Privacy policy
Preambule
By familiarizing yourself with our Privacy Policy, you will find out how we collect your personal data, what kind of information we collect, for what purposes we use this data, with whom we share
this data and what measures are implemented to protect this data.
By ‘personal data’, we mean all information which could be used to identify a natural person, either directly or indirectly: surname, first name, email address, telephone number, date of Stay etc.
SLO prioritizes the protection of personal data and the rights of the individuals whose personal data it holds.
Data controller
The Data controller of your personal data is SLO Hostels, i.e. SAS RBSH, 6B Rue des Capucins 69001 Lyon, France – RCS LYON 794 250 589, Tel : +33 4 78 31 69 16.
If you have any questions about our privacy policy or wish to exercise your rights as they relate to your personal data, please use the enquiry form on the Website.
What kind of data is processed ?
The following data may be processed :
- Your personal data identifiers (title, surname, first/ middle names, postal address, telephone numbers, email address, date of birth, IP address, company, company position, nationality);
- Payment details and credit/debit/virtual credit card details;
- Your comments or reviews;
- Your preferences regarding newsletter topics;
- Your previous interactions and purchases: type of Stay booked, type of room booked, special requests to the Establishment, products and/or services purchased, quantity, frequency, cost and all other information relating to your Stay at the Establishment, participation in competitions;
- Your device’s unique serial number, GPS coordinates, device type (when you use the Establishment’s WiFi connection);
- Your web browsing history (IP address) as it relates to your customer account and login details.
The presence of an asterisk in forms or documents (enquiry form, booking request) indicate that this field is required for the processing of your request.
For what purpose do we use this data ?
We may process your data in a variety of ways for different
purposes on the basis of your consent (1), to perform a contract (2), to fulfill a legal obligation (3) or on grounds of legitimate interest (4) :
- To manage and monitor bookings;
- To process invoice payments;
- For the purposes of using the Website (enquiry form, browsing the Website);
- To enable online job applications via the Website;
- To provide WiFi connections in Establishments;
- To manage requests relating to the exercising of rights under GDPR;
- For marketing tools (newsletters, promotions, competitions);
- To improve our products and services (customer satisfaction survey);
- When operating CCTV.
- The processing methods, the personal data processed, the purposes of processing, the legal basis for this processing and the duration of data retention are detailed below (with the exception of our cookies policy, which is detailed further on):.
1. Managing and monitoring bookings;
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Data relating to the Stay Payment data (not including credit/debit card data) | Managing bookings Monitoring Stays Monitoring disputes Fulfilling legal obligations | (1) Your consent (2) The performance of the contract (3) Legal obligation (police form, invoices) (4) Our legitimate interest (monitoring disputes) | 5 years after the end of the Stay or payment of the last invoice 6 months for the police report 10 years for invoices |
2. Processing of invoice payments
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Card data Data relating to the Stay | Processing payments for bookings Processing payments for damages | (1) Your consent (2) The performance of the contract (4) Our legitimate interest (monitoring disputes) | 30 days from the end of the Stay, unless the Client has other bookings pending |
3. Use of the Website
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Chat message request subject Login and browsing data | Managing the enquiry form (receiving and replying to your requests) Managing the chat function and online assistance Managing browsing | (1) Your consent (4) Our legitimate interest (operating the Website, creating Website statistics, monitoring the chat function) | 2 years from the initial contact 1 year from the time of logging into and/or browsing the Website |
4. Online job applications via the Website
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Career-related data (applicant profile, CV) Social networks used | Managing job applications Recruitment campaigns | (1) Your consent (4) Our legitimate interest (processing job applications) | 2 years from the time the job application was received |
5. Providing a WiFi connection
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Device and GPS coordinates Login and browsing data | Identifying users and web traffic Complying with statutory requests from the authorities | (3) Legal obligation (4) Our legitimate interest (identifying users) | 1 year from login |
6. Managing requests and checks by government authorities
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Request subject | Managing requests relating to the exercising of rights under GDPR Enquiry statistics Managing audits by the CNIL, the French data protection watchdog | (4) Our legitimate interest (responding to enquiries) | 5 years from the completion of the request’s processing |
7. Marketing tools
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Data relating to the Stay Personal interests | Sending promotional offers, personalized and non-personalized Organizing competitions | (1) Your consent (4) Our legitimate interest (sending out information, promotional offers, organizing competitions) | 2 years from the end of the contract or the last contact |
8. Improving our products and services
Data | Purpose | Legal basis | Duration of data retention |
Personally identifiable information and contact data Data relating to the Stay Login and browsing data | Customer satisfaction survey Improving products and services Improving the Website | (1) Your consent (4) Our legitimate interest (improving services) | 2 years from the end of the contract or the last contact 1 year from the time of logging into and/or browsing the Website |
9. CCTV in the Establishment
Data | Purpose | Legal basis | Duration of data retention |
Image | Protecting people and property | (4) Our legitimate interest (protecting people and property) | 1 month from when the images were recorded |
For how long do we keep this data ?
