Information provided to the Member/Guest/Visitor in respect of their personal data in accordance with the provisions of Law n°78-17 of January 6th, 1978, EU Regulation 2016/679 of April 27th, 2016 (RGPD) and Law n°2018-493 of June 20th, 2018 on the protection of personal data.
We appreciate your interest and thank you very much for your visit, which we hope will allow you to gather all the information you may need about the top-of-the-range services we offer and which we can personalise to your wishes. We intend to establish a relationship of trust with you in full respect of your privacy and by doing everything possible to ensure the protection of your personal data which we undertake to process, at the very least, in accordance with the regulatory provisions in force governing their use and storage, in particular those contained in the General Data Protection Regulation (GDPR).
Your visit may be completely anonymous. The display of the web pages making up our website (hereinafter the “Website”) only requires the transmission of data provided by your browser to our server. Data deemed personal will only be kept if you voluntarily consent to it by using the features of the Site.
For any operation consisting in the purchase of a service and/or benefit in the wide range proposed, and only after your consent has been obtained in compliance with the stipulations below, your personal data may be collected by the company D&O MANAGEMENT SAS, a simplified joint stock company with a capital of 45.521.900 €, which head office is in TOURRETTES (83440), 3100 Route de Bagnols-en-Forêt, registered in the Trade and Companies Register of DRAGUIGNAN under the number 492.843.230,
Which commercial name is "Terre Blanche Hotel Spa Golf Resort *****" and hereinafter referred to as "the Operator".
The data considered as personal is the information provided by you when you fill in the form(s) used to create your account and/or to make a reservation and/or purchase a service or by communicating with the Operator, by any means of communication, including online, or by answering questionnaires or satisfaction surveys, which concerns in particular your name, gender, date and place of birth as well as your contact details such as your postal address, e-mail address, telephone numbers, electronic signature, data from your National Identity Card and/or passport as well as, in particular, information relating to the contractual and commercial relationship between you and the Operator and your banking information (bank details, card numbers) and transactional information as well as data collected thanks to cookies and similar technologies used on the Site (in particular IP addresses) and in electronic messages enabling us to recognise you, to remember your preferences and, where appropriate, to present you with content likely to interest you, in particular by informing you of improvements and/or new services offered by the Operator. Learn more about our cookie use policy
These personal data may only be communicated to the Operator by the Member/Guest/Visitor concerned by the said personal data and each Member/Guest/Visitor shall refrain from communicating other people’s personal data and/or personal data which do not concern them.
THE NATURE OF PERSONAL INFORMATION
Personal information is defined as information that can identify or relate to the Member/Guest/Visitor as an identifiable individual. The personal information in question may include:
- Identity information, such as surname, first name, date and place of birth, gender or other information contained in civil status documents;
- Contact information, such as home, postal or e-mail address and telephone numbers (home, office and mobile);
CCTV images, photographs available on social networks or taken during a stay at our venue;
- Financial information, such as credit card details, detailed expenditure and transaction history;
- Booking information, such as the type and location of rooms booked and the dates of bookings, any preferences and other special requests recorded solely for the purpose of improving the quality of service during the stay;
- Health information when voluntarily disclosed by the Member/Guest/Visitor and only if relevant to the provision of services, such as food or pet allergies;
- Information available on social networks and other public platforms which may be consulted to better understand the expectations of the Member/Guest/Visitor and their appreciation of previous experiences;
- Technical information about the computer or device used by the Member/Guest/Visitor to interact with us (including the unique device identifier, hardware model, IP address, geolocation, operating system and version, as well as mobile network information and unique device identifiers, in the case of our mobile application);
- Correspondence information recorded when the Member/Guest/Visitor contacts us with any kind of query.
THE PURPOSE OF THE PERSONAL INFORMATION COLLECTED
For each of the above categories, the personal information collected is used in particular to:
- allow the Member/Guest/Visitor to use our Website and our mobile application (hereinafter the "WebApp");
- help us identify and better know the Member/Guest/Visitor;
- provide the Member/Guest/Visitor with superior Guest service;
- assist us in making the reservation requested by the Member/Guest/Visitor and in providing the services requested in one of the activities offered in our venue;
- process transactions made through the Website (including payment for purchases) and to respond to any enquiries from the Member/Guest/Visitor regarding their transaction;
- establish the invoicing of the services consumed;
- contact the Member/Guest/Visitor about questions related to the services consumed;
- send the Member/Guest/Visitor newsletters or marketing communications concerning our products (in case of subscription to the newsletter);
- personalise and improve the Member/Guest/Visitor's customer experience and digital customer experience;
- know the degree of satisfaction of the Member/Guest/Visitor with the provided services quality (on a voluntary basis and/or with prior agreement);
- provide the Member/Guest/Visitor with all the information and clarifications they may require about our services;
- analyse trends and ideas to improve our services.
COLLECTION SOURCES OF PERSONAL INFORMATION
For each of the categories of personal information and purposes described above, we collect personal information when the Member/Guest/Visitor provides it to us or when the Member/Guest/Visitor interacts directly with us, for example by:
- creating a profile or logging in to access an existing profile on the Website or WebApp;
- making a purchase and/or booking online;
- making a purchase and/or booking over the telephone with our booking agents or our receptionists at our various sale points;
- giving information during check-in to provide us with details, in particular on preferences.
We also collect the Member/Guest/Visitor's personal information when monitoring our technological tools and services, including comments left on internal and external platforms as well as communications received by e-mail.
We may also receive information about the Member/Guest/Visitor from other sources, such as our business partners, publicly available sources, or other persons in the Member/Guest/Visitor's circle.
Finally, we may collect the Member/Guest’s photograph from publicly available sources in order to be able to recognise them and offer them an exclusive and personalised service.
We use a variety of physical, technical and administrative security measures and technologies to help maintain the integrity and security of personal information in accordance with applicable data protection and privacy laws.
We strive to protect the confidentiality of accounts and other personal information we hold on file, but unfortunately, we cannot guarantee complete security.
Unauthorised access or use on the Member/Guest/Visitor side, hardware or software failures, and other factors may compromise the security of such information. In addition, while we strive to implement enhanced safeguards and continuous monitoring, we cannot guarantee the security of personal information contained in databases hosted by third parties.
It is important to note that not all e-mail communication is secure. This is an inherent risk in the use of email. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the "Contact Us" section of the Website). We recommend that you do not include confidential information (for example, credit card information) when using e-mail. For your protection, the responses we send you by e-mail will not contain any sensitive personal information.
Finally, as a precautionary measure, always close your browser when you have finished using a form or the booking site. Although the session ends after a short period of inactivity, it is best to close your browsers as soon as you have finished, especially if you are using a public computer.
LEGAL INFORMATION FOR THE MEMBER / GUEST / VISITOR
The purpose of the present document is to provide the Member/Guest/Visitor with the following legal information (which information shall also be notified to the Member/Guest/Visitor before his/her personal data is collected, separately from any other information, in accordance with the provisions in force):
(a) Identity and contact details of the data controller (hereinafter the "Data Controller")
The Operator identified above is the Controller of personal data
The Operator identified above is the Data Controller of a personal nature data.
(b) Details of the Data Protection Officer
The company DPMS (Data Privacy Management System), is designated as the external delegate of D&O MANAGEMENT SAS in terms of personal data protection (reference DPO-112022), represented by Mrs Myriam GUERBAA.
The requests of the Member/Customer/Visitor concerning his personal data can be sent to him on the following e-mail address: firstname.lastname@example.org
(c) Legal basis for processing
The legal basis for the processing is as follows:
(i) the processing is necessary for the execution of the contractual relationship which the Member/Guest/Visitor wishes to establish with the Operator by ordering and/or using their services and/or benefits. The Member/Guest/Visitor acknowledges that the said personal data are essential for the performance of the services and/or facilities which may have been ordered.
(ii) the processing is also necessary to protect the legitimate interests of the Operator by enabling them to keep proof of transactions with the Member/Guest/Visitor and/or, if necessary, to proceed with recovery.
(iii) the processing is based on the consent of the Member/Guest/Visitor wishing to order services via the Website.
(iv) the processing being administered in accordance with the provisions of Law No. 78-17 of January 6th, 1978, EU Regulation 2016/679 of April 27th, 2016 (RGPD) and other legal provisions in force (hereinafter the "Regulations in force"), in particular Law No. 2018-493 of June 20th, 2018 on the protection of personal data.
(d) Recipients of personal data
The recipients of the personal data are:
- the Operator's employees who need access to this information for the performance and/or administration of the services and/or benefits intended for the Member/Guest/Visitor;
- where applicable, the Operator's subcontracted service providers participating in the performance of these tasks and being required to intervene in this respect in the processing. It then being specified that in such a case this is done in compliance with the regulations in force applicable to subcontractors.
(e) Personal data transfer
The Member/Guest/Visitor is informed that, if necessary, personal data concerning them may be transferred by the Data Controller to a third country or to an international organisation which is the subject of an adequacy decision issued by the European Commission. It is specified that, with regard to a possible transfer to a country or an international organisation that is not subject to an adequacy decision, this may only be carried out on condition that appropriate guarantees are put in place and that the Member/Guest/Visitor concerned has enforceable rights and effective means of recourse, under the conditions of the regulations in force.
(f) Retention period of personal data
The duration of the retention of personal data is as follows: as the personal data is necessary for the performance, administration and/or delivery of the services ordered via the Website, the personal data of the Member/Guest is retained:
(i) as long as the Member/Guest is able to place orders, i.e. as long as the Member/Guest has not expressed their intention to no longer be a Guest of the Operator or to no longer have their personal data stored, by means of a request sent by them to the above-mentioned address (in accordance with the stipulations below);
(ii) within the limit of a period of 36 (thirty-six) months from the last order for services made by the Member/Guest via the Website, after which date the personal data is no longer kept. It is understood that all data, including those of a personal nature, which the Operator may need to meet its obligations, in particular with regard to the tax authorities, will be kept for the periods set by the authorities concerned.
