This Privacy Policy applies to the users (called hereafter the Users or you) of the website https://www.hotel-bb.com/ (called hereafter the Site) and the B&B hotels mobile applications (called hereafter the Applications) presenting the online B&B hotel room reservation platform (hereafter called the Platform). It is intended to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016, about the protection of individuals with regard to the processing of personal data and about the free movement of such data (hereafter referred to as the ‘Regulation’ or ‘GDPR’), on how your personal information may be collected and processed through our Website and Mobile Applications in connection with the reservation of hotel rooms in countries in which we have hotels and the B&B Hotels Club loyalty program.
The B&B Hotels group is fully committed to ensuring that the processing of personal data complies with the requirements of the GDPR.
The purpose of this privacy policy is to inform you about the categories of personal data that we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.
Respecting your privacy and your personal data is a priority for us, which is why we are committed to treating them in strict compliance with the Regulations and applicable national laws.
Adyen: refers to the online payment platform.
Application: refers to the B&B Hotels mobile applications produced and published by Casper BidCo.
Groupe B&B Hotels: refers to the holding company Casper BidCo, its subsidiaries as well as all B&B Hotels.
Platform: refers to the central online reservation system operated by Casper BidCo on the Site and the Applications.
Data Controller: refers to the company Casper BidCo in its capacity as the main Data Controller on the Site.
Services: refers to the services offered by Casper BidCo via the Platform. The Services are detailed in the general terms and conditions of use (T&Cs) accessible by clicking here.
Site: refers to the website accessible at the URL address https://www.hotel-bb.com/
Users: means any person who accesses or browses the Site and the Applications as well as all categories of users of the Platform.
Casper BidCo, which is one of the parent companies of the B&B Hotels group, whose legal notices can be accessed by clicking here, is the main Data Controller responsible for the processing carried out on the Site and the Applications.
Casper BidCo operates a central reservation system covering all the hotels in the list available here.
As part of the processing of reservations made through the Platform and the Applications, Casper BidCo is jointly responsible for processing your personal data with the companies that operate the hotels for which you reserve rooms (See the list of hotels here).
The companies in the list accessible by clicking here jointly manage the B&B Hotels Club loyalty program. The joint managers of the B&B Hotels Club loyalty programme are the companies in the list accessible by clicking here.
Finally, during the course of your reservation via the Platform, independent processing can be implemented by each of these joint managers. Information relating to these independent processing operations is provided to you directly by the managers concerned.
By using the Site, the Applications and the Services, you are agreeing to send us data and information, some of which may identify you and therefore constitute personal data (hereafter the Data).
This is particularly the case when you book a room on the Site or register for our loyalty program.
In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, notifications on the Platform and via our Cookie Management Tool.
When necessary, we undertake, depending on the circumstances, to obtain your consent and / or to allow you to object to the use of your data for certain purposes, such as for example, the possibility of knowing your geographical position, of sending you commercial marketing or placing third-party cookies on your devices (mobile phone, computer, tablet) for the purpose of monitoring the usage of our Site and our Application and to offer you targeted commercial offers and advertising based on of your areas of interest.
When collecting the Data, you will be informed whether certain Data is mandatory or if it is optional and the possible consequences of a failure to respond are indicated during Data collection(s) on the associated forms.
Data subject to processing is as follows:
The B&B Hotels group ensures that it only collects Data that is strictly necessary for the purposes for which it is processed.
Processing carried out by B&B Hotels Group meets an explicit, legitimate and determined purpose, which is based on the fulfillment of a contract, compliance with a legal or regulatory obligation, your consent or a legitimate interest.
When the legal basis used for the processing operations is based on the pursuit of a legitimate interest, you have the right, on request, to obtain information relating to the balancing of interests.
Your various data is collected and processed for the following purposes and on the following legal bases:
Monitoring the proper functioning and improvement of our Platform and our Services covers:
The B&B Hotels Group has a legitimate interest in assuring you the best experience on our Site and our Applications and the best quality of Services offered and relies on your consent for the deposit of cookies and knowledge of your geographical location.
