Personal Data Protection Policy
Respect for private details and the protection of personal data is a matter of trust, a value to which the ONOMO Group is particularly attached by being committed to respecting fundamental rights and freedom. This policy reflects the commitment implemented in the context of daily activities for the responsible use of personal data.
Group: indicates the group of companies that own and/or operate hotels under the ONOMO brand in Africa, direct or indirect subsidiaries of the company AFRICAN HOTEL DEVELOPMENT Luxembourg.
Client: corresponds to any persons having a commercial relationship with one or more of the Group’s hotels.
User: corresponds to any persons using the services offered by the Group.
GDPR: corresponds to the General Data Protection Regulation n° 2016/679 of April 27, 2016.
Services: indicates all the services offered by the hotels of the Group.
Policy: refers to this policy of personal data protection.
Article 1: Personal data protection
The purpose of this policy of personal data protection is to inform you of the processing of your personal data, the way in which it is used and the rights that are granted.
Article 2: Principles applicable to the protection of personal data – basis for personal data processing
The Group’s hotels process personal data in compliance with the laws and regulations in force, and in particular the General Data Protection Regulations (GDPR). The Group collects your personal data in order to be able to perform the Services that our hotels offer. As such, the basis for processing your data is as follows:
- • The execution of the contract that binds you to one or more of the entities of the Group.
- • Signing the reservation form (accommodation and/or other services) with one or more hotels of the Group.
- • Your consent.
- • The fulfilment of legal and regulatory obligations.
Article 3: Information collected
The Group (or the hotels of the Group) collects information because that is necessary for carrying out Services. This information is transmitted voluntarily by the Client and/or User via a contact form (reservation form, accommodation form, cameras of the hotel concerned or any photograph taken of the Client, or any other form used by the Group’s hotels).
This is mainly, according to the hotels concerned:
• Information relating to civil status (surname, first name, date of birth, birthplace, etc.), as well as the contact details of Client and/or User (telephone number, postal address, email address, etc.).
• Banking or financial information (bank account number, credit card number, etc.).
• Information related to Client identification documents (passport number, residence or visa card number, place of issuance, etc.).
• Mandatory data collected via the contact forms as indicated by an asterisk “compulsory information”. In the absence of a response or in the event of incorrect information, the Group will not be able to process requests from Clients and/or Users, who, in turn, will not be able to access the Services.
Article 4: Clear, explicit and legitimate purpose of the process
Personal data is collected for specific purposes brought to the attention of the people concerned. This data may not subsequently be used in any way incompatible with these purposes.
The personal data is therefore used either to respond to requests made by Clients or Users, or to allow them to access Services offered by the Group’s hotels. This data is collected fairly and with the full knowledge of the people involved.
The Group’s hotels may sometimes use personal information to send promotional offers, event invitations or other initiative to data owner.
Article 5: Recipient of personal data
The personal data collected is primarily intended for the Group’s hotels. However, it may also be passed on to third parties, subject to obtaining the prior consent of the Client and/or User concerned. No personal data will be transferred outside the countries subject to the GDPR without the prior written consent of the User concerned.
Article 6: Proportion and relevance of the data collected
The personal data collected is strictly necessary for the objectives of the collection. The Group’s hotels strive to minimize data collected, keeping it accurate and up-to-date by facilitating the rights of the persons concerned.
Article 7: Limited retention period for personal data
Personal data is kept for a limited period, which does not exceed the time necessary for the objectives of collection. Data-retention periods are brought to the attention of individuals, and vary according to the nature of the data, the purpose of the processing, or legal or regulatory requirements.
Article 8: Commitments of the Group
The Group uses all the means in its possession to protect the personal data collected, in particular: protection of premises against intrusion, secure access to the Group’s information systems and so on.
Article 9: Confidentiality and data security
Information systems protection policies are implemented, adapted to the nature of the data processed and to the activities of the Group. Appropriate physical, digital and organizational security measures are provided to guarantee the confidentiality of the data collected, in particular to prevent any unauthorized access. The Group also requires subcontractors to give appropriate guarantees ensuring the security and confidentiality of personal data.
Personal data may be transferred to countries located in the European Union or outside the European Union, in particular other Group entities or partner sites, in particular for booking purposes. If this is the case, the people concerned are clearly informed, and specific measures are taken to oversee these transfers.
Article 10: Rights of individuals
In accordance with the legal foundations set out in the preamble, Clients and/or Users whose personal information is collected have the following rights:
- • The right to request (without charge) the updating, correction, completion or deletion of any inaccurate, outdated or incorrect personal data that the Group holds.
- • The right to request deletion of personal data, provided that the reason corresponds to one of those set out in Article 17 of the GDPR.
- • The right to stop receiving promotional communications from the Group’s hotels.
- • The right to data portability, provided that this does not infringe on the rights and freedoms of third parties, and that it is possible to integrate the data into a structured, commonly used and machine-readable format for transmission to another organization designated by the Client and/or User concerned.
- • The right to object to any profiling technique, for reasons relating to the particular situation of the Client and/or User concerned, and subject to cases authorized by the GDPR.
All the means necessary are implemented to guarantee the effectiveness of the rights of individuals over their personal data. Clear and complete information regarding the implemented data processing is easily accessible and understandable by all.
Easy access to data: Everyone has rights over their personal data, which they can exercise at any time, free of charge. These rights are facilitated online or by any other means possible, according to the terms brought to the attention of individuals. These requests can also be directed to the contacts given below.
Article 11: Updates to the Personal Data Protection Policy
The Policy is accessible to all on the Group’s websites, and is updated regularly to take into account legislative and regulatory changes, any change in the organization of the Group or in the offers, products and services offered.
Article 13: Contact
For you have any questions, information or wish to exercise any of the rights set out above, please contact us by mail at the address of the hotel concerned, or by email at compliance@ONOMOhotel.com