Privacy Policy
Le Domaine du Mas de Pierre
1. Introduction
As an entity of the Elancia group, Mas de Pierre (“we”, “us”, “our”) offers its clients and prospects (“you”, “your”) hotel services, including in particular accommodation, dining and spa services, as well as special offers, gift boxes and associated newsletters.
This privacy policy describes, for all our activities, our practices for collecting, using, and transferring your personal data.
We are committed to ensuring the protection of your data in compliance with the General Data Protection Regulation (No. 2016/679) and the French Data Protection Act (No. 78-17).
The Data Controller is le Mas de Pierre, a general partnership registered with the Grasse Trade and Companies Register under SIREN number 450.228.317, with its registered office for all matters relating to personal data at 265 Avenue des Etats du Languedoc, 34961 Montpellier Cedex 2, CS 99553.
The Data Controller’s representative is the hotel director, Mrs. Audrey Jorge.
2. Collection of Your Personal Data
Your data and that of persons accompanying you may be collected directly from you on the Mas de Pierre website (via information forms, booking forms, cookies, or the chatbot), or during your stay at the Mas de Pierre (completed forms, information provided verbally, etc.).
Due to the nature of the services offered, your data may be collected by other entities and transmitted to us, primarily booking sites, service providers, and platforms. We may also collect data from affiliated entities, business partners, subcontractors, and service providers if their personal data protection policies permit. In any event, your data will not be collected from publicly accessible sources.
Given the foregoing, this Privacy Policy is intended to inform not only persons whose data is directly collected, but also those whose data is indirectly collected by and/or for the Mas de Pierre, in accordance with Articles 13 and 14 of the General Data Protection Regulation (No. 2016/679).
3. Personal Data We Process
The term “personal data” refers to any information that makes it possible to identify a natural person directly or indirectly. This applies to a surname or first name, but also to the language you speak, the details of your booking, your vehicle registration plate, etc.
The term “purpose” refers to the reason why we process your personal data.
The term “legal basis” refers to the legal grounds on which the processing of your data is based. Any processing must necessarily be based on a legal basis in order to be lawful.
No data collected and processed by the Mas de Pierre is subject to processing for any subsequent purpose other than that indicated in the tables below.
Summary table of data categories processed, processing purposes, and retention periods:
| Purpose | Data Categories Processed | Retention Period |
| Protection of the establishment through video surveillance | Images and all data deducible from them | 15 days on the Mas de Pierre servers |
| Booking, provision, and payment for services offered |
Identification data and contact details Banking data Health data |
10 years from the transaction (billing data) Data necessary for payment is retained from the credit card imprint (if applicable) to actual payment, and may be retained longer with consent Duration of service provision, particularly for spa or restaurant services, and retention of health form for 13 months with client consent |
| Management and sending of a newsletter | Identification data, contact details, data relating to newsletter tracking (email opened, link clicked, etc.) |
As long as the person is subscribed, with annual purging of “inactive” subscribers Removal from active database upon receipt of consent withdrawal or a request to that effect, retention for evidentiary purposes for 5 years |
| Conducting satisfaction surveys by sending questionnaires |
Identification data and contact details Responses to questionnaires (pre- and post-stay) |
This data is anonymized after processing by the service provider and before publication of the review 3 years from the last service or last contact |
| Complaint management | Identification data, contact details, stay-related information, complaint content | During processing of the request, then 5 years for evidentiary purposes |
| Litigation management | Any data relevant to the litigation |
At the latest until the statute of limitations for the corresponding action Court decisions are retained indefinitely |
| Digital marketing | Selected targeting criteria | Data is held by marketing service providers (social networks and search engines) according to the durations defined by each |
| Management of the Data Controller’s contractual partners | Professional identification data of partner personnel | Duration of contract with contractual partner, then 5 years for evidentiary purposes |
| Website management and operation |
Connection data required for proper website operation / necessary cookies Data entered in the Velma chatbot |
13 months maximum 6 months |
| Cookie management | Necessary cookie data, including: location, page tracking, links clicked, etc. | 6 months maximum |
| Communication management (Social networks) |
Any public data posted online by social network users, and/or messages exchanged with the Data Controller’s accounts |
As long as the person is subscribed, with annual purging of “inactive” subscribers Removal from active database upon receipt of consent withdrawal or a request to that effect, retention for evidentiary purposes for 5 years |
| Conducting satisfaction surveys by sending questionnaires | Data required by Article R814-2 of the Code on the Entry and Residence of Foreigners and the Right of Asylum | Duration imposed by Article R814-3 of the Code on the Entry and Residence of Foreigners and the Right of Asylum (6 months) |
| General accounting | Elements appearing on invoices | Duration imposed by Article L123-22 of the Commercial Code (10 years) |
| Exercise of GDPR rights (outlined below) |
Identification data and contact details, relevant data for processing the request | Duration of request processing, then 5 years for evidentiary purposes |
Summary table of legal bases associated with each purpose:
| Legal Basis | Associated Purposes | Details |
| Contractual performance |
Booking, provision, and payment for services Management of contractual partners |
N/A |
| Legitimate interest |
Protection of the establishment through video surveillance Provision of WiFi connection throughout the premises Satisfaction survey Management of necessary cookies or cookies exempt from consent Management of trackers and similar online tracking technologies (excluding cookies) Social network management Complaint and litigation management Digital marketing |
Security of property and persons Service improvement through provision of internet access Seeking service improvement through feedback collection Proper website operation and audience measurement External communication management and personalized advertising Monitoring, research, and improvement of customer experience Defense of the Data Controller’s interests in court External marketing management through targeted advertising |
| Consent |
All health data regardless of purpose All banking data for retention beyond service execution regardless of purpose Cookie management (non-necessary) Newsletter management and sending |
N/A |
| Legal obligation |
General accounting Police form Maintenance of a single personnel register Exercise of rights guaranteed by GDPR |
This includes billing data resulting from certain contractual performances |
We also recommend that you provide as little information as possible about persons other than yourself or about your health and theirs when browsing the site (particularly when using the chatbot) and, generally, during your stay.
