Privacy policy
PREAMBLE
SAS TRIANON LUXEMBOURG undertakes to ensure that the collection and processing of your data are carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulation (GDPR) and with French Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties.
The collection of its customers’ personal data is limited to what is strictly necessary, in accordance with the data minimisation principle, and it indicates the purposes pursued by the collection of this data, whether providing this data is optional or mandatory in order to handle requests, and who will be able to access it.
I. About us
SAS TRIANON LUXEMBOURG is a simplified joint-stock company (SAS) whose registered office is located at 3 rue de Vaugirard, 75006 Paris and which is registered in Paris under SIRET number 784 272 700 00013.
The Company offers the following services:
- Hotel accommodation service
II. Definitions
“Site” means the Company’s website, namely www.hoteltrianonrivegauche.com
“Cookies”: A cookie is a piece of information placed on the hard drive of an Internet user by the server of the website they are visiting. It contains several items of data: the name of the server that placed it, an identifier in the form of a unique number or a text string and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses in order to read and record information.
“Personal data” means any information relating to a natural person who is identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to them. This is, for example, the User’s email address.
“Customer” means any natural or legal person who makes a reservation on the Site, through our partner providers (e.g. Booking.com) or directly with the Hotel whose address is given in Article I;
“Reservation” means any reservation made by the User, Customer, Professional or Consumer with a view to benefiting from the Company’s Services;
“General Terms and Conditions of Sale and Use” or “GTCS/GTCU” means the Company’s general terms and conditions of sale and use;
“Consumer” means the purchasing natural person who is not acting for professional purposes and/or outside their professional activity;
“Professional” means the purchasing legal or natural person who acts in the course of their professional activity;
“Services” means all the services and/or products offered to Customer and Professional Users by the Company through the Sites owned by the Company;
“Company” means SAS TRIANON LUXEMBOURG, further identified in Article I hereof;
“User” means any person who makes use of the Site.
“Account” means the customer’s personal space with the Company’s partner providers.
“Quotation” means a quotation drawn up by the Company for a specific, bespoke service requested by the Customer
“GDPR” means the General Data Protection Regulation applicable as from 25 May 2018.
“Processing of personal data” means any operation or set of operations involving such data, whatever the process used (collection, recording, organisation, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or interconnection, blocking, erasure or destruction, etc.)
III. Protection of Personal Data
In accordance with the so-called “Informatique et Libertés” (Data Protection) Act of 6 January 1978 and the General Data Protection Regulation 2016/679 (GDPR), the information concerning you is intended for the Company, the data controller. You have a right to access, rectify and delete the data concerning you (details in Article 7). You can exercise it by sending an email to reception@hoteltrianonrivegauche.com
By connecting to the company’s website www.hoteltrianonrivegauche.com, you access content protected by law, in particular by the provisions of the Intellectual Property Code. The Company authorises only a strictly personal use of the information or content you access, limited to saving it on your computer for display on a single screen, as well as reproduction, where this is authorised (link or download button), for copying or printing on paper. Any other use is subject to our express prior authorisation. By continuing your visit, you agree to comply with the above restrictions.
The Company requires its Customers, Users, Consumers and Professionals to comply with the laws in force and the ethical rules of use necessary for establishing a relationship of trust between the Company and its Customers, Users, Consumers and Professionals.
The Company requires its Users to comply with a set of obligations through its GTCS/GTCU.
Any breach of these obligations may give rise to the cancellation, without notice, of a reservation made on the Company’s website or directly with the Hotel.
PLEASE NOTE THAT THE COMPANY DOES NOT EXCHANGE OR RENT OUT THE FILES OF ITS CUSTOMERS AND PROSPECTS.
The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data of minors without the prior authorisation of the holder of parental authority, we would take the appropriate measures to delete this personal data from our servers.
1. Data Controller
The controller of the personal data referred to herein is SAS TRIANON LUXEMBOURG, represented by Ms Perrine Burel and Ms Emmanuelle Leonetti, Directors of publication, whose company details are set out in Article 1 on this page.
2. Nature of the Data Collected
Information and rights of users
By this document, the company clearly informs you about the processing of personal data that it carries out in the course of its business, and how the data is collected, used and protected.
