PRIVACY POLICY

We consider you an important client. Our first priority is to offer you exceptional stays and experiences.

Your complete satisfaction and confidence in Auberge Tom B&B is absolutely essential to us.

That's why, as part of our commitment to meeting your expectations, we have set up a customer personal data protection charter. This charter formalizes our commitments to you and describes how we use your personal data.

In accordance with applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following nine principles:

1. Lawfulness: We use personal data only if:
   • we obtain the consent of the person, OR
   • it is necessary to do so for the performance of a contract to which the person is a party, OR
   • it is necessary for compliance with a legal obligation, OR
   • it is necessary in order to protect the vital interests of the person, OR
   • we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights.
2. Fairness: We can explain why we need the personal data we collect.
3. Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
4. Transparency: We inform people about the way we use their personal data.
5. We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data.
6. Storage limitation: We retain personal data for a limited period.
7. We ensure the security of personal data, i.e. its integrity and confidentiality.
8. We never share personal data with anyone.
9. If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.

At various times, we may collect information about you and/or the persons accompanying you, including the following:

• Contact details (for example, last name, first name, telephone number, email)
• Personal information (for example, address, nationality)
• Your credit card number (for transaction and reservation purposes)
• Information contained on a form of identification (such as ID card, passport or driver licence)
• Your arrival and departure dates
• Your preferences and interests (for example, sports and/or cultural interests, food and beverages preferences, dietary allergies and/or requirements, other allergies, etc.)
• Your questions/comments, during or following a stay in one our establishment
• Technical and location data you generate as a result of using our website and applications.

In order to meet your requirements or provide you with a specific service (such as dietary requirements), we may have to collect sensitive information concerning your health. In this case, we will only process this data if you provide your express prior consent.

Personal data may be collected on a variety of occasions, including:

1. B&B activities:
   • Booking a room
   • Checking-in and paying
   • Stays and services provided during a stay
   • Eating during a stay
   • Requests, complaints and/or disputes.
2. Participation in marketing programs or events:
   • Signing up for our loyalty program
   • Participation in customer surveys (for example, the Guest Satisfaction Survey)
   • Subscription to our monthly newsletter, in order to receive offers and promotions via email.
3. Transmission of information from third parties:
   • Tour operators, travel agencies (online or not), GDS reservation systems and others
4. Internet activities:
   • Connection to our website (IP address, cookies and tracers)
   • Online forms (online reservation, questionnaires, pages on social networks, social networks login devices such as Facebook login, conversations with chatbot, etc.).

Purpose/Activity

Meeting our obligations to our customers.

Managing the reservation of rooms and accommodation requests, in particular the creation and storage of legal documents in compliance with accounting standards.

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interest in running our business and providing you with requested products and services.

Retention period

10 years from the booking in accordance with legal obligations.

Purpose/Activity

Managing your stay at the hotel:

• Managing access to rooms
• Managing various services offered at the B&B

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you.

Necessary for our legitimate interest in running our business and providing you with requested products and services.

Retention period

For the duration of your stay.

Purpose/Activity

Managing our relationship with customers before, during and after your stay:

• Managing the loyalty program
• Inputting details into the customer database
• Segmentation analysis based on reservation history
• Predicting and anticipating future customer behaviors
• Developing statistics, commercial scores and carrying out reporting of the same
• Providing context data for our marketing tools. This happens when a customer visits our website or makes a reservation
• Understanding and managing the preferences of new or repeat customers
• Sending customers newsletters, promotions, or contacting you by telephone

Lawful basis for processing including basis of legitimate interest

Performance of our contract with you and for the management of your membership in the loyalty program.

Necessary for our legitimate interests in promoting our services, performing direct marketing activities and improving our services.

Retention period

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty program.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty program.

Purpose/Activity

Improving our B&B service by:

• Personalizing your check-in, improving the quality of service and customer experience
• Processing your personal data through our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
• Adapting our products and services to better meet your requirements
• Customizing the commercial offers and promotional messages we send you
• Informing you of special offers and any new services.

Lawful basis for processing including basis of legitimate interest

Performance of contract with you in relation to the management of your membership in the loyalty program.

Necessary for our legitimate interests in promoting our services, performing direct marketing activities and improving our services.

Retention period

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty program.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty program.

Purpose/Activity

Securing our property and persons and preventing non-payments.

For these reasons, we include in the category of "ineffective" customers, any customer whose behavior has been inappropriate in the following ways: aggression and rudeness, non-compliance with the hotel contract, failure to observe safety rules, theft, damage and vandalism, or payment issues. The status of “ineffective” may lead us to refuse a customer's reservation when he/she wishes to book again with us.

Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests in running our business, securing our property and persons and preventing non-payments.

Retention period

3 years from registration.

Purpose/Activity

Conforming to any applicable legislation (for example, storing of accounting documents), including:

• Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys
• Managing data subject’s requests regarding their personal data.

Lawful basis for processing including basis of legitimate interest

Necessary to comply with a legal obligation.

Retention period

As stipulated in the respective country’s legislation.

Our website is hosted by Logify which takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, Lodgify has taken technical and organizational measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

In relation to the submission of credit card data when making an online reservation, a third party (either Stripe or Paypal) processes the transaction and uses SSL (Secure Socket Layer) encryption technology to guarantee a secure transaction. Their organizational measures ensure the security of the processing.

When reservations are done by telephone and credit card information are given to us orally, our organizational measures ensure the security of the processing. Only one person has access to this information, the owner of the B&B.

We use tracers on our website in our legitimate interests in promoting our services and performing direct marketing activities.

You have the right to obtain information about and access your personal data collected by us, subject to applicable legal provisions. Also you have the right to have your personal data rectified, erased or have the processing of it restricted. Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). You can also object to the processing of your personal data.

In the event that you wish to exercise any of your above rights, please contact us directly by sending an email to info@aubergetom.com or by writing to the address below:

Auberge Tom B&B

Barbara Séguin, owner

1090, route 105

Chelsea, Quebec

J9B 1P3 - CANADA

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.

All requests will receive a response as swiftly as possible.

We may modify this charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at our B&B.

For any questions concerning our personal data protection policy, please contact us (see clause Your rights).