Menu opener
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

PRIVACY POLICY FOR THE B&B HOTELS MOBILE APPLICATIONS AND WEBSITE

PDF Version

Updated on 05/06/2023

 

Preamble

This Privacy Policy is intended for users (hereinafter referred to as Users or you) of the website https://www.hotel-bb.com/ (hereinafter referred to as the Site) and the B&B HOTELS mobile applications (hereinafter referred to as the Applications) presenting the online B&B hotel room reservation platform (hereinafter referred to as the Platform). Its purpose is to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation" or "GDPR"), about how your personal information may be collected and processed through our Website and Mobile Applications in the context of booking hotel rooms in the countries in which we have hotels and the B&B HOTELS Club loyalty programme.

The B&B HOTELS group is fully committed to the compliance of personal data processing with the requirements of the GDPR.

The purpose of this privacy policy is to inform you about the categories of personal data we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.

Your privacy and the protection of your personal data is a priority for us, which is why we are committed to processing your personal data in strict compliance with the Regulation and the applicable national laws.

  1. Definitions
  2. Identity of the data controllers
  3. Data that is processed
  4. Purposes and legal bases of data processing
  5. The recipients of the data
  6. How long the data is kept
  7. Transfer of data outside the European Union
  8. Exercising the rights of the data subject
  9. Login data and cookies
  10. Social networks
  11. Security
  12. Contacts

 

Article 1. Definitions

Adyen: refers to the online payment platform

Application: refers to the B&B HOTELS mobile applications published by Casper BidCo

B&B HOTELS Group: refers to the Casper BidCo holding company, its subsidiaries and all the B&B HOTELS hotels

Platform: refers to the central online booking system operated by Casper BidCo on the Site and the Applications.

Data controller: refers to Casper BidCo in its capacity as the main data controller on the Site

Services: refers to the services offered by Casper BidCo via the Platform. The Services are detailed in the General Terms and Conditions of Use (GTCU), which can be accessed by clicking here.

Site: refers to the website accessible at the URL address https://www.hotel-bb.com/

Users: refers to any person accessing or browsing the Site and the Applications, as well as all the categories of users of the Platform.

 

2. Identity of the data controllers

Casper BidCo, which is one of the parent companies of the B&B Hotels group, whose legal notice can be accessed by clicking here, is the main party responsible for the processing carried out on the Site and the Applications.

Casper BidCo operates a central reservation system common to the hotels listed here.

As part of the processing of bookings made through the Platform and the Applications, Casper BidCo is jointly responsible for processing your personal data with the companies that operate the hotels whose rooms you book (See the list of hotels here).

The companies, of which the list is available by clicking here, jointly manage the B&B HOTELS Club loyalty programme. The joint controllers of the B&B HOTELS Club loyalty programme are the companies whose list can be accessed by clicking here.

Finally, as an extension of your reservation via the Platform, autonomous processing operations may be carried out by each of these joint controllers. Information relating to these autonomous processing operations is provided to you directly by the controllers concerned.

Read more

Legal reminder:

The data controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. Where several persons jointly determine the purposes and means of a processing operation, they are joint data controllers (or co-controllers).

CASPER BidCo is a simplified joint stock company with a single shareholder, with a capital of 12,129,635.92 Euros, located at 29 boulevard Romain Rolland 92120 Montrouge, registered in the Nanterre Register of Companies under the number 850 790 908, legally represented by its Chairman, domiciled at the said headquarters.

CASPER BidCo operates a central booking system shared by the hotels listed here, which are jointly responsible for the processing your personal data in the context of your reservations on the Platform and the Applications.

CASPER BidCo has entered into a joint liability agreement with these joint controllers setting out their respective obligations, the outline of which is available on request sent by email to privacy@hotelbb.com.

The joint controllers of the B&B HOTELS Club loyalty programme are the companies listed here:

These joint controllers have signed a joint liability agreement setting out their respective obligations, the broad outlines of which are available on request sent by email to privacy@hotelbb.com.

This privacy policy concerns the processing of data carried out by CASPER BidCo and its joint controllers via the Site and the Applications in the context of hotel room reservations and the B&B HOTELS Club loyalty programme.

 

3. Data origin and collection

When you visit our Site, use our Applications or provide our Services, we may collect personal data about you.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.

Read more

Your data is processed in accordance with the purposes set out at the time of collection and in compliance with the CNIL's guidelines on the processing of personal data for the purposes of managing commercial activities.

Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.