Every User, Customer, Consumer and Professional has the right to ask the data controller for:
- Access to the personal data provided;
- The rectification or erasure of that data;
- A restriction of the processing relating to them;
- To object to the processing;
- The portability of the data;
- To lodge a complaint with the CNIL.
Subcontracting
The Company undertakes to ensure that any subcontractor provides sufficient contractual guarantees as to the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the European data protection regulation (see the list of data recipients in Article 6).
Data collected on the site (via our provider D-EDGE)
When a Customer, User, Consumer or Professional makes a reservation request on the site, the following data is collected and processed by our subcontractor D-EDGE: email, first name, surname, country, telephone number, IP address, room type, reservation rate, stay dates, bank card number (16 digits + expiry date) and any additional information that the customer, consumer, professional or user may provide if they consider it appropriate and useful for their reservation.
The data is then transmitted to us by email, with the exception of the bank card number (16 digits + expiry date), which remains in secure storage on the D-EDGE server. This data is only visible with a password and username via the intranet between the Company and D-EDGE.
Data Collected at the Company’s Premises
On a customer’s arrival, the following data is collected and processed: date of arrival at and departure from the establishment, room number, number of breakfasts, if any, order history, complaints, incidents, and information relating to correspondence on our site or directly with the Company (email message sent directly).
Certain data is collected automatically as a result of the user’s actions on the site (see the paragraph on cookies in Article 8).
Data Collected by a Partner Provider
A customer, consumer or professional may book a service from the Company through a partner provider. The data collected in this way (e.g. Booking.com) is subject to the GTCS/GTCU and Privacy Policy of those Partner Providers as well as those of the Company.
The data submitted must not include sensitive personal data, such as government identifiers (e.g. social security numbers, driving licence numbers, or taxpayer identification numbers), full credit card numbers (except where this is requested, in particular in the context of a reservation on the site by completing the field provided in the reservation form) or personal bank account numbers, medical records or information relating to requests for care associated with individuals, this list being non-exhaustive.
Regarding the collection of identity data
Prior identification for the provision of the requested service
The provision of a room requires prior identification of the customer by means of their identity card or any other document enabling their identification. The personal details (surname, first name, postal address) appearing on the identity document are used to perform our legal obligations arising from the provision of the service as set out in the reservation. The customer, consumer or professional must not provide false personal details and must not make a reservation for another person without their authorisation. The contact details provided must always be accurate and up to date.
Collection of terminal data
Collection of profiling data and technical data for the purposes of providing the service.
Some of the technical data of your device is collected automatically by the Site and the server. This information includes, in particular, your IP address, Internet service provider, hardware configuration, software configuration, browser type and language, etc. The collection of this data is necessary for proper browsing on the Company’s website.
Collection of technical data for commercial and statistical purposes
The technical data of your device is automatically collected and recorded by the server and our subcontractors, for advertising, commercial and statistical purposes. This information helps us to personalise and continuously improve your experience on our Site. We do not collect or retain any personal details (surname, first name, address, etc.) that may be attached to a piece of technical data.
3. Purpose of the Processing
The main objective of collecting your personal data is to offer you a safe, optimal, efficient and personalised experience at the establishment. To this end, you agree that we may use your personal data to:
- Provide our services and facilitate their operation, including by carrying out checks concerning you for this purpose;
- Resolve any problems in order to improve the use of our site and our services;
- Personalise, evaluate and improve our services, content and documentation;
- Analyse the volume and history of your use of the Company’s services;
- Inform you about the Company’s services;
- Prevent, detect and investigate any potentially prohibited and illegal activities or activities contrary to good practice, and ensure compliance with the Company’s GTCS/GTCU;
- Comply with our legal and regulatory obligations.
- For customers who have made a reservation directly on the site, by telephone or through the Company’s partner providers, we process their data for the performance of the service contract.
VII. Recipients of the Data
The personal data concerning you collected on the site, at the establishment and at the partner providers is intended to be used by the Company and may be passed on to the subcontracting companies that the Company may call upon in the course of performing its services. The Company ensures compliance with data protection requirements for all its subcontracting companies. The Company does not sell or rent your personal data to third parties for marketing purposes. As a matter of ethics reflecting our values, we do not enter into strategic partnerships intended to share your data by promoting a service or product of a third-party company.
