Menu opener
Language and currency
English
EUR
  1. B&B Hotels
  2. Privacy policy

Privacy policy

Preamble

This Privacy Policy is intended for the users (hereinafter the "Users" or "you") of the website https://www.hotel-bb.com (hereinafter the "Website") and B&B Hotels mobile applications (hereinafter the "Applications") presenting the online B&B hotel reservation platform (hereinafter the Platform). Its purpose of to inform you about your personal information can be collected and processed. The Website and the Applications are edited and published by the Financière Sun company (hereinafter “Financière Sun” or “us”). Through the Website and Applications, Financière Sun manages a central common system computer reservation online for your reservations of hotel rooms in the countries where we have hotels, as well as centralised customer databases. The B&B Hotels Club loyalty program is managed by the companies whose list is accessible by clicking here. Respect for your privacy and your personal data is for us a priority, which is why we are committed to processing them in strict compliance with the EU General Data Protection Regulation of 27 April 2016 (hereinafter “GDPR”) and applicable national laws.

 

Article 1. Definitions

Application: means the B&B Hôtels mobile applications edited and published by Financière Sun
Platform: means the central online reservation system operated by Financière Sun on the Website and the Applications.
Services: means the services offered by Financière Sun via the Platform. The Services are specified in the general terms and conditions of use (GTCU) accessible by clicking here.
Website: means the website accessible at the URL address https://www.hotel-bb.com
Users: means any person who accesses or browses the Website and the Applications and all categories of users of the Platform.

 

Article 2. Identity of the data controllers

Financière Sun is the main controller responsible for the processing carried out on the Website and the Applications.

In the framework of the processing of reservations made through the Platform, Financière Sun is joint data controller with the companies that operate the hotels whose rooms you reserve (See the list of hotels here).

The companies whose list is accessible by clicking here jointly manage the B&B Hotels Club loyalty program.

Lastly, in the extension of your reservation via the Platform, autonomous processing can be implemented by each of these joint controllers. The information concerning these autonomous processing operations is provided to you directly by the controllers concerned.

 

Legal reminder:

The data controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. When several people jointly determine the purposes and means of processing, they are the joint data controllers (or joint data controllers).

Financière Sun SAS is a simplified joint stock company with share capital of €171,488,150.80, whose corporate name is “Financière Sun”, located at 271 Rue du Général Paulet, 29200 Brest, registered in the Brest Corporate Register under number 809,776,198, and legally represented by its Chairman, legally domiciled in said registered office.

Financière Sun operates a central reservation system common to the hotels listed in the list available here, joint data controllers of the processing of your personal data in the framework of your reservations on the Platform and Applications.

Financière Sun has concluded with these joint data controllers a co-responsibility agreement stipulating their respective obligations, the outline of which is available on request by e-mail to privacy@hotelbb.com.

The joint data controllers of the B&B Hotels Club loyalty program are the companies whose list is accessible by clicking here:

These joint data controllers have concluded a co-responsibility agreement stipulating their respective obligations, the guidelines of which are available on request by mail to privacy@hotelbb.com.

This privacy policy involves the data processing carried out by Financière Sun and its joint data controllers through the Website and the Applications in the framework of the hotel room booking and the B&B Hôtels Club loyalty programme.

 

Article 3. Contact details of our data protection officer

Our Data Protection Officer (hereinafter "DPO") is there to answer all the requests, including for exercising of rights concerning your rights, concerning your personal data.

You can contact him:

DPO Financière Sun
HAAS LAWYERS
32 Rue de la Boétie
75008 PARIS

Our DPO’s mission is to inform, advise and monitor the compliance of Financière Sun in the execution of the processing operations performed via the PLATFORM.

In accordance with data protection regulations, our DPO acts as a contact point:

  • With regard to the persons concerned for any matters concerning the processing of data carried out by Financière Sun or the exercising of your rights;
  • With regard to the CNIL in the framework of its cooperation mission. The DPO can also contact this authority to request an opinion or prior consultation on any matters concerning the protection of personal data;
  • With regard to the other DPOs appointed by the sub-contracting bodies or data controllers.

 

Article 4. Collection & origin of the data

In the framework of your visit to our Website, use our Applications or provision of our Services, we may collect personal data about you. Whatever the case, you are notified about the purposes for which your data is collected by us through the various forms for online data collection, the e-mails that you may be sent, notifications on the Platform or else via our Cookies Management System.

Your data is processed in accordance with the purposes envisaged at the time of the collection in compliance with the Framework concerning the processing of personal data carried out for the purposes of managing commercial activities published by the CNIL.

