Check out our offers and news

Privacy policy

PREAMBLE

SAS KERMOBE – La Maison Obono undertakes to ensure that your data is collected and processed in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulation (GDPR) and Law No. 78-17 of 6 January 1978 on information technology, files and civil liberties.

The collection of personal data from its customers is limited to what is strictly necessary, in accordance with the principle of data minimisation, and indicates the purposes for which the data is collected, whether providing this data is optional or mandatory for managing requests, and who may have access to it.

I. About us

KERMOBE is a simplified joint-stock company (SAS) with its registered office at Impasse de Kerdréan 56400 LE BONO and registered under SIRET number 88460585800023.

The Company offers the following services:

Hotel accommodation and catering services

II. Definitions

Site” refers to the Company’s website, namely maison-obono.com

Cookies”: A cookie is a piece of information stored on a user’s hard drive by the server of the website they are visiting. It contains several pieces of data: the name of the server that stored it, an identifier in the form of a unique number or text, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.

“Personal data” refers to any information relating to an identified or identifiable natural person, either directly or indirectly, by reference to an identification number or to one or more factors specific to that person. This includes, for example, the User’s email address.

Customer” refers to any natural or legal person who makes a booking on the Website, through our partner service providers (e.g. Booking.com) or directly with the receptionist on duty at the establishment whose address is indicated in Article I;

Reservation” refers to any reservation made by the User, Customer, Professional or Consumer in order to benefit from the Company’s Services;

Terms and Conditions of Sale and Use” or “T&Cs” refers to the Company’s terms and conditions of sale and use;

“Consumer” refers to the purchaser who is a natural person and is not acting for professional purposes and/or outside their professional activity;

“Professional” refers to the purchaser who is a legal entity or natural person acting within the scope of their professional activity;

Services” refers to all services and/or products offered to Customer and Professional Users by the Company through the Websites owned by the Company;

Company” refers to the company SAS KERMOBE – La Maison Obono, as further described in Article I herein;

User” refers to any person who uses the Website.

Account” refers to the customer’s personal space with the Company’s partner service providers.

Quote” refers to a quote provided by the Company for a specific, tailor-made service requested by the Customer

GDPR” refers to the General Data Protection Regulation applicable from 25 May 2018.

Processing of personal data” refers to any operation or set of operations performed on such data, regardless of the process used (collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction of processing, erasure or destruction)

III. Protection of Personal Data

In accordance with the French Data Protection Act of 6 January 1978 and the General Data Protection Regulation 2016/679 (GDPR), information about you is intended for the Company, which is responsible for processing it. You have the right to access, rectify and delete data concerning you (details in Article VIII). You can exercise this right by sending an email to contact@maison-obono.com

By connecting to the company’s website maison-obono.com, you are accessing content protected by law, in particular by the provisions of the Intellectual Property Code. The Company authorises only strictly personal use of the information or content to which you have access, limited to storage on your computer for display on a single screen and reproduction, where authorised (link or download button) for copying or printing on paper. Any other use is subject to our express prior authorisation. By continuing your visit, you agree to comply with the above restrictions.

The Company requires its Customers, Users, Consumers and Professionals to comply with the laws in force and the ethical rules of use necessary to establish a relationship of trust between the Company and its Customers, Users, Consumers and Professionals.

The Company requires its Users to comply with a set of obligations through its T&Cs/Terms of Use.

Any breach of these obligations may result in the cancellation without notice of a booking made on the Company’s website or directly with the hotel.

PLEASE NOTE THAT THE COMPANY DOES NOT EXCHANGE OR RENT THE FILES OF ITS CUSTOMERS AND PROSPECTS.

The Company’s website is not intended for minors. We do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior consent of the holder of parental authority, we will take appropriate measures to delete such personal data from our servers.

IV. Data Controller

The data controller for the personal data referred to herein is Pauline Olivier, Director of Maison Obono, whose company details are set out in Article I on this page.

