Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B Hotels
  2. Privacy policy
Close
Please fill in the destination field
There are no suggestions
Please select period for 20 days max
Start date cannot be set in the past.

Please select period for 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
For travelers with corporate contract
  • Destination
  • FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

Privacy policy

Preamble

This Privacy Policy applies to the users (called hereafter the Users or you) of the website https://www.hotel-bb.com/ (called hereafter the Site) and the B&B hotels mobile applications (called hereafter the Applications) presenting the online B&B hotel room reservation platform (hereafter called the Platform). It is intended to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016, about the protection of individuals with regard to the processing of personal data and about the free movement of such data (hereafter referred to as the ‘Regulation’ or ‘GDPR’), on how your personal information may be collected and processed through our Website and Mobile Applications in connection with the reservation of hotel rooms in countries in which we have hotels and the B&B Hotels Club loyalty program.

The B&B Hotels group is fully committed to ensuring that the processing of personal data complies with the requirements of the GDPR.

The purpose of this privacy policy is to inform you about the categories of personal data that we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.

Respecting your privacy and your personal data is a priority for us, which is why we are committed to treating them in strict compliance with the Regulations and applicable national laws.

  1. Definitions
  2. Identity of data controllers
  3. Data subject to processing
  4. Purposes and legal bases of data processing
  5. Data recipients
  6. Duration of data retention
  7. Transfer of data outside the European Union
  8. Exercise of the rights of the data subject
  9. Login data and cookies
  10. Social networks
  11. Security
  12. Contacts
     

Article 1. Definitions

Adyen: refers to the online payment platform.

Application: refers to the B&B Hotels mobile applications produced and published by Casper BidCo.

Groupe B&B Hotels: refers to the holding company Casper BidCo, its subsidiaries as well as all B&B Hotels.

Platform: refers to the central online reservation system operated by Casper BidCo on the Site and the Applications.

Data Controller: refers to the company Casper BidCo in its capacity as the main Data Controller on the Site.

Services: refers to the services offered by Casper BidCo via the Platform. The Services are detailed in the general terms and conditions of use (T&Cs) accessible by clicking here.

Site: refers to the website accessible at the URL address https://www.hotel-bb.com/

Users: means any person who accesses or browses the Site and the Applications as well as all categories of users of the Platform.
 

Article 2. Identity of data controllers

Casper BidCo, which is one of the parent companies of the B&B Hotels group, whose legal notices can be accessed by clicking here, is the main Data Controller responsible for the processing carried out on the Site and the Applications.

Casper BidCo operates a central reservation system covering all the hotels in the list available here.

As part of the processing of reservations made through the Platform and the Applications, Casper BidCo is jointly responsible for processing your personal data with the companies that operate the hotels for which you reserve rooms (See the list of hotels here). 

The companies in the list accessible by clicking here  jointly manage the B&B Hotels Club loyalty program. The joint managers of the B&B Hotels Club loyalty programme are the companies in the list accessible by clicking here.

Finally, during the course of your reservation via the Platform, independent processing can be implemented by each of these joint managers. Information relating to these independent processing operations is provided to you directly by the managers concerned.
 

Article 3. Data subject to processing

By using the Site, the Applications and the Services, you are agreeing to send us data and information, some of which may identify you and therefore constitute personal data (hereafter the Data).

This is particularly the case when you book a room on the Site or register for our loyalty program.

In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, notifications on the Platform and via our Cookie Management Tool. 

When necessary, we undertake, depending on the circumstances, to obtain your consent and / or to allow you to object to the use of your data for certain purposes, such as for example, the possibility of knowing your geographical position, of sending you commercial marketing or placing third-party cookies on your devices (mobile phone, computer, tablet) for the purpose of monitoring the usage of our Site and our Application and to offer you targeted commercial offers and advertising based on of your areas of interest.

When collecting the Data, you will be informed whether certain Data is mandatory or if it is optional and the possible consequences of a failure to respond are indicated during Data collection(s) on the associated forms.

Data subject to processing is as follows:

  • Data relating to your identity: title, surname, first name(s), address, telephone number, email addresses, date of birth, age, customer code, password,
  • Data relating to your occupation : business, location, 
  • Data relating to navigation: your log-on and connection data, computer equipment identification data, your language preferences, geographic location data, data relating to your use of the Platform and the Services, including data communicated to our teams during your requests (language preference, etc.) data collected via cookies and other trackers,
  • Data relating to your reservation: arrival and departure dates, data on the other occupants of the reserved rooms such as names and ages, preferences (smoking room, preferred floor, etc.),
  • Data relating to transactions: the number of the transaction, data relating to the means of payment (bank card number, expiry date, cryptogram, processed exclusively by Adyen which only provides us with an identification token to proceed. guarantees and payments for reservations), details of the purchase, subscription, goods or service subscribed, data relating to invoice payments such as payment terms, discounts granted, receipts, balances and outstanding amounts,
  • Data relating to the history of reservations in B&B hotels

The B&B Hotels group ensures that it only collects Data that is strictly necessary for the purposes for which it is processed.
 

