Privacy Policy
Last updated: June 2, 2026
Preamble
SAS Hôtel Eiffel Segur is committed to protecting the privacy of individuals who use its website. This policy describes the personal data collected, the purposes of its processing, its retention period, and your rights.
It is drafted in compliance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and amended Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms.
1. Data Controller
SAS Hôtel Eiffel Segur
34, Boulevard Garibaldi, 75015 Paris, France
SIRET: 442 421 269 00022
Email: reservation@paris-hotel-eiffel-segur.com
Phone: +33 1 43 06 60 50
2. Data collected and collection points
Via the contact form
When you fill out the contact form, the following data is collected:
- First and last name
- Email address
- Phone number
- Content of your message
Via the booking engine
Bookings are processed by a third-party provider [TO BE COMPLETED — booking engine name]. In this context, the following data may be collected:
- First and last name
- Email address
- Phone number
- Stay dates and details
- Payment data, processed directly and securely by the payment provider
Through website browsing
Certain technical data may be automatically recorded during your visit:
- IP address
- Browser type and operating system
- Pages viewed and browsing duration
- Cookie data (see dedicated section)
3. Purposes and Legal Bases of Processing
Processing Contact Requests
Purpose: to answer your questions and requests submitted via the contact form.
Legal basis: the Hotel's legitimate interest in processing incoming requests (Article 6.1.f of the GDPR).
Reservation Management and Execution
Purpose: to confirm, manage, and execute your reservation, and to provide you with practical information related to your stay.
Legal basis: performance of a contract to which you are a party (Article 6.1.b of the GDPR).
Legal and Accounting Obligations
Purpose: to retain billing and reservation data in accordance with legal obligations applicable to tourist accommodation.
Legal basis: compliance with a legal obligation (Article 6.1.c of the GDPR).
Audience Analysis and Site Improvement
Purpose: to measure website traffic and improve user experience.
Legal basis: [TO BE COMPLETED depending on the tool used — consent if Google Analytics or a tool depositing third-party cookies; legitimate interest if a cookie-free tool like Plausible Analytics].
Marketing Communications
Purpose: to send you offers or information about the hotel's services, if you have expressly consented.
Legal basis: consent (Article 6.1.a of the GDPR).
4. Data Recipients
Your data is processed internally by the Hotel Eiffel Segur team. It may be transferred to the following service providers, strictly within the scope of the purposes described above.
Website host: Webflow, Inc., San Francisco, United States — privacy policy available at https://webflow.com/legal/privacy
Booking engine: [TO BE COMPLETED — provider name] — privacy policy available at [TO BE COMPLETED — URL]
Secure payment provider: [TO BE COMPLETED — e.g. Stripe, Payplug] — privacy policy available at [TO BE COMPLETED — URL]
Audience analytics tool: [TO BE COMPLETED or deleted if no tool is used]
Each service provider acts as a data processor, under the Hotel's instructions, and provides sufficient guarantees within the meaning of Article 28 of the GDPR.
5. Data Transfers Outside the European Union
The website host, Webflow, Inc., is established in the United States. This transfer is governed by the standard contractual clauses approved by the European Commission, in accordance with Article 46 of the GDPR.
[TO BE COMPLETED if other service providers are established outside the European Union]
6. Data Retention Period
- Data from the contact form: 3 years from the last interaction.
- Booking and stay data: 5 years from the departure date.
- Billing data: 10 years from the close of the relevant accounting year, in accordance with Article L123-22 of the French Commercial Code.
- Browsing data and cookies: according to the specific duration of each cookie, as detailed in the section below.
7. Your Rights
In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:
- Right of access: obtain confirmation that your data is being processed and receive a copy of it.
- Right to rectification: request the correction of inaccurate or incomplete data.
- Right to erasure: request the deletion of your data, subject to legal retention obligations.
- Right to restriction of processing: request the temporary suspension of processing in cases provided for by regulations.
- Right to object: object to processing based on legitimate interest or for direct marketing purposes, without having to provide justification.
- Right to data portability: receive the data you have provided to us in a structured, machine-readable format.
- Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please send your request by email to reservation@paris-hotel-eiffel-segur.com, specifying the subject of your request. We commit to responding within one month. This period may be extended by two months for complex requests, with prior notification from us.
If you believe your rights are not being respected, you have the option to file a complaint with the National Commission for Information Technology and Liberties (CNIL):
CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr
8. Data Security
Hôtel Eiffel Segur implements appropriate technical and organizational measures to ensure the confidentiality and integrity of your personal data, particularly against unauthorized access, loss, alteration, or accidental disclosure.
9. Cookies and trackers
What is a cookie?
A cookie is a small text file placed on your device when you visit a website. It allows certain information about your browsing to be remembered.
Cookies used on this website
Strictly necessary cookies: These cookies are essential for the proper technical functioning of the site. They do not require your prior consent. They include, in particular, session cookies placed by Webflow.
Analytical cookies: [TO BE COMPLETED — specify the tool used and the corresponding cookies, or state "No analytical cookies are used on this site" if applicable]
Marketing cookies: [TO BE COMPLETED or state "No marketing cookies are used on this site"]
Managing your preferences
[TO BE COMPLETED according to the chosen consent management tool — e.g.: "Upon your first visit, a banner allows you to accept or refuse non-essential cookies. You can change your preferences at any time via the link available at the bottom of the page."]
You can also configure your browser to refuse or be notified about the placement of cookies. The procedure varies depending on the browser:
- Google Chrome: Settings > Privacy and security > Cookies
- Mozilla Firefox: Options > Privacy & Security
- Safari: Preferences > Privacy
- Microsoft Edge: Settings > Cookies and site permissions
10. Data Protection Officer
No Data Protection Officer (DPO) has been appointed to date. For any questions regarding your personal data, please contact us directly at the address provided in section 7.
[TO BE COMPLETED or removed depending on the establishment's actual situation]
11. Changes to this Policy
This privacy policy may be updated at any time to reflect legal developments or changes in our data processing practices. The last updated date at the top of the page serves as proof. We encourage you to check this page regularly.