When this is necessary, we undertake, as the case may be, to obtain your consent and/or allow you to object to the use of your data for certain purposes, such as the possibility of knowing your geographic location, of sending you the commercial advertising or introducing third party cookies on your terminals (mobile phone, computer, tablet) for the purposes of audience measurement of our Website and our Application and to propose to you commercial offers and targeted advertisements based on your fields of interest.

 

Article 5. Purposes and legal bases of the processing

When the legal basis used for processing operations is based on the pursuit of a legitimate interest, you have the possibility, on simple request, to obtain information regarding the weighing-up of the interests.

Your various items of data are collected and processed to:

- Ensure the proper functioning and continuous improvement of our Platform, its features and our Services

Processing details

The monitoring of the functioning and improvement of our Platform and our Services covers:

  • the general administration of the Website and Applications
  • the answers to your requests and questions
  • the customer assistance and support service
  • the use of the Website and Application usage statistics for research and development purposes
  • the introduction of cookies and other tracers, the details of which can be found in our Cookie Management Charter.

Legal basis

Our legitimate interest in providing you with the best experience whether on our Website and our Applications and the best quality possible for the Services offered. Your consent for introducing cookies and knowledge of your geographic location.

- The management of the Customer relationship and reservations

Processing details

The management of the customer relationship covers:

  • the management of reservations
  • the commercial follow-up of the relationship
  • the preparation of sales statistics
  • the management of opinions about our products, services and content
  • satisfaction surveys

Legal basis

Contractual: processing is necessary for the performance of certain services stipulated in the contract.

Our legitimate interest and that of the hotels you book is to provide you with the best commercial relationship possible, and to ensure the best quality possible for our Services.

- The conducting of marketing and commercial prospecting operations

Processing details

The execution of marketing operations covers:

  • The sending of our Newsletter
  • the carrying out of prospecting campaign (e-mail, telephone, letter)
  • animation of the Website, Applications and social networks (community management)
  • the organisation of events
  • the conducting of audience measurements via the introduction of cookies and other tracers, the details of which can be found in our Cookie Management Charter.
  • the preparation of statistics on the marketing operations

Legal basis

Your consent when this is necessary.

Our legitimate interest and that of the hotels in which you book rooms, to propose to you commercial offers, notably when this concerns hotels in which you have already had reservations. In this case, we ensure that: 

  • you have received sufficient information on the prospecting operations carried out;
  • you are able to object simply and free of charge to the prospecting operations at the time of the collection (Opt-Out);

     

- Accounting management and the execution of related operations, including the fight against fraud

Processing details

Accounting management and the execution of related operations covers:

  • the payment for the Services and monitoring of Customer invoicing
  • the management of arrears and litigation
  • the keeping of accounting records and supporting legal documents

Legal basis

Our legal obligation arising from the different accounting and/or tax regulations of different countries accessible here.

Our legitimate interest in to ensure the proper execution of the accounting transactions by Financière Sun and all companies operating hotels and joint data controllers.

- Administration and management of the B&B Hotels Club loyalty program

Legal basis

The legitimate interest of the companies whose list is accessible by clicking here is to reward your loyalty by providing you with benefits in the B&B hotels.

Contractual: the processing is necessary for the execution and implementation of the B&B Hôtels Club loyalty programme to which you adhere.

 

- The management of requests for rights arising from the GDPR and the amended IT and Rights Law (“LIL”)

Processing details

This processing covers all the operations necessary for the monitoring of requests for rights sent to Financière Sun or to the companies whose list is accessible by clicking here (qualification of the request, investigations, execution of specific technical operations, etc). It concerns only the case where Financière Sun and/or the companies whose list is accessible by clicking here act as data controller.

Legal basis

The legal obligation arising from Articles 15 and following of the GDPR and Articles 48 and following of the IT and Rights Law.

 

Article 6. Data processed

The compulsory or optional nature of the personal data collected and the possible consequences of a lack of response are indicated when they it is collected on the associated forms.

The companies the list of which is accessible by clicking here can also process your data for the management of the B&B Hôtels Club loyalty programme for which you subscribe.

You can check the details of the personal data that the companies the list of which is accessible by clicking here and hotels in which you stay and we ourselves may have on you below.

Details of the data collected

The details of the information provided below are intended to inform you about the categories of data that Financière Sun , the companies whose list is accessible by clicking here, as well as the hotels in which you stay are capable of processing in the framework of the management of the Website, the Applications and the B&B Hôtels Club loyalty programme

For the proper functioning and continuous improvement of the Website, the Applications, their functionality and the Services , the data capable of being processed is the following:

  • Data concerning your identity: title, surname, first name(s), address, telephone number, e-mail addresses, date of birth.

