Privacy Policy
I. INTRODUCTION AND GENERAL INFORMATION
About us and our website
We, Château Hochberg, 2 rue Château Teutsch 67290 Wingen-sur-Moder, operate this website. To contact us, please use the contact details provided on the “Contact us” page.
If you contact us, we will retain and process the information provided by you, to process your request and any follow-up questions. We are authorised to process data in this context by law (Article 6(1b) of Regulation (EU) 2016/679). We will delete your information once your request has been processed.
Our guidelines
We take the protection of your information very seriously. Your data is therefore treated with the utmost care and in scrupulous compliance with applicable data protection legislation. We have taken technical and organisational security measures to protect all our websites from the risks associated with the processing of personal data. Our partners, who support us in the provision of this website, also undertake to comply with these conditions.
What information do we systematically record?
You can view all sections of our website where access is not protected without revealing your identity. We systematically record each use of our website in order to rectify malfunctions and clarify security incidents. Further details on the recorded data log can be found in “How do we process your data?”.
What rights do we have to process your data?
We respect your privacy. Therefore, we only process your data when we are authorised to do so. It goes without saying that you can also authorise us to process your data by consenting to data processing on our website. In other cases, we process your data because the law permits us to do so. If, for example, you place an order through our website, we are authorised to process your data in order to perform this contract. The same applies when you use other services on our website which require your data to be processed. We are also authorised to process your data when we have a legitimate interest in doing so. One example of this would be the connection data we collect to ensure the proper functioning of our website. In any case, we will inform you if it is necessary to process your data, and each time your data is processed we will systematically take your interests into consideration. In the event that you have grounds for a complaint, you will find the rights you can claim concerning the treatment of your data in the last section of this page on Data Protection Information.
The following section outlines which authorisations we use and when they are used. You can find more details on how your data is collected, processed and used on our website (i.e. the type, scope and purpose of data processing) in this same section.
II. PROCESSING DATA ON OUR WEBSITE
How do we treat your data (login details, cookies, tracking, etc.)?
Connection data
For technical reasons, each time your web browser accesses our website, it automatically sends information to our web server (i.e. connection data). We record some of this connection information in log files, such as:
- The access date
- The access time
- The URL of the link’s original website
- Files viewed
- The amount of data transferred
- The type and version of browser
- The operating system
- The IP address (made anonymous)
Connection data does not contain personal data. As a general rule, we only analyse connection data in order to rectify website malfunctions or to clarify security incidents. We store this connection data for an indefinite period.
We may need to collect other personal information as well as connection data to rectify malfunctions or to retain evidence of security incidents. In these cases, we are authorised to process connection data by law (Article 6(1f) of Regulation (EU) 2016/679). We delete this data once the fault has been resolved or the security incident is fully clarified, or if the original purpose of processing the data no longer exists due to other factors. In the event of a security incident, we will transmit the connection data, within the authorised limits, to investigating authorities, on a case-by-case basis.
We always keep connection data separate from other data collected regarding the use of our website.
Booking via our website
You can book a table, a suite or a seminar room via our website. The collection of “mandatory” data is required to process your booking request.
Below are the data we collect as part of a booking request via our online forms:
“Book a suite”
Mandatory information:
- Title
- Last name and first name
- Telephone number
- Email address
- Date of arrival
- Suite selected
- Number of people
- Number of nights
Optional information:
To help us better process your booking request and to prepare your stay, additional non-mandatory information is also requested, such as whether you would also like to book a table at the restaurant, on what date, for which service, at what time, which menu you would like to sample and any possible comments (allergies, food intolerance).
“Book a table”
Mandatory information:
- Title
- Last name and first name
- Telephone number
- Email address
- Date of arrival
- Service selected
- Number of people
Optional information:
To help us better process your booking request and to prepare your stay, additional non-mandatory information is also requested, such as whether you would also like to book a suite at the hotel, which suite, on what date, for how many people and any possible comments (allergies, food intolerance).
“Request a quote for your event”
To answer your request and to establish a precise estimate for your booking of our cellar for your event, we gather mandatory and non-mandatory information on your company, the event, and on you, the person submitting a quote request.
Mandatory information:
- Company
- Type of event
- Date of event
- Flexibility of the date
- Number of participants
- Services requested
- Needs (hotel and restaurant)
- First name
- Last name
- Position
- Telephone
- Email address
Creating an account on our website
You can create an account on our website when placing an order on our online store. You are not required to create an account to place an order but this allows for follow-up on your order and order history. We collect and process the following information as part of the registration process:
Mandatory information:
- First name and last name
- Delivery address
- Billing address
- Email address
- Password
We are authorised to process your personal data to provide personalised services by law (Article 6(1b) of Regulation (EU) 2016/679). We store registered users’ data until customer accounts are deleted. If you would like your user account to be deleted, please contact us by email or phone, and all data collected via our website will then be removed from our databases.
It goes without saying that, upon your request, we will provide you with information on any data we may have that concerns you. We will also be happy to correct any incorrect information or to delete the information we have on you, upon your request, provided that said deletion is not prohibited under the terms of our legal obligations to retain certain information. If you would like to lodge such a request, please use the contact information provided at the end of this Data Protection Information page.
