Personal Data Policy
Last updated on: 28/03/2025
PREAMBLE
Because respecting your privacy and your Personal Data is essential to us and justifies the trust you place in us, Louvre Hotels Group has implemented this personal data protection policy (hereinafter the “Policy”), which, in a spirit of transparency, aims to inform you about:
The methods of collection and processing of your Personal Data within the framework of the Services offered on our Sites by Louvre Hotels Group (in particular browsing our Sites, booking overnight stays within our Hotels, registering and participating in the Loyalty Program or marketing operations, interacting on our Sites via social networks, etc.);
The commitments undertaken by Louvre Hotels Group and your obligations in order to ensure the security of your Personal Data and combat fraud;
The rights you have regarding your processed Personal Data and how to exercise them.
To facilitate the reading of our Policy, terms beginning with capital letters and used in both singular and plural shall have the meaning defined in Article 12.
Louvre Hotels Group undertakes to process the Personal Data of its Users and Clients in compliance with the General Data Protection Regulation (hereinafter “GDPR”) and the French Data Protection Act.
In this respect, we implement privacy and Data protection principles from the design stage of our projects and by default, and in particular ensure:
The security of your Personal Data,
Compliance with the lawfulness of the processing of your Data,
The processing of your Data for a specific and transparent purpose,
Compliance with appropriate retention periods,
The accuracy of your Data,
Respect for your rights and fairness in the processing of your Data,
The implementation of appropriate safeguards regarding the transfer of your Data outside the European Economic Area (EEA).
Article 1 – Who processes your Personal Data?
The processing of your Personal Data implemented within the framework of the Services offered on our Sites is carried out by us, Louvre Hotels Group, a simplified joint-stock company with a share capital of €117,624,016, registered with the Nanterre Trade and Companies Register under number 309 071 942, whose registered office is located at 1 Place des Degrés, 92800 Puteaux – France, as data controller.
Please note that the vast majority of the Hotels in which you will stay do not belong to Louvre Hotels Group. They are operated, as franchised/managed hotels under one of our brands, by an autonomous and independent entity. Therefore, when you stay in one of these Hotels, your Personal Data is processed both by Louvre Hotels Group and by the Hotel concerned by your stay, each acting as data controller pursuing its own purposes. Hotels within the franchised/managed network are therefore required to comply with the principles of protection of your Personal Data in accordance with the Applicable Regulations and to manage your rights when you exercise them.
Any processing of Personal Data carried out by the Hotels during your stay is governed by a data protection policy specific to each Hotel in its capacity as data controller.
Article 2 – What Personal Data do we collect?
Personal Data collected directly from you
When you make your reservation and, where applicable, at different times during your stay, certain personal data may be collected.
They may concern you directly or the persons accompanying you. These data are grouped by type as follows:
Identity Data (such as your title, last name, first names, date of birth, nationality, customer ID, etc.)
Contact Data (such as your email address, postal address, landline and/or mobile phone number, etc.)
Payment Data (in particular information relating to your bank card to guarantee your reservation or to make payment)
Data mentioned on official identity documents (such as those appearing on national identity cards, passports, etc.)
Data relating to your preferences (such as type of rooms and bedding, room location, presence of pets, parking, etc.)
Data relating to your stays (such as date, location, booked services, etc.)
Data relating to minor children (accompanying you and that you may provide to us)
Data relating to the monitoring of the commercial relationship (such as requests for documentation, subscribed services or subscriptions, your reviews and comments, etc.)
Geolocation Data (only with your consent) through the “destination around me” feature to offer you Hotels close to your location
Furthermore, we may collect Data through the recording of your telephone conversations when you make a reservation through our reservation center, for training or evidentiary purposes.
• Personal Data collected from Cookies and other trackers
We use cookies and similar technologies in order to operate, protect, improve and understand how you use the Sites.
The following data may be automatically collected through the use of the Sites:
Technical Data relating to your device and its operating system (IP address, internet connection, browser type, information concerning the device used)
- Data collected through cookies: for further information, see the Cookie Policy.
