Personal data protection policy
Our customers’ privacy is important to Huttopia.
For this reason, in accordance with the current personal data protection regulations, in particular the GDPR (General Data Protection Regulation), we have appointed a Data Protection Officer and are doing everything we can to apply the CNIL recommendations.
We process the data from our users, customers and prospective customers in the following ways:
1. Data collected
The personal data collected on this site is as follows:
Opening an account: when creating the user’s account, their surname, first name, and email address.
Login: when the user logs in to the site, it records, in particular, their surname, first name, login details, usage, and location.
Profile: the use of the services provided on the site allows us to complete a profile, which may include an address and a telephone number.
Payment: during the payment of products and services offered on the site, the site records financial data regarding the user’s bank account or bank card.
Cookies: Cookies are essential for the site to function properly and allow users to improve their browsing experience, to use certain sharing features on social networks and to view content and advertising based on their interests.
Some cookies are essential for the site to function and are installed automatically. When logging into the site for the first time, the user can accept or refuse non-essential cookies to be installed, for which their consent is required. The user can change their cookie preferences at any time by clicking on the “manage consent” link at the bottom of the page on most of our sites.
2. Purpose of data processing
The personal data collected from users is intended to enable the site services, to improve them and maintain a secure environment. More specifically, it is used as follows:
– Access and use of the site by the user;
– Ensuring the correct functioning and optimization of the site;
– Verification, identification and authentication of the data transmitted by the user;
– Providing user assistance;
– Personalization of services by displaying advertising based on the user’s browsing history, according to their preferences;
– Preventing and detecting fraud, malware (malicious software) and managing security incidents;
– Handling any disputes with users;
– Sending marketing and publicity information, according to the user’s preferences.
3. Duration of data storage
Personal data is kept for a limited period which does not exceed the time needed for the purposes of the data collection.
4. Legal basis
The legal basis involved in the data processing is as listed below:
– Handling prospective customers: legitimate interest
– Subscribing to and managing the newsletter: consent
– Analysis of purchasing behaviour: legitimate interest
– Managing bookings (reservation, invoicing, etc.): necessary to fulfil a contract
– Customer satisfaction: legitimate interest
5. Sharing personal data with third parties
Personal data may be shared with third-party companies in the following cases:
– When the customer uses payment services. In order to implement these services, the site is in contact with third-party banking and financial companies with which it has entered into contracts;
– When the user publishes information accessible to the public in the free comments areas of the site;
– When the user authorizes a third party website to access their data;
– When the site uses service providers to offer user support, advertising and payment services. These service providers have limited access to user data, in order to perform these services, and have a contractual obligation to use them in accordance with the provisions of the applicable personal data protection laws;
– If required by law, the site may transmit data to follow up on complaints made against the site and comply with administrative and legal procedures;
– If the Site is involved in a merger, acquisition, transfer of assets or receivership proceedings, it may need to transfer or share all or part of its assets, including personal data. In this case, users would be informed, before personal data is transferred to a third party.
6. Transfer of personal data
The data collected on this site is not transmitted outside the European Union.
However, if the user wishes to book a holiday in the United States and/or Canada, the general conditions of sale of the site https://canada-usa.huttopia.com/ apply.
In the United States, it should be noted that since 16 July 2020 the Privacy Shield has been rejected by the European Court of Justice, that is to say that it is no longer recognized as a legal framework ensuring adequate personal data protection.
In Canada and in the province of Quebec, personal data is used in accordance with the personal information protection and electronic documents act (PIPEDA) and the law of Quebec regarding the protection of personal information in the private sector.
Huttopia informs you that it implements the same level of personal data protection everywhere in the world, regardless of the regulatory framework.
7. Security and confidentiality
The site has put into place organizational, technical, software and physical digital security measures to protect personal data from tampering, destruction and unauthorized access. However, it should be noted that the internet is not a completely secure environment and the site cannot guarantee the security of the transmission or storage of information on the Internet.
8. Implementing the rights of those concerned
You have a number of legal rights in terms of your personal data. You can obtain further information and advice about your rights from the competent data protection authority in your country (in France, the Commission Nationale Informatique et Libertés (CNIL: https://www.cnil.fr/ ).
2- Right of access – You have the right to access your information (if we are processing it), and certain other information (such as that provided here). The aim is for you to be well informed and able to verify that we are using your data in accordance with the data protection laws.
3- The right to rectification – You have the right to have your information corrected if it is inaccurate or incomplete.
4- The right to deletion – This right is also known as the “right to be forgotten” and, in simple terms, it allows you to request your data to be deleted when there is no overriding reason for us to continue to use it. However, this is not a general right to the deletion of data and there are exceptions.
5- The right to the restriction of data processing – You have the right to “block” or prevent any further use of your information. When processing is restricted, we can store it, but cannot continue to use it. We keep a list of the people who have requested that their data no longer be used, in order to ensure compliance with this restriction measure.
6- The right to data portability – You have the right to obtain and reuse your personal data for your own purposes and for other services. This allows you to relocate, copy or transfer it easily and safely between our computer systems and third parties, without affecting its ability to be used.
7- The right to object – You have the right to object to certain types of data processing, including processing for direct commercial purposes (which is only possible with your consent).
8- The right to make a complaint – You have the right to make a complaint about the way in which we process or manage your personal data with the competent national authority in the matter (in France, the Commission Nationale Informatique et Libertés ( CNIL: https://www.cnil.fr/).
9- The right to withdraw your consent – If you have given your consent to the processing or use of your personal data, you can withdraw it at any time (although, if you do so, it does not mean that anything we have done with your consent up to that date has been illegal). This includes your right to withdraw consent to the use of your personal data for commercial purposes.
We respond to requests and provide information free of charge; however, we may charge a reasonable fee to cover our administration costs in the event of a repeated request.
We may also be entitled to refuse to act upon a request. Please judge your application responsibly before submitting it. We will respond to it as quickly as possible, usually within one month of the date of receipt; but if it takes longer to process the request, we will let you know.
You can contact us regarding personal data protection:
By email at the following address: email@example.com
By post: HUTTOPIA, À l’attention du Délégué à la Protection des Données Personnelles rue du Chapoly 69290 Saint Genis les Ollières.
9. Evolution of this policy
Huttopia SA reserves the right to make any changes to this policy regarding personal data protection at any time. If a change is made to this personal data protection policy, Huttopia SA will publish the new version on its site.