The European regulation No. 2016/679 of 27 April 2016, or General Data Protection Regulation (GDPR), will come into force on 25 May 2018. Basically, this new law replaces the Data Protection Act. This is a European wide law and as such affects how we use and store information we receive from guests and enquirers. It covers all data, whether electronic or paper-based.
What information we collect from you.
When you make a booking with us we collect the names of all the guests who will be staying, the home address, email address and telephone number of the person making the booking.
How we use the information you give us.
We use your email to communicate with you, to send you booking confirmation and answer any queries you email us, and to thank you after your visit and ask you for a review. We will also add details of how you can keep in touch with us on social media, should you wish to do this.
We will not use your telephone number unless we need to contact you urgently or if we cannot reach you by email.
We don’t do a newsletter or Mailchimp. We use Instagram and Facebook to market our gite and our own website. We never pass your details to any third party.
Access to your Information
You have the right to request a copy of the information we hold about you. If you would like a copy of this please email us at firstname.lastname@example.org
Right to be Forgotten
All customers have the right to ask us to remove their details from our records. However, this does not override the legislative requirements (eg the Fiche Identite Individuelle form – see below).
Legally, we ask guests to complete the French Fiche Identite Individuellepolice aliens form, which we have to legally keep for 6 months from the date of arrival. Only the local police can ask for the details on this form. This form and the information contained on it are then destroyed by us.
We are also required by law to keep financial records for 7 years, so guests cannot ask to be erased from these financial records.
If you book to stay direct with us and complete a booking form, then be assured that your details are kept secure on our system via password-controlled entry and are not used for any other purpose or shared with any other person or business. We need your email address to send through booking forms, answer any queries you have regarding the property or to send you terms & conditions, booking confirmation etc. We will send you a follow-up email after your stay to thank you for staying, asking you to leave a review or feedback and details of how to stay in contact with us. We don’t need explicit consent for this. We will NOT add you to a marketing mailing list.
If you book via one of our booking partners, they have also to comply with GDPR regulations and have their own safeguards and policies.
Similarly, if you choose to follow us on social media (eg Facebook or Instagram), we don’t need consent as you have already accepted the terms & conditions on that platform. Again, we will not ask you for your email address in order to send you newsletters etc.
Notification of Data Breaches
The GDPR will require us to notify the Information Commissioner’s’ Office within 72 hours of first having become aware of the breach where that breach is likely to “result in a risk for the rights and freedoms of individuals”. For any breach, we are required to notify the customers “without undue delay” after first becoming aware of a data breach.