Article 4. Purposes and legal bases of data processing

Processing carried out by B&B Hotels Group meets an explicit, legitimate and determined purpose, which is based on the fulfillment of a contract, compliance with a legal or regulatory obligation, your consent or a legitimate interest.

When the legal basis used for the processing operations is based on the pursuit of a legitimate interest, you have the right, on request, to obtain information relating to the balancing of interests.

Your various data is collected and processed for the following purposes and on the following legal bases:

The proper functioning and continuous improvement of the Platform, its features and our Services 

Monitoring the proper functioning and improvement of our Platform and our Services covers:

  • general administration of the Site and Applications
  • responses to your requests and questions
  • customer support and assistance
  • use of statistics on usage of the Site and Applications for research and development purposes
  • the deposit of cookies and other trackers, details of which can be found in our Cookie Management Policy.

The B&B Hotels Group has a legitimate interest in assuring you the best experience on our Site and our Applications and the best quality of Services offered and relies on your consent for the deposit of cookies and knowledge of your geographical location.

Customer relations and reservations management

Customer relationship management covers:

  • management of reservations
  • commercial follow-up of the relationship
  • development of trade statistics
  • management of opinions on our products, services and content
  • customer satisfaction surveys

The B&B Hotels Group processes personal data relating to the management of Customer relations in fulfillment of contracts with its Customers.

B&B Hotels Group also has a legitimate interest in processing customer Data in order to provide the best possible commercial relationship, and to ensure the best quality of our Services.

Carrying out marketing and commercial research operations

The fulfillment of marketing operations covers:

  • sending our Newsletter
  • carrying out market research (email, telephone, mail)
  • the animation of the Site, Applications and social networks (community management)
  • organisation of events
  • carrying out audience data research by depositing cookies and other trackers, details of which can be found in our Cookie Management Charter
  • the development of statistics on marketing operations

The fulfillment of marketing operations is based on your consent.

B&B Hotels Group also has a legitimate interest in providing you with commercial offers, in particular when they relate to hotels in which you have already had reservations. 

In this case, we ensure that: 

  • you have received sufficient information on the marketing activities carried out;
  • you are able to object in a simple and free way to marketing activities at the time of collection (Opt-Out);

Account management and carrying out related operations, including the fight against fraud

Account management and carrying out related operations covers:

  • payment for Services and monitoring of Customer invoicing
  • management of unpaid debts and disputes
  • keeping account records and legal supporting documents

account management and the carrying out of associated operations are based on our legal obligations arising from the various accounting and / or tax regulations of different countries accessible here.

B&B Hotels Group also has a legitimate interest in ensuring the smooth running of the accounting operations carried out by Casper BidCo and all the companies operating hotels and joint data controllers.

Administration and management of the B&B Hotels Club loyalty program

The management and administration of the loyalty program are based on the legitimate interests of the companies, a list of which can be accessed by clicking here to reward your loyalty by giving you advantages in B&B hotels.

The B&B Hotels Group also has a contractual basis insofar as the processing is necessary for the fulfillment and implementation of the B&B Hotels Club loyalty program of which you are a member.

Management of requests for rights arising from the GDPR and the amended Data Protection Act

This processing covers all the operations necessary to monitor rights requests addressed to Casper BidCo or to the list of companies accessible by clicking here (qualification of the request, investigations, fulfillment of specific technical operations, etc.). 

This only concerns cases where Casper BidCo and / or the list of companies accessible by clicking here act as data controller.

This processing is carried out on the basis of a legal obligation arising from articles 15 onwards of the GDPR and articles 48 onwards of the Data Protection Act.
 

Article 5. Data recipients

We treat the Data we collect with the utmost care. Only Data which is strictly necessary will be communicated for processing to third parties.

Within the limits of their respective powers and for the purposes mentioned in Article 4, the primary people who are likely to have access to your Data are as follows:

  • The authorised staff of our hotel reservations, marketing, sales, administrative, logistics and IT departments, responsible for improving our Services, customer relations, market research and quality control,
  • The authorised personnel of our subcontractors and service providers such as, in particular, cloud hosting and storage providers, payment service providers, mail service providers, IT maintenance providers, marketing research providers, 
  • The authorised staff of the named joint controllers, a list of which you can find here
  • If necessary, competent authorities on request and in particular public bodies, the relevant courts, mediators, accountants, auditors, lawyers, bailiffs, ministerial officers, bodies responsible for carrying out debt recovery, exclusively to meet legal obligations, as well as in the case of identifying those responsible for any offenses committed on the internet
  • Third parties likely to place cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent to them. (For more details, see our Cookie Management Policy).

