Updated on 05/06/2023
This Privacy Policy is intended for users (hereinafter referred to as Users or you) of the website https://www.hotel-bb.com/ (hereinafter referred to as the Site) and the B&B HOTELS mobile applications (hereinafter referred to as the Applications) presenting the online B&B hotel room reservation platform (hereinafter referred to as the Platform). Its purpose is to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation" or "GDPR"), about how your personal information may be collected and processed through our Website and Mobile Applications in the context of booking hotel rooms in the countries in which we have hotels and the B&B HOTELS Club loyalty programme.
The B&B HOTELS group is fully committed to the compliance of personal data processing with the requirements of the GDPR.
The purpose of this privacy policy is to inform you about the categories of personal data we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.
Your privacy and the protection of your personal data is a priority for us, which is why we are committed to processing your personal data in strict compliance with the Regulation and the applicable national laws.
Adyen: refers to the online payment platform
Application: refers to the B&B HOTELS mobile applications published by Casper BidCo
B&B HOTELS Group: refers to the Casper BidCo holding company, its subsidiaries and all the B&B HOTELS hotels
Platform: refers to the central online booking system operated by Casper BidCo on the Site and the Applications.
Data controller: refers to Casper BidCo in its capacity as the main data controller on the Site
Services: refers to the services offered by Casper BidCo via the Platform. The Services are detailed in the General Terms and Conditions of Use (GTCU), which can be accessed by clicking here.
Site: refers to the website accessible at the URL address https://www.hotel-bb.com/
Users: refers to any person accessing or browsing the Site and the Applications, as well as all the categories of users of the Platform.
Casper BidCo, which is one of the parent companies of the B&B Hotels group, whose legal notice can be accessed by clicking here, is the main party responsible for the processing carried out on the Site and the Applications.
Casper BidCo operates a central reservation system common to the hotels listed here.
As part of the processing of bookings made through the Platform and the Applications, Casper BidCo is jointly responsible for processing your personal data with the companies that operate the hotels whose rooms you book (See the list of hotels here).
The companies, of which the list is available by clicking here, jointly manage the B&B HOTELS Club loyalty programme. The joint controllers of the B&B HOTELS Club loyalty programme are the companies whose list can be accessed by clicking here.
Finally, as an extension of your reservation via the Platform, autonomous processing operations may be carried out by each of these joint controllers. Information relating to these autonomous processing operations is provided to you directly by the controllers concerned.
Read more
Legal reminder:
The data controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. Where several persons jointly determine the purposes and means of a processing operation, they are joint data controllers (or co-controllers).
CASPER BidCo is a simplified joint stock company with a single shareholder, with a capital of 12,129,635.92 Euros, located at 29 boulevard Romain Rolland 92120 Montrouge, registered in the Nanterre Register of Companies under the number 850 790 908, legally represented by its Chairman, domiciled at the said headquarters.
CASPER BidCo operates a central booking system shared by the hotels listed here, which are jointly responsible for the processing your personal data in the context of your reservations on the Platform and the Applications.
CASPER BidCo has entered into a joint liability agreement with these joint controllers setting out their respective obligations, the outline of which is available on request sent by email to privacy@hotelbb.com.
The joint controllers of the B&B HOTELS Club loyalty programme are the companies listed here:
These joint controllers have signed a joint liability agreement setting out their respective obligations, the broad outlines of which are available on request sent by email to privacy@hotelbb.com.
This privacy policy concerns the processing of data carried out by CASPER BidCo and its joint controllers via the Site and the Applications in the context of hotel room reservations and the B&B HOTELS Club loyalty programme.
When you visit our Site, use our Applications or provide our Services, we may collect personal data about you.
In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.
Read more
Your data is processed in accordance with the purposes set out at the time of collection and in compliance with the CNIL's guidelines on the processing of personal data for the purposes of managing commercial activities.
Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.
When you use the Site, the Applications and the Services, you are required to send us data and information, some of which may identify you and therefore constitute personal data (hereinafter referred to as the Data).
