Instagram Facebook
10% OFF on all rates on our website
Hotel Aria Nice

Privacy Policy

PREAMBLE

Hotel Aria undertakes to ensure that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulation (GDPR) and Law No. 78-17 of 6 January 1978 relating to data processing, files and liberties.

The collection of personal data of its customers is limited to what is strictly necessary, in accordance with the principle of data minimisation, and indicates the purposes for which this data is collected, whether providing this data is optional or mandatory for managing requests and who will be able to access it.

I. About us

The company Hôtel Aria is a simplified joint-stock company (SAS) with its registered office at 15 Avenue Auber 06000 NICE and registered in Nice under SIRET number 956 804 009 00010. APE Code 5510 Z

The company offers the following services:

  • Hotel accommodation (3 stars) and catering services

II. Definitions

‘Site’ refers to the Company’s site, namely, hotel-aria.fr
‘Cookies’: A cookie is a piece of information placed on an internet user’s hard drive by the server of the site they are visiting. It contains several items of data: the name of the server that placed it there, an identifier in the form of a unique number or text, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and save information.

‘Personal data’ means any information relating to an identified natural person or a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person. This is, for example, the User’s email address.

‘Customer’ means any natural or legal person who makes a reservation on the Site, with our partner service providers (e.g. Booking.com) or directly with the receptionist at the establishment whose address is indicated in Article I;

‘Booking’ means any booking made by the User, Client, Professional or Consumer with a view to benefiting from the Company’s Services;

‘General Terms and Conditions of Sale and Use’ or ‘GTC/GTU’ means the Company’s general terms and conditions of sale and use;

‘Consumer’ refers to the buyer who is a natural person not acting for professional purposes and/or outside of their professional activity;

‘Professional’ refers to the buyer who is a legal or natural person acting within the scope of their professional activity;

‘Services’ refers to all the services and/or products offered to Client and Professional Users by the Company through the Websites owned by the Company;

‘Company’ refers to the company SAS HOTELERIE MERIDIONALE, as further defined in Article I hereof;

‘User’ means any person who makes use of the Site.

‘Account’ means the customer’s personal space with the Company’s partner service providers.

‘Quotation’ means a quotation made by the Company for a specific and customised service requested by the Customer.

‘GDPR’ refers to the General Data Protection Regulation applicable from 25 May 2018.

‘Processing of personal data’ refers to any operation or set of operations involving such data, regardless of the process used (collection, recording, organisation, storage, adaptation or alteration, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, blocking, erasure or destruction, etc.)

III. Protection of Personal Data

In accordance with the French Data Protection Act of 6 January 1978 and the General Data Protection Regulation 2016/679 (GDPR), the information about you is intended for the Company, which is responsible for processing. You have the right to access, rectify and delete data concerning you (details in Article 7). You can exercise this right by sending an email to contact@hotel-aria.fr

By connecting to the company’s hotel-aria.fr website, you access content protected by law, including by the provisions of the Intellectual Property Code. The Company only authorises strictly personal use of the information or content that you access, limited to saving on your computer for the purpose of displaying it on a single screen and reproduction, when authorised (link or download button) for copy or print on paper. Any other use is subject to our express prior authorisation. By continuing your visit, you agree to abide by the above restrictions.

The Company urges its Customers, Users, Consumers and Professionals to respect the laws in force and the ethical rules of use necessary for the establishment of a relationship of trust between the Company and its Customers, Users, Consumers and Professionals.

The Company urges its Users to respect a set of obligations through its GCS/GCU.

Any breach of these obligations may result in the cancellation without notice of a reservation made on the Company’s website or directly with the Saint-Patrick hotel.

PLEASE NOTE THAT THE COMPANY DOES NOT EXCHANGE OR RENT THE FILES OF ITS CUSTOMERS AND PROSPECTS.

The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior authorisation of the holder of parental authority, we will take the appropriate measures to delete this personal data from our servers.

IV. Data Controller

The data controller for the personal data referred to herein is Sandra Delon, director of the Aria Nice hotel, whose company information is stipulated in Article 1 on this page.

V. Nature of the Data Collected

User information and rights
The company hereby clearly informs you about the processing of personal data that it carries out as part of its activity, and how the data is collected, used and protected.

Any User, Customer, Consumer or Professional has the right to request the following from the data controller, i.e. Sandra Delon Access to the personal data provided;

  • The rectification or erasure of the data;
  • A limitation of the processing relating to his person;
  • To object to the processing;
  • To the portability of the data;
  • To lodge a complaint with the CNIL.