The User may manage their cookie preferences at any time via the “Manage cookies” tab accessible in the footer of our Sites or directly from the cookie banner when first browsing each of our Sites.
Personal Data collected indirectly from online sites other than our Sites
Our partners
We may collect your Personal Data from certain of our partners who record your reservation via their own websites and may, depending on the case, collect or not collect the reservation price.
These partners include online hotel comparison websites or search engines such as Booking.com, Expedia, Google Hotels Ads, TripAdvisor or Trivago, etc.
These partners collect and transmit to us the Personal Data necessary for your reservation.
These partners collect certain information for their own purposes and within their own databases, to which we do not have access. For these processing activities, our partners process the Personal Data you provide to them as data controllers. Consequently, we invite you to consult their privacy policies in order to understand how and why they process your Personal Data and to be able to exercise your rights with them.
Social networks
When you create a Customer Account or book a room, you have the option to provide us with the Personal Data necessary for the processing carried out, in particular via your Facebook or Google account.
In this case, we become recipient and data controller of these Personal Data with regard to your stay reservation or Customer Account creation. We will be able to process any request for the exercise of your rights concerning you.
However, Facebook and Google, etc. remain data controllers of your Personal Data with regard to the purposes they determine on their own behalf (management of your messaging, management of your personal page, etc.). For the effective exercise of your rights regarding this part of the processing of your Personal Data, you should refer to their privacy policies and contact them directly.
Article 3 – When Do We Collect Your Personal Data?
Personal Data may be collected on various occasions, in particular in the context of:
Hotel activity:
When booking, checking in and paying for a stay directly via our Sites or through our partners;
When managing services offered as part of your stay;
When you create a Customer Account;
When you log into your Customer Account and use our Sites;
When you complete online forms on our Sites;
When you leave a review on our Sites or on third-party partner sites regarding a booking;
When you interact with our content on your social media;
When you make requests, complaints and/or in the event of a dispute relating to your booking.
Participation in our Loyalty Program or in marketing operations:
When you register for our Loyalty Program;
When you respond to satisfaction surveys;
When you participate in contests or prize draws;
When you subscribe to the newsletter.
Article 4 – On What Legal Grounds Do We Collect Your Personal Data?
We process your Personal Data on the basis of the following legal grounds, in accordance with the Applicable Regulations:
- To fulfill our obligations under a pre-contract or a contract with you (for example when you make a booking with us or create a Customer Account, etc.);
- To comply with a legal obligation (for example, we must retain your transaction information in order to comply with our tax and financial reporting obligations);
- Where it is in our legitimate interest to process your Personal Data (for example to assess and improve our organization, combat fraud, respond to complaints, etc.);
- On the basis of your consent (for example, when you choose to subscribe to our newsletters).
Article 5 – For What Purposes and How Long Do We Retain Your Personal Data?
The table below sets out the purposes for which we process your Personal Data, the legal basis for each processing activity and the associated retention periods.
| Processing Purpose | Legal Basis | Retention Period |
| Booking management [Booking, modification, cancellation] | Performance of pre-contractual or contractual measures (For the entire duration of the commercial relationship for the proper performance of the contract) Legitimate interest (After the commercial relationship for evidentiary purposes) | Duration of the commercial relationship, then: |
| Electronic marketing [Customers] | Consent (B2C) or legitimate interest (B2B) | Until withdrawal of consent or 3 years from the end of the commercial relationship (end date of the stay, no-show date, date of cancellation of a booking or end of use of the customer account). |
| Electronic marketing [Prospects] | Consent (B2C) or legitimate interest (B2B) | Until withdrawal of consent or 3 years from the last contact from the prospect (for example, clicking on a link in the body of a marketing email). |
| Loyalty action [Membership in the Loyalty Program] | Performance of contractual measures (For the entire duration of membership in the program, for the proper performance of the contract) | Duration of membership in the Loyalty Program then 3 years from the last interaction or login of the user to their Customer Account or until closure of the Customer Account. |
| Carrying out satisfaction surveys. | Legitimate interest of the company for post-stay surveys in order to improve the quality of its services | Duration necessary to achieve the purpose of the survey or until the right to object is exercised or consent is withdrawn. |
| Interaction with social media. | Legitimate interest of the company to allow customers to connect using their public data entered in their account or for the purpose of contacting the customer. | Until the end of exchanges with the persons concerned and in accordance with the specific policy of each social network. |
| Marketing operations, contests, lotteries, referral programs. | Legitimate interest of the company for the promotion of its brands or services. | Until the end of the marketing operation then until withdrawal of consent or 3 years from the last contact of the persons with the company. |
| Management of complaints | Legal obligations (During the commercial relationship for the proper performance of the contract) | Until the end of operations related to the analysis and processing of the complaint then 3 years from the date of closure of the file.
