IMPORTANT NOTICE
The content of this page has been generated by automated translation. This translation is provided for informational purposes only and may contain inaccuracies or errors. In the event of any doubt, discrepancy, interpretation issue, or dispute, only the original French version shall prevail and be deemed authoritative.
Privacy Policy
As part of the use of the website https://saint-antoine-hotel.fr and interactions with Hôtel Le Saint Antoine, personal data may be collected and processed by the establishment. The purpose of this Privacy Policy is to provide clear and transparent information on the conditions under which such data is processed, protected, and retained, as well as on the rights of the data subjects.
1. Legal Framework and Applicable Principles
1.1 Applicable Legal Framework
The processing of personal data is carried out in compliance with:
- Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (GDPR);
- French Act No. 78‑17 of 6 January 1978 as amended (Data Protection Act);
- Recommendations, guidelines, and reference frameworks issued by the French Data Protection Authority (CNIL).
These legal instruments govern all data processing activities implemented by the hotel establishment, from data collection to deletion or archiving.
1.2 Fundamental Principles Governing Processing
In accordance with Article 5 of the GDPR, personal data is processed in line with the following principles, applied in a concrete and verifiable manner:
- Lawfulness, fairness, and transparency: Data is processed on a valid legal basis (contract performance, legal obligation, consent, or legitimate interest). Data subjects are informed in a clear and accessible manner.
- Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
- Data minimisation: Only data strictly necessary for the intended purposes is collected.
- Accuracy: Measures are in place to ensure data remains accurate and up to date.
- Storage limitation: Data is retained only for the period necessary to fulfil the purposes and comply with legal obligations.
- Integrity and confidentiality: Appropriate technical and organisational measures are implemented to ensure data security.
2. Identity of the Data Controller
Data Controller
THABOR HOTELLERIE – Hôtel Le Saint Antoine
93 avenue Henri Fréville – 35200 Rennes – France
Tel.: +33 (0)2 23 44 33 33
Data Protection Officer (DPO)
DPO BLOT IMMOBILIER
93 avenue Henri Fréville – 35200 Rennes – France
Email: dpo@blotimmobilier.fr
3. Source of the Data
3.1 Direct Collection
Personal data is collected directly from data subjects, in particular when:
- browsing the website;
- completing online forms;
- making a reservation (online, by phone, or email);
- subscribing to newsletters or marketing communications;
- engaging in contractual or pre-contractual exchanges.
3.2 Collection via Cookies and Trackers
Certain data may be collected automatically during browsing, including:
- IP address;
- connection data;
- browsing behaviour;
- device and browser information.
Such collection is subject to prior consent where required under applicable law.
3.3 Collection in the Context of Commercial Relations
Data may also be processed for:
- reservation and stay management;
- billing and accounting;
- handling complaints or disputes;
- exercising legal rights.
3.4 No Unregulated Indirect Collection
No personal data is collected from third parties without informing the data subjects in accordance with Article 14 GDPR.
4. Categories of Data Processed
- Identification data: title, surname, first name
- Contact data: email, phone number, postal address
- Stay-related data: arrival/departure dates, room type, preferences
- Financial data: billing and payment information (no full bank details stored)
- Marketing data: newsletter subscriptions, email statistics
- Browsing data: IP address, cookies, technical logs
No sensitive data within the meaning of Article 9 GDPR is processed.
5. Purposes, Legal Bases, and Retention Periods
- Reservation management
Legal basis: Contract performance
Retention: duration of contract + 5 years - Billing and accounting
Legal basis: Legal obligation
Retention: 10 years - Customer relations
Legal basis: Legitimate interest
Retention: 3 years - Marketing communications
Legal basis: Consent
Retention: until withdrawal or 3 years - Website analytics
Legal basis: Consent
Retention: 13 months - Security and fraud prevention
Legal basis: Legitimate interest
Retention: 12 months
Data is deleted or securely archived after the applicable retention periods.
6. Cookies and Trackers
Cookies may be placed on your device when browsing the site.
- Strictly necessary cookies: do not require consent
- Consent-based cookies: audience measurement, marketing, third-party cookies
Retention:
- Cookies: up to 13 months
- Consent: up to 6 months
Users can manage their preferences via the cookie banner.
7. Processors and Recipients
7.1 Recipients
- Authorised hotel staff
- Internal support services (IT, legal, marketing)
- Hosting provider
- Booking system provider
- Emailing solution
- Analytics tools
7.2 Processor Safeguards
Processors act under GDPR-compliant contracts, including:
- Data Processing Agreements (Article 28 GDPR)
- confidentiality obligations
- security requirements
- prohibition of reuse of data
7.3 Disclosure to Authorities
Data may be disclosed where required by law or judicial order.
8. Data Location and Transfers
Data is primarily processed within the European Union. No intentional transfers outside the EU are currently carried out. However, certain third-party tools (e.g. Google, YouTube) may involve access from outside the EU. Such transfers are governed by appropriate safeguards (e.g. Standard Contractual Clauses).
9. Data Subject Rights
Individuals have the following rights:
- right to information
- right of access
- right to rectification
- right to erasure
- right to restriction
- right to data portability
- right to object
- right to withdraw consent
- right to define post-mortem directives
Requests may be sent to:
Email: dpo@blotimmobilier.fr
Address:
DPO BLOT IMMOBILIER
93 avenue Henri Fréville
35200 Rennes – France
Requests are handled within one month. Complaints may be lodged with the CNIL:
https://www.cnil.fr/fr/plaintes
10. Data Security
Appropriate technical and organisational measures are implemented, including:
- restricted access controls
- staff confidentiality obligations
- secure IT systems and servers
- authentication mechanisms
- data backups
- monitoring and logging
Processors are contractually required to comply with similar obligations. In the event of a data breach, appropriate notification procedures are followed.
11. Minors
The website is intended for adults. Minors under 16 must not submit personal data without parental consent.
12. Policy Updates
This Policy may be updated to reflect:
- legal or regulatory developments
- CNIL recommendations
- technical or operational changes
Users are encouraged to consult it regularly.
Last update: June 2026
