Personal data protection policy
Last revised on 11 April 2023
This Personal data protection policy is addressed to the users (hereinafter referred to as the Users or you) of the website https://www. bbhotels-group.com/ (hereinafter the Site). Its purpose is to inform you, in accordance with Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation” or “GDPR”), about how your personal information may be collected and processed through our Site when you use the website https://www. bbhotels-group.com/.
The B&B HOTELS group is fully committed to the compliance of personal data processing with the requirements of the GDPR.
This personal data protection policy aims to inform you about the categories of personal data we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.
Your privacy and the protection of your personal data is a priority for us, which is why we are committed to processing your personal data in strict compliance with the Regulation and the applicable national laws.
1 – Definitions
2 – Identity of the data controllers
3 – Data origin and collection
4 – Data that is processed
5 – Purposes and legal bases of data processing
6 – The recipients of the data
7 – How long the data is kept
8 – Transfer of data outside the European Union
9 – Exercising the rights of the data subject
10 – Login data and cookies
11 – Security
12 – Contacts
Article 1. Definitions
B&B HOTELS Group: means the holding company Casper BidCo and any entity controlled by CASPER BIDCO or under common control with CASPER BIDCO
Data controller: refers to Casper BidCo in its capacity as the main data controller on the Site
Site: refers to the website accessible at the URL address https://www. bbhotels-group.com/
Users: refers to any person who accesses or browses the Site
2. Identity of the controller
Casper BidCo, which is one of the parent companies of the B&B HOTELS group, whose legal notice can be accessed by clicking here is the main data controller for the Site.
In the context of contacts for business partnerships, Casper BidCo is jointly responsible for processing your personal data with the B&B HOTELS Group companies (See list of companies here).
The controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. Where several persons jointly determine the purposes and means of a processing operation, they are joint controllers.
Casper BidCo is a simplified joint stock company with a single shareholder, with a capital of 12,129,635.92 euros, located at 29 boulevard Romain Rolland 92120 Montrouge, registered in the Nanterre Trade and Companies Register under the number 850 790 908, legally represented by its Chairman, domiciled at the said headquarters.
Casper BidCo is the publisher of the Site which is powered by all the companies of the B&B HOTELS group. Their list is available here and they are joint controllers for the processing of your personal data in the context of requests for commercial partnerships on the Site.
Casper BidCo has entered into a joint liability agreement with these joint controllers setting out their respective obligations, the outline of which is available on request by email to firstname.lastname@example.org.
This personal data protection policy concerns the processing of data by Casper BidCo and its joint controllers via the Site in the context of your process for a commercial partnership with B&B HOTELS.
3. Data origin and collection
When you visit our Site, we may collect personal data about you.
In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, emails sent to you, notifications on the Site or via our Cookie Management Tool.
Your data is processed in accordance with the purposes set out at the time of collection and in compliance with the CNIL’s guidelines on the processing of personal data for the purposes of managing commercial activities.
Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to oppose the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you information for market research or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purpose of measuring the audience of our Site.
4. Data that is processed
By using the Site, you are required to transmit data and information to us, some of which is likely to identify you and therefore constitutes personal data (hereinafter the Data).
This is particularly the case when you express your interest in a business partnership.
In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, or via our Cookie Management Tool.
Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to oppose the use of your data for certain purposes, such as, for example, the possibility of depositing third-party cookies or tracers on your terminals (mobile phone, computer, tablet) for the purpose of measuring the audience of our Site.
At the time of collection of the Data, you will be informed whether certain Data must be filled in or whether it is optional and the possible consequences of a failure to reply are indicated at the time of its collection on the associated forms.
The data being processed is as follows:
- Data relating to your identity: title, surname, first name(s), address, telephone number, email address,
- Data relating to your professional life: company, location,
- Information about your education: degrees obtained, universities/schools attended
- Data relating to browsing: your logs and login data, computer hardware identification data, your language preferences, geographical location data, data relating to your use of the Site, including the data communicated to our teams when you make requests (language preference, etc.), data collected via cookies and other tracers,
Please note that the B&B HOTELS group only collects data that is strictly necessary for the purpose for which it is processed.
