PRIVACY AND PERSONAL DATA PROTECTION POLICY

Last updated: 01/14/2026

SARL LE GUÉ LÉGER (hereinafter "we") attaches great importance to the protection of your privacy. This policy aims to inform you transparently about how we collect, use, and protect your personal data, our commitments, and your rights, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation or "GDPR"), the amended French Data Protection Act No. 78-17 of January 6, 1978, and its implementing texts.

1. DATA CONTROLLER

The entity responsible for processing data (Data Controller) is: SARL LE GUÉ LÉGER

Registered Office: Le Gué Léger, 37600 Chanceaux-près-Loches, France.

RCS Tours: 942 082 850

Contact Email: contact@gueleger.com

2. WHAT DATA DO WE COLLECT? (CATEGORIES OF PROCESSED DATA)

In the course of our business, we are required to collect the following personal data:

A- Identity and personal life data: Surname, first name, postal address, phone number, email address.

B- Stay-related data: Arrival and departure dates, number of adults and children, ages of children (for the calculation of the tourist tax).

C- Payment data: Payment history (deposit, balance). Important note: We never have access to your full credit card numbers, which are processed securely and encrypted by our payment providers (Stripe/Swikly).

D- Data relating to the contractual relationship: Stay reservations, claims, correspondence and communications exchanged with our company, as well as any information communicated via contact forms or, more generally, exchanged with our company.

E- Connection data: IP address, cookies (for the technical functioning of our website).

F- Video protection: Images of occupants from security cameras located outside the buildings (parking lot, entrances).

3. WHY DO WE USE YOUR DATA? (PURPOSES OF PROCESSING)

Your data is collected solely for specific and legitimate purposes:

A- Reservation management: To validate your stay, send you contractual documentation and arrival instructions, and communicate with you before/during the stay.

B- Invoicing and accounting: Issuing invoices and maintaining accounts. Collection and remittance of the tourist tax (taxe de séjour). Completion of the "Individual Police Form" for foreign travelers (Article R. 611-42 of the CESEDA).

C- Communication and Loyalty: Sending practical information and, if you have consented, our newsletter or commercial offers.

D- Security management: Management of the security deposit via Swikly and securing the premises via video protection.

E- Management of our contracts and client file.

4. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR DATA? (LEGAL BASIS)

We collect and process your data, as applicable:

A- For the performance of contracts concluded with our clients or other business partners;

B- For the purposes of our legitimate interests, such as managing relationships with our clients and other business partners, and securing the premises;

C- To comply with our legal and regulatory obligations and to ensure the defense of our rights;

D- And/or based on the consent of the individuals concerned.

In the event that the individual whose personal data we process has objected to such processing, we may nevertheless be authorized to carry out or continue said processing on one of the other legal bases mentioned above.

5. DATA SHARING

We NEVER sell your data to third parties. It is only transmitted to members of our teams authorized to process your data, as well as to the service providers/partners strictly necessary for the exercise of our activity and the execution of the contract listed below, and to supervisory authorities (regulators), administrative authorities, and courts:

A- Smoobu (Germany): Our reservation management software (Channel Manager) and website host.

B- Stripe (USA/Europe): For secure payment processing.

C- Swikly (France): For securing the security deposit.

D- Ringover (France): For managing our telephony and communications (calls, SMS, WhatsApp).

E- Brevo (France): For managing our email campaigns and newsletters.

F- Google (USA/Europe): For our office suite (professional emails) and audience analysis (Analytics).

G- Zapier (USA): For technical automation allowing our software to connect with each other.

H- Pricelabs (USA): For optimizing our pricing.

I- Chartered Accountant: For our tax obligations.

All these providers comply with the GDPR and the amended Data Protection Act of January 6, 1978, and are committed to protecting your data. As some of our service providers (Google, Stripe, Zapier, Pricelabs) are located outside the European Union, data transfers are governed by guarantee mechanisms validated by the European Commission (Standard Contractual Clauses or the EU-U.S. Data Privacy Framework).

6. RETENTION PERIODS

We only keep your data for the time necessary for the purposes for which it was collected, in compliance with current regulations and without prejudice to legal retention obligations and limitation periods.

A- Reservation data: Minimum 5 years after the end of the stay (legal limitation period) or minimum 10 years when the contract is concluded with a consumer electronically and relates to a sum equal to or greater than €120.

B- Invoices and accounting: Minimum 10 years (fiscal obligation).

C- Management of our client file / Management and follow-up of our relationship with clients: Duration of the relationship, then for a maximum of 3 years from the end of the relationship.

D- Security deposit imprint (Swikly): Maximum 14 days after departure (automatic deletion after departure unless there is a dispute).

E- Video protection images: Maximum 30 days, then automatically overwritten. In the event of an incident, extracted images are kept for the duration of the procedure.

F- Police form data: Individual police forms, collected in accordance with Article R. 611-42 of the CESEDA, are kept securely for a legal duration of 6 months, then permanently destroyed (by shredding or secure deletion). They are only transmitted to the authorities upon judicial requisition and are not used for any commercial purpose.

7. SECURITY OF YOUR DATA

We implement appropriate standard technical and organizational measures to protect your data against unauthorized access, loss, or alteration (secure hosting, HTTPS protocols, access restricted to managers only).

8. YOUR RIGHTS

In accordance with regulations, you have the following rights regarding your data:

A- Obtain a copy of your personal data – "Right of access": You have the right to ask for confirmation regarding the personal data actually processed, to obtain a copy of such personal data, and information on how we process said data.

B- Correct your personal data – "Right to rectification": You have the right to ask us to rectify your personal data if it is inaccurate or incomplete.

C- Delete your personal data – "Right to erasure" (or "Right to be forgotten"): You have the right to ask us to delete your personal data, particularly when: there is no longer any reason for us to process it; if you withdraw your consent or object to the way we process your personal data (see "Right to object" below); if its processing is unlawful; or if its deletion is necessary to comply with a legal obligation.

D- Freeze the use of your personal data – "Right to restriction of processing": You can ask us to restrict the processing of your personal data if: You believe the personal data is inaccurate; The processing is unlawful and you prefer a restriction of your personal data rather than its erasure; The personal data is no longer necessary for our processing but may be required by you for legal claims; You have exercised your right to object (see below) and wish to verify whether the legitimate grounds we pursue override yours.

E- Request the cessation of processing of your personal data – "Right to object": You can object to the processing of your personal data based on our legitimate interests, unless we can demonstrate that our legitimate interests override your rights or if your personal data is necessary for legal claims.

F- Choose and change your mind – "Right to withdraw consent": If you have consented to the processing of your personal data, you have the right to withdraw your consent at any time.

G- Move your personal data – "Right to data portability": Under certain conditions, you have the right to receive a copy of your personal data in order to transmit it to another data controller.

H- Give post-mortem directives: You have the right to register directives with us regarding the fate of your personal data after your death.

You can obtain more information on the scope of these rights on the CNIL website here: https://www.cnil.fr/en/rights-mastering-your-personal-data. To exercise these rights, simply contact us by email at contact@gueleger.com. The data subject also has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) regarding the processing of their personal data (www.cnil.fr/en/plaints).

9. COOKIES AND TRACKERS

9.1 Use of Cookies

When browsing our site, cookies (text files) are deposited on your computer, mobile, or tablet. We use cookies for:

A- The proper technical functioning of the site (Smoobu reservation management).

B- Audience and traffic measurement via Google Analytics.

This allows us to understand how users navigate our site in order to improve ergonomics and content (e.g., new wellness offers, seminars).

9.2 Consent

By continuing to browse this site, you accept the use of these cookies. An information banner is displayed during your first visit to warn you.

9.3 Management and refusal of cookies

If you wish to refuse statistical tracking, you can configure your internet browser to disable cookies:

A- In Chrome: Menu > Settings > Privacy and security > Cookies.

B- In Firefox: Menu > Options > Privacy & Security.

C- In Safari: Preferences > Privacy.

The retention period for this audience measurement information does not exceed 13 months.

10. CHANGES TO OUR POLICY

We reserve the right to modify this privacy and personal data protection policy. In the event of a significant change affecting your rights, we will take the necessary measures to inform you and will post the updated policy on our website.