Application: means the B&B Hôtels mobile applications edited and published by Financière Sun
Platform: means the central online reservation system operated by Financière Sun on the Website and the Applications.
Services: means the services offered by Financière Sun via the Platform. The Services are specified in the general terms and conditions of use (GTCU) accessible by clicking here.
Website: means the website accessible at the URL address https://www.hotel-bb.com
Users: means any person who accesses or browses the Website and the Applications and all categories of users of the Platform.
Financière Sun is the main controller responsible for the processing carried out on the Website and the Applications.
In the framework of the processing of reservations made through the Platform, Financière Sun is joint data controller with the companies that operate the hotels whose rooms you reserve (See the list of hotels here).
The companies whose list is accessible by clicking here jointly manage the B&B Hotels Club loyalty program.
Lastly, in the extension of your reservation via the Platform, autonomous processing can be implemented by each of these joint controllers. The information concerning these autonomous processing operations is provided to you directly by the controllers concerned.
The data controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. When several people jointly determine the purposes and means of processing, they are the joint data controllers (or joint data controllers).
Financière Sun SAS is a simplified joint stock company with share capital of €171,488,150.80, whose corporate name is “Financière Sun”, located at 271 Rue du Général Paulet, 29200 Brest, registered in the Brest Corporate Register under number 809,776,198, and legally represented by its Chairman, legally domiciled in said registered office.
Financière Sun operates a central reservation system common to the hotels listed in the list available here, joint data controllers of the processing of your personal data in the framework of your reservations on the Platform and Applications.
Financière Sun has concluded with these joint data controllers a co-responsibility agreement stipulating their respective obligations, the outline of which is available on request by e-mail to firstname.lastname@example.org.
The joint data controllers of the B&B Hotels Club loyalty program are the companies whose list is accessible by clicking here:
These joint data controllers have concluded a co-responsibility agreement stipulating their respective obligations, the guidelines of which are available on request by mail to email@example.com.
Our Data Protection Officer (hereinafter "DPO") is there to answer all the requests, including for exercising of rights concerning your rights, concerning your personal data.
You can contact him:
DPO Financière Sun
32 Rue de la Boétie
Our DPO’s mission is to inform, advise and monitor the compliance of Financière Sun in the execution of the processing operations performed via the PLATFORM.
In accordance with data protection regulations, our DPO acts as a contact point:
In the framework of your visit to our Website, use our Applications or provision of our Services, we may collect personal data about you. Whatever the case, you are notified about the purposes for which your data is collected by us through the various forms for online data collection, the e-mails that you may be sent, notifications on the Platform or else via our Cookies Management System.
Your data is processed in accordance with the purposes envisaged at the time of the collection in compliance with the Framework concerning the processing of personal data carried out for the purposes of managing commercial activities published by the CNIL.
When this is necessary, we undertake, as the case may be, to obtain your consent and/or allow you to object to the use of your data for certain purposes, such as the possibility of knowing your geographic location, of sending you the commercial advertising or introducing third party cookies on your terminals (mobile phone, computer, tablet) for the purposes of audience measurement of our Website and our Application and to propose to you commercial offers and targeted advertisements based on your fields of interest.
When the legal basis used for processing operations is based on the pursuit of a legitimate interest, you have the possibility, on simple request, to obtain information regarding the weighing-up of the interests.
Your various items of data are collected and processed to:
The monitoring of the functioning and improvement of our Platform and our Services covers:
Our legitimate interest in providing you with the best experience whether on our Website and our Applications and the best quality possible for the Services offered. Your consent for introducing cookies and knowledge of your geographic location.
The management of the customer relationship covers:
Contractual: processing is necessary for the performance of certain services stipulated in the contract.
Our legitimate interest and that of the hotels you book is to provide you with the best commercial relationship possible, and to ensure the best quality possible for our Services.
The execution of marketing operations covers:
Your consent when this is necessary.