|
| Exercise of the rights of data subjects | Legal obligations (within the framework of the GDPR) | Until the end of operations related to the execution of the rights request, then: |
| Consultation / Retention of official identity data | Consultation of information on an identity document may be necessary (minimum age required for obtaining certain services and/or benefits such as the sale of alcohol, etc.) and the information may be retained in certain European countries in order to comply with a legal obligation. | Until the end of the identity verification operations and/or depending on the retention period imposed by local regulations in certain countries. |
| Payment by bank card | Legal basis of performance of the contract for payments of reserved and/or consumed services. | Visual cryptogram: during the transaction only. |
| Browsing on the Websites and applications via cookies and other trackers. | Legitimate interest for cookies strictly necessary for the proper functioning of the Sites. | The lifespan of cookies is 13 months from the date they are placed on the user’s device (computer or mobile phone) or until withdrawal of consent for cookies other than those for functional purposes. |
| Carrying out sales analysis and statistics | Legitimate interest of the company to analyse its results and improve its offers and services | Duration necessary to achieve the objective pursued by the analyses and the establishment of statistics. |
| Recording of telephone conversations | Legitimate interest of the company for training purposes and for evidentiary purposes | Booking: duration necessary for processing the booking then 90 days from the date of the call. |
| Management of disputes | Legitimate interest of the company for the defence of its interests. | The data is retained for 1 year from the date on which all avenues of appeal have been exhausted. |
| Response to requests from competent authorities | Legal obligation (Article 77-1-1 of the Code of Criminal Procedure) | Until the end of operations related to the execution of the request then 1 year from the date the information is sent to the authorities. |
| Accounting obligations (such as invoices) | Legal obligation (Article L123-22 of the Commercial Code) | These documents are secured in a specific archiving database and may not be subject to the right of erasure for a period of 10 years from the date of their issuance. |
Article 6 – With whom may we share your Personal Data?
The Personal Data we collect may be transmitted in order to ensure the various purposes and improve your stay:
To authorized personnel of Louvre Hotels Group;
To authorized personnel of the Hotels;
To authorized persons at our service providers who are subcontractors of Louvre Hotels Group, in particular providers responsible for:
Performing certain Services;
Helping us manage reservations and handle any potential complaints;
Customer service;
Ensuring the processing and security of your payment data when making a reservation;
Helping us carry out advertising campaigns, marketing content, competitions and analyzing their effectiveness;
Providing platforms, hosting and maintenance services, software and applications and supporting our databases.
To companies with which we have commercial agreements for the purpose of offering you bundled or personalized offers or within the framework of the Loyalty Program, unless you object;
To social networks acting as data processors: we may communicate your email address or phone number in order to identify whether you are already a user of one of these social networks (such as Facebook, Google) and display advertisements tailored to you on your social network account page.
To lawyers, auditors, or other advisors in the context of their services on behalf of Louvre Hotels Group.
To any regulatory, statutory, governmental or other authority, agency or competent sector regulator, if required by law or in the context of an investigation and in accordance with local regulations.
Article 7 – How do we protect your Personal Data?
We implement appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorized access to such Data.