 

Subcontracting
The Company undertakes to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the European data protection regulation (see the list of data recipients in Article 6).

Data collected on the site (contact form)
When a Client, User, Consumer or Professional makes a reservation request on the site via our contact form, the following data is collected and processed by the Company: email, first name, surname, telephone, country, arrival date, departure date, number of adults, number of children, additional information that the Client, Professional, User, Consumer, deems necessary for their booking request.

Data collected on the site (via our service provider D-Edge)
When a Client, User, Consumer or Professional makes a reservation request on the site, the following data is collected and processed by our subcontractor D-Edge: email, first name, surname, country, telephone number, IP address, room type, booking rate, date of stay, credit card number (16 digits + expiry date) and any additional information that the client, consumer, professional or user may provide if they consider it relevant to their booking.

The data is then sent to us by email, with the exception of the credit card number (16 digits + expiry date), which remains under secure access on the D-Edge and Medialog server (our PMS). This data is only visible with a password and username via the intranet between the Company and D-Edge and Medialog.

Data Collected at the Company’s Establishment
When a customer arrives, the following data is collected and processed: date of arrival and departure from the establishment, room number, number of breakfasts, order history, complaints, incidents, information relating to correspondence on our site or directly with the Company (email message sent directly).

Some data is collected automatically as a result of the user’s actions on the site (see the paragraph on cookies in Article 8).

Data collected by a partner service provider
A customer, consumer or professional can book a service from the Company through a partner service provider. The data collected in this way (e.g. Booking.com) is subject to the GTC/GCU and Privacy Policy of these Partner Service Providers and those of the Company.

The data submitted must not include sensitive personal data, such as government identifiers (such as social security numbers, driver’s licence numbers, or taxpayer identification numbers), full credit card numbers (unless specifically requested as part of a reservation on the site by filling in the appropriate field on the reservation form) or personal bank account, medical records or information relating to requests for care associated with individuals, without this list being exhaustive.

Regarding the collection of identity data

Prior identification for the provision of the desired service
The provision of a room requires prior identification of the customer by means of his identity card or any other document allowing his identification. The personal data (surname, first name, postal address) appearing on the identity document are used to fulfil our legal obligations resulting from the provision of the service as stipulated in the reservation. The customer, whether consumer or professional, must not provide false personal information or make a reservation for another person without their authorisation. The contact details provided must always be accurate and up to date.

Collection of terminal data
Collection of profiling and technical data for the purpose of providing the service.

Some of the technical data of your device is collected automatically by the Site and the server. This information includes your IP address, Internet service provider, hardware configuration, software configuration, browser type and language, etc. The collection of this data is necessary for proper navigation on the Company’s website.

The Company also offers a personalised experience using the principle of automated decision-making via its email messages and newsletter.

Collection of technical data for commercial and statistical purposes
The technical data of your device is automatically collected and recorded by the server and our subcontractors for advertising, commercial and statistical purposes. This information helps us to personalise and continually improve your experience on our Site. We do not collect or store any personal data (surname, first name, address, etc.) that may be attached to technical data.
VI. Purpose of Processing
The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalised experience in the establishment. To this end, you agree that we may use your personal data to:

  • To provide our services and facilitate their functioning, including carrying out checks on you to do so;
  • To resolve any problems in order to improve the use of our site and our services;
  • To customise, evaluate and improve our services, content and documentation;
  • Analyse the volume and history of your use of the Company’s services;
  • Inform you about the Company’s services;
  • Prevent, detect and investigate any activities that are potentially prohibited and illegal or contrary to good practice, and ensure compliance with the Company’s GTC/GCU;
  • To comply with our legal and regulatory obligations.
  • For customers who have made a reservation directly on the website, by telephone or through the Company’s partner service providers, we process their data for the execution of the service contract.
  • For our newsletter, we process your personal data on the basis of the explicit consent you have given for this purpose.

VII. Data recipients

The personal data collected about you on the site, at the establishment and from partner service providers is intended for use by the Company and may be transmitted to subcontractors that the Company may call upon in the course of providing its services. The Company ensures compliance with data protection requirements for all its subcontractors. The Company does not sell or rent your personal data to third parties for marketing purposes. As a matter of ethics in line with our values, we do not enter into strategic partnerships aimed at sharing your data by promoting a service or product of a third-party company.

