a) Data which you provide directly to us

You may provide us with data:

• when you create an account online or at our shops;
• when you subscribe to our newsletter;
• when you use our Digital Platforms;
• when you purchase products or services on our Digital Platforms or at our points of sale;
• when you visit our points of sale;
• when you attend one of our events;
• when you make an external telephone call or from your room’s telephone to our switchboard, the said calls may be recorded.

 

The personal data collected is:

• your identity (including your first name, surname, gender, image, nationality);
• your contact details (including postal address, e-mail, telephone numbers);
• your personal status (including your title);
• your purchases (including purchase history, order details);
• your preferences (dietary, etc.);
• images (including CCTV images, publicly available photographs and images captured at events or during your stay) ;
• certain payment details (including billing details, type or method of payment, credit or debit card number);
• other information you may provide by filling in forms or contacting us (including your comments or other communications to us which may include health data relating to any adverse effects of our services and products);
• sensitive data pursuant to legislation in force or where disclosed and relevant to the provisions of services and products (e.g. passport, health data, you voice, your underage children’s information such as name, date of birth etc.).

 

​​​​​​​​​​​​​​b) Data you provide to us indirectly

We may collect your personal data when you use our Digital Platforms, including your IP address or other browsing data (including browser, operating system, device model), through cookies or similar technologies placed on your device. Some cookies are necessary for the proper functioning of our Digital Platforms and others are used for analytical purposes that help us provide you with more personalised services and a better digital experience. For more information about cookies and how to change your preferences, please read our Cookie Policy [Insert Link] and the section "Cookies" below. We may also collect your personal data from third parties, such as from a spouse who contacts us on your behalf or your friends who provide us with your contact details in order to invite you to events that may be of interest to you. If you provide us with personal data about someone else, you must ensure that you have the right to disclose that personal data to us, and that, without us having to take any other steps as required by the data protection law, we can collect, use and disclose that personal data for the purposes described in this Privacy Policy. For example, you must ensure that the data subject is aware of the various matters set out in this Privacy Policy. The individual must also give the consents set out in this Privacy Policy as to how we process their personal data.

RITZ PARIS and its contractors will only retain the personal data relating to the means of payment for the time required for the execution of the payment, unless you choose to keep your personal data online. In the latter case, you may withdraw your consent to the storage of your payment data at any time.

We collect and use your personal data on one or more of the following legal bases:

• we have obtained your prior consent (for example when you subscribe to our newsletter). Please note that with this particular legal basis, you have the right to revoke your consent at any time (see section below “Your rights concerning your personal data collected”);
• the processing is necessary for the purposes of a contract between RITZ PARIS and yourself (for example when you make a purchase of a product or service);
• we have a legitimate interest in carrying out the processing and that legitimate interest is not overridden by your interests, fundamental rights or freedoms (e.g. the prevention of payment fraud);
• we need to process your personal data in order to comply with applicable laws and regulations.

 

Depending on the context, we may use your personal data to:

• provide you with the products or services you have requested;
• carry out checks to identify you and verify your identity;
• send you marketing and promotional information, based on your preferences, with your prior consent (see the section "Marketing Communications" below);
• provide you with after-sales service and manage refunds;
• manage your claims for refunds;
• respond to your questions, suggestions and requests, including requests to exercise your rights;
• manage complaints and disputes;
• manage the events you have registered for and/or participated in;
• detect, prevent and combat fraudulent or illegal activity, including protecting your transactions from payment fraud;
• protect you, employees and others in our points of sale and our premises;
• monitor and improve our Digital Platforms;
• perform anonymous statistical analysis, including to tailor our product and service offerings (including the use of nationality anonymously);
• improve our products and services;
• to comply with our legal obligations, which includes providing information to regulatory bodies where required by law, in particular to comply with our legal obligations to prevent and combat fraud, money laundering and terrorist financing.

a) Data storage time

Your personal data are processed for the period necessary for the purposes for which it they have been collected, to comply with legal and regulatory obligations and for the duration of any period necessary for the establishment, exercise or defence of legal rights.

