SLO Hostels

Privacy policy

Preambule

By familiarizing yourself with our Privacy Policy, you will find out how we collect your personal data, what kind of information we collect, for what purposes we use this data, with whom we share

this data and what measures are implemented to protect this data.

By ‘personal data’, we mean all information which could be used to identify a natural person, either directly or indirectly: surname, first name, email address, telephone number, date of Stay etc.

SLO prioritizes the protection of personal data and the rights of the individuals whose personal data it holds.

Data controller

The Data controller of your personal data is SLO Hostels, i.e. SAS RBSH, 6B Rue des Capucins 69001 Lyon, France – RCS LYON 794 250 589, Tel : +33 4 78 31 69 16.

If you have any questions about our privacy policy or wish to exercise your rights as they relate to your personal data, please use the enquiry form on the Website.

What kind of data is processed ?

The following data may be processed :

  • Your personal data identifiers (title, surname, first/ middle names, postal address, telephone numbers, email address, date of birth, IP address, company, company position, nationality);
  • Payment details and credit/debit/virtual credit card details;
  • Your comments or reviews;
  • Your preferences regarding newsletter topics;
  • Your previous interactions and purchases: type of Stay booked, type of room booked, special requests to the Establishment, products and/or services purchased, quantity, frequency, cost and all other information relating to your Stay at the Establishment, participation in competitions;
  • Your device’s unique serial number, GPS coordinates, device type (when you use the Establishment’s WiFi connection);
  • Your web browsing history (IP address) as it relates to your customer account and login details.

The presence of an asterisk in forms or documents (enquiry form, booking request) indicate that this field is required for the processing of your request.

For what purpose do we use this data ?

We may process your data in a variety of ways for different 

purposes on the basis of your consent (1), to perform a contract (2), to fulfill a legal obligation (3) or on grounds of legitimate interest (4) :

  • To manage and monitor bookings;
  • To process invoice payments;
  • For the purposes of using the Website (enquiry form, browsing the Website);
  • To enable online job applications via the Website;
  • To provide WiFi connections in Establishments;
  • To manage requests relating to the exercising of rights under GDPR;
  • For marketing tools (newsletters, promotions, competitions);
  • To improve our products and services (customer satisfaction survey);
  • When operating CCTV.
  • The processing methods, the personal data processed, the purposes of processing, the legal basis for this processing and the duration of data retention are detailed below (with the exception of our cookies policy, which is detailed further on):.

1. Managing and monitoring bookings;

DataPurposeLegal basisDuration of data retention
Personally identifiable
information and contact data
Data relating to the Stay
Payment data (not including credit/debit card data)
Managing bookings
Monitoring Stays
Monitoring disputes
Fulfilling legal obligations
(1) Your consent
(2) The performance
of the contract
(3) Legal obligation
(police form, invoices)
(4) Our legitimate interest (monitoring disputes)
5 years after the end of the Stay or payment of the last invoice
6 months for the police report
10 years for invoices

2. Processing of invoice payments

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Card data
Data relating to the Stay
Processing payments for bookings
Processing payments for damages
(1) Your consent (2) The performance of the contract (4) Our legitimate interest (monitoring disputes)30 days from the end of the Stay, unless the Client has other bookings pending

3. Use of the Website

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Chat message request subject 
Login and browsing data
Managing the enquiry form (receiving and replying to your requests) Managing the chat function and online assistance Managing browsing(1) Your consent (4) Our legitimate interest (operating the Website, creating
Website statistics, monitoring the chat function)
2 years from the initial contact 1 year from the time of logging into and/or browsing the Website

4. Online job applications via the Website

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data Career-related data (applicant profile, CV) Social networks usedManaging job applications Recruitment campaigns(1) Your consent
(4) Our legitimate interest (processing job applications)
2 years from the time the job application was received

5. Providing a WiFi connection

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Device and GPS coordinates
Login and browsing data
Identifying users and web traffic
Complying with statutory requests from the authorities
(3) Legal obligation
(4) Our legitimate interest (identifying users)
1 year from login

6. Managing requests and checks by government authorities

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Request subject
Managing requests relating to the exercising of rights under 
GDPR
Enquiry statistics
Managing audits by the CNIL, the French data protection 
watchdog
(4) Our legitimate interest (responding to enquiries)5 years from the completion of the request’s processing