The Company does not disclose your personal data to third parties, except where:
- you make a request for it or authorise the disclosure;
- the disclosure is required in order to process transactions or provide services you have requested (i.e. for the purpose of verifying your good sending practices or in the context of processing a purchase card with credit card issuing companies);
- the Company is compelled to do so by a governmental authority or a regulatory body, in the event of a court order, subpoena or any other similar governmental or judicial requirement, or in order to establish or defend a legal claim;
- the third party acts as an agent or subcontractor of the Company in the performance of the services.
The recipients of the data are currently:
- MIXIT7: Server management
- Perrine Burel & Emmanuelle Leonetti: Publishing of the Site
- D-EDGE: Payment management
- GOOGLE ANALYTICS: Statistics and technical analysis of the site
VIII. Right of Access, Rectification and Erasure
In accordance with the Data Protection Act and the General Data Protection Regulation 2016/679 (GDPR), you have the rights of access, rectification and erasure of the personal data concerning you, which you may exercise by sending an email to reception@hoteltrianonrivegauche.com
Your request will be processed within 30 days. We may ask that your request be accompanied by a photocopy proving your identity or authority.
1. Use of Cookies
Cookie retention period
In accordance with the CNIL’s recommendations, the maximum retention period for cookies is 13 months at most after they are first placed on the User’s terminal, as is the period of validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended on each visit. The User’s consent must therefore be renewed at the end of this period.
Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, based on the processing of information concerning the frequency of access, the personalisation of pages, as well as the operations carried out and the information consulted.
You are informed that the Company may place cookies on your terminal. The cookie records information relating to browsing on the site (the pages you have consulted and may consult) which we will be able to read on your subsequent visits.
The cookie will enable the Company, during the period of validity or storage of the cookie, to identify your computer on your next visits. Partners or providers of the Company, or third-party companies, may also be led, subject to your choices, to place cookies on your computer.
There are two broad categories of cookies:
So-called “Technical” cookies. These cookies are essential for browsing our site, in particular for the proper execution of the ordering process;
So-called “Optional” cookies. These cookies are not essential for browsing our site but may, for example, make it easier for you to carry out your searches, optimise your user experience, and, for us: better target your expectations, improve our offering, or optimise the operation of our site.
The retention period for this information on your computer is one year. Only the issuer of a cookie is able to read or modify the information contained in that cookie.
No cookie enables us to identify your civil status.
The User’s right to refuse cookies
Disabling them may result in a degraded operation of the service.
You acknowledge that you have been informed that the Company may use cookies, and you authorise it to do so.
If you do not wish cookies to be used on your terminal, most browsers allow you to disable cookies through the settings options.
You can object to the storage of cookies by configuring your browser as follows:
For Chrome
- On your computer, open Chrome.
- At the top right, click on Settings (the 3 small dots)
- Click on Advanced Settings and then on Content Settings
- At the top of the page, disable “Allow sites to save and read cookie data”
For Mozilla Firefox:
- Choose the “Tools” menu and then “Options”
- Click on the “Privacy” icon
- Locate the “Cookies” menu and select the options that suit you
For Microsoft Edge:
- Go to Settings
- Under Clear browsing data, select Choose what to clear.
- Tick the boxes next to each type of data you wish to clear, then select Clear.
Please note: If you choose to refuse the storage of cookies on your computer, or if you delete those stored on it, we accept no liability for the consequences relating to the degraded operation of our services resulting from our inability to store or consult the cookies necessary for their operation that you have refused or deleted.
2. Data Retention
General points
The Company collects and retains your personal data for the purposes of performing its contractual obligations, as well as information on how and how often our services are used. Personal data must be retained only for as long as is necessary to accomplish the objective that was pursued when it was collected. The Company only stores your data for as long as is necessary to provide the service and, in this respect, the Company deletes your bank data after the service has been performed. The retention of the data of our customers, professionals, consumers and users varies according to the type of data concerned. For example, your statistical data that is more than 13 months old will be deleted. The other data may be deleted at any time, in accordance with the provisions set out above.
