Confidentiality policy

Our Philosophy and Commitments

Hôtel Suzie Blue is committed to protecting your personal data and ensuring a high level of protection in accordance with European Regulation 2016/679 (GDPR) and the French Data Protection Act No. 78-17.

Accordingly, you will find below our Personal Data Protection Policy, which explains in particular what personal data we collect, how it is processed and on what basis, how it is stored, and what your individual rights are. We invite you to read it carefully.

Our Data Protection Officer (DPO) is available to answer all your questions and may be contacted at the following address: RGPD@madeho.fr

You may consult the full text of the European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or contact the supervisory authority (CNIL) via its website: www.CNIL.fr.

This version of the Personal Data Policy may be amended by us when necessary, and you will be duly informed.

Data Controller

Hôtel Suzie Blue is the data controller of your personal data.
Address: 2 Bis Rue Commines, 75003 Paris, France
Hereinafter referred to as “Hôtel Suzie Blue” or “We”.

Your Personal Data and Its Collection by Hôtel Suzie Blue

Your personal data may be collected during:

  • Your visit to our website
  • Our exchanges with you
  • Prospecting activities
  • The formation or performance of contracts

We do not collect any data that is unnecessary for the stated purposes or data prohibited by law. Certain data is mandatory, while other data is optional; you are informed of which is which at the time of collection.

Your personal data may also be collected by third-party providers or partners, who undertake to comply with European and French regulations on personal data protection.

Our policy is not to transfer your data outside the European Union. Should such a transfer occur by exception, it will only be to a country or organization recognized under an adequacy decision (Article 45 GDPR) or offering appropriate safeguards (Article 46 GDPR).

We do not engage in automated decision-making.

We may collect the following categories of personal data:

  • Civil status, identity, contact details, images
  • Personal life information
  • Professional information
  • Economic and financial data
  • Connection data
  • National identification number
  • Health-related data
  • Criminal convictions or offences

Processing of Your Personal Data

Your personal data is entered into databases, where it may be stored, retained, corrected, deleted, archived, anonymized, pseudonymized, or transferred to trusted third parties.

We process personal data for the following purposes (or those specified at the time of collection):

  1. Informing you of our commercial and promotional offers; communicating with you
    • We may use your data for commercial prospecting, including sending product/service information, offers, quotes, news, and pre-contractual documents by email, mail, or telephone.
  2. Performance of contracts and client follow-up
    • To fulfill ongoing contracts in line with your requests, to send information about your orders, invoices, warranties, and legal obligations, as well as to manage claims, disputes, and your client history.
  3. Improving services and offers
    • To optimize your use of our services, improve products, follow user journeys, conduct satisfaction surveys, and perform anonymous statistical analysis.
  4. Payments
    • Bank details may be collected directly or via a secure, selected provider guaranteeing confidentiality. Data is retained only as long as legally required or for contract performance.
  5. Fraud prevention
    • To prevent fraudulent activity, particularly relating to payments. Payment security providers may access this data.
  6. Compliance with legal or judicial requirements
    • To respond to requests from authorities or courts, comply with judicial decisions, enforce our terms of service, protect our rights, or prevent unlawful actions including fraud.

Additional processing may include:

  • Business relationship management
  • Marketing campaigns by email, mail, or phone (including via third parties)
  • Electronic signature services
  • Creation and management of user accounts
  • Cookie management (performance, third-party advertising, analytical)

Legal Basis for Processing

In accordance with GDPR, processing is lawful if based on one of the following:

  • Consent: you expressly consent to the processing of your data (revocable at any time by contacting our DPO).
  • Contract: processing is necessary for the performance of a contract between you and us.
  • Legitimate interest: processing is required for our legitimate interests, provided they respect your fundamental rights and freedoms.
  • Legal obligation: where laws or regulations require processing and retention of your data.

Data Retention

Your personal data is managed in three phases:

  • Active phase: retained for operational purposes for the time indicated, accessible only by authorized staff.
  • Archiving phase: retained for additional time with restricted access, for legitimate purposes (e.g. accounting, tax, evidentiary).
  • Deletion/anonymization phase: data is deleted or anonymized once retention periods expire.

Retention periods vary depending on the purpose of processing and applicable regulations.

Withdrawal of Consent

You may withdraw consent at any time by contacting our DPO by email or post, specifying your full name, email, address, and the nature of your request.

Your Rights

You have the following rights:

  • Access: to confirm whether data is processed and obtain a copy.
  • Portability: to receive certain data in a structured, machine-readable format.
  • Objection: to object to commercial prospecting or, in some cases, to other processing.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): to request deletion of data when no longer necessary, subject to legal retention requirements.
  • Restriction: to limit processing in specific cases (illegal use, contested accuracy, need to establish or defend legal claims).
  • Human intervention: in case of automated decision-making, you may request information about the criteria used.

Requests can be made to RGPD@madeho.fr or by post: Hôtel Suzie Blue, 2 Bis Rue Commines, 75003 Paris, France. Verified requests will be addressed within one month.

You may also file a complaint with the CNIL (French Data Protection Authority).

Subcontractors and Partners

Hôtel Suzie Blue may share your data with subcontractors for the purposes described herein. Such subcontractors must provide the same level of confidentiality and comply with GDPR.

We do not sell your personal data. For the identity of providers or partners with whom your data is shared, please contact our DPO at RGPD@madeho.fr.

These providers may include:

  • Service providers executing or managing contracts
  • Data analysis and optimization service providers
  • Statutory auditors, accountants, consultants, lawyers, audit firms, IT and security providers
  • Investors or acquirers

We may also disclose data to French authorities, administrations, and courts when legally required.