(g) Rights of the Member/Guest/Visitor that may be exercised with the Data Controller
The purpose of the present document is also to inform the Member/Guest/Visitor of the existence of their right to request from the Data Controller (as identified above)
- access to their personal data as well as any available information relating to the sources of such data;
- rectification or deletion of the data;
- limitation of the processing of their personal data
- the cessation of the processing of their personal data when such a request is not of a nature to confiscate from the Data Controller a right which is recognised as being of public order;
- the non-exploitation of their personal data for solicitation purposes, including profiling;
- the portability of their personal data under the conditions of the regulations in force, which stipulate in particular that the persons concerned by the processing of personal data have the right to receive the said data in a structured, commonly used and machine-readable format and have the right to transmit the said data to another controller without the former being able to prevent this, when the processing is:
(i) based on consent in accordance with the regulations in force,
or on a contract in accordance with the regulations in force;
(ii) carried out by automated means, it being specified that where the data subject exercises
their right to portability of their personal data, they shall have the right to have
their personal data transmitted directly from one controller to another, where technically possible.
- the withdrawal, at any time, of their consent to the processing of their personal data (without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal thereof);
The exercise by the Member/Guest/Visitor of their rights as identified in this (g) shall be made by means of a request made by them and addressed to the following address: email@example.com
Insofar as necessary, it is stipulated that the exercise by a Member/Guest/Visitor of their right to erase their personal data and/or the exercise of their right to oppose the processing of their personal data and/or the exercise of their right to limit the processing of their personal data and/or the exercise of their right to withdraw their consent at any time to the processing of their personal data (in accordance with the aforementioned stipulations) shall result in the delivery of the services ordered by the Member/Guest/Visitor not being possible, and more generally in the production of the services ordered or used by the Member/Guest/Visitor not being possible, so that, in such cases
(i) from the moment the Member/Guest/Visitor exercises the said rights,
the latter will no longer be able to access the services, in particular the reservation services offered directly on the Website;
(ii) if these rights are exercised immediately after having used
the Website to purchase a service and/or a benefit, the withdrawal may not concern
all of the data even if part of it is actually personal in nature.
The retention periods will apply and the withdrawal will be made at the end of these periods.
(h) Complaint to the CNIL
The Member/Guest/Visitor is informed of the right to lodge a complaint with the supervisory authority, which is the Commission Nationale de L'Informatique et des Libertés (CNIL): 3 Place de Fontenoy - TSA 80715 - 75334 Paris 07.
(i) Information on the contractual nature of the provision of personal data
In order to provide the Member/Guest/Visitor with information on whether the requirement to provide personal data is of a regulatory or contractual nature or whether it is a condition for the conclusion of a contract and whether the data subject is obliged to provide the personal data, as well as on the possible consequences of not providing such data, the Member/Guest/Visitor shall be provided with the following information:
(i) the request to provide personal data is contractual in nature (in the context of the relationship that the Member/Guest/Visitor wishes to establish with the Operator by placing an order for services and/or by using the said service;
(ii) the provision of this data, insofar as it is necessary for the provision of the services ordered, is a condition for the conclusion of this contractual relationship;
(iii) in this respect, the Member/Guest/Visitor is obliged to communicate their personal data if they wish to order and/or use services from the Operator via the Website;
(iv) the failure to provide such personal data does not allow the order for services to be processed by the Operator.
(j) Automated decision-making
It is hereby stated that the personal data collected does not lead to automated decision-making within the meaning of the regulations in force.
(k) Possible further processing of personal data
In the event of further processing of personal data for purposes other than those for which the personal data were collected and as identified above, the controller (as identified above) will provide the data subject with information about this other purpose and any other relevant legal information required.
AGE OF THE PERSON WHO CAN PROVIDE PERSONAL DATA
As the collection of personal data can only concern persons aged 15 or over, and as the personal data is, as indicated above, necessary for the provision of the services ordered via the Website, persons under the age of 15 (fifteen) cannot give their consent to the collection of their personal data and, consequently access the services deployed via the Website only on the condition that they are authorised by the person with parental authority over them so that, by requesting the services accessible via the Website and/or by communicating their personal data to the Operator, the Member/Guest/Visitor declares and guarantees to the Operator that they are either:
(i) at least 15 years old
(ii) authorised by the person with parental authority over them. This stipulation is without prejudice to the commitment
made by the Member/Guest/Visitor to the Operator to confirm and guarantee to the latter
that they have the legal capacity to use the services and/or benefits offered via the Website and,
if applicable, to pay for said services and/or benefits.
AMENDMENTS TO THESE TERMS AND CONDITIONS
The present document may be updated. In this respect, the Member/Guest/Visitor is invited to take note of the latest version of these terms and conditions, which are accessible on the Website, in particular in the General Conditions of Use/General Conditions of Sales.
This English version is not legally binding.