 

4. Data that is processed

When you use the Site, the Applications and the Services, you are required to send us data and information, some of which may identify you and therefore constitute personal data (hereinafter referred to as the Data).

This is particularly the case when you book a room on the Site or register for our loyalty programme.

In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.

Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.

At the time of collection of the Data, you will be informed whether certain Data must be filled in or whether it is optional and the possible consequences of a failure to reply are indicated at the time of its collection on the associated forms.

The data being processed is as follows:

  • Data relating to your identity: title, surname, first name(s), address, telephone number, email addresses, date of birth, age, client code, password,
  • Data relating to your professional life: company, location,
  • Data relating to browsing: your logs and connection data, computer hardware identification data, your language preferences, geographical location data, data relating to your use of the Platform and Services, including data communicated to our teams when you make a request (language preference, etc.), data collected via cookies and other tracers,
  • Details of your booking: arrival and departure dates, details of other occupants of the rooms reserved such as names and ages, preferences (smoking room, preferred floor, etc.),
  • Data relating to transactions: the transaction number, data relating to means of payment (bank card number, expiry date, cryptogram, processed exclusively by Adyen which only provides us with a token to proceed with guarantees and payments for bookings), details of the purchase, subscription, product or service subscribed to, data relating to the payment of invoices such as methods of payment, discounts granted, receipts, balances and unpaid amounts,
  • Booking history data for B&B hotels

In some countries that use facial recognition technology when booking online, the following data is processed:

  • Copy of the identity document presented: passport, identity card, resident's card, foreign identity document with MRZ, driving licence, 
  • Data contained in the identity document: surname, first name, date and place of birth, nationality, gender, identity document number, date of issue and expiry date,
  • Biometric data relating to your facial features: facial images are not stored but will be used to verify your identity by comparing them with your identity photograph. This data is then deleted immediately.
  • An encrypted string that gathers the information from the identity check: i.e. the validity of your passport and the match between your identity and the identity photo, and confirms the positive match ("String"). Please note that under no circumstances can your face or a copy of your passport be traced using the String.

The B&B HOTELS group ensures that it only collects Data that is strictly necessary for the purpose for which it is processed.

 

5. Purposes and legal bases of data processing

The processing carried out by the B&B HOTELS Group satisfies an explicit, legitimate and determined purpose, which is based on the execution of a contract, compliance with a legal or regulatory obligation, your consent or legitimate interest.

Where the legal basis for the processing operations is based on the pursuit of a legitimate interest, you have the possibility, upon simple request, to obtain information on the balancing of interests.

Your different data is collected and processed for the following legal bases and purposes:

- The smooth operation and ongoing improvement of the Platform, its functionalities and our Services

Monitoring the proper operation and improvement of our Platform and Services covers:

  • general administration of the Site and Applications
  • answers to your requests and questions
  • client assistance and support
  • the use of statistics on the use of the Site and Applications for research and development purposes
  • the depositing of cookies and other tracers, details of which can be found in our Cookie Management Charter.

The B&B HOTELS Group has a legitimate interest in providing you with the best possible experience on our Website and Applications and the best possible quality of Services offered and relies on your consent for the deposit of cookies and knowledge of your geographical position.

- Client relations and bookings management

Client relationship management covers:

  • managing bookings and verifying the Client's identity in countries where hoteliers are required to do so,
  • business follow-up of the relationship,
  • compiling sales statistics
  • managing opinions on our products, services and content
  • satisfaction surveys

The B&B HOTELS Group processes personal data relating to the management of the Client relationship in the execution of contracts concluded with its Clients and on the basis of consent regarding the data collected in the context of facial recognition technology.

The B&B HOTELS Group also has a legitimate interest in processing the Data of its clients in order to provide them with the best possible commercial relationship and to ensure the best possible quality of our Services.

- Carrying out marketing and sales prospecting operations

Carrying out the marketing operations covers:

  • the sending of our Newsletter
  • carrying out prospecting campaigns (email, telephone, post)
  • running the Website, Applications and social networks (community management)
  • event organisation
  • audience measurement through the use of cookies and other tracking devices, details of which can be found in our Cookies Management Charter
  • compiling statistics on marketing operations

Marketing operations are carried out with your consent.

The B&B HOTELS Group also has a legitimate interest in providing you with commercial offers, particularly when this concerns hotels where you have already made reservations.

