GENERAL POLICY ON PROTECTION OF PERSONAL DATA
BOOKINGS IN RESTAURANTS VIA THE MOBILE APPLICATION LINKED TO SEVENROOMS
1. Introduction
In the course of its business, PARIS SOCIETY collects and processes personal data relating to its customers.
The main goal of this document is to bring together, in a concise, transparent, understandable and easily accessible format, information concerning the data processing carried out to enable you to understand the conditions under which your data is processed.
2. Identification of the data controller
The data controller is the company NOCTIS EVENT (whose trade name is PARIS SOCIETY, hereinafter referred to as ‘PARIS SOCIETY’). In this capacity, PARIS SOCIETY determines the purposes of the processing carried out on its website and the way in which your data is processed.
If necessary, you can ask your questions directly by sending an email to donnees.privees@paris-society.com or a letter to the following address:
PARIS SOCIETY
38, avenue des Champs Élysées
75008 Paris
3. Fair and transparent collection of your data
In the interests of fairness and transparency towards its customers, the company takes care to inform the people concerned of each processing operation it carries out by information notices.
This data is collected fairly. No data is collected without the knowledge of the individuals concerned.
3. Legitimate and proportionate use of your data
When PARIS SOCIETY processes data, it does so for specific purposes : each data processing operation pursues a legitimate, specific and explicit purpose.
For each of the processes implemented, it undertakes to only collect and use data that is adequate, relevant and limited to what is necessary with regard to the purposes for which it is processed.
PARIS SOCIETY ensures that data is updated if necessary and implements procedures to enable the deletion or rectification of inaccurate data.
4. The personal data we process
In the context of the processing of personal data, the purposes of which are presented below, PARIS SOCIETY collects and processes the following categories of data :
<table><tbody><tr><th><p><strong>Data category</strong></p></th><th><p><strong>Key data for the category</strong></p></th></tr><tr><td><p><strong>Identification data</strong></p></td><td><p>Surname, first name, photo of user.</p></td></tr><tr><td><p><strong>Contact details</strong></p></td><td><ul><li>e-mail address, identification password,</li><li>phone number, phone operating system version and model, language and time zone.</li></ul><p>There is a unique identifier between Onesignal (push notification of bookings confirmations) and the application user's phone.</p></td></tr><tr><td><p><strong>Information about the personal life</strong></p></td><td><ul><li>There is a comments area where users of the App can give details of their wishes. Example : a candle on a birthday cake.</li><li>Number of « loyalty » points associated with each user of the App.</li><li>Sponsorship : sponsorship credits are allocated to sponsors according to criteria that reflect the Group's marketing policy and positioning. Information on the existence of a link between a sponsor and a sponsored user is collected and stored on the App's server.</li></ul></td></tr></tbody></table>
5. Legal basis and purposes of our data processing
The data processing carried out by the company pursues the purposes identified below and is based on the following legal bases:
| Goals | Legal basis | | ------------------- | ------------------------------------------------------------------------------------------------------- | | Restaurant bookings | Performance of the contract concluded with loyalty programme members<br><br>Legitimate interest |
6. Recipients of your data
We share your personal data with people who are strictly authorised to do with regard to their functions within PARIS SOCIETY.
Your data will also be sent to the restaurants and hotels of the Paris Society group, for the purposes of managing your bookings and sending you commercial prospecting as part of the Paris Society Family loyalty programme, if you have given your consent.
We ensure that only authorised people have access to this data.
7. Transfers of your data
We may transfer your personal data outside the European Union as part of the IT tools used for our activities.
If the recipient country does not ensure a level of protection of personal data equivalent to that of the European Union, PARIS SOCIETY undertakes, in the absence of a decision of adequacy and after having carried out an evaluation of the level of protection of your rights on the territory of the third country where the recipient of your personal data is established, to take all necessary measures to ensure the protection of your personal data on the basis of appropriate guarantees (in particular standard contractual clauses defined by the European Commission), the communication of which may be obtained directly from PARIS SOCIETY at the following address donnees.privees@paris-society.com
8. The periods for which we keep your data
PARIS SOCIETY ensures that data is only kept in a form that allows identification of the people concerned for as long as is necessary for the purposes for which it is processed.