5. Purposes and legal bases of data processing
The processing carried out by the B&B HOTELS Group responds to an explicit, legitimate and determined purpose, which is based on the execution of a contract, compliance with a legal or regulatory obligation, your consent or legitimate interest.
Where the legal basis for the processing operations is the pursuit of a legitimate interest, you have the possibility, upon request, to obtain information on the balancing of interests.
Your different data is collected and processed for the following legal bases and purposes:
– The proper functioning and continuous improvement of our Site and its functionalities
Monitoring the proper functioning and improvement of our Site and Services covers:
- the general administration of the Site
- answers to your requests and questions via our contact form
- the use of statistics on the use of the Site for research and development purposes
- the depositing of cookies and other tracers, details of which can be found in our Cookie Management Charter.
The B&B HOTELS Group has a legitimate interest in providing you with the best possible experience on our Site and the best possible quality of the Services offered and relies on your consent for the deposit of cookies and other tracers when required.
– Management of requests for rights arising from the GDPR and the amended French Data Protection Act
This processing covers all operations necessary for the follow-up of rights requests addressed to Casper BidCo or to the companies whose list is accessible by clicking here (qualification of the request, investigations, execution of specific technical operations…).
It only applies to cases where Casper BidCo and/or the companies listed here are acting as data controller.
This processing is carried out on the basis of a legal obligation arising from Articles 15 et seq. of the GDPR and Articles 48 et seq. of the French Data Protection Act.
– Management of data submitted in the context of business partnership requests
This processing covers all Data collected in the context of a process for a business partnership.
The information collected in the context of this processing is processed by Casper BidCo and the companies of the B&B HOTELS Group. Their list can be consulted here
This processing is carried out on the basis of the execution of pre-contractual measures taken at your request.
6. The recipients of the data
We treat the Data we collect with the utmost care. Only strictly necessary Data will be communicated to third-parties for processing.
Within the limits of their respective attributions and for the purposes mentioned in article 4, the main persons who may have access to your Data are as follows:
- The authorised staff of our human resources, franchise department, sales, development, finance, M&A, legal, administrative and IT departments,
- Authorised staff of our data processors and service-providers such as hosting and cloud storage service-providers, mailing service-providers, IT maintenance service-providers, marketing research service-providers, human resources software publishers
- The list of the authorised staff of the joint controllers can be found here
- If necessary, the competent authorities upon request, in particular public bodies, the relevant courts, ombudsmen, chartered accountants, auditors, lawyers, bailiffs, judicial officers, police officers, exclusively to meet legal obligations, as well as in the case of looking for the perpetrators of offences committed on the Internet,
- Third-parties who may place cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent to them (For more details, see our Cookies Management Policy).
Your personal data will not be disclosed, exchanged, sold or rented without your express prior consent in accordance with the applicable legal and regulatory provisions.
In our dealings with our data processors within the meaning of the GDPR, we contractually ensure that they process the data in a way that guarantees its integrity, confidentiality and security.
7. How long the data is kept
We only keep your data for as long as is necessary for the purposes described in Article 4. Click below for more details.
– For the proper functioning and continuous improvement of our Site and its functionalities
Cookies and other commercial tracers may be deposited on the User’s terminal for a maximum period of 6 months. After this period, the raw traffic data associated with an identifier is either deleted or anonymised.
The information collected through tracers is kept for a period of 25 months. After this period, the Data is deleted or anonymised.
– For the management of requests of rights arising from the GDPR and the amended French Data Protection Act
Data relating to the management of rights requests is kept for as long as necessary to process the request. It is then archived for the duration of the penal provisions applicable to intermediate storage.
– For the management of data transmitted in the context of business partnerships
Data submitted in the context of business partnership requests are retained for the duration of the processing of requests.
After the examination of the requests and in the event that no business partnership with the B&B HOTELS Group is established, the Data is archived for the prescribed period applicable to intermediate storage.
8. Transfer of data outside the European Union
The B&B HOTELS Group is a global organisation providing services in many countries. Cross-border data sharing is therefore essential to our services so that you receive the same high quality service wherever you are in the world.
In this respect, and for the purposes indicated in Article 4 of this Policy, we may transfer your personal data to internal and external recipients who may be located in countries outside the EU.
