1.    Purpose

The Société Européenne d’Hôtellerie (hereinafter referred to as “SEH,” “we,” or the “Data Controller”), as the data controller, pays particular attention to the protection of personal data that you provide or that may be collected.

SEH undertakes to ensure the confidentiality and security of your personal data in accordance with Regulation (EU) 2016/679 of April 27, 2016 on data protection and French Law No. 78-17 of January 6, 1978 as amended on information technology, data files, and civil liberties (hereinafter referred to as the “Regulation”).

This privacy policy (hereinafter the “Privacy Policy”) is intended to inform you about how SEH processes your personal data.

You are invited to read this document before submitting your personal data to us.

2.    Definitions

• Personal Data (hereinafter “Data”): Any information relating to an identified or identifiable natural person by reference to an identification number or to one or more elements specific to them.

• Recipient: Any natural or legal person, public authority, agency, or other body entitled to receive communication of Data recorded in a file or processing operation due to their role.

• Data Subject: A natural person who is identified or identifiable, directly or indirectly.

• Data Controller: A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing.

• Processor: A natural or legal person, public authority, agency, or other body which processes Data on behalf of the Data Controller.

• Processing: Any operation or set of operations performed on Data or on sets of Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.    Identity of the Data Controller

The Société Européenne d’Hôtellerie, a cooperative public limited company with a board of directors, registered with the Paris Trade and Companies Register under number 328 179 726, with its registered office at 22 rue Maurice Grimaud, 75018 PARIS, is the Data Controller of your Data.

When you provide us with Data while using SEH websites (accessible via the following URLs: https://www.theoriginalshotels.com/ and https://theoriginals.bonkdo.com/fr) (hereinafter the “Websites”), you are considered the Data Subject.

You may contact our Data Protection Officer (DPO) concerning the protection of your personal data at the following email address: dpo@theoriginalshotels.com

4.    What Personal Data Is Collected and When?

We collect and process the following types of Data:

• Identification Data: civil status, name, first name, postal address, email address, phone number, date of birth, billing address;

• Economic and Financial Data: bank details and payment data;

• Data related to your relationship with SEH: history of your contact or service requests;

• Booking Data: stay details (hotels, dates, products and services purchased), family situation, personal situation, consumption habits. We may also collect and process “sensitive” Data when necessary to fulfill specific requests from you (e.g., health condition requiring special arrangements or food allergies), with your consent;

• Loyalty Program Data: identification number, membership date, loyalty points balance, benefits used;

• Social Media Data: social media account identifiers, profile photo, and other public or shared data when linking your accounts;

• Traffic and Browsing History on the Websites: connection data (IP address, tracking data… See our Cookie Policy for more information).

We collect and process your Data particularly when:

• You browse the Websites via cookies—small text files placed on your browser that save your preferences and track your activity. For more information, see our Cookie Policy;

• You complete forms available on the Websites (booking, order, newsletter subscription, loyalty program, seminars, contact);

• You agree to link your social media accounts with the Websites.

5.   What Are the Purposes and Data Retention Periods?

You will find below the legal bases and retention periods that we apply to the processing of your Data:

6.    Who Are the Recipients of Your Data?

Your Data may be shared with:

• Internal recipients: Authorized SEH personnel and departments, only the data necessary for their duties;

• External recipients: Authorized services of partner hotels, processors, service providers, vendors, or SEH partners, only the data necessary for specified purposes.

7.    What Safeguards Are in Place for Transfers Outside the EU?

Your Data may be transferred outside the European Union. SEH ensures that appropriate safeguards are in place, either by transferring data to countries recognized by the European Commission as having an adequate level of protection, or by using standard contractual clauses approved by the European Commission.

8.    What Are Your Rights?

In accordance with the Regulation, you have the following rights:

• Access

• Rectification

• Erasure

• Data portability

• Restriction of processing

• Objection to processing

• Provide instructions regarding the retention, erasure, and communication of your data after death

When processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

You may also lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés). For more information on your rights, visit cnil.fr.

You may exercise your rights:

• By email: dpo@theoriginalshotels.com

• By post: SA EUROPÉENNE D’HÔTELLERIE, 22 rue Maurice Grimaud – 75018 PARIS

You must verify your identity when exercising your rights. If in doubt, SEH may request additional information, such as a copy of your ID.

If, after contacting us, you believe your rights are not being respected, you may file a complaint with the CNIL.