Your personal data will not be communicated, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.

In our relations with our subcontractors within the meaning of the GDPR, we contractually ensure that they process the data in such a way as to guarantee their integrity, confidentiality and security.
 

Article 6. Duration of data retention

We retain your data only as long as necessary for the purposes described in Article 4.

For the proper functioning and continuous improvement of our Platform, its features and Services

Data allowing the identification of Users on the Platform are retained for the duration of their registration.

Cookies and other commercial trackers may be placed on the User's terminal for a maximum period of 6 months. Beyond this period, the raw traffic data associated with an identified user is either deleted or anonymized.

The information collected through trackers is retained for a period of 25 months. Beyond this period, this Data is deleted or anonymized

For the management of customer relations and reservations

Data used in the context of Customer relationship management is kept for the period necessary for the fulfillment of the contract.

This data is then archived for a period of 5 years for evidentiary purposes. Invoices and accounting data issued are retained for 10 years from their issue date.

If the contract is not concluded, a prospective customer's data is kept for a period of 3 years from its collection or from the last positive contact with the B&B Hotels group.

For carrying out marketing and commercial research operations

The Data used in the context of marketing operations is retained for a period of 3 years from the end of the commercial relationship if you are a customer or from your last contact if you are not yet a customer.

In the event that you have not purchased any products from our company or have not used your account for 27 months and have not subscribed to our newsletter, we will no longer retain your personal data for commercial purposes.

For account management and carrying out associated operations including the fight against fraud

(i) Bank card

Data relating to bank cards is processed exclusively by Adyen, which only provides us with an identification token to process guarantees and payments for reservations. This partner's processing complies with the requirements of the PCI-DSS (Payment Card Industry Data Security Standards). Data relating to bank cards is deleted once the transaction has been completed, i.e. upon effective payment of the order. In the event of a subscription to the Services, bank details are kept:

  • until the last payment deadline, if the subscription does not provide for automatic renewal;
  • until termination of the subscription in the event of renewal by tacit agreement, subject to the applicable provisions and in particular to the information of the persons concerned before the renewal.

It is noted that for payments by bank card, in accordance with Article L 133-24 of the Monetary and Financial Code, this Data may be kept in the archives of intermediaries for the purpose of proof in the event of a possible dispute of the transaction or claim, for a period of 13 months following the debit date (period extended to 15 months for deferred debit payment cards). 

In any case, Data relating to the visual cryptogram is not stored and Data relating to the bank card used is deleted when its expiry date is reached.

(ii) Other external service providers specialising in payment and transaction services

(iii) Contentious and pre-litigation actions

As part of the management of a pre-litigation, the Data is deleted as soon as the dispute is settled out of court or, failing that, as soon as the corresponding legal action is prescribed.

The Data collected and processed in the context of litigation must be deleted when ordinary and extraordinary remedies are no longer possible against the decision rendered.

For the administration and management of the B&B Hotels Club loyalty program

Data relating to the administration and management of the B&B Hotels Club loyalty program are kept for the duration of your membership in the programme. It is then archived for the penalty period applicable in the archive of an intermediary.

For the management of legal requests resulting from the GDPR and the amended Data Protection Act 

Data relating to the management of rights requests is retained for the entire time necessary to process the request. It is then archived for the penalty period applicable in the archive of an intermediary.
 

Article 7. Transfer of data outside the European Union

The B&B Hotels Group is a global organisation that provides its services in many countries. Cross-border Data sharing is therefore essential to our services so that you receive the same high quality service wherever you are in the world. 

As such, and within the framework of the purposes indicated in Article 4 of this Policy, we may transfer your personal data to internal and external recipients who may be in countries outside the EU. 

The B&B Hotels Group has therefore implemented appropriate measures to secure the transfer of your Data outside the EU.

All transfers of personal data are subject to a contract.

The transfer of personal data to countries that do not have equivalent personal data protection is governed by the standard contractual clauses defined and approved by the European Commission (art. 46 GDPR).

Data flows to the United States are only made to entities that have signed up to the Privacy Shield program.

You can access all of these documents by contacting our Data Protection Officer at the following email address:privacy@hotelbb.comor at the postal address: DPO Casper BidCo, HAAS AVOCATS, 32 rue la Boétie - 75008 Paris.
 

