Data Privacy

CUSTOMER PERSONAL DATA PROTECTION CHARTER ALL RESTAURANTS & BARS WEBSITE


1. THE ACCOR GROUP'S COMMITMENT TO PROTECTING PRIVACY

We consider you an important customer. Our first priority is to offer you exceptional stays and experiences throughout the world.

Your complete satisfaction and confidence in Accor is absolutely essential to us.

That's why, as part of our commitment to meeting your expectations, we have set up a customer personal data protection charter. This charter formalizes our commitments to you and describes how the Accor Group uses your personal data when you are using the ALL Restaurants & Bars website, accessible at the address restaurantsandbars.accor.com hereafter referred to as the "Website".

 

2. SCOPE OF APPLICATION

In this charter, “Accor Group” means:

  • Accor SA, the Accor Group parent company, with registered offices at 82 rue Henri Farman, 92130 Issy-les-Moulineaux, France;
  • Subsidiary or “family” companies of Accor SA involved in the businesses of the Accor Group
  • When booking a table in one of the restaurants your personal data will be dealt with by Accor SA and the restaurant in question, both acting as Data Controllers for their own, separate, purposes. 

    In summary:

    ·      Accor SA will process your data because it manages the table reservation tool in the restaurants, which allows Accor SA to collect the data necessary to organise your visit to the restaurants and to communicate this data to the concerned restaurants.

    ·      Each restaurant will process your data to manage its contractual relationship with you (invoicing, payment, etc.) and to prepare your visit.

     

    3. ACCOR' TEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

    In accordance with applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following ten principles throughout the Accor Group:

  • Lawfulness: We use personal data only if:
    • we obtain the consent of the person, OR
    • it is necessary to do so for the performance of a contract to which the person is a party, OR
    • it is necessary for compliance with a legal obligation, OR
    • it is necessary in order to protect the vital interests of the person, OR
    • we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
  • Fairness: We can explain why we need the personal data we collect.
  • Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
  • Transparency: We inform people about the way we use their personal data
  • We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data
  • Storage limitation: We retain personal data for a limited period
  • We ensure the security of personal data, i.e. its integrity and confidentiality.
  • If a third party uses personal data, we make sure it has the capacity to protect that personal data.
  • If personal data is transferred outside Europe, we ensure this transfer is covered by specific legal tools.
  • If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.
  • For any questions concerning the ten principles of Accor data protection policies, please contact the Data Privacy department whose details appear in the clause "Your rights".


    4. WHAT PERSONAL DATA IS COLLECTED?

    To enable us to offer you this restaurant booking service, we need to collect the following information about you:

    ·      your contact details, i.e. your surname, first name, phone number, email and postal code. Except for the postal code, the provision of such information is mandatory in order for us to take your booking into account. Your booking will not be successful if any of these details are missing

    ·      your booking dates and times

    ·      your preferences or particular requests that you may formulate during the course of your reservation

    ·      technical and location information to display restaurants in your area.

    In order to satisfy your requests or to provide you with the appropriate service, we provide you with a free comment field during your booking process. This allows you to address your preferences or any other information you deem useful in relation to your reservation. In this respect, we invite you not to enter inappropriate, excessive, or insulting comments and not to enter any information that may include sensitive data within the meaning of Article 10 of GDPR. These sensitive data are in particular those:

    ·      revealing racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership,

    ·      concerning the health, life or sexual orientation of a natural person.


    5. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

    The table below sets out why we process your data, the lawful basis for the processing and the associated retention period:

    1 - Purpose/Activity: Manage your table bookings with restaurants:

    -       Allowing you to book a table

    -       Ensuring the transmission of your requests to the restaurants

    -       Allowing you to modify or cancel your booking

    -       Sending you booking confirmation emails

    -       Sending you text messages or emails, if necessary, to inform you of any changes to the status of your booking.

    -       Sending you booking confirmation emails

    -       Sending you text messages or emails, if necessary, to inform you of any changes to the status of your booking.

    1a- Lawful basis for processing including: Performance of a contract with you

    1b- Retention period: 3 years from the last date on which you have interacted with us in any way

    2 - Purpose/Activity: Improving Accor SA services, in particular :

    -       Carrying out surveys and analyses of questionnaires and customer comments

    -       Managing claims/complaints

    2a- Lawful basis for processing including: Necessary for our legitimate interests in improving our services

    2b- Retention period:

    -       3 years from the last date on which you have interacted with us in any way

    -       6 years from the date of closure of your file in case of a claim or a complaint

    3 - Purpose/Activity: Conforming to any applicable legislation (for example, storing of accounting documents), including:

    -       Managing data subject’s requests regarding their personal data

    3a- Lawful basis for processing including: Necessary to comply with a legal obligation

    3b- Retention period: As stipulated in the respective country’s legislation

     

    6. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

    The Accor Group operates in many countries and we endeavour to provide you with the same services throughout the world. Thus, we have to share your personal data with internal and external recipients subject to the following conditions:

     

  • In order to offer you the best experience for your booking, we share your data with a number of authorised people and departments in the Accor Group.
  • With service providers and partners: your personal data may be transferred to a third party in order to provide you with services and improve your experience, in particular to our external service providers: IT subcontractors, such as the web hosting company, the table management tool.
  • With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.
  •  

    7. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

    For the purposes set out in clause 5 of this charter, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection.

    Consequently, in addition to implementation of this charter, Accor employs appropriate measures to ensure secure transfer of your personal data to an Accor entity or to an external recipient located in a country offering a different level of privacy from that in the country where the personal data was collected.

    Depending on your booking, your data may be transferred to restaurants outside the European Union, as this is necessary for the execution of such booking.

    Your data may also be transferred, as part of the booking process, to our table booking platform provider located in the United Kingdom. This country has been the subject of an adequacy decision by the European Commission and as such offers a level of personal data protection equivalent to that guaranteed under European Union law. 


    8. DATA SECURITY

    Accor SA takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure.

    9. COOKIES

    Accor SA uses cookies and other tracking technologies on its websites. To find out more about how Accor uses these trackers and how to configure them, please consult our policy on trackers using the “Cookies” link at the bottom of our web pages.

    10. YOUR RIGHTS

    You have the right to obtain information about and access your personal data collected by Accor SA, subject to applicable legal provisions. Also you have the right to have your personal data rectified, erased or have the processing of it restricted.

    Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). 

    In the event that you wish to exercise any of your above rights, please contact the Data Privacy department for the Accor Group directly by sending an email to Data.privacy.restaurants@accor.com.

    For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.

    All requests will receive a response as swiftly as possible.

    You may also exercise your rights in respect of your personal data that is stored and processed by a restaurant as a data controller. To do this, you must contact the restaurant directly. You will find all necessary information to contact a restaurant onrestaurantsandbars.accor.com. If you need any assistance, please contact Accor Data Privacy Department by writing to Data.privacy.restaurants@accor.com or to the above postal address.

    You also have the right to lodge a complaint with a data protection authority. For your information, you can contact Accor data protection officer by writing to accorhotels.dpo(at)accor.com

    11. UPDATES

    We may modify this charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a table reservation at one of the restaurants.

     

    12. QUESTIONS AND CONTACTS

    For any questions concerning The Accor Group's personal data protection policy, please contact the Data Privacy department (See clause "Your rights").

    (*) Average meal price calculated on the basis of starter and main course or main course and dessert, excluding drinks, menu and promotional offers. The average price is an estimate only, calculated according to the prices provided by the restaurant. Depending on the country, the average price may or may not include all taxes.