Our legitimate interest and that of the hotels in which you book rooms, to propose to you commercial offers, notably when this concerns hotels in which you have already had reservations. In this case, we ensure that:
Accounting management and the execution of related operations covers:
Our legal obligation arising from the different accounting and/or tax regulations of different countries accessible here.
Our legitimate interest in to ensure the proper execution of the accounting transactions by Financière Sun and all companies operating hotels and joint data controllers.
The legitimate interest of the companies whose list is accessible by clicking here is to reward your loyalty by providing you with benefits in the B&B hotels.
Contractual: the processing is necessary for the execution and implementation of the B&B Hôtels Club loyalty programme to which you adhere.
This processing covers all the operations necessary for the monitoring of requests for rights sent to Financière Sun or to the companies whose list is accessible by clicking here (qualification of the request, investigations, execution of specific technical operations, etc). It concerns only the case where Financière Sun and/or the companies whose list is accessible by clicking here act as data controller.
The legal obligation arising from Articles 15 and following of the GDPR and Articles 48 and following of the IT and Rights Law.
The compulsory or optional nature of the personal data collected and the possible consequences of a lack of response are indicated when they it is collected on the associated forms.
The companies the list of which is accessible by clicking here can also process your data for the management of the B&B Hôtels Club loyalty programme for which you subscribe.
You can check the details of the personal data that the companies the list of which is accessible by clicking here and hotels in which you stay and we ourselves may have on you below.
Details of the data collected
The details of the information provided below are intended to inform you about the categories of data that Financière Sun , the companies whose list is accessible by clicking here, as well as the hotels in which you stay are capable of processing in the framework of the management of the Website, the Applications and the B&B Hôtels Club loyalty programme
For the proper functioning and continuous improvement of the Website, the Applications, their functionality and the Services , the data capable of being processed is the following:
Data concerning your identity: title, surname, first name(s), address, telephone number, e-mail addresses, date of birth.
Data concerning your use of the Platform and Services, including the data communicated to our teams at the time of your requests. (Language preference, etc.)
Geographic location data
Your logs and connection data and identification data of IT equipment
For the management of the Customer relationship, the data capable of being processed is the following:
Data concerning your identity: title, surname, first name(s), address, telephone number, e-mail addresses, customer code, date of birth.
Data concerning your reservation : arrival and departure dates, data about the other occupants of the reserved rooms such as names and ages, preferences (smoking room, preferred floor, etc.)
Data concerning bill payments: means of payment, discounts granted, receipts, balances and unpaid bills
Your connection logs and connection data when this is necessary
For the execution of marketing operations, the data capable of being processed is the following:
Data concerning your identity: title, surname, first names, address, telephone number, e-mail addresses, customer code, date of birth.
Data concerning your professional life : business, job, location, type of needs identified
Geographic location data
If you are a Customer, the data concerning the offer for which you have subscribed.
Data collected via the cookies and other tracers for the purpose of audience measurement
For the accounting management and the execution of related operations, the data capable of being processed is the following:
Data concerning your identity: title, surname, first name (s), address, telephone number, e-mail addresses, customer code, date of birth.
Data concerning the transaction such as the number of the transaction, the details of the subscription, the good or the service subscribed
Your logs and connection data in order to measure the use of our services when this is necessary for carrying out billing operations
Payment data, namely:
- The data concerning the means of payment used by a Customer (bank card number, expiry date, cryptogram, processed exclusively by an Adyen which only provides us with an identification token for the guarantees and payments of the reservations
- The data concerning the payment of invoices: means of payment, discounts granted, receipts, balances and unpaid bills
For the administration and management of the B&B Hotels Club loyalty programme:
For the management of requests for rights arising from the GDPR and the amended IT and Rights Law, the data capable of being processed is the following:
Data concerning your identity: title, surname, first names, address, telephone number, e-mail addresses, customer code, date of birth. A copy of an identity document or equivalent may be kept for the purpose of proof of the exercising of a right of access, rectification or opposition or to meet a legal obligation.
