ARTICLE 1 – IDENTITY OF THE DATA CONTROLLER
For the processing of Personal Data on the Website, the data controller is NOAM GROUP SAS (« NOAM GROUP »), registered in the Paris Trade and Companies Register under number 921 152 211, and whose contact details are specified below.
NOAM GROUP SAS
231 rue Saint-Honoré, 75001 – Paris
For any question or request for information concerning the Website, and to exercise his rights as listed in article 5 below, the User may contact NOAM GROUP at the above e-mail address or by sending a registered letter with acknowledgement of receipt to the above postal address.
ARTICLE 2 – LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
By « Personal Data », we mean any personal data relating to an identified or identifiable individual.
In application of the European and French legislation on the protection of personal data, known as the « RGPD » and the French Data Protection Act, NOAM GROUP processes Users’ personal data solely for the purposes and in accordance with the legal bases defined below.
2.1. Processing for the purpose of online reservations
When browsing the Website, the User may access the online reservation request form to find out about the availability of an establishment offered for rent by NOAM GROUP.
In order to process the User’s reservation requests, NOAM GROUP companies receive and process the personal data collected. To this end, NOAM GROUP collects and processes the following personal data concerning the User:
– desired date of entry and date of departure ;
– number of adults and children;
– prefix, first name and surname;
– email address;
– telephone number, at the discretion of the User;
– language required for contact;
– country of origin, at the discretion of the User;
– any Personal Data voluntarily provided by the User in the free field of the form.
The processing of this Personal Data by the companies of NOAM GROUP is necessary for the processing and management of reservations in each establishment concerned (legal basis: art. 6.1.b of the RGPD – execution of a contract with the person concerned).
2.2. Processing carried out for the purpose of managing contact requests
The User may make a contact request to NOAM GROUP by filling out a contact form on the Website. To this end, NOAM GROUP collects and processes the following personal data concerning the User
– prefix, first name and surname ;
– telephone number at the discretion of the User;
– e-mail ;
– the purpose of the contact;
– any Personal Data voluntarily provided by the User in the free field of the contact form.
The processing of this Personal Data is necessary for the processing and management of contact requests (legal basis: art. 6.1.a of the RGPD – consent of the person concerned).
2.3 Processing carried out for the purpose of managing applications
While browsing the Website, the User may access the application service provided by a service provider external to NOAM GROUP (LinkedIn).
With their consent and in order to process their application, NOAM GROUP receives and processes the Personal Data collected by the service provider concerned.
The processing of this Personal Data allows NOAM GROUP, with the User’s consent, to process his/her application (legal basis: art. 6.1.a of the RGPD – consent of the person concerned).
The User may withdraw his/her consent at any time with regard to this processing. However, any processing carried out before this withdrawal will remain lawful.
2.4. Processing carried out for the purpose of sending the newsletter
By browsing the Website, the User has the possibility of subscribing to the newsletter of the « NOAM GROUP » brand provided by a service provider external to NOAM GROUP (MailChimp). With the User’s consent, NOAM GROUP collects and processes the following personal data concerning the User
– language desired by the User for communication;
– prefix, first name, last name ;
– e-mail ;
– country of origin, at the discretion of the User.
The processing of this Personal Data enables NOAM GROUP, with the User’s consent, to send him/her newsletters (legal basis: art. 6.1.a of the RGPD – consent of the person concerned).
The User may withdraw his/her consent at any time concerning this processing. However, any processing carried out before this withdrawal will remain lawful.
ARTICLE 3 – RECIPIENTS OF PERSONAL DATA
The personal data processed by NOAM GROUP is communicated to the following recipients, for the sole purpose described above.
3.1. NOAM GROUP’s internal departments
NOAM GROUP shares Users’ Personal Data with its internal departments, solely for the purposes defined in Article 2 above and for which they are authorised.
The members of the internal services who process Users’ Personal Data are subject to an obligation of confidentiality regarding this Data.
3.2. NOAM GROUP’s subsidiaries
NOAM GROUP shares Users’ Personal Data with its subsidiaries for the strict purpose of:
– managing reservations and contact requests in each establishment managed by a subsidiary;
– managing applications for positions to be filled in each establishment managed by a subsidiary.
In accordance with European and French legislation on the protection of personal data (European Regulation n°2016/679 of 27 April 2016 on the protection of personal data, known as the « RGPD », and the French Data Protection Act n°78-17 of 6 January 1978), NOAM GROUP’s subsidiaries process Users’ personal data solely for the purposes and in accordance with the legal bases defined above.