In this case, we ensure that:

  • you have received sufficient information about the prospecting operations carried out;
  • you can simply, and free of charge, object to the prospecting operations at the time of collection (Opt-Out);

- Accounting management and carrying out related operations, including the fight against fraud

Accounting management and carrying out related operations covers:

  • paying for Services and monitoring Client invoicing
  • managing unpaid bills and disputes
  • keeping accounting records and legal supporting documents

Accounting management and the performance of related operations are based on our legal obligation arising from the various accounting and/or tax regulations of different countries, which can be accessed here.

The B&B HOTELS Group also has a legitimate interest in ensuring the smooth running of accounting operations carried out by Casper BidCo and all companies operating hotels and responsible for joint processing.

- Administration and management of the B&B HOTELS Club loyalty programme

The management and administration of the loyalty programme is based on the legitimate interests of the companies the list of which can be accessed by clicking here. to reward your loyalty by offering you advantages at B&B hotels.

The B&B HOTELS Group also has a contractual basis insofar as the processing is necessary for the execution and implementation of the B&B HOTELS Club loyalty programme to which you belong.

- Management of requests for rights arising from the GDPR and the amended French Data Protection Act

This processing covers all operations necessary for the follow-up of requests for rights sent to Casper BidCo or to the companies whose list is accessible by clicking here (qualification of the request, investigations, execution of specific technical operations...).

It only applies to cases where Casper BidCo and/or the companies listed here are acting as data controller.

This processing is carried out on the basis of a legal obligation arising from Articles 15 et seq. of the GDPR and Articles 48 et seq. of the French Data Protection Act.

 

6. The recipients of the data

We treat the Data we collect with the utmost care. Only strictly necessary Data will be communicated to third-parties for processing.

Within the limits of their respective attributions and for the purposes mentioned in article 4, the main persons who may have access to your Data are as follows:

  • Authorised staff in our hotel reservation, marketing, sales, administrative, logistics and IT departments, who are responsible for improving our Services, client relations, prospecting and quality control,
  • Authorised staff of our subcontractors and service-providers, including in particular hosting and cloud storage providers, payment service providers, suppliers of software for checking identity documents and verifying identity online by facial recognition, suppliers of mailing services, IT maintenance service-providers, marketing research service-providers,
  • The list of the authorised staff of the joint data controllers can be found here
  • The relevant public authorities when a copy of an identity document is required for the booking,
  • If necessary, the competent authorities upon request, in particular public bodies, the courts concerned, mediators, chartered accountants, auditors, lawyers, bailiffs, public officials, police officers, bodies responsible for debt recovery, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offences committed on the Internet,
  • Third-parties likely to place cookies on your terminals (computers, tablets, mobile phones, etc.) when you give your consent (for more details, see our Cookies Management Charter).

Your personal data will not be disclosed, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.

In our dealings with our subcontractors within the meaning of the GDPR, we contractually ensure that they process the data in a way that guarantees its integrity, confidentiality and security.

 

7. How long the data is kept

We only keep your data for as long as is necessary for the purposes as described in Article 5. Click below for more details.

- For the proper operation and ongoing improvement of our Platform, its functions and Services

Data enabling Users to be identified on the Platform is kept for the entire duration of their registration.

Cookies and other commercial tracers may be deposited on the User's terminal for a maximum period of6 months. After this period, the raw traffic data associated with an identifier is either deleted or anonymised.

The information collected through tracers is kept for a period of 25 months. After this period, this Data is deleted or anonymised

 

- To manage client relations and bookings

The Data used to manage the Client relationship is kept for as long as is necessary to fulfil the contract.

This data is then archived for a period of 5 years for evidential purposes. The issued invoices and accounting data is kept for 10 years from the date of issue.

The biometric data relating to facial features collected using facial recognition technology is destroyed once the software has compared the facial features with the photograph in the identity document (processing time 2 to 3 seconds).

The personal data contained in the String and the copy of the identity document will be kept exclusively in encrypted form for a maximum period of 24 hours after your arrival at the hotel. Under no circumstances can this retention period exceed 72 hours from receipt of the e-mail notifying you of the possibility of checking in online 48 hours before your arrival at the Hotel.

Please note that if the identity check carried out using the online registration procedure fails, all your Personal Data will be immediately and irreversibly deleted.

Finally, in the absence of the conclusion of a contract, a prospect's data is kept for a period of 3 years from the date of collection or the last positive contact with the B&B HOTELS group.

- For marketing and sales prospecting operations

Data used for marketing purposes is kept for a period of 3 years from the end of the commercial relationship if you are a client or from your last contact if you are not yet a client.

