ACCOR HEARTIST SOLIDARITY PERSONAL DATA PROTECTION CHARTERAccor Heartist Solidarity, an endowment fund located at 82, rue Henri Farman, CS 20077, 92445 ISSY-LES-MOULINEAUX, processes some of the personal data of users of the websites http://solidarity-accorhotels.com/ and http://www.projets.solidarity-accor.com/fr/ ("the Websites").
In order to provide you with transparent information on this processing as well as on your rights relating thereto, Accor Heartist Solidarity has drawn up this Accor Heartist Solidarity Personal Data Protection Charter. It completes and forms an integral part of the Site's Legal Notice.
1. ACCOR's TEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
Accor Heartist Solidarity complies with the 10 principles established within the Accor Group, based on applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following ten principles throughout the AccorGroup:
- Lawfulness: We use personal data only if:
- we obtain the consent of the person, OR
- it is necessary to do so for the performance of a contract to which the person is a party, OR
- it is necessary for compliance with a legal obligation, OR
- it is necessary in order to protect the vital interests of the person, OR
- we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
- Fairness: We can explain why we need the personal data we collect.
- Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
- Transparency: We inform people about the way we use their personal data
- We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal datapposition au traitement des données.
- Storage limitation: We retain personal data for a limited period
- We ensure the security of personal data, i.e. its integrity and confidentiality.
- If a third party uses personal data, we make sure it has the capacity to protect that personal data.
- If personal data is transferred outside Europe, we ensure this transfer is covered by specific legal tools.
If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.
For any questions concerning the ten principles of Accordata protection policies, please contact the Data Privacy department whose details appear in the clause "Your rights".
2. WHAT PERSONAL DATA IS COLLECTED?
At various times, we may collect information about you, including the following:
• Contact details (for example, last name, first name, telephone number, email);
• Personal information (for example, nationality);
• Information about your title;
• Technical and location data you generate as a result of using our websites.
Good to know!
In the event that you make a donation, we do not collect your banking information. This information is processed by our payment provider, PayPal. For more information on how PayPal processes your data, please visit their website: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
PayPal does, however, provide us with the identity and contact details of the people who have made donations, as well as the amount of these donations, so that we can establish the tax receipts that it is necessary to present to the authorities if you wish to benefit from the tax reduction for the donations made (see article " WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT? »)
3. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?
The table below sets out why we process your data, the lawful basis for the processing and the associated retention period:
|Pupose/Activity||Lawful basis for processing including basis of legitimate interest||Retention period|
Managing your use of the Site:
• Managing your contact requests,
|Treatment necessary for the performance of a contract to which you are a party, as well as for the pursuit of our legitimate interest in providing you with the best possible services.||For the time required to process your application
For the duration of your registration plus one year.
Managing your donations :
|Processing necessary for the execution of a contract to which you are a party.
Processing necessary for the fulfillment of a legal obligation.
|3 years from the date you make your donation.
At the end of this period, we archive your data for a further 3 years, in order to comply with the applicable regulations.
|Study your requests for support||
Treatment necessary for the pursuit of our legitimate interest in selecting the projects we will support.
|3 years from the date you apply for support.|
Secure and improve your use of the Site, in particular:
|Processing necessary for the pursuit of our legitimate interest in managing our business, providing IT, administration and network security services.||13 months from the collection of the information.|
Comply with all applicable legislation, including:
|Treatment necessary to comply with a legal obligation.||For the duration set out in the applicable local legislation.|
4. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
Your personal data may be shared with internal and external recipients under the following conditions:
- We share your data with a number of authorised people and departments in the AccorGroup in order to offer you the best experience in our hotels. The following teams may have access to your data:
- IT departments
- Commercial partners and marketing services,
- Communication department,
- Generally, any appropriate person within AccorGroup entities for certain specific categories of personal data.
- With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your experience on the Websites, for example:
- External service providers: IT sub-contractors.
- With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.
We inform you that we do not collect your bank details.
5. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
Accor Heartist Solidarity does not transfer personal data to recipients in countries offering different levels of personal data protection.
However, if Accor Heartist Solidarity were to carry out such transfers, it undertakes to inform you by amending the present document and to implement appropriate measures in order to secure the transfer of your personal data to an Accor entity or an external recipient located in a country offering a level of protection different from that offered in the country in which the personal data is collected.
Data flows to countries without equivalent personal data protection would then be governed by the standard contractual clauses defined by the European Commission. Data flows to the United States could also be made to entities that have joined the Privacy Shield program.
6. DATA SECURITY
Accor Heartist Solidarity takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.
7. COOKIES AND OTHER TRACERS
8. YOUR RIGHTS
You have the right to obtain information about and access your personal data collected by Accor Heartist Solidarity, subject to applicable legal provisions.
Also you have the right to have your personal data rectified, erased or have the processing of it restricted. Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). You can also object to the processing of your personal data.
In the event that you wish to exercise any of your above rights, please contact the Data Privacy department for the AccorGroup directly by sending an email to firstname.lastname@example.org or by writing to the address below:
Accor Heartist Solidarity
82 rue Henri Farman - CS20077
92445 Issy-les-Moulineaux, Cedex
For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.
All requests will receive a response as swiftly as possible and in accordance with applicable law.
Last, you have the right to lodge a complaint with a data protection authority. For your information, you can contact Accordata protection officer by writing to email@example.com or to the above postal address.
We may modify this charter from time to time. Consequently, we recommend that you consult it regularly.
10. QUESTIONS AND CONTACTS
For any questions concerning this Personal Data Protection Charter, please contact the Data Privacy department (See clause "Your rights").