Customer relationship management covers:
The B&B Hotels Group processes personal data relating to the management of Customer relations in fulfillment of contracts with its Customers.
B&B Hotels Group also has a legitimate interest in processing customer Data in order to provide the best possible commercial relationship, and to ensure the best quality of our Services.
The fulfillment of marketing operations covers:
The fulfillment of marketing operations is based on your consent.
B&B Hotels Group also has a legitimate interest in providing you with commercial offers, in particular when they relate to hotels in which you have already had reservations.
In this case, we ensure that:
Account management and carrying out related operations covers:
account management and the carrying out of associated operations are based on our legal obligations arising from the various accounting and / or tax regulations of different countries accessible here.
B&B Hotels Group also has a legitimate interest in ensuring the smooth running of the accounting operations carried out by Casper BidCo and all the companies operating hotels and joint data controllers.
The management and administration of the loyalty program are based on the legitimate interests of the companies, a list of which can be accessed by clicking here to reward your loyalty by giving you advantages in B&B hotels.
The B&B Hotels Group also has a contractual basis insofar as the processing is necessary for the fulfillment and implementation of the B&B Hotels Club loyalty program of which you are a member.
This processing covers all the operations necessary to monitor rights requests addressed to Casper BidCo or to the list of companies accessible by clicking here (qualification of the request, investigations, fulfillment of specific technical operations, etc.).
This only concerns cases where Casper BidCo and / or the list of companies accessible by clicking here act as data controller.
This processing is carried out on the basis of a legal obligation arising from articles 15 onwards of the GDPR and articles 48 onwards of the Data Protection Act.
We treat the Data we collect with the utmost care. Only Data which is strictly necessary will be communicated for processing to third parties.
Within the limits of their respective powers and for the purposes mentioned in Article 4, the primary people who are likely to have access to your Data are as follows:
Your personal data will not be communicated, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.
In our relations with our subcontractors within the meaning of the GDPR, we contractually ensure that they process the data in such a way as to guarantee their integrity, confidentiality and security.
We retain your data only as long as necessary for the purposes described in Article 4.
Data allowing the identification of Users on the Platform are retained for the duration of their registration.
Cookies and other commercial trackers may be placed on the User's terminal for a maximum period of 6 months. Beyond this period, the raw traffic data associated with an identified user is either deleted or anonymized.
The information collected through trackers is retained for a period of 25 months. Beyond this period, this Data is deleted or anonymized
Data used in the context of Customer relationship management is kept for the period necessary for the fulfillment of the contract.
This data is then archived for a period of 5 years for evidentiary purposes. Invoices and accounting data issued are retained for 10 years from their issue date.
If the contract is not concluded, a prospective customer's data is kept for a period of 3 years from its collection or from the last positive contact with the B&B Hotels group.
The Data used in the context of marketing operations is retained for a period of 3 years from the end of the commercial relationship if you are a customer or from your last contact if you are not yet a customer.
In the event that you have not purchased any products from our company or have not used your account for 27 months and have not subscribed to our newsletter, we will no longer retain your personal data for commercial purposes.
(i) Bank card
Data relating to bank cards is processed exclusively by Adyen, which only provides us with an identification token to process guarantees and payments for reservations. This partner's processing complies with the requirements of the PCI-DSS (Payment Card Industry Data Security Standards). Data relating to bank cards is deleted once the transaction has been completed, i.e. upon effective payment of the order. In the event of a subscription to the Services, bank details are kept:
It is noted that for payments by bank card, in accordance with Article L 133-24 of the Monetary and Financial Code, this Data may be kept in the archives of intermediaries for the purpose of proof in the event of a possible dispute of the transaction or claim, for a period of 13 months following the debit date (period extended to 15 months for deferred debit payment cards).
In any case, Data relating to the visual cryptogram is not stored and Data relating to the bank card used is deleted when its expiry date is reached.
(ii) Other external service providers specialising in payment and transaction services
(iii) Contentious and pre-litigation actions
As part of the management of a pre-litigation, the Data is deleted as soon as the dispute is settled out of court or, failing that, as soon as the corresponding legal action is prescribed.