In particular, we operate systems and data networks protected by industry-standard security measures and use secure protocols on unsecured networks to protect the transmission of your Data. In addition, access to your Data is limited to authorized personnel and service providers.
Although we strive to always protect our Sites, systems and operations, we do not control all risks related to the functioning of the Internet and draw your attention to the existence of potential risks inherent to its operation.
When we are required to share your Personal Data in the context of providing certain Services, we take all necessary measures to ensure that third-party recipients have implemented appropriate technical and organizational measures to protect your Personal Data.
Article 8 – How is the transfer of your Personal Data outside the EEA managed?
As part of the performance of our Services, we may be required to transfer your Personal Data to recipients, in particular Hotels within the network that may be located outside the European Economic Area (EEA), in countries that may regulate the protection of Personal Data differently.
In the event of a transfer of Personal Data outside the EEA, we undertake to comply with the requirements of the Applicable Regulations and to implement the appropriate safeguards necessary for such transfer.
Article 9 – What are your rights, and how can you exercise them?
You have the right of access, rectification, erasure, restriction, objection and the right to data portability. You may also request at any time to no longer receive commercial communications from us or from our brands.
If you wish to exercise your rights, you may contact our Data Protection Officer:
by email: dpo@groupedulouvre.com
by mail at the following address:
LOUVRE HOTELS GROUP - DPO
Tour Voltaire, 1 place des degrés
92800 PUTEAUX
You may exercise these rights at any time and free of charge, except in the case of manifestly unfounded or excessive requests (in particular due to their repetitive nature). In such exceptional cases, we reserve the right, in accordance with the Applicable Regulations, to require the payment of reasonable fees or to refuse your request.
Following your request to exercise your rights, a response will be sent to you within one (1) month from receipt of the request, which may be extended by two (2) months taking into account the complexity of your request.
You also have the right to lodge a complaint with the competent supervisory authority (in France, the Commission Nationale de l’Informatique et des Libertés, or “CNIL” www.cnil.fr).
You may also exercise your rights in respect of your Personal Data processed by a Hotel acting as data controller. We invite you to exercise your rights directly with the Hotel and to consult, if necessary, its data protection policy.
- Fate of Personal Data in the event of death
In accordance with the provisions of Article 85 of the French Data Protection Act, we inform you that, as a natural person:
You have the right to define with us directives relating to the retention, erasure and communication of your Personal Data after your death;
You may at any time modify or revoke such directives;
You may designate a person responsible for the implementation of these directives, who, after your death, will be entitled to take note of such directives and request their implementation from us.
You are also informed that, in the absence of specific directives communicated to Louvre Hotels Group regarding the fate of your Personal Data, your heirs may exercise after your death the rights relating to the retention, erasure and communication of your Personal Data to the extent necessary for the organization and settlement of your estate as well as for Louvre Hotels Group to take your death into account.
Article 10 – What are your commitments?
- Accuracy of Personal Data
You declare, as a User of the Site or a Customer of LOUVRE HOTELS GROUP, that you are informed of the importance of the accuracy of the Personal Data concerning you.
Therefore, you commit to providing only accurate Personal Data when interacting with us, during the contractual process, when requesting Services, and throughout the use of the Site, and to updating it as necessary.
In this regard, you may request correction or deletion as outlined in Article 9.
- Management of Personal Data of Minors
We do not knowingly collect or solicit Personal Data from minors and do not allow them to book a room in one of our Hotels independently.
The collection of information about minors is limited, as part of the booking process, to their first name, last name, nationality, and date of birth, which can only be provided by an adult.
We kindly ask you to ensure that your children do not transmit any Personal Data without your consent. If such transmission occurs, you may contact the data protection officer whose contact details are provided in Article 9 to have this information deleted.
- Free-Text Fields
In general, failure to fill in the fields marked with an asterisk (*) on the Sites will prevent us from providing you with all or part of the Services we offer and the functionalities of the Site. Your requests may not be processed optimally.
Other fields are optional and are intended to improve the quality of the Services offered to you.