The B&B HOTELS Group has therefore implemented suitable measures to secure the transfer of your Data outside the EU.
The transfer of personal data to countries without equivalent personal data protection is governed by the standard contractual clauses defined and approved by the European Commission(art. 46 GDPR).
You can have access to all these documents by emailing our Data Protection Officer at email@example.com or writing to the following postal address: DPO Casper BidCo, HAAS AVOCATS, 6 rue de Saint-Pétersbourg – 75008 Paris.
9. Exercising the rights of the data subject
In accordance with the French Data Protection Act and the GDPR, you have the following rights (read more):
– right to delete (or “right to be forgotten”) your personal data (article 17 of the GDPR), if it is inaccurate, incomplete, ambiguous, out-of-date, or if its collection, use, disclosure or retention is prohibited
– right to withdraw your consent at any time (article 7 of the GDPR);
– right to restrict the processing of your data (article 18 of the GDPR)
– right to object to the processing of your data (Article 21 GDPR)
– the right to portability of the data you have provided to us, where your data undergoes automated processing based on your consent or on a contract (Article 20 GDPR)
– right not to be the subject of a decision based solely on automated processing (article 22 of the GDPR); no final decision based exclusively on automated processing is currently applied by the B&B HOTELS Group
– the right to determine what happens to your data after your death and to choose whether or not we disclose your data to a third-party that you have designated (article 85 LIL). In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.
You can exercise your rights in one of the following ways:
– by mail to firstname.lastname@example.org,
– by letter to DPO Casper BidCo – HAAS AVOCATS, 6 rue de Saint-Pétersbourg, 75008 Paris, France
by proving your identity and providing a legitimate reason when required by law.
Finally, you can also lodge a complaint with the supervisory authorities and in particular with the CNIL or any other competent authority.
10. Login data and cookies
In practice, technical cookies allow us to authenticate you, identify you, speed up your browsing on our Site and provide access to their various functionalities. They may collect data about the characteristics of the operating system, browser or terminal (computer, tablet or mobile phone) that you use. They also allow the collection of data relating to your location (in particular your IP address).
The list of cookies, their purpose and retention period is available here.
By default, by continuing to browse our Site, you consent to the deposit of these cookies. However, you can configure the settings of your browser software at any time to:
- accept or decline the cookies on our Site
- systematically refuse all cookies
- request that your consent be required for each cookie you encounter while browsing the internet.
To do this, simply refer to your browser and follow its instructions. For example:
- With Microsoft Edge™: Menu ►Settings► Cookies and site authorisation ►Manage and delete cookies and site data ►Choose the desired options
- With Firefox™: Menu►Settings ►Privacy and security ► Cookies and site data ►Choose the desired options
Configure the “Retention rules “menu to “Use custom settings for history “. Finally, uncheck the “Accept third-party cookies ” box.
- With Chrome™: Menu ►Settings ►Privacy and security►Cookies and other site data► Choose the desired options
- With Safari™: Safari►Settings►Privacy►Cookies and website data►Choose the desired options
- With Opera™ Tools menu ► Preferences ► Advanced tab ► Cookies section ► Manage cookies ► Choose the desired options
- However, you should be aware that by choosing to block technical and functional cookies, you may find your browsing experience on our Site impaired.
For cookies other than purely technical ones, we have written a Cookie Management Policy to inform you more specifically about their use which can be accessed here.
Casper BidCo complies with the GDPR and the French Data Protection Act regarding the security and confidentiality of your data.
We implement all necessary technical and organisational measures to ensure the security of our personal data processing operations and the confidentiality of the data we collect.
In this respect, we take all the necessary precautions, with regard to the nature of the data and the risks presented by the processing operations to preserve the security of the data and, in particular, to prevent the data from being deformed, damaged or accessed by unauthorised third-parties (physical protection of the premises, authentication procedures for persons accessing the data with personal and secure access via confidential identifiers and passwords, secure https protocol, logging and tracing of connections, encryption of certain data).
If you have any questions about this Policy or any requests relating to your Data, you can contact us by:
– Sending an email to our Data Protection Officer at email@example.com
– Sending a letter to the following address: DPO Casper BidCo -HAAS AVOCATS, 6 rue de Saint-Pétersbourg -75008 PARIS (France)