HOTEL DU LAC PRIVACY POLICY
Hotel du Lac is committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

CONSENT
We require your consent to collect and process your personal data through this website and other channels. All forms on this site include an opt-in checkbox to confirm you agree to our data processing practices as described in this policy. By submitting your information, you consent to our use of your data as outlined here.

PURPOSE
We collect personal data in order to provide services such as responding to enquiries submitted through our contact form, managing room reservations via Cloudbeds, our reservations management system, and handling table reservations through Resdiary. The required fields in the contact form include first name, surname, and email address, while telephone number is an optional field. For room and table reservations, additional personal details may be collected, including the names, email addresses, and telephone numbers of guests involved in the booking.

DATA PROCESSING AND RETENTION
Personal data collected through our contact forms and other channels is stored securely on our email server, which is protected by strong password controls and security measures aligned with industry best practices. Room reservation data is processed and stored within Cloudbeds, our trusted reservations management platform, while table reservation data is managed and stored within Resdiary, our trusted table booking system.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, such as responding to enquiries, managing bookings, and providing our services, or to comply with applicable legal and regulatory obligations. Contact form data is generally retained for up to 30 days unless it is related to an ongoing or completed booking. For clients who do not proceed with a booking, personal data and related correspondence are deleted on an annual basis. For clients with completed bookings, personal data is retained securely to facilitate future bookings and improve our services.
Access to personal data is strictly limited to authorized personnel who require it to perform their job functions. All electronic systems used to store or process personal data are secured with appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction.
We conduct periodic reviews of the personal data we hold and will securely delete or anonymize any data that is no longer necessary for the purposes outlined above.
Data subjects have the right to request erasure of their personal data at any time, subject to any overriding legal obligations. To exercise this right or for any inquiries regarding our data retention and storage practices, please contact us using the details provided below.

WHAT ARE MY RIGHTS?
When your personal data is collected on this website, you have the following rights:

Right to be informed – individuals have the right to be informed about the collection and use of their personal data.

Right of access – individuals have the right to obtain confirmation that their data is being processed and access to their personal data.

Right to rectification – a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete

Right to be forgotten – individuals can make a request for erasure verbally or in writing.

Right to restrict processing – individuals have the right to request the restriction or suppression of their personal data.

Right to data portability – the right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

Right to object – an individual has the right to object to processing personal data and direct marketing.

Rights related to automated decision-making including profiling – the right of subject access allows a user access to information about the reasoning behind any decisions taken by automated individual decision-making and for profiling.

ACCESS TO THE DATA
In accordance with your right of access under GDPR, you have the right to obtain confirmation as to whether your personal data is being processed and to request access to the data we hold about you. To make a data access request, please contact us by email or telephone: info@lacdemontriond.com or +33 603 568 505. We will respond to your request within 5 working days. 

REQUESTING DELETION OF YOUR DATA
Under the ‘right to be forgotten’ (right to erasure), you may request that we erase your personal data. To make a deletion request, please contact us by email or telephone using the details above. We will process your request in line with GDPR requirements and any applicable legal obligations.

OUR DATA BREACH POLICY
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
While we do everything in our power to prevent this, if a data breach was to occur, we would endeavour to inform the supervisory authority (ICO) within 72 hours. We would also endeavour to inform all affected users about any potential risks which may come as a result of the breach.
If a data breach was to occur, we will document all relevant information and be completely transparent with any users who may be affected. All breaches shall be recorded, including facts relating to the breach, its effects and the remedial action taken. Following a breach, we will ensure to investigate whether the breach occurred as a result of human error or a systemic issue.