The Data collected and processed in the context of litigation must be deleted when ordinary and extraordinary remedies are no longer possible against the decision rendered.
Data relating to the administration and management of the B&B Hotels Club loyalty program are kept for the duration of your membership in the programme. It is then archived for the penalty period applicable in the archive of an intermediary.
Data relating to the management of rights requests is retained for the entire time necessary to process the request. It is then archived for the penalty period applicable in the archive of an intermediary.
The B&B Hotels Group is a global organisation that provides its services in many countries. Cross-border Data sharing is therefore essential to our services so that you receive the same high quality service wherever you are in the world.
As such, and within the framework of the purposes indicated in Article 4 of this Policy, we may transfer your personal data to internal and external recipients who may be in countries outside the EU.
The B&B Hotels Group has therefore implemented appropriate measures to secure the transfer of your Data outside the EU.
All transfers of personal data are subject to a contract.
The transfer of personal data to countries that do not have equivalent personal data protection is governed by the standard contractual clauses defined and approved by the European Commission (art. 46 GDPR).
Data flows to the United States are only made to entities that have signed up to the Privacy Shield program.
You can access all of these documents by contacting our Data Protection Officer at the following email address: privacy@hotelbb.com or at the postal address: DPO Casper BidCo, HAAS AVOCATS, 32 rue la Boétie - 75008 Paris.
In accordance with the Data Protection Act and the GDPR, you have the following rights (find out more):
the right of access and information (article 15 GDPR), rectification (article 16 GDPR), update, completeness of your data
You can exercise your rights:
while proving your identity and a legitimate reason when this is required by law.
Finally, you can also lodge a complaint with the supervisory authorities and in particular the CNIL or any other competent authority.
In practice, technical cookies allow us to authenticate you, identify you, speed up your browsing on our Site and our Applications and access their various functions. They may collect data concerning the characteristics of your operating system, browser or terminal (computer, tablet or mobile phone). They also enable collection of data relating to your location (in particular the IP address).
The list of cookies, their purpose and the retention period is accessible here.
By default, by continuing to browse our Site or by using our Applications, you consent to the placement of these cookies. However, you can configure the settings of your browser software at any time to:
To do this, simply refer to your browser software and follow its instructions. For example:
Select the ‘Advanced’ button to bring up the ‘Advanced privacy settings’ window. Then tick the box ‘Ignore automatic management of cookies, then select ‘Refuse’ in the ‘Third party cookies’ column.
Set the ‘Conservation rules’ menu to ‘Use personalized parameters for history’. Finally, untick the box ‘Accept third-party cookies’.
You should then click on the ‘Content settings’ button then tick the box ‘Block cookies and data from third-party sites’, finally click on ‘OK’ to confirm the choice.
You are, however, informed that by choosing to block technical and functional cookies, you risk altering your browsing experience on our Site or our Applications.
For cookies other than purely technical, we have drawn up a Cookie Management Charter in order to inform you more specifically about their use accessible here.
When browsing our Site or our Applications, you can click on the icons dedicated to the social networks Twitter, Facebook and LinkedIn.
Social networks improve the usability of the Site and our Applications, and help promote them through sharing.
When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database independent of Twitter, Facebook and LinkedIn and do not use any data relating to your privacy in this way.
In order to limit third-party access to your personal information on Facebook, LinkedIn or Twitter, we invite you to configure your profiles and / or the nature of your publications via the dedicated areas on social media in order to limit the audience.
Casper BidCo respects the GDPR and the Data Protection Act in terms of security and confidentiality of your data.
We implement all the technical and organisational measures necessary to ensure the security of our processing of personal data and the confidentiality of the data we collect.
As such, we take all the necessary precautions with regard to the nature of the data and the risks presented by its processing to preserve its security and, in particular, to prevent the data from being distorted, damaged, or accessed by unauthorized third parties. These include physical protection of premises, authentication procedures for persons accessing data with personal and secure access via confidential usernames and passwords, secure https protocol, logging and traceability of connections, encryption of certain data and PCI-DSS (Payment Card Industry Data Security Standards).
For any question relating to this Policy or for any request relating to your Data, you can contact us by: