Privacy Policy

Processing is carried out by [company to be completed] as controller for Nuit d'Extase and Détente et Spa activities.

Data protection contact: [dedicated email].

Booking data: identity, contact details, stay dates, amounts, payment history (necessary to perform the contract).

Technical data: cookies and logs for security and service improvement, subject to consent where required.

Marketing: email and/or SMS only with separate, explicit opt-in.

Access codes (e.g. smart lock): sent by email or SMS for your booking, based on contract performance and legitimate interest in property security.

Contract performance; legal obligations (invoicing, accounting); legitimate interests (security, fraud prevention); consent for marketing and non-essential cookies.

Booking and accounting records are kept as long as required by law (often several years — confirm with your accountant).

Marketing data until consent is withdrawn or after a defined period of inactivity, in line with CNIL-style practice.

You may request access, rectification, erasure, restriction, objection, and data portability where applicable.

You may withdraw consent for marketing at any time.

You may lodge a complaint with your supervisory authority (in France: CNIL, www.cnil.fr).

Appropriate technical and organisational measures are applied (HTTPS, professional hosting, data minimisation). Payment, email, SMS, and lock providers act as processors under GDPR-compliant agreements.