V. Nature of the Data Collected

User information and rights
The company hereby clearly informs you about the processing of personal data that it carries out in the course of its business, how the data is collected, used and protected.

All Users, Customers, Consumers and Professionals have the right to request access to the personal data provided from the data controller;

  • The rectification or erasure of such data;
  • A restriction on processing relating to them;
  • To object to the processing;
  • Data portability;
  • To lodge a complaint with the CNIL (French Data Protection Authority).

Subcontracting
The Company undertakes to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organisational measures to ensure that the processing meets the requirements of the European Data Protection Regulation (see the list of data recipients in Article VII).

VI. Data collected on the website and at the establishment

Data collected on the website (contact form)
When a Customer, User, Consumer or Professional makes a booking request on the website via our contact form, the following data is collected and processed by the Company: email address, first name, surname, telephone number, country, arrival date, departure date, number of adults, number of children, additional information that the Customer, Professional, User or Consumer deems necessary for their booking request.

Data collected on the website (via our service provider D-Edge)
When a Customer, User, Consumer or Professional makes a booking request on the website, the following data is collected and processed by our subcontractor D-Edge: email address, first name, surname, country, telephone number, IP address, room type, booking price, date of stay, credit card number (16 digits + expiry date) and any additional information that the customer, consumer, professional or user may wish to provide if they deem this information necessary for their booking.

The data is then sent to us by email, with the exception of the credit card number (16 digits + expiry date), which remains securely stored on the D-Edge and Medialog (our PMS) server. This data can only be accessed with a password and username via the intranet between the Company and D-Edge and Medialog.

Data Collected at the Company’s Establishment
Upon a customer’s arrival, the following data is collected and processed: date of arrival and departure from the establishment, room number, number of breakfasts, order history, complaints, incidents, information relating to correspondence on our website or directly with the Company (email message sent directly).

Certain data is collected automatically as a result of the user’s actions on the website (see the paragraph on cookies in Article IX).

Data Collected by a Partner Service Provider
A customer, consumer or professional may book a service provided by the Company through a partner service provider. The data collected in this way (e.g. Booking.com) is subject to the T&Cs/T&Cs and Privacy Policy of these Partner Service Providers and those of the Company.

The data submitted must not include sensitive personal data, such as government identifiers (e.g. social security numbers, driving licence numbers or taxpayer identification numbers), full credit card numbers (unless specifically requested when making a booking on the website by filling in the relevant field on the booking form) or personal bank account numbers, medical records or information relating to requests for care associated with individuals, without this list being exhaustive.

VII. Recipients of Data

Personal data collected about you on the website, at the establishment and from partner service providers is intended for use by the Company and may be passed on to subcontractors that the Company may use in the course of providing its services. The Company ensures that all its subcontractors comply with data protection requirements. The Company does not sell or rent your personal data to third parties for marketing purposes. In accordance with our values, we do not enter into strategic partnerships to share your data by promoting a service or product of a third-party company.

The Company does not disclose your personal data to third parties, except if:

  • you request or authorise the disclosure;
  • the disclosure is necessary to process transactions or provide services you have requested (e.g., to verify your shipping practices or process a credit card transaction with a credit card company);
  • the Company is compelled to do so by a government authority or regulatory body, in the event of a court order, subpoena or other similar government or legal requirement, or to establish or defend a legal claim;
  • the third party is acting as an agent or subcontractor of the Company in the performance of the services.

Currently, the recipients of the data are:

  • MIXIT7: Server management
  • SAS KERMOBE: Operations related to bookkeeping
  • SAS KERMOBE: Website publishing
  • D-EDGE: Payment management
  • GOOGLE ANALYTICS: Website statistics and technical analysis
  • MICROSOFT: Email exchanges between the Company and its Users, Consumers, Customers and Professionals
  • WIFIRST: Wi-Fi service in the hotel available to customers, employees, consumers and professionals

VIII. Right of access, rectification and deletion

In accordance with the Data Protection Act and the General Data Protection Regulation 2016/679 (GDPR), you have the right to access, rectify and delete your personal data, which you can exercise by sending an email to contact@maison-obono.com.

