Privacy Policy
PRIVACY POLICY
1. Introduction
As an entity of the Elancia group, le Mas de Pierre company (“we”, “our”) offers its clients and prospects (“you”, “your”) hotel services, which notably include hotel, restaurant and SPA services, as well as special offers, gift boxes and associated newsletters.
This privacy policy describes, for all of our activities, our practices for collecting, using and transferring your personal data.
We are committed to ensuring the protection of your data in compliance with the General Data Protection Regulation (No. 2016/679) and the French Data Protection Act (No. 78-17).
The Data Controller is le Mas de Pierre company, a general partnership registered with the Grasse Trade and Companies Register under SIREN number 450.228.317, with its registered office for all matters relating to personal data at 265 Avenue des Etats du Languedoc, 34961 Montpellier Cedex 2, CS 99553.
The representative of the Data Controller is the hotel director, Mrs. Audrey Jorge.
2. The Collection of your Personal Data
Your data and that of the people accompanying you may be collected directly from you on the Mas de Pierre website (via information forms, reservation forms, cookies or the chatbot), or during your stay at Mas de Pierre (completed form, data provided orally…).
Due to the nature of the services offered, your data may be collected by other entities to be transmitted to us, mainly sites, providers and booking platforms. We may also collect data from affiliated entities, business partners, subcontractors and service providers if their personal data protection policies allow it. In any case, your data will not be collected from a publicly accessible source.
Given the above, this Privacy Policy aims to inform not only the individuals whose data is directly collected, but also those whose data is indirectly collected by and/or for Mas de Pierre, in accordance with Articles 13 and 14 of the General Data Protection Regulation (No. 2016/679).
3. The Personal Data We Process
The term “personal data” refers to any information that allows direct or indirect identification of a natural person. This is the case for a name or surname, but also for the language you speak, the details of your reservation, your license plate, etc.
The term “purpose” refers to the reason why we process your personal data.
The term “legal basis” refers to the legal foundation on which the processing of your data is based. Any processing must necessarily be based on a legal basis to be lawful.
No data collected and processed by Mas de Pierre is subject to processing for a subsequent purpose other than that indicated in the tables below.
Summary Table of the Categories of Data Processed, the Purpose of Processing and Retention Periods:
| Purpose | Categories of data processed | Retention period |
| Protection of the establishment through video surveillance | Images and all data deducible from them | 15 days on Mas de Pierre servers |
| Reservation, provision and payment of offered services | Identification data and contact details
Banking data Health data |
10 years from the operation (billing data)
Data necessary for payment is kept from the credit card imprint (if applicable) to the effective payment, and may be kept longer if consent is given For the duration of the service provision, particularly for SPA or restaurant, and retention of the health form for 13 months if client consent is given |
| Conducting satisfaction surveys by sending questionnaires | Identification data and contact details
Responses to questionnaires (pre and post stay) |
This data is anonymized after processing by the provider and before publication of the review
3 years from the last service or last contact |
| Complaint management | Identification data, contact details, stay-related information, content of the complaint | During the processing of the request, then 5 years for evidentiary purposes |
| Litigation management | Any relevant data in the context of the litigation | At the latest until the prescription of the corresponding action
Court decisions are kept indefinitely |
| Digital marketing | Selected targeting criteria | Data is held by marketing service providers (social networks and search engines) according to the durations defined by each |
| Management of contractual partners of the Data Controller | Professional identification data of partner personnel | Duration of the contract with the contractual partner, then 5 years for evidentiary purposes |
| Website management and operation | Mandatory connection data for proper site functioning / necessary cookies
Data entered in the chatbot Velma |
13 months maximum
6 months |
| Cookie management | Necessary cookie data, including: location, page tracking, clicked links… | 6 months maximum |
| Conducting satisfaction surveys by sending questionnaires | Data required by Article R814-2 of the Code on the Entry and Residence of Foreigners and Right of Asylum | Duration imposed by Article R814-3 of the Code on the Entry and Residence of Foreigners and Right of Asylum (6 months) |
| General accounting | Elements appearing on invoices | Duration imposed by Article L123-22 of the Commercial Code (10 years) |
| Exercise of GDPR rights (recalled below) |
Identification data and contact details, relevant data in processing the request | During the processing of the request, then 5 years for evidentiary purposes |
Summary Table of Legal Bases Associated with each Purpose:
| Legal basis | Associated purposes | Details |
| Contractual performance | Reservation, provision and payment of services
Management of contractual partners |
N/A |
| Legitimate interest | Protection of the establishment through video surveillance
Provision of Wi-Fi connection throughout the premises Satisfaction survey Management of necessary cookies or those exempt from consent Management of trackers and similar online tracking technologies (excluding cookies) Social media management Management of complaints and disputes Digital marketing |
Security of property and persons
Improvement of service through provision of internet access Seeking service improvement through feedback collection Proper functioning of the site and audience measurement Management of external communication and personalized advertising Monitoring, research, and improvement of customer experience Defense of the Data Controller’s interests in court Management of external marketing through targeted advertising |
| Consent | Any health data regardless of purpose
Any banking data for retention beyond service execution regardless of purpose Management of cookies (non-essential) Management and sending of newsletters |
N/A |
| Legal obligation | General accounting
Police record Maintenance of a single personnel register Exercise of individual rights guaranteed by GDPR |
This includes billing data resulting from certain contractual executions |
We also recommend that you provide as little information as possible about other people or about your and their health during your navigation on the site (especially when using the chatbot) and, in general, during your stay.