  • Data concerning your use of the Platform and Services, including the data communicated to our teams at the time of your requests. (Language preference, etc.)

  • Geographic location data

  • Your logs and connection data and identification data of IT equipment

 

For the management of the Customer relationship, the data capable of being processed is the following:

  • Data concerning your identity: title, surname, first name(s), address, telephone number, e-mail addresses, customer code, date of birth.

  • Data concerning your reservation : arrival and departure dates, data about the other occupants of the reserved rooms such as names and ages, preferences (smoking room, preferred floor, etc.) 

  • Data concerning the transaction such as the transaction number, details of the purchase, subscription, product or service purchased

  • Data concerning bill payments: means of payment, discounts granted, receipts, balances and unpaid bills

  • Your connection logs and connection data when this is necessary

 

For the execution of marketing operations, the data capable of being processed is the following:

  • Data concerning your identity: title, surname, first names, address, telephone number, e-mail addresses, customer code, date of birth.

  • Data concerning your professional life : business, job, location, type of needs identified 

  • Geographic location data

  • If you are a Customer, the data concerning the offer for which you have subscribed.

  • Data collected via the cookies and other tracers for the purpose of audience measurement 

 

For the accounting management and the execution of related operations, the data capable of being processed is the following:

  • Data concerning your identity: title, surname, first name (s), address, telephone number, e-mail addresses, customer code, date of birth.

  • Data concerning the transaction such as the number of the transaction, the details of the subscription, the good or the service subscribed

  • Your logs and connection data in order to measure the use of our services when this is necessary for carrying out billing operations

  • Payment data, namely:
    - The data concerning the means of payment used by a Customer (bank card number, expiry date, cryptogram, processed exclusively by an Adyen which only provides us with an identification token for the guarantees and payments of the reservations
    - The data concerning the payment of invoices: means of payment, discounts granted, receipts, balances and unpaid bills

 

For the administration and management of the B&B Hotels Club loyalty programme: 

  • Data concerning your identity: title, surname, first name (s), address, telephone number, e-mail addresses, customer code, date of birth, password
  • History of reservations in the B&B hotels
  • Data concerning the transaction such as the number of the transaction, the details of the subscription, the product or the service subscribed
  • Your logs and connection data in order to measure the use of our services when this is necessary for carrying out billing operations
  • Payment data, namely:
    - The data concerning the means of payment used by a Customer (credit card number, expiry date, cryptogram, processed exclusively by Adyen which only provides an identification token to make payments).
    - The data concerning the payment of invoices: means of payment, discounts granted, receipts, balances and unpaid

 

For the management of requests for rights arising from the GDPR and the amended IT and Rights Law, the data capable of being processed is the following:

  • Data concerning your identity: title, surname, first names, address, telephone number, e-mail addresses, customer code, date of birth. A copy of an identity document or equivalent may be kept for the purpose of proof of the exercising of a right of access, rectification or opposition or to meet a legal obligation.

  • Data concerning your request to exercise rights

 

Article 7. Recipients of your data

Within the limit of their respective powers and for the purposes recalled in Article 6, the principal persons who may have access to your data are the following:

  • The qualified staff of our hotel reservation, marketing, sales, administrative, logistics and IT services, responsible for improving our services, the customer relationship and prospecting and quality control.
  • The authorised personnel of our sub-contractors.
  • The authorised personnel of the joint data controllers mentioned:
    - Personnel hôtelier ;
    - Personnels de réservation utilisant les outils de réservation du Groupe B&B;
    - Services Informatiques ;
    - Partenaires commerciaux et services marketing ;
    - Généralement, toute personne appropriée des affiliés du Groupe B&B pour certaines catégories spécifiques de données personnelles.
  • If applicable, the courts concerned, mediators, chartered accountants, auditors, awyers, bailiffs, debt collection companies
  • Third parties capable of introducing cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent (For more details, see our Cookie policy).

Certain categories of sub-contractors have access to the data collected:

  • The providers of hosting and cloud storage.
    - Place of storage: London
  • The payment service providers (Adyen)
    - Place of storage: Netherlands
  • The providers of mailing solutions.
    - Place of storage: London
  • Move On SAS, a subsidiary of the B&B Hotels Group, responsible for the development and maintenance of the Website and Applications

Your personal data is not communicated, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.