The Company does not disclose your personal data to third parties, except if:

  • you request it or authorise the disclosure;
  • the disclosure is required to process transactions or provide services that you have requested (i.e., for the purposes of verifying your good shipping practices or in the context of processing a purchase card with credit card companies);
  • the Company is compelled to do so by a government authority or regulatory body, in the event of a court order, subpoena or other similar governmental or judicial requirement, or to establish or defend a legal claim;
  • the third party acts as the Company’s agent or subcontractor in the performance of the services.


Currently, the recipients of the data are:

  • GOOGLE ANALYTICS: Site statistics and technical analysis
  • Microsoft: Email exchange between the Company and its Users, Consumers, Customers, Professionals
  • XXX: Wi-Fi service in the hotel available to customers, employees, consumers and professionals

VIII. Right of access, rectification and deletion

In accordance with the Data Protection Act and the General Data Protection Regulation 2016/679 (GDPR), you have the right to access, rectify and delete your personal data, which you can exercise by sending an email to contact@hotel-aria.fr.

Your request will be processed within 30 days. We may ask you to include a photocopy of proof of identity or authority with your request.

You can also modify your personal data yourself at any time, regarding our newsletter, by clicking on the link at the bottom of each email in our newsletter to either unsubscribe or update your details.

IX. Use of Cookies


Cookie retention period
In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of 13 months after they are first placed on the User’s device, as is the period of validity of the User’s consent to the use of these cookies. The lifespan of cookies is not extended with each visit. The User’s consent will therefore have to be renewed at the end of this period.

Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, based on the processing of information concerning the frequency of access, the personalisation of pages as well as the operations carried out and the information consulted.

You are informed that the Company may place cookies on your device. The cookie records information relating to browsing on the site (the pages you have viewed and can view) that we can read during your subsequent visits.

The cookie will enable the Company, during the period of validity or registration of the cookie, to identify your computer during your subsequent visits. Partners or service providers of the Company, or third-party companies may also be required, subject to your choices, to place cookies on your computer.

There are two main categories of cookies:

So-called ‘Technical’ cookies. These cookies are essential for browsing our site, in particular for the proper execution of the ordering process;

So-called ‘Optional’ cookies. These cookies are not essential for browsing our site but can, for example, facilitate your searches, optimise your user experience, and for us: better target your expectations, improve our offer, or optimise the functioning of our site.

The retention period for this information on your computer is one year. Only the issuer of a cookie is likely to read or modify the information contained in this cookie.

No cookie allows us to identify your civil status.

User’s right to refuse cookies
Deactivation may result in impaired service.
You acknowledge that you have been informed that the Company may use cookies, and authorise it to do so.

If you do not want cookies to be used on your device, most browsers allow you to disable cookies through the settings options.

You can prevent cookies from being saved by configuring your browser as follows:

For Chrome

  • On your computer, open Chrome.
  • In the top right-hand corner, click on Settings (the 3 small dots)
  • Click on Advanced Settings, then on Content Settings
  • At the top of the page, disable ‘Allow sites to save and read cookie data’


For Mozilla Firefox:

  • Select the ‘Tools’ menu, then ‘Options’
  • Click on the ‘Privacy’ icon
  • Locate the ‘Cookie’ menu and select the options that suit you


For Microsoft Internet Explorer:

  • Choose the ‘Tools’ menu, then ‘Internet Options’.
  • Click on the ‘Confidentiality’ tab
  • Select the desired level using the cursor.


For Edge:

  • Go to Settings
  • Under Clear browsing data, select Choose what to clear.
  • Check the boxes next to each type of data you want to erase, then select Clear.


For Opera:

  • Choose the menu ‘File’ > ‘Preferences’ > Privacy

Warning: If you choose to refuse to save cookies on your computer or if you delete those that are saved there, we accept no responsibility for the consequences related to the degraded functioning of our services resulting from the impossibility for us to save or consult the cookies necessary for their functioning and that you have refused or deleted.

X. Data Retention

General
The Company collects and stores your personal data for the purposes of fulfilling its contractual obligations, as well as information on how and how often our services are used. Personal data must be kept only for the time necessary to fulfil the purpose for which it was collected. The Company only stores your data for the time necessary to provide the service, and as such, the Company deletes your bank details after the service has been provided. The retention period for the data of our customers, professionals, consumers and users varies according to the type of data concerned. For example, your statistical data that is more than 13 months old will be deleted. Other data may be deleted at any time, in accordance with the provisions set out above.