This is particularly the case when you book a room on the Site or register for our loyalty programme.
In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.
Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.
At the time of collection of the Data, you will be informed whether certain Data must be filled in or whether it is optional and the possible consequences of a failure to reply are indicated at the time of its collection on the associated forms.
The data being processed is as follows:
In some countries that use facial recognition technology when booking online, the following data is processed:
The B&B HOTELS group ensures that it only collects Data that is strictly necessary for the purpose for which it is processed.
The processing carried out by the B&B HOTELS Group satisfies an explicit, legitimate and determined purpose, which is based on the execution of a contract, compliance with a legal or regulatory obligation, your consent or legitimate interest.
Where the legal basis for the processing operations is based on the pursuit of a legitimate interest, you have the possibility, upon simple request, to obtain information on the balancing of interests.
Your different data is collected and processed for the following legal bases and purposes:
Monitoring the proper operation and improvement of our Platform and Services covers:
The B&B HOTELS Group has a legitimate interest in providing you with the best possible experience on our Website and Applications and the best possible quality of Services offered and relies on your consent for the deposit of cookies and knowledge of your geographical position.
Client relationship management covers:
The B&B HOTELS Group processes personal data relating to the management of the Client relationship in the execution of contracts concluded with its Clients and on the basis of consent regarding the data collected in the context of facial recognition technology.
The B&B HOTELS Group also has a legitimate interest in processing the Data of its clients in order to provide them with the best possible commercial relationship and to ensure the best possible quality of our Services.
Carrying out the marketing operations covers:
Marketing operations are carried out with your consent.
The B&B HOTELS Group also has a legitimate interest in providing you with commercial offers, particularly when this concerns hotels where you have already made reservations.
In this case, we ensure that:
Accounting management and carrying out related operations covers:
Accounting management and the performance of related operations are based on our legal obligation arising from the various accounting and/or tax regulations of different countries, which can be accessed here.
The B&B HOTELS Group also has a legitimate interest in ensuring the smooth running of accounting operations carried out by Casper BidCo and all companies operating hotels and responsible for joint processing.
The management and administration of the loyalty programme is based on the legitimate interests of the companies the list of which can be accessed by clicking here. to reward your loyalty by offering you advantages at B&B hotels.
The B&B HOTELS Group also has a contractual basis insofar as the processing is necessary for the execution and implementation of the B&B HOTELS Club loyalty programme to which you belong.
This processing covers all operations necessary for the follow-up of requests for rights sent to Casper BidCo or to the companies whose list is accessible by clicking here (qualification of the request, investigations, execution of specific technical operations...).
It only applies to cases where Casper BidCo and/or the companies listed here are acting as data controller.
This processing is carried out on the basis of a legal obligation arising from Articles 15 et seq. of the GDPR and Articles 48 et seq. of the French Data Protection Act.
We treat the Data we collect with the utmost care. Only strictly necessary Data will be communicated to third-parties for processing.
Within the limits of their respective attributions and for the purposes mentioned in article 4, the main persons who may have access to your Data are as follows:
Your personal data will not be disclosed, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.
In our dealings with our subcontractors within the meaning of the GDPR, we contractually ensure that they process the data in a way that guarantees its integrity, confidentiality and security.
We only keep your data for as long as is necessary for the purposes as described in Article 5. Click below for more details.
Data enabling Users to be identified on the Platform is kept for the entire duration of their registration.
Cookies and other commercial tracers may be deposited on the User's terminal for a maximum period of6 months. After this period, the raw traffic data associated with an identifier is either deleted or anonymised.
The information collected through tracers is kept for a period of 25 months. After this period, this Data is deleted or anonymised
The Data used to manage the Client relationship is kept for as long as is necessary to fulfil the contract.
This data is then archived for a period of 5 years for evidential purposes. The issued invoices and accounting data is kept for 10 years from the date of issue.