 

In order to determine the most appropriate retention periods for your personal data, we have specifically considered the amount, nature and sensitivity of your personal data, the purposes for which we have collected your personal data, the service you deserve and expect from us together with the applicable legal requirements. For example:

• Our prospects (potential customers): Your personal data is retained for three (3) years from your last interaction and then deleted or archived to comply with legal retention requirements;
• Our customers: Your data is kept for the duration of our business relationship and up to ten (10) years, then deleted or archived in order to comply with legal retention obligations;
• Cookies used on Digital Platforms: Cookies are kept for a maximum of thirteen (13) months from the time they are installed on your device.

 

​​​​​​​b) Recipients of your personal data

We may only disclose your personal data to the parties named below and for the following purposes:

• To employees of RITZ PARIS who need to have access to your personal data and who are authorised to process it for the above-mentioned purposes and who undertake to respect its confidentiality;
• To the departments of the Ritz Group companies responsible for customer relations, retail, e-commerce, communications, legal, finance, internal audit, IT management and security for the purposes set out in this Privacy Policy and to provide you with a consistent level of service across all companies. This may include providing you with the services and products you have requested, improving the services and products provided and, with your consent, sending you marketing communications about offers, services, products or events of the RITZ PARIS or its sister companies (for this purpose, you may revoke your consent at any time and exercise your rights in relation to your personal data, as described below).
• To third parties acting on behalf of RITZ PARIS or the Ritz Group, upon our prior instructions set out in a binding contract that complies with the requirements of applicable law. Such disclosures are made for a variety of purposes, including:

• IT development and support;
• Hosting and conducting marketing and economic research and marketing campaigns;
• Verification of your information, authentication of payments and processing of orders and payments to third parties who provide credit reporting, payment or order fulfilment services;
• Delivery services.

• To authorities and/or competent bodies or third parties, as required by law or as part of legal proceedings or other legal requests.

 

​​​​​​​​​​​​​​c) Recipients outside the European Union

Your personal data may be processed outside the European Union, including via remote access. We undertake not to make any transfer of such data outside the European Union without implementing appropriate safeguards in accordance with the applicable regulations.

With your express prior consent (usually obtained by ticking a specific box in a form), you may receive information concerning offers, services, products or events sent by RITZ PARIS and/or by other Ritz Group companies (hereinafter referred to as the “Promotional Communications”). In such a case, you also accept that your contact information is shared with other Ritz Group companies for this purpose.

 

 

We rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you can withdraw your consent at any time (see below “Your rights concerning your personal data collected”).

 

We may ask you to confirm or update your preferences regarding Promotional Communications if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

All your personal data is strictly confidential and will only be accessed on a need-to-know basis by RITZ PARIS staff and other duly authorised entities as well as independent service providers acting on our behalf under appropriate technical and organisational security measures.

 

We have implemented organisational, technical, software and physical digital security measures to protect your personal data against alteration, destruction and unauthorised access.

 

However, it should be noted that the Internet is not a completely secure environment and the Digital Platforms cannot guarantee the security of the transmission or storage of information over the Internet.

 

We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorised access by third parties and to prevent accidental loss of your data. We limit access to your personal data to those who have a genuine business need to access it. Those who access your data will be subject to a duty of confidentiality towards RITZ PARIS.

 

We also have procedures in place to deal with any suspected data breach. We will notify you and any relevant supervisory authority of a suspected data security breach where we are legally required to do so.

 

We also require those to whom we transfer your personal data to comply with the above. However, unfortunately, the transmission of information via the Internet is not completely secure. We therefore cannot guarantee the security of your personal data transmitted by you to us via the Internet. Any such transmission is at your own risk and you acknowledge and agree that we will not be liable for any unauthorised use, distribution, damage or destruction of your data, except to the extent that we are required to accept such responsibility under the law. Once we have received your personal data, we will apply the security measures mentioned above.

In accordance with the data protection legislation in force, you may at any time request access to, rectification, deletion, portability, or restriction of the processing of your personal data or object to it. A summary of these rights is set out below:

• your right to request access to your personal data (request to receive a copy of your personal data);
• your right to rectification (to request rectification of any errors in your data or to have them completed);
• your right to be forgotten (to request the deletion of your personal data, in certain situations);
• Your right to restriction of processing (to request restriction of processing of your personal data, in certain circumstances, for example if you dispute the accuracy of the data);
• Your right to data portability (requesting to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and/or to transmit this data to a third party, in certain situations);
• Your right to object to the processing :
• at any time to your personal data for direct marketing purposes;
• in certain other situations, to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Where the processing of your personal data is based on your consent, you may decide at any time to withdraw it. If your consent is withdrawn, this will not affect the processing of your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law.

If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic promotional message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

 

 

You may exercise your rights by contacting RITZ PARIS:

• by email at the following address: [email protected]  

or

• by post at the following address: Data Protection Officer, Ritz Paris, 15 Place Vendôme, Paris 75001, France.

You also have the right to lodge a complaint with a personal data protection supervisory authority in the event of an alleged breach of the data protection rules applicable to you. The French authority is the CNIL (Commission Nationale de l'Informatique et des Libertés).

Please note that if you exercise any of the rights mentioned above, you will be asked to inform us of which right you wish to exercise and to provide us with certain information (copy of an identity card, passport or other legally recognised identification document) for identification purposes in order to process your request and to protect you against fraudulent requests from third parties.

You have the right to lodge a complaint with a local Data protection authority in case of alleged infringement of the data protection rules applicable to you. The French  Data protection authority is the CNIL (Commission Nationale de l’Informatique et des Libertés).

Please note that upon exercising any of the rights listed above, you will be requested to let us know what right you want to exercise and provide information (copy of an identity card, passport or other legally recognized identity) for identification purposes in order to process your request and protect you against fraudulent requests from third parties.

In accordance with your cookie settings, you agree to the Site storing information with regard to your browsing, in order to ensure in particular the correct functioning of the Site, produce traffic statistics and optimise the conditions of use of the Site and the services which are offered on it.

What is a cookie?

A cookie is a small text file stored on your hard disk. It contains a few data concerning your connection, particularly the name of the server which wrote it, in most cases an identifier in the form of a unique number and possibly an expiry date. This identifier can enable the Site to recognise your computer, your browser, your mobile or your tablet on each visit. Cookies are managed by your web browser.

What types of cookies do we use?

Functional cookies

These improve the quality of your browsing on the Site, particularly by saving the preferences which you have expressed while visiting the Site. The information collected via these cookies is anonymous and does not enable us to identify the user.

Audience measuring cookies

These cookies are used by the Site to produce anonymous statistics. They make it possible to recognise visitors, count them and identify the way in which they move around the Site when they use it. The functioning of the Site can thus be improved with these cookies, for example, by ensuring users easily find what they are looking for.

Cookies enabling third parties to provide social sharing tools

Subject to your acceptance, when you use one of the share buttons on the Site, a cookie may be installed by the social network concerned in order to share the content instantly on the social network. Our Site does not block these third party sites’ cookies and has no control over their installation. We invite you to check the the cookie policy of these social networks for further information.

How can you oppose the use of the cookies?

You can choose to refuse cookies on our Site, or change your browser settings.

 

If you wish to change your cookies’ options, simply go to your browser’s help menu to find out how to change these options.

For Internet Explorer™: http://windows.microsoft.com/fr-fr/windows7/block-enable-or-allow-cookies

For Safari™: https://support.apple.com/kb/PH19255?viewlocale=fr_FR

For Firefox™: https://support.mozilla.org/fr/kb/activer-desactiver-cookies

For Chrome™: https://support.google.com/chrome/answer/95647?hl=FR

Depending on your settings, your browsing will be modified and access to our services will be restricted to varying degrees. In particular, deactivating “functional” cookies will impair your visit to our Site or make it impossible.

 

If your computer is used by more than one person or has multiple internet browsers, it is possible that some of your choices relating to cookies may not be permanent because you are either using a different browser or a third party has changed the settings of your browser.  We are unable to prevent these external factors and therefore cannot guarantee the permanence of the choices you make.

We remind you that we do not collect, directly or indirectly, personal data from persons under the age of 16, without prejudice to any local law setting a different minimum age. We therefore ask you not to provide us with personal data of persons who do not meet this criterion, except where the processing is necessary for the purposes of a contract.