Retention period for personal and sensitive data
Data retention for the duration of the contractual relationship and beyond.
In accordance with Article 6-5° of Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms, sensitive data (bank card) that is subject to processing is not kept beyond the time necessary for the fulfilment of the obligations defined at the conclusion of the contract or the predefined duration of the contractual relationship.

Personal data (surname, first name, email, postal address) that is processed is stored for a period of 3 years in our booking software.

Deletion of data after account deletion
Means of data purging are put in place to provide for their effective deletion as soon as the storage or archiving period necessary for the fulfilment of the determined or imposed purposes is reached. In accordance with the French Data Protection Act 78-17 of 6 January 1978, you also have the right to have your data deleted, which you can exercise at any time by contacting the Company.

Deletion of data after 3 years of inactivity
For security reasons, if you have not visited our establishment for more than 3 years, your personal data will be deleted.

Deletion of Data after 12 months in the Newsletter
If you have not actively participated in the newsletter, i.e. opened and/or clicked on a link in an email, for a period of 1 month, you will receive an email inviting you to perform an action (click on a link) before being permanently removed from the relevant list.

XI. Data Storage Location and Transfers

The hosting servers on which the Company processes and stores your data on the site are located exclusively in the European Union.

The Company undertakes to inform you immediately, insofar as we are legally authorised to do so, in the event of a request from an administrative or judicial authority relating to your data.

XII. Security

In the context of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Thus, and in accordance with the GDPR, the Company undertakes to take all necessary precautions to preserve the security of the data and in particular to protect it against any accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, as well as against any other form of unlawful processing or communication to unauthorised persons.

To this end, the Company implements standard digital industry security measures to protect personal data from unauthorised disclosure. By using the encoding methods recommended by the digital industry, the Company takes the necessary measures to protect payment-related information, given that the Company does not offer on-site payment directly but uses an external service secured by our subcontractors D-EDGE and VEGA.

Furthermore, in order to prevent unauthorised access and to guarantee the accuracy and proper use of data, the Company has put in place electronic and manual procedures to safeguard and preserve the data collected through its services.

Despite all this, no one can consider themselves completely safe from a hacker attack. That is why, in the event that you are affected by a security breach, the Company undertakes to inform you as soon as possible and to do its utmost to take all possible measures to neutralise the intrusion and minimise its impact.

In the event that you suffer damage as a result of a third party exploiting a security breach, the Company undertakes to provide you with all the assistance you need to assert your rights.

It should be kept in mind that any user, client or hacker who discovers a security flaw and exploits it exposes themselves to criminal sanctions and that the Company will take all measures, including filing a complaint and/or legal action, to preserve the data and rights of its users and its own and to limit the impact as much as possible.

User information in the event of a security breach
We undertake to implement all appropriate technical and organisational measures through physical and logistical security measures to guarantee a level of security appropriate to the risk of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our service providers, or unauthorised access resulting in the realisation of the risks identified above, we undertake to:

  • Notify you of the incident as soon as possible if this is a legal requirement;
  • Investigate the causes of the incident;
  • Take all reasonable measures to mitigate the negative effects and damage that may result from the incident.
  • Limit liability

Under no circumstances may the commitments defined in the point above relating to notification in the event of a security breach be equated with any acknowledgement of fault or responsibility for the occurrence of the incident in question.

XIII. Responsibilities and Guarantees

Except in cases of force majeure, the Company guarantees the User, Consumer, Client or Professional the proper fulfilment of its services in accordance with these General Terms and Conditions.

Any compensation owed by the Company to the User or a third party, due to the liability of the Company, its subsidiaries or its partners, in respect of the execution of this agreement, may not exceed the price paid by the User, Client, Professional or Consumer in return for the service(s) giving rise to said liability (e.g. the price of a room).

The Company does not systematically monitor how its services are used, in particular the use of the equipment available in the room and the common areas, which remains the responsibility of the Client, Consumer or Professional.

Under no circumstances can the Company be held liable to third parties for any damage resulting from the use of the services on behalf of the User, the Client, the Consumer or the Professional, in any capacity whatsoever.

Responsibility of the User
The Client, Consumer, Professional, User is solely responsible for the way in which he uses the room, the common areas and the equipment at his disposal in the context of the execution of the present document.

The User, Client, Consumer or Professional may be held liable for failure to comply with these General Terms and Conditions of Sale and Use, the Privacy Policy or any legal or regulatory provision or provision resulting from an applicable international convention.