We only keep your personal data for as long as is necessary to fulfill the aforementioned purposes or in accordance with legal provisions. The data retention periods are described above.
Is your data shared with third parties ?
Our service providers have limited access to your personal data in order to perform tasks on our behalf. They are under a contractual obligation to protect this data and use it only for the purposes for which it was entrusted to them, and in accordance with this Privacy Policy. Before sharing any of your personal data with third parties, we have implemented the measures needed to ensure that your data will be adequately protected whilst in their possession.
What security measures do we implement ?
The security of this data is of prime importance. As a result, SLO implements all the technical and organizational measures necessary to preempt and prevent the disclosure, alteration or loss of any data, as well as any unauthorized access.
Online payments are managed by specialist service providers who implement all the necessary security measures.
SLO does not directly transfer data to countries outside the European Union. However, some service providers may transfer data to countries outside the European Union. This data transfer is only permitted if :
- The service provider is based in a country judged to have an ‘adequate level of data protection’ by the European Commission, or;
- Standard Contractual Clauses and/or other data transfer mechanisms have been implemented and guarantee an adequate level of data protection, or;
- Binding Corporate Rules that have been approved by the relevant data protection authorities are in place.
What are your rights and how do you exercise them ?
In accordance with the regulations in force, you possess, at any time :
- The right of access to your data: to ask what data relating to you we have in our possession;
- The right to rectification: to rectify incorrect data;
- The right to erasure: when data is no longer useful, you can demand its erasure;
- The right to the restriction of processing: to demand that data processing be stopped for the performance of a specific action;
- The right to object to the processing of data: The right to object to the processing of data does not apply if the processing relates to the performance of a contract.When processing is on the basis of legitimate interest, you must explain the specific circumstances on which you are basing your objection. Of course, you always have the right to object to the processing of data on the basis of your consent, by withdrawing said consent.
- The right to data portability: to demand that specific data (that required for the performance of a contract) which has been processed by automated means, be transmitted to them in a structured format or transmitted to a third party;
- The right to draw up instructions about how you want your personal data to be processed after your death – storage, erasure, transmission.
- Any request to exercise rights relating to your data must be done in writing to the aforementioned registered head office address or by the Website enquiry form. As a security measure, to prevent third parties from accessing your data, proof of identity may be requested.
- If you have any complaints or wish to find out more, contact the CNIL.
Cookie policy
Cookies are small text files which are downloaded onto and stored on the browser directory of your computer, tablet or any other mobile device with an internet connection. Cookies may be downloaded to your terminal equipment when you access a website or an app. They have several purposes, including improving an application’s functionality and enabling access to said application, generating statistics and evaluating the application’s performance, assessing browsing activity on the application and other sales and marketing goals.
As the publisher of a Website, SLO may download cookies or make a request to download cookies onto your terminal’s hard drive.
A banner alert about the use of cookies will appear on your first visit to the Website. You may accept or decline analytics or functional cookies on your first visit. You can also do this at any time by using the cookies settings menu.
In accordance with the recommendations of the CNIL (the French data protection watchdog), some cookies do not require your prior consent as long as they are vital for the Website’s proper functioning or are designed to facilitate communication by email. Specifically, these include session cookies and authentication cookies.
All the cookies are listed in the cookies settings menu.
Cookies are stored for 13 months starting from when they are downloaded onto your terminal.