 

Article 8. Transfer of data outside of the European Union

In some cases, your personal information will be stored on servers located outside the EU or the EEA.

We are a global organisation that provides international services. Cross-border data sharing is essential to our services so that you receive the same high quality service wherever you are in the world. Consequently, the recipients of your personal data may also be located abroad, including outside of the EU or the EEA. We have taken appropriate measures to ensure that your data is kept secure through the conclusion of contracts with standard contractual clauses approved by the European Commission (Article 46 of the GDPR).

Furthermore, some of our sub-contractors located outside the EEA may perform this type of transfer. Financière Sun's has concluded contracts with the latter with standard contractual clauses or made sure of the validity of their registration with Privacy Shield when the latter adhered thereto (see above "Article 8 - recipient of your data" about the authorised staff of our sub-contractors).

You can request access to documents ensuring appropriate contractual guarantees by making a request to our Data Protection Officer by e-mail to privacy@hotelbb.com or by letter to:
DPO Financière Sun
HAAS LAWYERS
32 Rue de la Boétie
75008 PARIS

 

Article 9. Duration of data storage

  • For the proper functioning and continuous improvement of our Platform, its functionalities and the Services

The data allowing the identification of the Users on the Platform is kept for the duration of their registration.

 The cookies and other commercial tracers can be introduced on the user's terminal for a maximum of 13 months. Beyond this period, the raw attendance data associated with an identifier is either deleted or anonymised.

 The information collected through tracers is stored for a period of 25 months. Beyond this period, this data is deleted or anonymised

 

  • For customer relationship management 

 The data used in the framework of customer relationship management is kept for the duration necessary for the performance of the contract.

 This data is then archived for a period of 5 years for the purposes of proof. The invoices and accounting data issued are kept for 10 years from their issuance.

 If no contract is concluded, the data of a prospect is kept for a period of 3 years from its collection or the last contact positive with B&B Hôtels Group.

 

  • For the execution of marketing operations

The data used in the framework of marketing operations is kept for a period of 3 years from the end of the business relationship if you are a customer or from your last contact if you are not yet a customer.

 In the event where you have not purchased products from our company or have not used your account for 27 months and you have not subscribed to our newsletter, we will no longer store your personal data for commercial purposes.

 

  • For accounting management and the execution of related operations

(i) Bank card

The data concerning bank cards is processed exclusively by Adyen which provides us only with an identification token to make guarantees and payments for the reservations. The processing of this partner complies with the constraints of the PCI-DSS standard (Payment Card Industry Data Security Standards). The data concerning the bank cards is deleted once the transaction has been completed, i.e. as soon as the order is actually paid. In case of subscription for the Services, the bank data is kept: 

  • until the last payment deadline, if the subscription does not provide for tacit renewal;

  • until termination of the subscription in the event of tacit renewal, subject to the applicable provisions and in particular to the information of the persons concerned before the renewal.

It is recalled that for payments by bank card, in accordance with Article L 133-24 of the Monetary and Financial Code, this data can be kept for the purpose of proof in the event of possible contesting of the transaction or complaint, in interim files, for a period of 13 months following the debit date (extended to 15 months for deferred debit payment cards).

In any event, the data concerning the visual cryptogram is not stored and the data concerning the bank card used is deleted when its expiration date is reached.
 

(ii) Litigation and pre-litigation actions 

In the framework of the management of pre-litigation, the data is deleted as soon as the amicable settlement of the dispute is agreed or, failing this, upon statute-barring of the corresponding legal action.

The data collected and processed in the framework of litigation must be deleted when the ordinary and extraordinary remedies are no longer possible against the decision rendered.

  • For the administration and management of the B&B Hôtels Club loyalty programme: 

The data concerning the administration and management of the B&B Hôtels Club loyalty programme is kept for the duration of your membership of the said programme. It is then archived for the duration of the criminal limitation period applicable in interim archiving.

  • For the management of requests for rights arising from the GDPR and the amended IT and Rights Law 

The data concerning the management of requests for rights is kept for the duration necessary for the processing of the request. It is then archived for the duration of the criminal limitation period applicable in interim archiving.