4. Connection Cookies and Other Web Technologies
We collect data via connection cookies, trackers, cookies, and other similar technologies (web beacons).
“Cookies” are small text files that are automatically copied to your computer or mobile device when you visit a website. These “cookies” contain basic information about your internet usage. Your browser sends these “cookies” to our website each time you visit it so that your computer or mobile device is recognized and your browsing experience is personalized and improved.
Some cookies are considered “necessary,” meaning the website cannot function and display on your device without them.
Others are considered “non-necessary” and are intended to establish traffic statistics or to personalize and improve your browsing experience and the targeting of advertisements you see. These will only be placed on your browser if you expressly accept them.
You can control your consent to non-necessary cookies through a drop-down banner displayed during your first visit to the site, and then at any time by clicking on the “cookie settings” bar displayed at the bottom right of your screen when browsing our site.
Lists of cookies and trackers, their purposes, and the partners installing them are available in the “configure your choices” and “view partners” tabs of the drop-down banner.
Furthermore, our website may contain links to third-party websites, applications, and plug-ins. If you access other websites from links provided on our website, the operators of these sites may collect or share information about you. This information will be used by these operators in accordance with their privacy policy, which may differ from ours. We invite you to read these privacy policies and contact these third parties directly if you have questions about their practices.
5. Sources Providing Us with Your Data and Recipients
When we do not collect your data directly, it is transmitted to us by our subcontractors and partners, primarily booking platforms offering our services: travel agencies, tour operators, online travel agencies (particularly online booking platforms), etc.
Within le Mas de Pierre, your data is only accessible to persons who strictly need to know it. It may be shared with the following categories of recipients:
- Intra-group: other companies of the Elancia Group, particularly Socri Financière Hôtelière and Elancia, primarily for marketing, accounting, HR, and legal matters.
- Official authorities: to fulfill and satisfy our legal obligations, your data may be transmitted to such authorities, such as:
- Police services (example: video surveillance images provided to a judicial police officer upon requisition).
- Judicial bodies (example: all elements necessary for the legal defense of the Mas de Pierre, such as invoices and stay details).
- Regulatory bodies (example: billing elements for auditors).
- Website: your data may be shared with our service providers who operate our website (example: audience measurement) or enable us to offer our online services (example: automatic redirection to our online payment provider).
- Satisfaction surveys and newsletter: your data may be shared with our service providers who offer us these services.
6. Data Security and International Transfers
We have implemented technical and organizational measures appropriate to the degree of sensitivity of personal data, to ensure the integrity and confidentiality of data and to protect it against any malicious intrusion, loss, alteration, or disclosure to unauthorized third parties.
We regularly conduct audits to verify proper operational application of data security rules.
To meet these commitments, our service providers and subcontractors are carefully selected and required to maintain a level of personal data protection at least equivalent to ours.
For example, our Consent Management Platform provider (the banner allowing you to make your cookie choices) was selected because it anonymizes data collected by non-necessary cookies before communicating it to Google Analytics.
In this way, your data does not transit through the United States (a country considered not to offer a level of data protection equivalent to that of the EU).
For certain service providers, data is transferred outside the European Union to countries that are not subject to adequacy decisions by the European Commission, such as the United States.
In these cases, we only select service providers that have adopted SCCs (Standard Contractual Clauses) or obtained certifications (example: Data Privacy Framework) to best protect your data.
Additionally, we implement organizational measures on our end to limit and secure data transfers as much as possible.
7. Your Rights
In accordance with data protection regulations, you have the following rights concerning your personal data:
- Rights of access, rectification, and erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability,
- Right not to be subject to automated processing or profiling. However, regarding processing carried out by (or for) the Mas de Pierre, none constitutes automated processing or profiling with significant legal impact on you.
You may exercise your rights or request additional information through the following means:
- By email by contacting info@lemasdepierre.com
- By mail to the following postal address: 265 Avenue des Etats du Languedoc, CS 99553, 34961 Montpellier Cedex 2
- At the hotel reception
If you would like more information or if you believe, despite our responses, that they are insufficient, or that data processing is unlawful, you may contact the National Commission on Informatics and Liberty (https://www.cnil.fr/fr/plaintes).
8. Personal Data Retention Period
We retain your personal data for the period necessary for the purposes for which we collected it, particularly to satisfy any legal or accounting requirements and any legal accountability obligations.
9. Amendments to the Privacy Policy
We may modify, update, and/or replace this privacy policy, particularly in the event of changes to personal data protection regulations. We therefore recommend that you regularly consult this personal data protection policy to review its latest version.