3.3. Third-party suppliers and service providers
NOAM GROUP shares Users’ Personal Data with its IT service providers, who are subcontractors within the meaning of the RGPD. These subcontractors process Users’ Personal Data on behalf of NOAM GROUP and for the sole purposes defined in Article 2 above.
The purpose of hosting the Website is to host Data and files that enable the Website to function and to provide a ready-to-use infrastructure for specific functions or parts of the Website to operate. Some of these services operate through geographically dispersed servers, making it difficult to determine the actual location where Personal Data is stored.
3.4. Administrative and judicial authorities (if necessary)
Only in cases where such communication is required by a legal obligation, NOAM GROUP communicates Users’ Personal Data to the administrative or judicial authorities that require it.
ARTICLE 4 – STORAGE OF PERSONAL DATA
In this context:
– the Personal Data necessary for the processing of online bookings are kept for a period of 5 years from the date of the booking, with the exception of Personal Data appearing on accounting documents, which are kept for 10 years;
– Personal Data necessary for the management of applications are deleted at the end of the recruitment process if the application is rejected, or kept for 2 years from the last contact with the applicant unless the applicant objects. The absence of opposition means acceptance of the present;
– Personal Data necessary for the sending of newsletters are kept for a period of 5 years from the date of their collection or the last contact from the User concerned.
ARTICLE 5 – USER’S RIGHTS
The User has the following rights with respect to the Personal Data collected:
– to become aware of, update, modify or request the deletion of his/her Personal Data;
– to request the limitation and/or to oppose the processing of his/her Personal Data from the Website;
– request the portability and transfer of their Personal Data from the Website to any other website or application.
The User may exercise the aforementioned rights by contacting NOAM GROUP directly at the following e-mail address: firstname.lastname@example.org
The User also has the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés – www.cnil.fr) or with any competent judge.
ARTICLE 6 – COOKIES
Cookies are tools that enable data to be stored in the User’s terminal equipment, to allow the Website to send information to the User’s browser, and to allow this browser to send information back to the Website.
Cookies enable status information to be stored during the period of validity when a browser accesses the various pages of the Website or when the browser subsequently returns to the Website.
Only the sender of a cookie can read or modify the data contained in it. There are different types of cookies:
– session cookies which disappear as soon as the user leaves the Website;
– permanent cookies which remain on the terminals until their lifetime expires or until the User deletes them using the functions of his/her browser.
In any event, cookies are kept for a maximum of 13 months after they are deposited.
– Cookies for audience measurement
Personal data is collected by these cookies. It only concerns the User’s IP address. The User can freely accept or refuse the use of these cookies when he/she starts browsing the Website, via the information banner that appears on the page. These cookies will only be activated if the User expressly consents to them.
If the User has given his/her consent to the use of these cookies, he/she can withdraw it at any time in the future, by modifying the settings relating to cookies.
– Anonymous statistical cookies
Personal data is collected by these cookies, before being anonymised. It concerns the type of device used, its location and the User’s gender.
The User can freely accept or refuse the use of these cookies when he/she starts browsing the Website, via the information banner that appears on the page. These cookies will only be activated if the User expressly consents to them.
If the User has given his/her consent to the use of these cookies, he/she can withdraw it at any time in the future by modifying the cookie settings on the Website.
6.3 Service providers involved in the management of cookies
For the management of cookies used on the Website, NOAM GROUP uses an external service provider, Google LLC, located at 1600 Amphitheatre Parkway in Mountain View, USA (« Firebase » and « Google Analytics » services).
This service provider has access to the cookies and Personal Data they collect, for the sole purpose of providing the above-mentioned services, to the exclusion of any other use.
This provider is Privacy Shield certified, a mechanism recognised by the European Commission that allows companies to ensure that they provide an adequate level of protection for Personal Data they receive from the European Union.
To learn more about the Privacy Shield program and to view the provider’s certification: https://www.privacyshield.gov/list.
6.4. Managing cookies from the browser
The User has several options for refusing the deposit of cookies.
If most browsers are set by default and accept the installation of cookies, the User has the possibility of choosing to accept all cookies, or to reject them systematically, or to choose which ones he/she accepts depending on the issuer.
– set the parameters of their browser to accept or reject cookies on a case-by-case basis prior to their installation;
– regularly delete cookies from different terminals via their browser.
For the management of cookies and its choices, the configuration of each browser is different. It is described in the browser’s help menu, which allows you to know how to modify your wishes regarding cookies.