Retention period for personal and sensitive data
Retention of data for the duration of the contractual relationship and beyond.
In accordance with Article 6-5° of Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, sensitive data (Bank Card) undergoing processing is not retained beyond the time necessary for the performance of the obligations defined at the conclusion of the contract or the predefined duration of the contractual relationship.
Personal data (surname, first name, email, postal address) undergoing processing is retained for a period of 3 years in our reservation software.
Deletion of data after deletion of the account
Means of purging data are put in place in order to provide for its effective deletion once the retention or archiving period necessary for the accomplishment of the determined or imposed purposes has been reached. In accordance with Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, you also have a right of erasure over your data, which you can exercise at any time by contacting the Company.
Deletion of data after 3 years of inactivity
For security reasons, if you have not visited our establishment for more than 3 years, your personal data will be deleted.
3. Place of Data Storage and Transfers
The hosting servers on which the Company processes and stores your data on the site are located exclusively within the European Union.
The Company undertakes to inform you immediately, insofar as we are legally authorised to do so, in the event of a request from an administrative or judicial authority concerning your data.
XII. Security
In the context of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Accordingly, and in accordance with the GDPR, the Company undertakes to take all appropriate precautions to preserve the security of the data and, in particular, to protect it against any accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, as well as against any other form of unlawful processing or communication to unauthorised persons.
To this end, the Company implements the digital industry’s standard security measures to protect personal data from unauthorised disclosure. By using the encryption methods recommended by the digital industry, the Company takes the measures necessary to protect information relating to payments, bearing in mind that the Company does not offer payment directly on the site but uses an external service secured by our subcontractor D-EDGE.
Furthermore, in order in particular to prevent any unauthorised access and to guarantee the accuracy and proper use of the data, the Company has put in place electronic and manual procedures with a view to safeguarding and preserving the data collected through its services.
Despite everything, no one can consider themselves completely safe from a hacker attack. This is why, in the event that a security breach were to affect you, the Company undertakes to inform you as soon as possible and to use its best efforts to take all possible measures to neutralise the intrusion and minimise its impact.
In the event that you suffer harm as a result of the exploitation of a security breach by a third party, the Company undertakes to provide you with all the assistance necessary to enable you to assert your rights.
It should be borne in mind that any user, customer or hacker discovering and exploiting a security breach exposes themselves to criminal penalties, and that the Company will take all measures, including by means of filing a complaint and/or bringing legal action, to preserve the data and rights of its users and its own, and to limit the impact as far as possible.
Informing the User in the event of a security breach
We undertake to implement all appropriate technical and organisational measures, through physical and logistical security means, in order to guarantee a level of security appropriate to the risks of accidental, unauthorised or unlawful access, disclosure, alteration, loss or destruction of the personal data concerning you. In the event that we become aware of unlawful access to the personal data concerning you stored on our servers or those of our providers, or of unauthorised access resulting in the materialisation of the risks identified above, we undertake to:
- Notify you of the incident as soon as possible if this meets a legal requirement;
- Examine the causes of the incident;
- Take the necessary measures, within the bounds of what is reasonable, in order to reduce the adverse effects and harm that may result from the said incident.
- Limit liability
In no event may the undertakings set out in the point above relating to notification in the event of a security breach be equated with any acknowledgement of fault or liability as to the occurrence of the incident in question.
XIII. Liability and Warranties
Save in cases of force majeure, the Company guarantees to the User, Consumer, Customer and Professional the proper performance of its service in compliance with these General Terms and Conditions.
Any compensation that may be owed by the Company to the User or to a third party, by reason of the Company’s liability, or that of its subsidiaries or partners, in respect of the performance hereof, may not exceed the price paid by the User, Customer, Professional or Consumer in consideration for the service(s) giving rise to the said liability (e.g. the price of a room).
The Company does not systematically monitor the manner in which its services are used, in particular the use of the equipment available in the room and the common areas, which remains the responsibility of the Customer, Consumer or Professional.
In no event may the Company be held liable towards third parties for any harm resulting from the use of the services on behalf of the User, the Customer, the Consumer or the Professional, in any capacity whatsoever.
