer be available online but will be extracted and stored on an autonomous and secure medium.

The maximum retention periods set out in the table below apply, unless You request deletion or termination of processing of Your Personal Data prior to the expiry of these periods, in accordance with Clause 7 above, and subject to any obligation requiring longer retention.

CategoryRetention period
Information relating to the transaction by credit cardThese data are not retained beyond the transaction period unless You have consented to their registration
Information relating to bookings made or services subscribed to5 years from the date of purchase or end of subscription
Personal Data processed in connection with canvassing and promotional campaigns, sending offers and news3 years from the end of the relationship with the User or from the last interaction initiated by the User
Personal Data relating to the management of requests for the exercise of rights and questions on Personal Data3 years from the last interaction initiated by the User
Information relating to the management of interactions with the customer service department3 years from the last interaction initiated by the User

8. Protection of Personal Data of minors

The Service is generally not intended for minors under 15 years of age. For this reason, We do not collect or retain Personal Data on children under 15 years of age, without verifiable parental consent, knowing that holders of parental authority may request to receive information relating to their child and request deletion thereof.

When the adult User enters Personal Data relating to a minor under 15 years of age, he/she undertakes to have the verifiable consent of the holders of parental authority, and to provide, on request, any evidence of such consent.

9. Security

Given the development of technologies, the implementation costs, the nature of the Personal Data to be protected and the risks to the rights and freedoms of individuals, LARTISIEN implements the appropriate technical and organisational measures to ensure the confidentiality of the Personal Data collected and processed and a level of security appropriate to the risk, in accordance with this Charter.

All useful precautions, in accordance with the state of the art, with regard to the nature of the Personal Data and the risks presented by the processing, shall be taken to protect the security of the Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.

10. Contact

For any request concerning the processing of Your Personal Data, You may send Your request or complaint directly to LARTISIEN by contacting Us at our registered office at 82 rue Henri Farman, 92130 Issy-Les-Moulineaux or the e-mail address [email protected].

LARTISIEN will endeavour to find a satisfactory solution, to ensure compliance with the Applicable Regulations.

In the absence of a response from LARTISIEN or if the dispute persists, You may lodge a complaint with the French data protection authority (CNIL) or the supervisory authority of the Member State of the European Union in which You usually reside.

11. Update

We may update or amend this Charter from time to time in accordance with legal, technical or commercial developments. We will notify you and/or as required by law, obtain your consent for any significant changes to the Charter. The date of the most recent version of this Charter will appear below.

Date of last update: 09/04/2021