Data concerning your request to exercise rights
Within the limit of their respective powers and for the purposes recalled in Article 6, the principal persons who may have access to your data are the following:
Certain categories of sub-contractors have access to the data collected:
Your personal data is not communicated, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.
In some cases, your personal information will be stored on servers located outside the EU or the EEA.
We are a global organisation that provides international services. Cross-border data sharing is essential to our services so that you receive the same high quality service wherever you are in the world. Consequently, the recipients of your personal data may also be located abroad, including outside of the EU or the EEA. We have taken appropriate measures to ensure that your data is kept secure through the conclusion of contracts with standard contractual clauses approved by the European Commission (Article 46 of the GDPR).
Furthermore, some of our sub-contractors located outside the EEA may perform this type of transfer. Financière Sun's has concluded contracts with the latter with standard contractual clauses or made sure of the validity of their registration with Privacy Shield when the latter adhered thereto (see above "Article 8 - recipient of your data" about the authorised staff of our sub-contractors).
You can request access to documents ensuring appropriate contractual guarantees by making a request to our Data Protection Officer by e-mail to firstname.lastname@example.org or by letter to:
DPO Financière Sun
32 Rue de la Boétie
For the proper functioning and continuous improvement of our Platform, its functionalities and the Services
The data allowing the identification of the Users on the Platform is kept for the duration of their registration.
The cookies and other commercial tracers can be introduced on the user's terminal for a maximum of 13 months. Beyond this period, the raw attendance data associated with an identifier is either deleted or anonymised.
The information collected through tracers is stored for a period of 25 months. Beyond this period, this data is deleted or anonymised
For customer relationship management
The data used in the framework of customer relationship management is kept for the duration necessary for the performance of the contract.
This data is then archived for a period of 5 years for the purposes of proof. The invoices and accounting data issued are kept for 10 years from their issuance.
If no contract is concluded, the data of a prospect is kept for a period of 3 years from its collection or the last contact positive with B&B Hôtels Group.
For the execution of marketing operations
The data used in the framework of marketing operations is kept for a period of 3 years from the end of the business relationship if you are a customer or from your last contact if you are not yet a customer.
In the event where you have not purchased products from our company or have not used your account for 27 months and you have not subscribed to our newsletter, we will no longer store your personal data for commercial purposes.
For accounting management and the execution of related operations
(i) Bank card
The data concerning bank cards is processed exclusively by Adyen which provides us only with an identification token to make guarantees and payments for the reservations. The processing of this partner complies with the constraints of the PCI-DSS standard (Payment Card Industry Data Security Standards). The data concerning the bank cards is deleted once the transaction has been completed, i.e. as soon as the order is actually paid. In case of subscription for the Services, the bank data is kept:
until termination of the subscription in the event of tacit renewal, subject to the applicable provisions and in particular to the information of the persons concerned before the renewal.
It is recalled that for payments by bank card, in accordance with Article L 133-24 of the Monetary and Financial Code, this data can be kept for the purpose of proof in the event of possible contesting of the transaction or complaint, in interim files, for a period of 13 months following the debit date (extended to 15 months for deferred debit payment cards).
In any event, the data concerning the visual cryptogram is not stored and the data concerning the bank card used is deleted when its expiration date is reached.
(ii) Litigation and pre-litigation actions
In the framework of the management of pre-litigation, the data is deleted as soon as the amicable settlement of the dispute is agreed or, failing this, upon statute-barring of the corresponding legal action.
The data collected and processed in the framework of litigation must be deleted when the ordinary and extraordinary remedies are no longer possible against the decision rendered.
For the administration and management of the B&B Hôtels Club loyalty programme:
The data concerning the administration and management of the B&B Hôtels Club loyalty programme is kept for the duration of your membership of the said programme. It is then archived for the duration of the criminal limitation period applicable in interim archiving.