If you have not purchased any products from us or used your account for 27 months and have not subscribed to our newsletter, we will no longer keep your personal data for commercial purposes.

- For accounting management and related operations, including the fight against fraud

  • Credit card

Data relating to bank cards is processed exclusively by Adyen, which only provides us with a token for guaranteeing and paying for bookings. The processing carried out by this partner complies with the requirements of the PCI-DSS (Payment Card Industry Data Security Standards). Bank card details are deleted once the transaction has been completed, i.e. as soon as the order has been paid for. If you subscribe to the Services, your bank details will be kept:

  • until the last payment due date, if the subscription is not tacitly renewed;
  • until termination of the subscription in the event of tacit renewal, subject to the applicable provisions and in particular informing the persons concerned prior to renewal.

It should be noted that for payments by bank card, in accordance with article L 133-24 of the French Monetary and Financial Code, this Data may be kept for evidence purposes in the event of any dispute regarding the transaction or claim, in intermediate archives, for a period of 13 months following the debit date (extended to 15 months for deferred debit payment cards).

Our payment service-provider Adyen may retain transaction data for 7 years in accordance with its legal or regulatory obligations.

In any event, the Data relating to the visual cryptogram is not stored and the Data relating to the bank card used is deleted when its expiry date is reached.

  • Other external service-providers specialising in payment and transaction services
  • Litigation and pre-litigation actions

In the context of pre-litigation management, the Data will be deleted as soon as the dispute has been settled amicably or, failing that as soon as the corresponding legal action has become time-barred.

Data collected and processed in the context of a dispute must be deleted when the ordinary and extraordinary remedies are no longer available against the delivered decision.

- For the administration and management of the B&B HOTELS Club loyalty programme

Data relating to the administration and management of the B&B HOTELS Club loyalty programme is kept for the entire duration of your membership of the said programme. It is then archived for the duration of the penal provisions applicable to intermediate storage.

- For the management of requests of rights arising from the GDPR and the amended French Data Protection Act

Data relating to the management of requests of rights is kept for as long as necessary to process the request. It is then archived for the duration of the penal provisions applicable to intermediate storage.

 

8. Transfer of data outside the European Union

The B&B HOTELS Group is a global organisation providing services in many countries. Cross-border data sharing is therefore essential to our services so that you receive the same high-quality service wherever you are in the world.

In this respect, and for the purposes indicated in Article 5 of this Policy, we may transfer your personal data to internal and external recipients who may be located in countries outside the EU.

The B&B HOTELS Group has therefore implemented suitable measures to secure the transfer of your Data outside the EU.

All transfers of personal data are the subject of a contract.

The transfer of personal data to countries not having equivalent personal data protection is governed by the standard contractual clauses defined and approved by the European Commission(art. 46 GDPR).

You can have access to all these documents by emailing our Data Protection Officer at privacy@hotelbb.com or writing to the following postal address: DPO Casper BidCo, HAAS Lawyers, 6 rue de Saint Pétersbourg – 75008 Paris.

 

9. Automated decision-making in the context of a booking using facial recognition technology

If you choose to make a booking using facial recognition technology, your identity will be verified in an entirely automated manner.

The joint data controllers will use a non-definitive and optional fully automated procedure to check the validity of your identity document and the correspondence between the image on your identity document and your face.

In all cases, you will be able to contest the decision taken by sending an e-mail to privacy@hotelbb.com. But, above all, in all cases, if the identification procedure fails, you will be able to keep your booking and then check in at the hotel reception desk with the staff in charge of this procedure.

 

10. Exercising the rights of the data subject

In accordance with the French Data Protection Act and the GDPR, you have the following rights (read more):

- right of access and information (article 15 GDPR) right of rectification (article 16 GDPR) right to update and the right to complete your data

- right to delete (or “right to be forgotten”) your personal data (article 17 of the GDPR), if it is inaccurate, incomplete, ambiguous, out-of-date, or if its collection, use, disclosure or retention is prohibited

- right to withdraw your consent at any time (article 7 of the GDPR);

- right to restrict the processing of your data (article 18 of the GDPR)

- right to object to the processing of your data (Article 21 GDPR)

- the right to portability of the data you have provided to us, where your data undergoes automated processing based on your consent or on a contract (Article 20 GDPR)

- right not to be the subject of a decision based solely on automated processing (article 22 of the GDPR); no final decision based exclusively on automated processing is currently applied by the B&B HOTELS Group

- the right to determine what happens to your data after your death and to choose whether or not we disclose your data to a third-party that you have designated (article 85 LIL). In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

You can exercise your rights in one of the following ways:

- by e-mail to privacy@hotelbb.com,

- by post to DPO Casper BidCo - HAAS AVOCATS, 6 rue de Saint Pétersbourg, 75008 Paris, France

by proving your identity and providing a legitimate reason when required by law.

