Latest update – 31/03/22
The General Data Protection Regulation, or GDPR, is applicable in the European Union from the 25th of May 2018.
The implementation of this regulation is an opportunity for the Odalys Group to confirm, via this Charter which is incorporated in the General Booking Conditions, the principles that guide the usage of your personal data.
This charter may be updated regularly, in particular to take account of any changes in the regulations or to incorporate new organizational methods within the Odalys Group.
DEFINITION OF PERSONAL DATA
Personal data is information in a format that identifies, directly (name, first name) or indirectly (login, telephone number, biometric data, etc.), an individual.
Examples: name, photograph, IP address, telephone number, computer login (account login / password), postal address, email.
PROCESSING OF PERSONAL DATA
The processing of personal data may consist of collecting, recording, organizing, storing, adapting, modifying, extracting, consulting, using or communicating personal data as defined above.
SCOPE OF THE CHARTER
This Charter applies to all processing of personal data implemented by all companies within the Odalys Group (the tourism holding company and all of its subsidiaries) in our establishments (tourist residences, business residences, student residences, campsites, …), on our booking websites and, in general, in the relationships between the Odalys Group and all of its customers.
PERSONAL DATA COLLECTED BY ODALYS
This could be :
- Your details and your marital status (name, surname, date of birth, nationality, postal address, email address, phone number, car license plate).
- The names of the people who are staying with you.In the case of minors, we collect, via an accompanying adult, only their name, first name, nationality and date of birth.
- Information about your means of payment (credit card number).
- Your holiday dates.
- Your preferences during your stay (eg. orientation of the apartment, type of beds) and related activities (eg. reservation of ski equipment or ski passes).
- Certain restrictions that must be taken into account during your stay (eg. people with reduced mobility).
- Your IP address, the browser you are using and your language settings.
- The way you browse our website (pages visited, clicks).
WHEN ARE PERSONAL DATA COLLECTED?
Personal data are collected:
- When booking a stay, whether this reservation is direct or that it intervenes via a third party (tour operators, works councils, travel agencies, …), that it takes place physically, by mail, online or on the telephone and that it concerns a site managed directly by Odalys or a site managed by a accommodation provider.
- When consuming additional services in our facilities (excursions, catering, bar).
- During claims or litigations.
- When participating in satisfaction surveys.
- When participating in quizzes/competitions.
- When subscribing to newsletters.
- When connecting to our websites (IP address, cookies).
- When viewing our pages on social networks.
- When transferring some information about you to certain providers (eg. banks for payments, routers for sending catalogues or marketing providers).
FOR WHAT PURPOSE DO WE COLLECT PERSONAL DATA?
Personal data are collected to:
- Know you better.
- Communicate with you.
- Manage our relationship (bookings, special requests, during the stay, after-stay).
- Ensure the promotion of our brands.
- Offer you at all times a quality customer service that allows you to take advantage of customized offers that best meet your expectations, as reflected in your wishes, user habits and comments.
- Carry out within this framework and with this objective, analysis and studies aimed at qualifying / enriching the customer database via a better knowledge of your interests.
- Extract, analyse and combine data.
- Establish statistics.
- Manage any possible complaints.
- Secure the payments you make.
- Ensure the accounting follow-up of your consumptions of additional services (catering, bar, excursions, ski equipment rental, purchase of ski passes…).
- Secure and improve the use and navigation on Odalys Group websites.
- Respect the legal and regulatory environment in which the Odalys Group operates (response to a request from the authorities, handling of disputes, monitoring of compliance with applicable regulations).
- Prevent fraud.
- Organize quizzes /competitions.
ODALYS’ 10 DATA PROTECTION COMMITMENTS
- To collect no information that is not strictly necessary for the conduct of our activities, for the satisfaction of our customers and for the improvement of our products and services.
- To collect no so-called “sensitive” information relating to : the allegedly racial or ethnic origins; political, philosophical, religious opinions; union membership; sexual orientation; health conditions; genetic or biometric data; criminal offenses or conviction.
- To limit as much as possible the number of personnel within the Odalys Group having access to personal data by providing specific authorizations in the departments concerned (sales department, facility operators, accounting, IT department, marketing department, legal department). To initiate in-house awareness campaigns on a large scale on the protection of your privacy.
- To keep data only for a duration compatible with the purposes of the treatment or with our legal obligations: 13 months for cookies (from the last login), 5 years for other personal data (from the last transaction).
- To transfer no data outside the European Union.
- To guarantee at any time the right to exercise the rights held concerning your personal data:
- Right to access.
- Right of opposition.
- Right of rectification.
- Right to erasure.
- Right to limitation.
- Right to portability.
To exercise your rights, you can contact us at the following email address:
In this case, you will be asked to provide identification in order to exercise your rights.
The deadline for responding to a completed request is 2 months.
- Confidentiality and security
To make every effort at all times, online, physically and organisationally, to protect your personal data against any use that has not been authorized, as a result of intrusion, accidental or voluntary, into our information systems, including our payment systems.
For example: setting up firewalls, using Secure Socket Layer technology on credit card payments, setting up passwords on all computers with access to personal data.
To make sure that the providers (marketers, hosts, marketing providers,…) to which we transfer your personal data, strictly respect the regulations of the RGPD.
To collect your clear and unambiguous consent to the use of your data.
To offer you at any time the opportunity to refuse to receive messages from us (via an unsubscribe link).
- Designation of a Data Protection Officer (DPO) – Responsible for the files
The Odalys Group has appointed a DPO (Delegate for Data Protection).
The company “Odalys Résidences” is the file manager.
The email address of the DPO is:
Délégué à la protection des données
655, rue René Descartes,
Parc de la Duranne – BP 412
13591 AIX EN PROVENCE Cedex