For the management of requests for rights arising from the GDPR and the amended IT and Rights Law
The data concerning the management of requests for rights is kept for the duration necessary for the processing of the request. It is then archived for the duration of the criminal limitation period applicable in interim archiving.
In accordance with the IT and Rights Law and the GDPR, you have the following rights (find out more):
You can exercise your rights:
- by e-mail to email@example.com or by letter to:
DPO Financière Sun
32 Rue de la Boétie
by proving your identity and a legitimate reason when this is required by law.
Lastly, you can also file a complaint with the regulatory authorities, in particular the CNIL or any other competent authority
For the proper functioning of the Platform, the Website, the Applications and the Services, connection data (date, time, Internet address, protocol of the visitor's computer, page viewed) and cookies (small saved files on your computer) allowing you to identify yourself, memorise your consultations and benefit from audience measurements and statistics, in particular concerning the pages consulted.
In practice, technical cookies allow us to authenticate you, identify you, speed up your browsing on our Website and our Applications and access to their different functionalities. They may collect data concerning the characteristics of the operating system, browser or terminal (computer, tablet or mobile phone) that you use. They also make it possible to collect data concerning your location (in particular the IP address).
The list of cookies, their purpose and the storage period is available here.
By default, by continuing to browse our Website or by using our Applications, you agree to the introduction of these cookies. You can, however, at any time configure the parameters of your navigation software to:
To do this, you simply refer to your browsing software and follow its instructions. For example:
✔ With Internet Explorer ™: menu Tools ► Options internet ► Tab Confidentiality
Press the "Advanced " button to bring up the "Advanced privacy settings " window. Then tick the box "Ignore automatic cookie management", then select "Refuse " in the "Third party cookies " column.
✔ With Firefox ™: menu Tools ► Options ► Privacy tab
Set the " Storage rules " menu to " Use personalised settings for history ". Lastly, uncheck the box "Accept third-party cookies ".
✔ With Chrome ™: Menu ► Settings ► Show advanced settings (located at the bottom of the page).
Then click on the "Content settings " button then check the box "Block cookies and data from third-party sites ", then click on "OK " to confirm the choice.
✔ With Safari ™: Safari (logo settings) ► Preferences ► Security ► Display cookies ► Choose the desired options
✔ With Opera ™: menu Tools ► Preferences ► Advanced tab ► Cookies section ► Manage cookies ► Choose the desired options
For cookies other than purely technical ones, we have drafted a Cookie Management Charter in order to inform you more specifically of their use.
While browsing our Website or in our Applications, you can click on the icons dedicated to social networks such as Twitter, Facebook and LinkedIn.
Social networks allow us to improve the user-friendliness of the Website and our Applications and help promote them via sharing.
When you use these buttons, we can have access to personal information that you may have marked as public and accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database
independent from Twitter, Facebook and LinkedIn and do not exploit any data concerning your privacy in this way.
In order to limit third party access to your personal information presented on Facebook, LinkedIn or Twitter, we invite you to configure your profiles and/or the nature of your publications via the dedicated spaces on social media in order to limit the audience thereof.
Financière Sun complies with the GDPR and the French IT and Rights Law in terms of security and confidentiality of your data.
We take all the technical and organisational measures necessary to ensure the security of our processing of personal data and privacy of the data that we collect.
In this regard, we take all necessary precautions, given the nature of the data and of the risks presented by the processing to protect the security thereof and in particular to prevent the data from being distorted, damaged or unauthorised third parties having access to it (physical protection of premises, authentication procedures of the persons accessing data with personal and secure access through confidential identifiers and passwords, secure https protocol, logging and traceability of connections, encryption of certain data, PCI-DSS standard (Payment Card Industry Data Security Standards, etc).
You are however informed of the fact that by choosing to block technical and functional cookies, you risk seeing your browsing our Website or our Applications altered.