At apalachicolastay.com, we take the protection of your privacy very seriously. This privacy policy explains how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertes).
The data controller for your personal data is the operator of the website apalachicolastay.com. We are committed to protecting the confidentiality of all personal information you provide to us.
Refers to all pages and online services offered on apalachicolastay.com
Any individual who browses and uses the Website and its services
Any information relating to an identified or identifiable individual
The operator of the website apalachicolastay.com who determines the purposes and means of processing personal data
When you use the Website, we may collect the following categories of data about you:
Last name, first name, postal address, email address, phone number, date of birth (if required for the service)
IP address, browser type, pages viewed, date and time of connection, visit duration, approximate location data, event logs
Stay dates, number of guests, specific preferences, special requests, booking history
Billing information (no complete banking data is stored on our servers; payments are secured by our certified service providers)
Content of messages sent through our contact forms, email exchanges, comments and reviews
We collect your personal data through the following means:
When you fill out our contact forms, booking forms, or when you contact us by email or phone
During your browsing on the Website through cookies and similar technologies (see our cookie policy)
In some cases, we may receive information about you from our partners (booking platforms, social networks if you have authorized sharing)
We use your personal data for the following purposes:
Process, confirm, and manage your booking requests and stays
Send you confirmations, information related to your booking, and respond to your inquiries
Manage our business relationship, handle your complaints
Analyze Website usage to improve our services and personalize your experience
With your consent, send you promotional offers and newsletters (you can unsubscribe at any time)
Detect and prevent fraud, ensure the security of the Website
Comply with our legal and regulatory obligations (accounting, taxation, etc.)
Conduct anonymized statistical analyses on Website traffic and usage
In accordance with the General Data Protection Regulation (GDPR), the processing of your personal data is based on the following legal grounds:
| Processing purpose | Legal basis (GDPR) |
|---|---|
| Booking management and contract performance | Performance of a contract (Article 6.1.b) |
| Sending newsletters and marketing communications | Consent (Article 6.1.a) |
| Website improvement and personalization | Legitimate interest (Article 6.1.f) |
| Security and fraud prevention | Legitimate interest (Article 6.1.f) |
| Compliance with accounting and tax obligations | Legal obligation (Article 6.1.c) |
| Responding to information requests | Consent or legitimate interest (Articles 6.1.a or 6.1.f) |
We never sell your personal data to third parties. Your data may be shared with the following categories of recipients:
Members of our team who need access to your data to carry out their duties
Web hosting, email services, analytics tools, secure payment services (acting as data processors)
Only if necessary for the provision of services and with your prior consent
In case of legal or regulatory obligation, or by decision of a judicial authority
All our service providers are subject to strict contractual obligations requiring them to ensure the security and confidentiality of your personal data in accordance with the GDPR.
Your personal data is primarily stored and processed within the European Union. In certain limited cases, your data may be transferred to countries outside the European Union.
When such transfers are necessary, we ensure they are governed by:
You may obtain a copy of the safeguards in place or information on where these safeguards are made available by contacting us.
In accordance with Article 6-5 of the French Data Protection Act (Law No. 78-17 of January 6, 1978), we retain your personal data only for as long as necessary for the purposes for which it was collected:
| Type of data | Retention period | Legal basis |
|---|---|---|
| Booking data | 3 years from the end of the stay | Legal obligations and dispute management |
| Accounting data and invoices | 10 years | Legal obligations (Commercial Code) |
| Commercial prospecting data | 3 years from the last contact | French Data Protection Authority (CNIL) recommendations |
| Cookies and trackers | 13 months maximum | French Data Protection Authority (CNIL) recommendations |
| Connection data (logs) | 12 months | Legal obligations (security) |
| Inactive accounts | 3 years without activity then deletion | French Data Protection Authority (CNIL) recommendations |
Extended inactivity: If you have not logged in or interacted with our services for a period of three years, we will send you an email inviting you to respond. In the absence of a response within a reasonable timeframe, your data will be removed from our active databases.
In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertes), you have the following rights regarding your personal data:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where it is, access to that data as well as a copy thereof
You may request the rectification of your personal data if it is inaccurate or incomplete
Also known as the "right to be forgotten", you may request the deletion of your personal data under certain conditions
You may request the restriction of the processing of your data in certain situations
You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller
You may object at any time to the processing of your data on grounds relating to your particular situation, especially for processing for direct marketing purposes
When processing is based on your consent, you may withdraw it at any time
Right not to be subject to a decision based solely on automated processing which produces legal effects concerning you
To exercise any of these rights, you may contact us:
Free of charge: The exercise of your rights is in principle free of charge. However, in the case of manifestly unfounded or excessive requests, particularly due to their repetitive nature, we may charge a reasonable fee or refuse to act on the request.
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
Commission Nationale de l'Informatique et des Libertes (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
Phone: +33 1 53 73 22 22
Website: www.cnil.fr
You may file a complaint online on the CNIL website or by postal mail.
However, we encourage you to contact us first so that we can attempt to address your concerns before you file a complaint with the supervisory authority.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, in order to protect your personal data against:
These measures include, but are not limited to:
HTTPS/SSL protocol to secure data exchanges
Secured servers with regular backups
Access limited to authorized personnel only
Regular security checks and updates
In accordance with Articles 33 and 34 of the GDPR, we are committed to implementing all appropriate measures to ensure the security of your data.
Limitation of liability: These commitments do not constitute in any way an acknowledgment of fault or liability regarding the occurrence of any potential incident.
In accordance with Article 22 of the GDPR, we inform you about the existence or absence of automated decision-making, including profiling.
Should we implement such processing in the future, we will inform you in advance and obtain your consent if necessary, in accordance with applicable regulations.
Our website uses cookies and similar technologies to improve your browsing experience, analyze Website usage, and offer personalized content.
For more detailed information about our use of cookies, the types of cookies used, and how to manage them, please see our Cookie Policy.
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from minors under the age of 16.
In the event that we take part in a merger, acquisition, or any other form of asset transfer, we commit to:
If applicable, you will be informed by email and/or through a visible notification on our Website, and you will have the opportunity to exercise your rights before the operation is finalized.
We may create aggregated and anonymized data from the information we collect. This aggregated data does not allow you to be personally identified.
This aggregated and anonymized data is not considered personal data under the GDPR as it does not allow your identification.
We reserve the right to modify this privacy policy at any time to reflect changes in our data processing practices, legal developments, or improvements to our services.
Continued use of our Website after the publication of changes constitutes your acceptance of those changes. If you do not accept the changes made, we invite you to stop using our Website and to contact us to delete your account and your data.
For any questions regarding this privacy policy, to exercise your rights, or for any request relating to the processing of your personal data, you may contact us:
apalachicolastay.com
Through the contact form available on our website
By postal mail to the address indicated in our legal notice
We are committed to responding to your requests as soon as possible and in any case within a maximum of one month from the receipt of your request. This period may be extended by an additional two months depending on the complexity and the number of requests. We will inform you of any such extension.
Contact usThis privacy policy is governed by French law. It complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation - GDPR) and the French Data Protection Act (Law No. 78-17 of January 6, 1978), as amended.