7. Marketing tools

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Data relating to the Stay
Personal interests
Sending promotional offers, personalized and non-personalized Organizing competitions(1) Your consent
(4) Our legitimate interest (sending out information, promotional offers, organizing competitions)
2 years from the end of the contract or the last contact

8.  Improving our products and services

DataPurposeLegal basisDuration of data retention
Personally identifiable information and contact data
Data relating to the Stay
Login and browsing data
Customer satisfaction survey
Improving products and services
Improving the Website
(1) Your consent
(4) Our legitimate interest (improving services)
2 years from the end of the contract or the last contact
1 year from the time of logging into and/or browsing the Website

9. CCTV in the Establishment

DataPurposeLegal basisDuration of data retention
ImageProtecting people and property(4) Our legitimate interest (protecting people 
and property)
1 month from when the images were recorded

For how long do we keep this data ?

We only keep your personal data for as long as is necessary to fulfill the aforementioned purposes or in accordance with legal provisions. The data retention periods are described above.

Is your data shared with third parties ?

Our service providers have limited access to your personal data in order to perform tasks on our behalf. They are under a contractual obligation to protect this data and use it only for the purposes for which it was entrusted to them, and in accordance with this Privacy Policy. Before sharing any of your personal data with third parties, we have implemented the measures needed to ensure that your data will be adequately protected whilst in their possession.

What security measures do we implement ?

The security of this data is of prime importance. As a result, SLO implements all the technical and organizational measures necessary to preempt and prevent the disclosure, alteration or  loss of any data, as well as any unauthorized access.

Online payments are managed by specialist service providers who implement all the necessary security measures.

SLO does not directly transfer data to countries outside the European Union. However, some service providers may transfer data to countries outside the European Union. This data transfer is only permitted if :

  • The service provider is based in a country judged to have an ‘adequate level of data protection’ by the European Commission, or;
  • Standard Contractual Clauses and/or other data transfer mechanisms have been implemented and guarantee an adequate level of data protection, or;
  • Binding Corporate Rules that have been approved by the relevant data protection authorities are in place.

What are your rights and how do you exercise them ?

In accordance with the regulations in force, you possess, at any time :

  • The right of access to your data: to ask what data relating to you we have in our possession;
  • The right to rectification: to rectify incorrect data;
  • The right to erasure: when data is no longer useful, you can demand its erasure;
  • The right to the restriction of processing: to demand that data processing be stopped for the performance of a specific action;
  • The right to object to the processing of data: The right to object to the processing of data does not apply if the processing relates to the performance of a contract.When processing is on the basis of legitimate interest, you must explain the specific circumstances on which you are basing your objection. Of course, you always have the right to object to the processing of data on the basis of your consent, by withdrawing said consent.
  • The right to data portability: to demand that specific data (that required for the performance of a contract) which has been processed by automated means, be transmitted to them in a structured format or transmitted to a third party;
  • The right to draw up instructions about how you want your personal data to be processed after your death – storage, erasure, transmission.
  • Any request to exercise rights relating to your data must be done in writing to the aforementioned registered head office address or by the Website enquiry form. As a security measure, to prevent third parties from accessing your data, proof of identity may be requested.
  • If you have any complaints or wish to find out more, contact the CNIL.

Cookie policy

Cookies are small text files which are downloaded onto and stored on the browser directory of your computer, tablet or any other mobile device with an internet connection. Cookies may be downloaded to your terminal equipment when you access a website or an app. They have several purposes, including improving an application’s functionality and enabling access to said application, generating statistics and evaluating the application’s performance, assessing browsing activity on the application and other sales and marketing goals.

As the publisher of a Website, SLO may download cookies or make a request to download cookies onto your terminal’s hard drive.

A banner alert about the use of cookies will appear on your first visit to the Website. You may accept or decline analytics or functional cookies on your first visit. You can also do this at any time by using the cookies settings menu.

In accordance with the recommendations of the CNIL (the French data protection watchdog), some cookies do not require your prior consent as long as they are vital for the Website’s proper functioning or are designed to facilitate communication by email. Specifically, these include session cookies and authentication cookies.

All the cookies are listed in the cookies settings menu.

Cookies are stored for 13 months starting from when they are downloaded onto your terminal.

Guests
Book now
Best rate guaranteed!
Are you people? Take advantage of our special options for groups!
8 guests or more?
Book here