Finally, you can also lodge a complaint with the supervisory authorities and in particular the CNIL or any other competent authority.

 

11. Login data and cookies

In practice, technical cookies enable us to authenticate you, identify you, speed up your browsing on our Site and Applications and access their various functions. They may collect data about the features of the operating system, browser or terminal (computer, tablet or mobile phone) that you use. They also allow the collection of data relating to your location (in particular your IP address).

The list of cookies, their purpose and retention period is available here.

By default, by continuing to browse our Site or using our Applications, you consent to the deposit of these cookies. However, you can configure the settings of your browser software at any time to:

  • accept or refuse cookies on our Site or Applications
  • systematically refuse all cookies
  • request that your consent be required for each cookie you encounter while browsing the internet.

To do this, simply refer to your browser software and follow its instructions. For example:

  • With Internet Explorer™Tools menu ► Internet options ► Confidentiality tab

Press the "Advanced " button to bring up the Advanced privacy settings " window. Then tick the "Ignore automatic cookie management" box, and select "Refuse" in the "Third-party cookies" column.

  • With Firefox™Tools menu ► Options ► Privacy tab

Configure the "Retention rules "menu to "Use custom settings for history ". Finally, uncheck the "Accept third-party cookies " box.

  • With Chrome™: Menu ►Settings ►Display advanced settings (located at the bottom of the page).

Then click on the "Content settings " button, then tick the "Block cookies and data from third-party sites " box and then click on "OK " to confirm your choice.

  • With Safari™: Safari (settings icon) ► Preferences ► Security ► Show cookies ► Choose the desired options
  • With Opera™ Tools menu ► Preferences ► Advanced tab ► Cookies section ► Manage cookies ► Choose the desired options
  • However, you are informed that if you choose to block the technical and functional cookies, your browsing of our Site or Applications may be altered.

For cookies other than purely technical ones, we have drawn up a Cookies Management Charter to inform you more specifically about their use, which can be accessed here.

 

12.  Social networks

When browsing our Site or our Applications, you may click on the icons dedicated to Twitter, Facebook and LinkedIn.

Social networks help to improve the user-friendliness of the Site and our Applications, and help to promote them through sharing.

When you use these buttons, we may have access to personal information that you have indicated as public and which is accessible from your Twitter, Facebook and LinkedIn profiles. However, we do not create or use any database independent of Twitter, Facebook and LinkedIn and do not use any data relating to your private life in this way.

In order to limit access by third-parties to your personal information on Facebook, LinkedIn or Twitter, we encourage you to configure your profiles and/or the nature of your publications via the dedicated spaces on social media with the aim of limiting the audience.

 

13.  Security

Casper BidCo complies with the GDPR and the French Data Protection Act regarding the security and confidentiality of your data.

We implement all the necessary technical and organisational measures to ensure the security of our personal data processing operations and the confidentiality of the data we collect.

In this respect, we take all the necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve its security and, in particular, to prevent the data from being distorted, damaged or accessed by unauthorised third-parties (physical protection of the premises, authentication procedures for persons accessing the data with personal and secure access via confidential identifiers and passwords, secure https protocol, logging and traceability of connections, encryption of certain data, PCI-DSS (Payment Card Industry Data Security Standards, etc.).

 

14. Contacts

If you have any questions about this Policy or any requests relating to your Data, you can contact us by:

- Sending an email to our Data Protection Officer at privacy@hotelbb.com

- Sending a letter to the following address: DPO Casper BidCo -HAAS AVOCATS, 6 rue de Saint Pétersbourg-75008 PARIS

Read more 

Our DPO's mission is to inform, advise and monitor CASPER BidCo's compliance in the execution of the processing operations carried out via the Platform.

In accordance with the data protection regulations, our DPO acts as a contact point:

  • Vis-à-vis data subjects for all matters relating to the processing of data by CASPER BidCo or the exercise of your rights;
  • Vis-à-vis the CNIL as part of its co-operation mission. The DPO may also contact this authority to request an opinion or a prior consultation on all matters concerning the protection of personal data;
  • Vis-à-vis other DPOs appointed by subcontractors or data controllers.