Your request will be processed within 30 days. We may ask you to provide a photocopy of proof of identity or authority with your request.

You can also modify your personal data at any time by clicking on the link at the bottom of each email in our newsletter to unsubscribe or update your contact details.

IX. Use of Cookies

Cookie retention period
In accordance with the recommendations of the CNIL, the maximum retention period for cookies is 13 months after they are first placed on the User’s device, as is the period of validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.

Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, based on the processing of information concerning the frequency of access, the personalisation of pages, the operations carried out and the information consulted.

You are informed that the Company may place cookies on your device. Cookies record information relating to your browsing on the website (the pages you have visited and can visit) that we can read during your subsequent visits.

Cookies enable the Company, during the period of validity or registration of the cookie, to identify your computer during your subsequent visits. The Company’s partners or service providers, or third-party companies, may also place cookies on your computer, subject to your choices.

There are two main categories of cookies:

‘Technical’ cookies. These cookies are essential for browsing our website, in particular for the proper execution of the ordering process.

‘Optional’ cookies. These cookies are not essential for browsing our website but may, for example, facilitate your searches, optimise your user experience and, for us, better target your expectations, improve our offer or optimise the functioning of our website.

This information is stored on your computer for one year. Only the issuer of a cookie can read or modify the information contained in that cookie.

No cookie allows us to identify your civil status.

User’s right to refuse cookies
Deactivation may result in a degraded service.

You acknowledge that you have been informed that the Company may use cookies, and you authorise it to do so.

If you do not want cookies to be used on your device, most browsers allow you to disable cookies through the settings options.

You can prevent cookies from being stored by configuring your browser as follows:
For Chrome

  • Open Chrome on your computer.
  • In the top right corner, click Settings (the three dots).
  • Click Advanced, then Content Settings.
  • At the top of the page, disable ‘Allow sites to save and read cookie data’.

For Mozilla Firefox:

  • Select the ‘Tools’ menu, then “Options”.
  • Click on the ‘Privacy’ icon.
  • Locate the ‘Cookies’ menu and select the options that suit you

For Microsoft Internet Explorer:

  • Select the “Tools” menu, then ‘Internet Options’.
  • Click on the ‘Privacy’ tab.
  • Select the desired level using the slider.

For Edge:

  • Go to Settings.
  • Under Clear browsing data, select Choose what to clear.
  • Tick the boxes next to each type of data you want to clear, then select Clear.
  • Click on the menu bar and select ‘Tools’
  • Select ‘Internet Options’

Please note: If you choose to refuse cookies on your computer or if you delete those that are stored there, we cannot be held responsible for any consequences related to the degraded functioning of our services resulting from our inability to store or consult the cookies necessary for their functioning and which you have refused or deleted.

X. Data Retention

General
The Company collects and retains your personal data for the purposes of fulfilling its contractual obligations, as well as information on how and how often you use our services. Personal data shall only be retained for as long as necessary to fulfil the purpose for which it was collected. The Company only stores your data for as long as is necessary to provide the service, and as such, the Company deletes your bank details after the service has been provided. The retention of data relating to our customers, professionals, consumers and users varies depending on the type of data concerned. For example, your statistical data that is more than 13 months old will be deleted. Other data may be deleted at any time, in accordance with the provisions set out above.

Retention period for personal and sensitive data
Data retention for the duration of the contractual relationship and beyond.

In accordance with Article 6-5° of Law No. 78-17 of 6 January 1978 on information technology, files and civil liberties, sensitive data (bank card) that is processed will not be retained beyond the time necessary to fulfil the obligations defined when the contract was concluded or beyond the predefined duration of the contractual relationship.

Personal data (surname, first name, email address, postal address) that is processed will be retained for a period of 3 years in our booking software.

Deletion of data after account deletion
Measures are in place to ensure that data is effectively deleted once the retention or archiving period required for the purposes for which it was collected has expired. In accordance with Law No. 78-17 of 6 January 1978 on information technology, files and civil liberties, you also have the right to delete your data, which you can exercise at any time by contacting the Company.