Purchases on our website
You can also use our website to access services requiring a payment (i.e. orders on the online store). We collect and process the following information when services are ordered:
Mandatory information (unregistered users):
- First name and last name of the buyer
- First name and last name of the recipient(s)
- Postal Address of the buyer
- Postal address of the recipient (if sent by post)
- Telephone number of the buyer
- Email address of the buyer
- Email address of the recipient (if sent by e-mail)
- Invoicing data (data based on the type of payment we accept and which was selected by the user)
The following information is also collected when orders are placed by users with a customer account:
Mandatory information (users with a customer account)
- Invoicing data (depending on the type of payment we accept and which was chosen by the user)
- Date and amount of all purchases (display of all previous purchases in the user account)
Payment is made on our bank’s secure server via HTTPS to ensure the security of your data during transmission.
We only use information concerning you when processing your order. We are authorised by law (Article 6(1b) of Regulation (EU) 2016/679). We store information regarding orders until the expiry of the legal retention period, at a minimum. We store data provided when creating the account until the user deletes his/her account.
Newsletter
You can subscribe to our newsletter via our website. We use a “double opt-in” process. Subscription to the newsletter is only effective if the e-mail address holder expressly confirms newsletter activation by clicking on the link in the confirmation e-mail.
As part of your registration, and so as to send you personalised communications, the following information is required:
- Title
- First name
- Last name
- Country
- Email address
- Preferred language of communication
You can also subscribe to our partners’ newsletter (Lalique, Villa René Lalique Hôtel & Restaurant, Château Lafaurie-Peyraguey Hôtel & Restaurant). If you consent to receive offers and news from our partners, we will send them the information required as part of your registration. Without your consent, no communication will be sent to you from our partners and no information concerning you will be transmitted to them.
If you would like to receive our newsletter and, therefore, consent to it being sent to you, your details will be used exclusively for this purpose. We are authorised to process your data for this purpose, with your consent, (Article 6(1a) of Regulation (EU) 2016/679). You may retract this consent at any time by clicking on the corresponding link in each copy of our newsletter. We will take note of the fact that you wish to unsubscribe from the newsletter in our database.
In which case we will transmit your data
We work with several service providers to implement and operate our website. We carefully selected these service providers and entered into a data protection agreement with each of them to ensure the security of your information.
The service providers we use to implement and operate our website are:
- Hosting services provider
- Programming services provider
- Sales and marketing service provider
We only transmit your data to other recipients in cases where it is necessary to execute a contract with you, in cases where we or the recipients have a legitimate interest in the disclosure of your data, or when you have given your consent for said transmission. These recipients include service providers and other companies within our group. Furthermore, your data may be transmitted to other recipients if we are obliged to do so under legal provisions or by binding judicial or administrative decisions.
Other recipients of your data are:
- Forwarders concerning the delivery of gift vouchers
- Payment processing service providers
III. RIGHTS OF USERS
Your rights
If you have grounds for a complaint, you can find an overview of your rights below. To exercise your rights, please use the contact information provided at the end of this Data Protection Information page.
Right to information: upon your request, we will provide you with information on any data we may have that concerns you.
Right to deletion: we will delete the information in our possession concerning you, upon your request. However, some data will only be deleted when subject to a defined retention period, for example, because we are legally obliged to retain the data in certain cases (i.e. invoices) or because we need the data to fulfil our contractual obligations toward you.
Right to block data: In certain cases provided for by the Regulation, we will block your data if you so request. Blocked data is only subject to further processing to a very limited extent.
Right to withdrawal of consent: You may at any time withdraw the consent you have given for processing your data, without retroactive effect. The legality of the processing of your data will not be affected until you withdraw your consent.
Right to object to data processing: You may at any time object to the processing of your data, without retroactive effect, if we process your data on the basis of one of the legal justifications set out in Article 6(1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no compelling and legitimate reasons for further processing. Processing your data for direct marketing purposes never constitutes a compelling and legitimate reason, in our view.
Right to data portability: Upon your request, we can provide you with some information in a structured, commonly used and readable format.
Right to appeal to a regulatory authority: You can file a data protection appeal with a data protection authority. To do this, please contact the data protection authority responsible for your place of residence or the data protection authority we report to (referred to below).
The National Commission on Informatics and Liberty (Commission Nationale de l’Informatique et des Libertés [CNIL]), www.cnil.fr.
Your contact person for data protection
If you have any questions concerning data protection or the exercising of your rights, you can use the following contact information to contact our Data Protection Officer directly:
Château Hochberg SAS
For the attention of the Data Protection Officer
2 rue Château Teutsch
67290 Wingen-sur-Moder
communication@chateauhochberg.com
Changes to this Data Protection Information
This Data Protection Information reflects the current status of data processing on our website. In the event of changes to data processing, this Data Protection Information will be updated accordingly. We always provide the latest version of this information pertaining to Data Protection on our website, in order for you to find any necessary information on the scope of data processing on our website.