The retention periods that we apply to your personal data are proportionate to the purposes for which they were collected.
More specifically, we organise our data retention policy as follows :
| Data and purposes | Shelf life | | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Restaurant bookings, | 3 years following the last incoming contact | | Request to exercise rights | Time required to process the request, increased by 10 years of archival storage from the end of the financial year for mandatory storage and prescription periods. |
Please note that in the event of pre-litigation or litigation opposing you to PARIS SOCIETY, your personal data will be kept until the amicable settlement of the dispute or, failing this, until the legal prescription of the corresponding legal action has expired (5 years in civil and commercial matters).
9. Security of personal data
PARIS SOCIETY has set up technical and organisational measures adapted to the degree of sensitivity of personal data, in order to ensure the integrity and confidentiality of data and to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
Nevertheless, the security and confidentiality of personal data depend on the good practices of each individual, and the person concerned is therefore invited to remain vigilant on this issue.
10. Subcontracting
When PARIS SOCIETY uses a service provider, it only communicates personal data to the latter after having obtained a commitment and guarantees on its ability to meet these security and confidentiality requirements.
In compliance with our legal and regulatory obligations, we enter into contracts with our subcontractors which precisely define the terms and conditions under which they process personal data.
11. Your rights
PARIS SOCIETY is particularly concerned about respecting the rights granted to you in the context of the data processing that it implements, in order to guarantee fair and transparent processing in view of the particular circumstances and context in which your personal data is processed.
11.1 Your right of access
As such, you have confirmation that your personal data is or is not being processed and where it is, you have the right to request a copy of your data and information concerning:
- the purposes of the processing ;
- the categories of personal data concerned ;
- the recipients or categories of recipients and, where applicable, if such communications are to be made, the international organisations to which the personal data has been or will be communicated, in particular recipients established in third countries ;
- where possible, the period for which the personal data will be kept or, where this is not possible, the criteria used to determine this period ;
- the existence of the right to ask the controller to rectify or erase your personal data, the right to request a restriction on the processing of your personal data, the right to object to such processing;
- the right to lodge a complaint with a supervisory authority ;
- information about the source of the data when it is not collected directly from the data subjects ;
- the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and the expected consequences of this processing for the data subjects.
11.2 Your right to rectify your data
You may ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.
11.3 Your right to erase your data
You may ask us to delete your personal data in the cases provided for by legislation and regulations.
Your attention is drawn to the fact that the right to erasure of data is not a general right and that it will only be granted if one of the grounds provided for in the applicable regulation is present.
11.4 Your right to limit data processing
You may request that the processing of your personal data be restricted in the cases provided for by legislation and regulations.
11.5 Your right to object to data processing
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data for which the legal basis is the legitimate interest pursued by the controller (see article above on the legal basis for processing).
If you exercise such a right to object, we will ensure that we no longer process your personal data in connection with the processing concerned unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims. You have the right to object to personalised solicitation.
11.6 Your right to data portability
You have the right to the portability of your personal data. Please note that this is not a general right. Not all data from all processing operations is portable, and this right only applies to automated processing operations, to the exclusion of manual or paper processing.
This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.
This right does not include derived or inferred data, which are personal data created by the company.
11.7 Your right to withdraw consent
Where the processing of data by us is based on your consent, you may withdraw your consent at any time. We will then cease to process your personal data without affecting any previous operations for which you have given your consent.
11.8 Your right to lodge a complaint
You have the right to lodge a complaint with the CNIL (3 place de Fontenoy 75007 Paris) on French territory, without prejudice to any other administrative or legal remedy.
11.9 Your right to define post-mortem directives
You have the possibility of defining specific directives relating to the conservation, deletion and communication of your personal data after your death in accordance with the procedures set out below. These specific directives will only concern the processing carried out by us and will be limited to this area.
11.10 How to exercise your rights
All the rights listed above may be exercised at the following e-mail address donnees.privees@paris-society.com or by post to PARIS SOCIETY, 38 avenue des Champs Élysées 75008 PARIS, providing proof of your identity by any means.
12. Changes to this document
We invite you to consult this policy regularly. It may be updated from time to time.
Last updated on 17/12/2024