4. COOKIES AND OTHER WEB TECHNOLOGIES
We collect data through cookies, trackers, and other similar technologies (web beacons).
Cookies are small text files that are automatically copied to your computer or mobile device when you visit a website. These cookies contain basic information about your Internet usage. Your browser sends these “cookies” to our website each time you visit it so that your computer or mobile device is recognized and your browsing experience is personalized and improved.
Some cookies are called “necessary”, meaning that the website cannot function and display on your device without them.
Others are called “non-necessary”, and are aimed at establishing visitor statistics, or personalizing and improving your browsing experience and targeting the ads you see. These will only be placed on your browser if you expressly accept them.
You can control your consent to non-necessary cookies through a dropdown banner that appears during your first visit to the site, and then at any time by clicking on the “cookie settings” bar that appears at the bottom right of your screen while browsing our site.
The lists of cookies and trackers, as well as their purposes, and those of the partners installing them, are available in the “configure your choices” and “view partners” tabs of the dropdown banner.
Furthermore, our website may contain links to third-party websites, applications and “plug-ins”. If you access other websites from the links provided on our website, the operators of these sites may collect or share information about you. This information will be used by these operators in accordance with their privacy policy, which may differ from ours. We invite you to read these privacy policies and to refer directly to these third parties if you have any questions regarding their practices
5. SOURCES PROVIDING US WITH YOUR DATA AND RECIPIENTS
When we do not collect your data directly, it is transmitted to us by our subcontractors and partners, mainly the booking platforms that offer our services: travel agencies, tour operators, online travel agencies (especially online booking platforms)…
Within Le Mas de Pierre, your data is only accessible to people who strictly need to know it. It may be shared with the following categories of recipients:
- Intragroup: other companies of the Elancia Group, particularly Socri Financière Hôtelière and Elancia companies, mainly for marketing, accounting, HR, and legal aspects.
- Official bodies: in order to fulfill and satisfy our legal obligations, your data may be transmitted to such bodies, such as:
- Police services (example: video surveillance images handed over to a judicial police officer, upon requisition).
- Judicial bodies (example: all elements necessary for the legal defense of Le Mas de Pierre such as the invoice and details of the stay).
- Control bodies (example: billing elements for auditors).
- Website: your data may be shared with our service providers who operate our website (e.g., audience measurement) or allow us to offer our online services (e.g., automatic redirection to our online payment provider).
- Satisfaction surveys and newsletter: your data may be shared with our service providers who offer us these services
6. Data Security and International Transfers
We have implemented technical and organizational measures adapted to the sensitivity level of personal data, to ensure the integrity and confidentiality of the data and to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
We regularly conduct audits to verify the proper operational application of data security rules.
To meet these commitments, our service providers and subcontractors are carefully selected and are required to maintain a level of personal data protection at least equivalent to ours.
For example, our Consent Management Platform provider (the banner allowing you to make your cookie choices) was chosen because it anonymizes data collected by non-necessary cookies before communicating it to Google Analytics.
In this way, your data does not transit through the United States (a country considered not to offer an equivalent level of data protection to the EU).
For some providers, data is transferred outside the European Union, to countries that are not subject to adequacy decisions by the European Commission, such as the United States.
In these cases, we only choose providers who have adopted SCCs (Standard Contractual Clauses) or obtained certifications (e.g., Data Privacy Framework) to best protect your data.
Additionally, we implement organizational measures on our end to limit and secure data transfers as much as possible.
7. Your Rights
In accordance with data protection regulations, you have the following rights regarding your personal data:
- Rights of access, rectification, and erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability,
- Right not to be subject to automated processing or profiling. However, regarding the processing carried out by (or for) Le Mas de Pierre, none constitutes automated processing or profiling that has a significant legal impact on you.
You can exercise your rights or request additional information through the following means:
- By email by contacting info@lemasdepierre.com
- By mail to the following postal address: 265 Avenue des Etats du Languedoc, CS 99553, 34961 Montpellier Cedex 2
- At the hotel reception
If you would like more information or if you believe, despite our responses, that they are insufficient, or that data processing is unlawful, you can contact the National Commission for Information Technology and Civil Liberties (https://www.cnil.fr/fr/plaintes).
8. Retention Period of Personal Data
We retain your personal data for the period necessary for the purposes for which we collected it, including satisfying any legal or accounting requirement and any legal obligation of accountability.
9. CHANGES TO THE PRIVACY POLICY
We may modify, update and/or replace this privacy policy, particularly in the event of changes to regulations regarding the protection of personal data. We therefore recommend that you regularly consult this personal data protection policy to be aware of its latest version.
2024 LeMasdePierre. All rights reserved