The User, Client, Consumer or Professional shall indemnify the Company against any loss, claim or recourse by a third party resulting from a breach by the User, Client, Consumer or Professional of these General Terms and Conditions of Sale and Use, the Privacy Policy, the Company or any legal or regulatory provision or provision resulting from an applicable international convention.

XIV. Data Portability

The Company undertakes to offer you the possibility of having all your data returned to you upon request. The User is thus guaranteed better control of his or her data, and retains the possibility of reusing it. This data should be provided in an open and easily reusable format, directly to another data controller when desired and technically possible.

XV. Deletion of Data

Deletion of data on request
The User, Customer, Consumer or Professional has the option of deleting their Data at any time, by simple request to the Company or directly via a link at the bottom of each of our newsletter emails.

Deletion of a booking in the event of a breach of the Privacy Policy
In the event of a breach of one or more provisions of these terms and conditions or of any other document incorporated herein by reference, the Company reserves the right to cancel your reservation without the possibility of a refund if payment has already been made.

XVI. Transfer of Data to Countries with an Equivalent Level of Protection

The Company undertakes to comply with the applicable regulations relating to data transfers, even if the Company does not currently transfer data to foreign countries for almost all of its processing. When necessary to provide our services, this is done according to the following terms:

  • The Company transfers the personal data of its Users, Customers, Consumers and Professionals to countries recognised as offering an equivalent level of protection and recognised by the CNIL as having a sufficient level of protection.
  • The Company transfers the personal data of its Users, Customers, Consumers and Professionals to recipients who can provide sufficient guarantees of GDPR compliance.
  • The Company only transfers the personal data of its Users, Customers, Consumers and Professionals with regard to what is strictly necessary for the purpose of the processing in question, i.e. booking a room at the Porte de Genève hotel.

Currently, the only processing operations concerned by this provision are:

The reservation of services offered by the Company to the user who has decided to make a reservation via the subcontractor D-EDGE from the company’s website. Only the following data is transferred: CUSTOMER ID, email address, purchase amount, product designation, email address, telephone, postal address (if indicated), 16 digits of the credit card and its expiry date.

The management of the ethical and personalised commercial relationship through information posted on Facebook via the ‘Custom Audience’ feature offered by Facebook.

The email address is the only piece of data transferred to enable Facebook to identify its users and build an audience.

The questionnaires completed by the customer on Google services (Google Doc, Google Drive, Google Form, Google Sheet, etc.). The Personal Data depends on the data that the client wishes to share (company name, SIRET number, surname, first name, email).

To see the list of countries with a sufficient legal level: CNIL – Data protection around the world

XVII. Modification of the Privacy Policy

The Company reserves the right to modify this Privacy Policy at any time, in particular in application of changes made to the laws and regulations in force. You will be notified of any changes made via our website and/or by email, as far as possible at least thirty (30) days before they come into effect. We recommend that you check these rules from time to time to keep informed of our procedures and rules concerning your personal information.

In the event of any modification hereof, the Company undertakes not to lower the level of confidentiality substantially without prior notification to the persons concerned.
XVIII. Applicable Law and Language
This Privacy Policy is governed by French law. This reference document is written in French. In the event that it is translated into one or more languages, only the French text shall be deemed authentic in the event of a dispute. The nullity of a clause does not result in the nullity of the Privacy Policy. The temporary or permanent non-application of one or more clauses herein by the Company shall not constitute a waiver of its part of the other clauses herein, which shall continue to have effect.

XIX. Disputes and Attribution of Jurisdiction

Any dispute to which the privacy policy might give rise, in particular concerning its validity, interpretation and execution, their consequences and their outcomes, will be submitted to the competent courts within the jurisdiction of the city of Nice.

XX. Contact

Any questions regarding the Company’s Privacy Policy may be sent by email to contact@hotel-aria.fr or by post to the following address:

Hôtel Aria Nice, 15 avenue Auber, 06000 Nice
Telephone: +33 4 93 88 30 69
Email: contact@hotel-aria.fr

Hôtel Aria Nice

Hotel Aria Nice

CODES GDS

  • Amadeus : ACNCEO51
  • Galileo : ACH8473
  • Sabre : AC71522
  • Worldspan : AC0O51
Instagram Facebook
Hôtel Aria Nice - Hôtel de charme Nice centre-ville
Cookie Settings

Book

Hôtel Aria Nice - Hôtel de charme Nice centre-ville | Logo
Facebook Instagram
Hotel Aria Nice
Facebook Instagram