 

Article 10. Your rights

In accordance with the IT and Rights Law and the GDPR, you have the following rights (find out more):

- right of access (Article 15 of the GDPR), rectification (Article 16 of the GDPR), update, completeness of your data 

  • right of deletion (or "right to be forgotten") of your personal data (Article 17 of the GDPR), when it is inaccurate, incomplete, ambiguous, outdated, or whose collection, use, communication or retention is prohibited
  • right to withdraw your consent at any time (Article 7 of the GDPR)
  • right to limit the processing of your data (Article 18 of the GDPR)
  • right to object to the processing of your data (Article 21 of the GDPR)
  • right to the portability of the data that you have provided to us, when your data is subject to automated processing based on your consent or on a contract (Article 20 of the GDPR)
  • right not to be the subject of a decision based exclusively on automated processing (Article 22 of the GDPR); no decision of this type is currently applied by B&B Hôtels.
  • right to stipulate the fate of your data after your death and to choose that we communicate (or not) your data to a third party whom you have previously designated (Article 85 of the LIL). In the event of death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for the purposes of proof or to meet a legal obligation.

You can exercise your rights:

- by e-mail to privacy@hotelbb.com or by letter to:

DPO Financière Sun
HAAS LAWYERS
32 Rue de la Boétie
75008 PARIS

by proving your identity and a legitimate reason when this is required by law.

Lastly, you can also file a complaint with the regulatory authorities, in particular the CNIL or any other competent authority

 

Article 11. Connection data and cookies

For the proper functioning of the Platform, the Website, the Applications and the Services, connection data (date, time, Internet address, protocol of the visitor's computer, page viewed) and cookies (small saved files on your computer) allowing you to identify yourself, memorise your consultations and benefit from audience measurements and statistics, in particular concerning the pages consulted.

In practice, technical cookies allow us to authenticate you, identify you, speed up your browsing on our Website and our Applications and access to their different functionalities. They may collect data concerning the characteristics of the operating system, browser or terminal (computer, tablet or mobile phone) that you use. They also make it possible to collect data concerning your location (in particular the IP address).

The list of cookies, their purpose and the storage period is available here.

By default, by continuing to browse our Website or by using our Applications, you agree to the introduction of these cookies. You can, however, at any time configure the parameters of your navigation software to: 

To do this, you simply refer to your browsing software and follow its instructions. For example: 

✔ With Internet Explorer ™: menu Tools ► Options internet ► Tab Confidentiality

Press the "Advanced " button to bring up the  "Advanced privacy settings " window. Then tick the box "Ignore automatic cookie management", then select "Refuse " in the "Third party cookies " column.
 

✔ With Firefox ™: menu Tools ► Options ► Privacy tab

Set the " Storage rules " menu to " Use personalised settings for history ". Lastly, uncheck the box "Accept third-party cookies ".
 

✔ With Chrome ™: Menu ► Settings ► Show advanced settings (located at the bottom of the page).

Then click on the "Content settings " button then check the box "Block cookies and data from third-party sites ", then click on "OK " to confirm the choice.
 

✔ With Safari ™: Safari (logo settings) ► Preferences ► Security ► Display cookies ► Choose the desired options
 

✔ With Opera ™: menu Tools ► Preferences ► Advanced tab ► Cookies section ► Manage cookies ► Choose the desired options
 

For cookies other than purely technical ones, we have drafted a Cookie Management Charter in order to inform you more specifically of their use.

 

Article 12. Social media

While browsing our Website or in our Applications, you can click on the icons dedicated to social networks such as Twitter, Facebook and LinkedIn.

Social networks allow us to improve the user-friendliness of the Website and our Applications and help promote them via sharing.

When you use these buttons, we can have access to personal information that you may have marked as public and accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database 

independent from Twitter, Facebook and LinkedIn and do not exploit any data concerning your privacy in this way.

In order to limit third party access to your personal information presented on Facebook, LinkedIn or Twitter, we invite you to configure your profiles and/or the nature of your publications via the dedicated spaces on social media in order to limit the audience thereof.

 

Article 13. Security

Financière Sun complies with the GDPR and the French IT and Rights Law in terms of security and confidentiality of your data.

We take all the technical and organisational measures necessary to ensure the security of our processing of personal data and privacy of the data that we collect.

In this regard, we take all necessary precautions, given the nature of the data and of the risks presented by the processing to protect the security thereof and in particular to prevent the data from being distorted, damaged or unauthorised third parties having access to it (physical protection of premises, authentication procedures of the persons accessing data with personal and secure access through confidential identifiers and passwords, secure https protocol, logging and traceability of connections, encryption of certain data, PCI-DSS standard (Payment Card Industry Data Security Standards, etc).

  • accept or refuse the cookies that are located on our Website or our Applications
  • systematically refuse all cookies
  • ask that your consent be required for each of the cookies that you encounter while browsing the internet.

    • You are however informed of the fact that by choosing to block technical and functional cookies, you risk seeing your browsing our Website or our Applications altered.