The biometric data relating to facial features collected using facial recognition technology is destroyed once the software has compared the facial features with the photograph in the identity document (processing time 2 to 3 seconds).
The personal data contained in the String and the copy of the identity document will be kept exclusively in encrypted form for a maximum period of 24 hours after your arrival at the hotel. Under no circumstances can this retention period exceed 72 hours from receipt of the e-mail notifying you of the possibility of checking in online 48 hours before your arrival at the Hotel.
Please note that if the identity check carried out using the online registration procedure fails, all your Personal Data will be immediately and irreversibly deleted.
Finally, in the absence of the conclusion of a contract, a prospect's data is kept for a period of 3 years from the date of collection or the last positive contact with the B&B HOTELS group.
Data used for marketing purposes is kept for a period of 3 years from the end of the commercial relationship if you are a client or from your last contact if you are not yet a client.
If you have not purchased any products from us or used your account for 27 months and have not subscribed to our newsletter, we will no longer keep your personal data for commercial purposes.
Data relating to bank cards is processed exclusively by Adyen, which only provides us with a token for guaranteeing and paying for bookings. The processing carried out by this partner complies with the requirements of the PCI-DSS (Payment Card Industry Data Security Standards). Bank card details are deleted once the transaction has been completed, i.e. as soon as the order has been paid for. If you subscribe to the Services, your bank details will be kept:
It should be noted that for payments by bank card, in accordance with article L 133-24 of the French Monetary and Financial Code, this Data may be kept for evidence purposes in the event of any dispute regarding the transaction or claim, in intermediate archives, for a period of 13 months following the debit date (extended to 15 months for deferred debit payment cards).
Our payment service-provider Adyen may retain transaction data for 7 years in accordance with its legal or regulatory obligations.
In any event, the Data relating to the visual cryptogram is not stored and the Data relating to the bank card used is deleted when its expiry date is reached.
In the context of pre-litigation management, the Data will be deleted as soon as the dispute has been settled amicably or, failing that as soon as the corresponding legal action has become time-barred.
Data collected and processed in the context of a dispute must be deleted when the ordinary and extraordinary remedies are no longer available against the delivered decision.
Data relating to the administration and management of the B&B HOTELS Club loyalty programme is kept for the entire duration of your membership of the said programme. It is then archived for the duration of the penal provisions applicable to intermediate storage.
Data relating to the management of requests of rights is kept for as long as necessary to process the request. It is then archived for the duration of the penal provisions applicable to intermediate storage.
The B&B HOTELS Group is a global organisation providing services in many countries. Cross-border data sharing is therefore essential to our services so that you receive the same high-quality service wherever you are in the world.
In this respect, and for the purposes indicated in Article 5 of this Policy, we may transfer your personal data to internal and external recipients who may be located in countries outside the EU.
The B&B HOTELS Group has therefore implemented suitable measures to secure the transfer of your Data outside the EU.
All transfers of personal data are the subject of a contract.
The transfer of personal data to countries not having equivalent personal data protection is governed by the standard contractual clauses defined and approved by the European Commission(art. 46 GDPR).
You can have access to all these documents by emailing our Data Protection Officer at privacy@hotelbb.com or writing to the following postal address: DPO Casper BidCo, HAAS Lawyers, 6 rue de Saint Pétersbourg – 75008 Paris.
If you choose to make a booking using facial recognition technology, your identity will be verified in an entirely automated manner.
The joint data controllers will use a non-definitive and optional fully automated procedure to check the validity of your identity document and the correspondence between the image on your identity document and your face.
In all cases, you will be able to contest the decision taken by sending an e-mail to privacy@hotelbb.com. But, above all, in all cases, if the identification procedure fails, you will be able to keep your booking and then check in at the hotel reception desk with the staff in charge of this procedure.