The User’s liability
The Customer, Consumer, Professional or User is solely responsible for the manner in which they use the room, the common areas and the equipment available to them in the context of the performance hereof.
The liability of the User, Customer, Consumer or Professional may be engaged as a result of the failure to comply with these General Terms and Conditions of Sale and Use as well as the privacy policy, or with any legal or regulatory provision or provision resulting from an applicable international convention.
The User, Customer, Consumer or Professional indemnifies the Company against any harm, any claim and any recourse by third parties resulting from a breach, by the User, Customer, Consumer or Professional, of these General Terms and Conditions of Sale and Use as well as of the Privacy Policy, of the Company, or of any legal or regulatory provision or provision resulting from an applicable international convention.
XIV. Data Portability
The Company undertakes to offer you the possibility of having all the data concerning you returned to you upon simple request. The User is thus guaranteed better control over their data and retains the possibility of reusing it. This data must be provided in an open and easily reusable format, directly into the hands of another data controller where this is desired and technically possible.
1. Deletion of Data
Deletion of data on request
The User, Customer, Consumer or Professional has the possibility of deleting their Data at any time, by simple request to the Company.
Deletion of a reservation in the event of a breach of the Privacy Policy
In the event of a breach of one or more provisions hereof or of any other document incorporated herein by reference, the Company reserves the right to cancel your reservation with no possibility of a refund if a payment has already been made.
XVI. Transfer of Data to Countries with an Equivalent Level of Protection
The Company undertakes to comply with the applicable regulations relating to data transfers, even though the Company does not currently transfer data to foreign countries for almost all of its processing. Where this is necessary in order to provide our services, it is done in accordance with the following arrangements:
- The Company transfers the personal data of its Users, Customers, Consumers and Professionals to countries recognised as offering an equivalent level of protection and recognised by the CNIL as having a sufficient level of protection.
- The Company transfers the personal data of its Users, Customers, Consumers and Professionals to recipients able to provide sufficient guarantees of GDPR compliance.
- The Company transfers the personal data of its Users, Customers, Consumers and Professionals only with regard to what is strictly necessary for the purpose of the processing concerned, that is to say, the reservation of a room at the Hotel
Currently, the only processing operations concerned by this provision relate to:
The reservation of services offered by the Company to the user who has decided to make a reservation via the subcontractor D-EDGE from the company’s website. Only the following data is transferred: CUSTOMER ID, email address, purchase amount, product designation, email address, telephone, postal address (if indicated), the 16 digits of the bank card and its expiry date.
To find out the list of countries with a sufficient legal level: CNIL – Data protection around the world
XVII. Modification of the Privacy Policy
The Company reserves the right to change this Privacy Policy at any time, in particular pursuant to changes made to the laws and regulations in force. The changes made will be notified to you via our website and/or by email, as far as possible at least thirty (30) days before they come into force. We recommend that you check these rules from time to time in order to stay informed of our procedures and rules concerning your personal information.
In the event of a modification hereof, the Company undertakes not to lower the level of privacy substantially without the prior information of the persons concerned.
XVIII. Applicable Law and Language
This Privacy Policy is governed by French law. This reference document is drafted in French. In the event that it is translated into one or more languages, only the French text shall prevail in the event of a dispute. The nullity of one clause does not entail the nullity of the Privacy Policy. The temporary or permanent non-application of one or more clauses hereof by the Company shall not constitute a waiver on its part of the other clauses hereof, which continue to produce their effects.
XIX. Disputes and Attribution of Jurisdiction
Any dispute to which the privacy policy may give rise, in particular concerning its validity, its interpretation and its performance, their consequences and their aftermath, shall be submitted to the courts having jurisdiction within the district of the city of Paris.
1. Contact
Any question concerning the Company’s Privacy Policy may be sent by email to reception@hoteltrianonrivegauche.com or by sending a letter to the following address:
SAS TRIANON LUXEMBOURG, 3 rue de Vaugirard, 75006 Paris.
Telephone: +33 (0)1 43 29 88 10
Email address: reception@hoteltrianonrivegauche.com

