GDPR – General Data Protection Regulations

European regulation No. 2016/679 of 27 April 2016 known as the General Data Protection Regulation (GDPR) became enforceable from 25 May 2018.  Basically, this law affects how companies store personal information received, it has 7 key principles.

Lawfulness, fairness and transparency:
When you make a booking, we collect the home address, email address and telephone number of the person making the booking. We also collect the names of all the guests who will be staying. Consent is given by the adult completing the booking form for any details provided on behalf of a minor.

Purpose limitation:
We use your email to communicate with you, to send you booking confirmations and answer queries; after your stay we contact you to thank you and ask you for a review.

We will not instigate use of the telephone (unless we need to contact you urgently) we will only use it in response to your call or text.

We will not use your address unless we have been unsuccessful in contacting you by the previous two methods.

Data minimalisation:
We will not ask you for any information that we do not need; and we will destroy all details following the legal retention period.

Accuracy:
We will take every reasonable step to ensure that your details are correct; if they are found to be incorrect you can request that we amend them.

Storage limitation / Right to be forgotten:
You have the right to ask us to remove your details from our records; however, this does not override legislative requirements;

  • Legally we must ask non-French guests to complete a “Fiche Identite Individuelle”. Only the police can ever ask to see this form, it must be destroyed 6 months after your arrival.
  • We are required to keep financial accounts for the gites for 7 years.

Security:
Your details are kept securely on our system which is password protected. They are not used for any other purpose or shared with any other person or business.

If you book via one of our booking partners, example TripAdvisor or AirBnB; they also comply with GDPR regulations and have their own safeguards and policies.

Accountability:
The GDPR require us to notify the CNIL (Commission Nationale de l’Informatique) within 72 hours of first becoming aware of any breach that is likely to “result in a risk for the rights and freedoms of individuals”. We are also required to notify you “without undue delay” after first becoming aware of any breach.