In accordance with the French Data Protection Act and the GDPR, you have the following rights (read more):
- right of access and information (article 15 GDPR) right of rectification (article 16 GDPR) right to update and the right to complete your data
- right to delete (or “right to be forgotten”) your personal data (article 17 of the GDPR), if it is inaccurate, incomplete, ambiguous, out-of-date, or if its collection, use, disclosure or retention is prohibited
- right to withdraw your consent at any time (article 7 of the GDPR);
- right to restrict the processing of your data (article 18 of the GDPR)
- right to object to the processing of your data (Article 21 GDPR)
- the right to portability of the data you have provided to us, where your data undergoes automated processing based on your consent or on a contract (Article 20 GDPR)
- right not to be the subject of a decision based solely on automated processing (article 22 of the GDPR); no final decision based exclusively on automated processing is currently applied by the B&B HOTELS Group
- the right to determine what happens to your data after your death and to choose whether or not we disclose your data to a third-party that you have designated (article 85 LIL). In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.
You can exercise your rights in one of the following ways:
- by e-mail to privacy@hotelbb.com,
- by post to DPO Casper BidCo - HAAS AVOCATS, 6 rue de Saint Pétersbourg, 75008 Paris, France
by proving your identity and providing a legitimate reason when required by law.
Finally, you can also lodge a complaint with the supervisory authorities and in particular the CNIL or any other competent authority.
In practice, technical cookies enable us to authenticate you, identify you, speed up your browsing on our Site and Applications and access their various functions. They may collect data about the features of the operating system, browser or terminal (computer, tablet or mobile phone) that you use. They also allow the collection of data relating to your location (in particular your IP address).
The list of cookies, their purpose and retention period is available here.
By default, by continuing to browse our Site or using our Applications, you consent to the deposit of these cookies. However, you can configure the settings of your browser software at any time to:
To do this, simply refer to your browser software and follow its instructions. For example:
Press the "Advanced " button to bring up the “Advanced privacy settings " window. Then tick the "Ignore automatic cookie management" box, and select "Refuse" in the "Third-party cookies" column.
Configure the "Retention rules "menu to "Use custom settings for history ". Finally, uncheck the "Accept third-party cookies " box.
Then click on the "Content settings " button, then tick the "Block cookies and data from third-party sites " box and then click on "OK " to confirm your choice.
For cookies other than purely technical ones, we have drawn up a Cookies Management Charter to inform you more specifically about their use, which can be accessed here.
When browsing our Site or our Applications, you may click on the icons dedicated to Twitter, Facebook and LinkedIn.
Social networks help to improve the user-friendliness of the Site and our Applications, and help to promote them through sharing.
When you use these buttons, we may have access to personal information that you have indicated as public and which is accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database independent of Twitter, Facebook and LinkedIn and do not use any data relating to your private life in this way.
In order to limit access by third-parties to your personal information on Facebook, LinkedIn or Twitter, we encourage you to configure your profiles and/or the nature of your publications via the dedicated spaces on social media with the aim of limiting the audience.
Casper BidCo complies with the GDPR and the French Data Protection Act regarding the security and confidentiality of your data.
We implement all the necessary technical and organisational measures to ensure the security of our personal data processing operations and the confidentiality of the data we collect.
In this respect, we take all the necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve its security and, in particular, to prevent the data from being distorted, damaged or accessed by unauthorised third-parties (physical protection of the premises, authentication procedures for persons accessing the data with personal and secure access via confidential identifiers and passwords, secure https protocol, logging and traceability of connections, encryption of certain data, PCI-DSS (Payment Card Industry Data Security Standards, etc.).
If you have any questions about this Policy or any requests relating to your Data, you can contact us by:
- Sending an email to our Data Protection Officer at privacy@hotelbb.com
- Sending a letter to the following address: DPO Casper BidCo -HAAS AVOCATS, 6 rue de Saint Pétersbourg-75008 PARIS
Read more
Our DPO's mission is to inform, advise and monitor CASPER BidCo's compliance in the execution of the processing operations carried out via the Platform.
In accordance with the data protection regulations, our DPO acts as a contact point: