As part of the Elancia group, Domaine du Mas de Pierre (“we”, “us”, “our”) offers its customers and prospective customers (“you”, “your”) hotel services, including in particular hotel, restaurant, and SPA services, as well as special offers, gift packs, and associated newsletters.
This privacy policy describes our practices for collecting, using, and transferring your data for all our activities.
We are committed to protecting your data by the General Data Protection Regulation (no. 2016/679) and the French Data Protection Act (no. 78-17).
The data controller is the Mas de Pierre corporation, registered in the Grasse Register of Trade and Companies under SIREN number 450.228.317. The address for all matters relating to personal data is 265 avenue des États du Languedoc, 34961 Montpellier Cedex 2, CS 99553.
The hotel manager, Audrey Jorge, represents the Data Controller.
Your data and that of the persons accompanying you may be collected directly from you on the Mas de Pierre website (via information or reservation forms, cookies, or the chatbot) or during your stay at Mas de Pierre (form filled in, data provided verbally, etc.).
Due to the nature of the services offered, your data may be collected by other entities for transmission to us, mainly reservation sites, service providers, and platforms. We may also collect data from affiliated entities, commercial partners, subcontractors, and service providers if their personal data protection policies permit. In any event, your data will not be collected from a publicly accessible source.
Given the above, this Privacy Policy aims to inform not only those whose data is directly collected but also those whose data is indirectly collected by and/or for Mas de Pierre by Articles 13 and 14 of the General Data Protection Regulation (no. 2016/679).
Your data and that of the persons accompanying you may be collected directly from you on the Mas de Pierre website (via information or reservation forms, cookies, or the chatbot) or during your stay at Mas de Pierre (form filled in, data provided verbally, etc.).
Due to the nature of the services offered, your data may be collected by other entities for transmission to us, mainly reservation sites, service providers, and platforms. We may also collect data from affiliated entities, commercial partners, subcontractors, and service providers if their personal data protection policies permit. In any event, your data will not be collected from a publicly accessible source.
Given the above, this Privacy Policy aims to inform not only those whose data is directly collected but also those whose data is indirectly collected by and/or for Mas de Pierre by Articles 13 and 14 of the General Data Protection Regulation (no. 2016/679).
| Goals | Categories of data processed | Shelf life |
| Video surveillance to protect the premises | Images and any data derived from them | 15 days on the Mas de Pierre servers |
| Booking, supply and payment of services | Identification and contact details
Bank details Health data |
10 years from the date of the operation (billing data)
The data required for payment is kept from when the CB fingerprint is taken (where applicable) until the actual payment is made and may be kept longer if consent is given. The duration of the service, in particular, the SPA or restaurant, and the retention of the health record for 13 months if the customer consents. |
| Managing and sending a newsletter | Identification data, contact details, and data relating to newsletter follow-up (email opened, link clicked, etc.) | As long as the person is registered, with an annual purge of “inactive” persons.
Deletion from the active database on receipt of a withdrawal of consent or a request to that effect, retention for probative purposes for 5 years |
| Carrying out satisfaction surveys by sending out questionnaires | Identification and contact details
Responses to questionnaires (pre- and post-stay) |
Responses to questionnaires (pre- and post-stay): After the service provider processes the data, it is anonymised before the notice is published.
Three years from the last service or contact |
| Claims management | Identification details, contact details, details of the stay, and complaint content. | Identification details, contact details, details of the stay, and complaint content. |
| Litigation management | Any data relevant to the dispute | At the latest until the corresponding action is time-barred.
Court decisions are kept indefinitely. |
| Digital marketing | Targeting criteria | The marketing service providers (social networks and search engines) will retain the data for periods defined by each of them. |
| Management of the Data Controller’s contractual partners | Professional identification data of partners’ staff | Duration of the contract with a contractual partner, then a 5-year probationary period |
| Website management and operation | Connection data and necessary cookies are required to function correctly.
Data entered in the Velma chatbot |
13 months maximum
6 months |
| Cookie management | Necessary cookie data, in particular: location, page tracking, links clicked, etc. | 6 months maximum |
| Communication management (social networks) | Any public data posted online by users of social networks, and/or messages exchanged with the Data Controller’s accounts | Data held and stored by each social network according to its procedures. |
| Drawing up a police form | Data required by Article R814-2 of the Code on the Entry and Residence of Foreigners and the Right of Asylum. | Duration imposed by Article R814-3 of the Code on the Entry and Residence of Foreigners and the Right of Asylum (6 months) |
| General accounting | Items shown on invoices. | Term imposed by Article L123-22 of the French Commercial Code (10 years). |
| Exercising your RGPD rights (listed below) | Identification and contact details, data relevant to processing the request. | While the application is being processed, then a 5-year probationary period. |
| Legal Basis | Associated Objectives | Details |
| Contractual performance | Booking, provision, and payment of services
Managing contractual partners |
N/A |
| Legitimate interest | Video surveillance to protect the premises
Provision of a WiFi connection throughout the premises Satisfaction survey Managing cookies that are necessary or exempt from consent Management of tracers and similar online tracking technologies (excluding cookies) Management of social networks Managing complaints and disputes Digital marketing |
Safety of property and people
Improving service by providing Internet access Seeking to improve service by gathering feedback Proper operation of the site and audience measurement Management of external communications and personalised advertising Monitoring, researching and improving the customer experience Defending the Data Controller’s interests in court Managing external marketing through targeted advertising |
| Consent | All health data, regardless of purpose.
Any banking data to be retained beyond the performance of the service, notwithstanding the purpose for which it was collected. Cookie management (not required) Managing and sending a newsletter |
N/A |
| Legal obligation | General accounting
Police file Keeping a single staff register Exercising the rights of individuals guaranteed by the RGPD. |
This includes billing data resulting from certain contractual performances . |
We also recommend that you provide as little information as possible about people other than yourself or your health and theirs when browsing the site (in particular when using the chatbot) and, in general, during your stay.
We collect data via cookies and other similar technologies (web beacons).
Cookies” are small text files automatically copied to your computer or mobile device when you visit a website. These cookies contain basic information about your use of the Internet. Your browser sends these cookies to our website each time you visit it so that your computer or mobile device is recognised and your browsing experience is personalised and enhanced.
Some cookies are “necessary, ” meaning the website cannot function and display on your terminal. The others are “unnecessary” and intended to establish traffic statistics or personalise and improve your browsing experience and the targeting of the advertising you see. These will only be stored on your browser if you expressly accept them.
You can control your consent to unnecessary cookies using a drop-down banner displayed when you first visit the site and then at any time by clicking on the “cookie settings” bar displayed at the bottom right of your screen when browsing our site.
The lists of cookies and tracers, their purposes, and the partners installing them are available in the drop-down menu’s “Configure your choices” and “See partners” tabs.
In addition, our website may contain links to third-party websites, applications and plug-ins. If you access other websites from links provided on our website, the operators of those websites may collect or share information about you. These operators will use this information according to their privacy policy, which may differ from ours. We invite you to read these confidentiality policies and to refer directly to these third parties if you have any questions about their practices.
When we do not collect your data directly, it is sent to us by our subcontractors and partners, i.e. mainly the booking platforms that offer our services: travel agencies, tour operators, online travel agencies (particularly online booking platforms), etc.
Access to your data within the Mas de Pierre corporation is restricted to those with a strict need-to-know, and it may only be shared with specific categories of recipients:
Satisfaction surveys and newsletters: When you participate in these activities, some of your data may be shared with our service providers who conduct them
We have implemented technical and organisational measures appropriate to the sensitivity of the personal data to ensure its integrity and confidentiality and protect it against malicious intrusion, loss, alteration, or disclosure to unauthorised third parties.
We conduct regular audits to check that data security rules are being applied correctly at the operational level.
To fulfil these commitments, we meticulously choose our service providers and subcontractors and require them to provide personal data protection that is at least equivalent to our own.
Our Consent Management Platform provider anonymises unnecessary cookie data before passing it on to Google Analytics via the banner that allows you to manage your cookie preferences.
In this way, your data does not pass through the United States (a country considered not to offer a level of data protection equivalent to that of the EU).
For certain service providers, data is transferred outside the European Union to countries that are not subject to the European Commission’s adequacy decisions, such as the United States.
In these cases, we only choose service providers who have adopted Standard Contractual Clauses (SCC) or obtained certifications (e.g., Data Privacy Framework) to protect your data as effectively as possible.
We also put in place organisational measures to limit and secure data transfers as much as possible.
By data protection regulations, you have the following rights about your data:
You can exercise your rights or request further information in the following ways:
If you would like more information, or if, despite our replies, you feel that they are insufficient or that data processing is unlawful, you can contact the Commission Nationale Informatique et Libertés (https://www.cnil.fr/fr/plaintes).
We may modify, update and/or replace this confidentiality policy, particularly in the event of changes to regulations on protecting personal data. Therefore, we recommend that you consult this personal data protection policy regularly to ensure you are aware of the latest version.
2024 LeMasdePierre. All rights reserved.