Article 8. Exercise of the rights of the data subject

In accordance with the Data Protection Act and the GDPR, you have the following rights (find out more):
the right of access and information (article 15 GDPR), rectification (article 16 GDPR), update, completeness of your data

  • the right to erasure (or "right to be forgotten") of your personal data (article 17 GDPR), when it is inaccurate, incomplete, ambiguous, out of date, or of which the collection, use, communication or conservation is prohibited
  • the right to withdraw your consent at any time (article 7 GDPR)
  • the right to limit the processing of your data (article 18 GDPR)
  • the right to object to the processing of your data (article 21 GDPR) 
  • the right to the portability of the data you have provided to us, when your data is subject to automated processing based on your consent or on a contract (article 20 GDPR)
  • the right not to be the subject of a decision based exclusively on automated processing (Article 22 of the GDPR); no such decision-making is currently applied by the B&B Hotels Group
  • the right to define the fate of your data in the event of your death and to choose whether or not we communicate your data to a third party that you have previously designated (article 85 LIL). In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidentiary purposes or to meet a legal obligation.

You can exercise your rights:

  • by email to:privacy@hotelbb.com
  • by post to DPO Casper BidCo - HAAS AVOCATS, 32 rue la Boétie, 75008 Paris, France 

while proving your identity and a legitimate reason when this is required by law.

Finally, you can also lodge a complaint with the supervisory authorities and in particular the CNIL or any other competent authority.
 

Article 9. Login data and cookies

In practice, technical cookies allow us to authenticate you, identify you, speed up your browsing on our Site and our Applications and access their various functions. They may collect data concerning the characteristics of your operating system, browser or terminal (computer, tablet or mobile phone). They also enable collection of data relating to your location (in particular the IP address).

The list of cookies, their purpose and the retention period is accessible here

By default, by continuing to browse our Site or by using our Applications, you consent to the placement of these cookies. However, you can configure the settings of your browser software at any time to:

  • accept or refuse cookies on our Site or our Applications
  • systematically refuse all cookies
  • ask that your consent be required for each of the cookies you encounter while browsing the internet.

To do this, simply refer to your browser software and follow its instructions. For example: 

  • With Internet Explorer™: Tools menu ► Internet options ► Security menu

Select the ‘Advanced’ button to bring up the ‘Advanced privacy settings’ window. Then tick the box ‘Ignore automatic management of cookies, then select ‘Refuse’ in the ‘Third party cookies’ column.

  • With Firefox™ : Tools menu ► Options ► Privacy tab 

Set the ‘Conservation rules’ menu to ‘Use personalized parameters for history’. Finally, untick the box ‘Accept third-party cookies’.

  • With Chrome™ : Menu ►Settings ►View advanced settings (located at the bottom of the page).

You should then click on the ‘Content settings’ button then tick the box ‘Block cookies and data from third-party sites’, finally click on ‘OK’ to confirm the choice.

  • With Safari™ : Safari (settings logo) ► Preferences ► Security ► Show cookies ► Choose the desired options
  • With Opera ™: Tools menu ► Preferences ► Advanced tab ► Cookies section ► Manage cookies ► Choose the desired options

You are, however, informed that by choosing to block technical and functional cookies, you risk altering your browsing experience on our Site or our Applications.

For cookies other than purely technical, we have drawn up a Cookie Management Charter in order to inform you more specifically about their use accessible here.
 

Article 10. Social networks

When browsing our Site or our Applications, you can click on the icons dedicated to the social networks Twitter, Facebook and LinkedIn.

Social networks improve the usability of the Site and our Applications, and help promote them through sharing.

When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database independent of Twitter, Facebook and LinkedIn and do not use any data relating to your privacy in this way.

In order to limit third-party access to your personal information on Facebook, LinkedIn or Twitter, we invite you to configure your profiles and / or the nature of your publications via the dedicated areas on social media in order to limit the audience.
 

Article 11. Security

Casper BidCo respects the GDPR and the Data Protection Act in terms of security and confidentiality of your data.

We implement all the technical and organisational measures necessary to ensure the security of our processing of personal data and the confidentiality of the data we collect.

As such, we take all the necessary precautions with regard to the nature of the data and the risks presented by its processing to preserve its security and, in particular, to prevent the data from being distorted, damaged, or accessed by unauthorized third parties. These include physical protection of premises, authentication procedures for persons accessing data with personal and secure access via confidential usernames and passwords, secure https protocol, logging and traceability of connections, encryption of certain data and PCI-DSS (Payment Card Industry Data Security Standards).
 

Article 12. Contacts

For any question relating to this Policy or for any request relating to your Data, you can contact us by:

  • Emailing our Data Protection Officer at the following address: privacy@hotelbb.com
  • Sending a letter to the following address: DPO Casper BidCo -HAAS AVOCATS, 32 rue la Boétie-75008 PARIS
  1. B&B Hotels
  2. Privacy policy