When a form includes a free-text field, we ask that you only provide strictly objective and necessary information for your request and never submit sensitive data (such as passwords, credit card numbers, health data, etc.).
- Sensitive Personal Data
We do not collect Sensitive Personal Data.
We remind you that data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of identifying a person uniquely, health data, or data concerning a person’s sexual life or sexual orientation, are considered Sensitive Personal Data.
If you voluntarily provide us with Sensitive Personal Data, particularly in connection with special requests related to your booking, you acknowledge that you have given your explicit consent for us to process these special categories of Personal Data.
Article 11 – General Provisions and Modification of Our Policy
If any clause of this Policy is invalid, notably due to a change in legislation, Applicable Regulation, or a court decision, this shall in no way affect the validity of the other clauses of the Policy.
This Policy and the documents referenced therein are governed by French law.
This Policy is subject to updates, which will be made available online. The previous version of the Policy will be automatically replaced by the new version. The updated Policy will be immediately enforceable. Your use of the Site is subject to the Policy in effect at the time of use.
To stay informed of any modifications or updates, it is recommended that you regularly consult the Policy. LOUVRE HOTELS GROUP may, but is not obliged to, inform you of updates by displaying a message on the Site or by sending an email.
Article 12 – Definitions
"Customer": a natural person, whether or not holding a Customer Account, residing in France and/or abroad who uses the Site.
"Customer Account": a space provided to a Customer on the Site following their registration according to the terms specified in the T&Cs and the Terms of Use. This Customer Account is strictly personal, individual, non-assignable, and non-transferable to a third party. The Customer Account is accessible via the Customer’s login credentials and password.
"Personal Data" or "Data": refers to "any information relating to an identified or identifiable natural person; an 'identifiable natural person' is a person who can be identified, directly or indirectly, notably by reference to an identifier, such as a name, identification number, location data, an online identifier, or one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural, or social identity" according to Article 4 of the GDPR. For example, data allowing for your identification such as gender, name, surname, and email address are Personal Data.
"Hotels": any franchisee of LOUVRE HOTELS GROUP or managed by LOUVRE HOTELS GROUP, or any subsidiary of LOUVRE HOTELS GROUP operating under one of LOUVRE HOTELS GROUP’s brands, as well as partner establishments as defined in the general terms and conditions of sale of LOUVRE HOTELS GROUP. The brands of LOUVRE HOTELS GROUP include, notably: Campanile, Première Classe, Kyriad, Kyriad Direct, Golden Tulip, Royal Tulip, and Tulip Inn.
"French Data Protection Act": Law No. 78-17 of January 6, 1978, relating to computers, files, and freedoms.
"Loyalty Program": refers to LOUVRE HOTELS GROUP's loyalty programs. The general terms and conditions of use of the program are accessible via links located in the footer of the Sites.
"Applicable Regulation": refers to all existing or upcoming regulations and standards applicable to Users and the Site, notably: legislation and regulations related to Internet platforms such as the Site, and concerning the protection of personal data, including the French Data Protection Act and the GDPR.
"General Data Protection Regulation": Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.
"Service(s)": hotel services and all services offered to Customers by LOUVRE HOTELS GROUP via the Site.
"Site(s)": any website or mobile application published by LOUVRE HOTELS GROUP, presented under the LOUVRE HOTELS GROUP domain name or under the domain name of its brands. Non-exhaustively, the term "Site" refers to the Louvrehotelsgroup app and the following sites: Louvrehotels.com, Campanile.com, Premiereclasse.com, Kyriad.com, Goldentulip.com, flavoursbenefit.com, and associated subdomains.
"Terminal": any technical means that allows Users to access the Site. Terminals can include smartphones, Apple or Android tablets, microcomputers via the Internet, and any connected objects capable of interacting with another object and with the Internet.
"User": any natural person accessing the Site, either for their own account or on behalf of a legal entity, and who has the capacity and/or authority to contract via the Site, whether they are a simple visitor or a customer.