Deletion of data after 3 years of inactivity
For security reasons, if you have not visited our establishment for more than 3 years, your personal data will be deleted.

Deletion of data after 12 months in the newsletter
If you have not been active in the newsletter, i.e. opened and/or clicked on a link in an email, for a period of 1 month, you will receive an email inviting you to take action (click on a link) before you are permanently removed from the relevant list.

XI. Data Storage Location and Transfers

The hosting servers on which the Company processes and stores your data on the website are located exclusively in the European Union.

The Company undertakes to inform you immediately, to the extent that we are legally authorised to do so, in the event of a request from an administrative or judicial authority relating to your data.

XII. Security

In the context of its services, the Company attaches the utmost importance to the security and integrity of the personal data of its customers, consumers, professionals and users. Therefore, and in accordance with the GDPR, the Company undertakes to take all necessary precautions to preserve the security of the data and, in particular, to protect it against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, and against any other form of unlawful processing or communication to unauthorised persons.

To this end, the Company implements standard security measures in the digital industry to protect personal data from unauthorised disclosure. Using the encryption methods recommended by the digital industry, the Company takes the necessary measures to protect information related to payments, given that the Company does not offer direct on-site payment but uses an external service secured by our subcontractors D-EDGE and VEGA.

Furthermore, in order to prevent unauthorised access and to guarantee the accuracy and proper use of data, the Company has implemented electronic and manual procedures to safeguard and preserve the data collected through its services.

However, no one can consider themselves completely immune to a hacker attack. Therefore, in the event that a security breach affects you, the Company undertakes to inform you as soon as possible and to make every effort to take all possible measures to neutralise the intrusion and minimise its impact.

In the event that you suffer damage as a result of a security breach by a third party, the Company undertakes to provide you with all the assistance necessary to enable you to assert your rights.

It should be borne in mind that any user, customer or hacker who discovers a security breach and exploits it is liable to criminal penalties and that the Company will take all measures, including filing a complaint and/or legal action, to preserve the data and rights of its users and itself and to limit the impact as much as possible.

User information in the event of a security breach
We undertake to implement all appropriate technical and organisational measures, using physical and logistical security measures, to ensure a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our service providers, or unauthorised access resulting in the risks identified above, we undertake to:

  • Notify you of the incident as soon as possible if this is a legal requirement
  • Investigate the causes of the incident
  • Take reasonable steps to mitigate the negative effects and damage that may result from the incident.
  • Limit liability

Under no circumstances shall the commitments set out in the above point relating to notification in the event of a security breach be construed as any acknowledgement of fault or liability for the occurrence of the incident in question.

XIII. Responsibilities and Guarantees

Except in cases of force majeure, the Company guarantees to the User, Consumer, Customer, Professional the proper performance of its services in accordance with these Terms and Conditions.

Any compensation that may be due by the Company to the User or a third party, due to the liability of the Company, its subsidiaries or its partners, in connection with the performance of these Terms and Conditions, shall not exceed the price paid by the User, Customer, Professional or Consumer in consideration for the service(s) giving rise to such liability (e.g. the price of a room).

The Company does not systematically monitor the use of its services, in particular the use of equipment available in the room and in the common areas, which remains the responsibility of the Customer, Consumer or Professional.

Under no circumstances may the Company be held liable to third parties for any damage resulting from the use of the services on behalf of the User, Customer, Consumer or Professional for any reason whatsoever.

Responsibility of the User
The Customer, Consumer, Professional, User is solely responsible for the way in which they use the room, the common areas and the equipment at their disposal in the context of the performance of this contract.

The User, Customer, Consumer and Professional may be held liable for any breach of these General Terms and Conditions of Sale and Use, as well as the privacy policy or any legal or regulatory provision or provision resulting from an applicable international agreement.

The User, Customer, Consumer or Professional indemnifies the Company against any damage, claim or recourse by third parties resulting from a breach by the User, Customer, Consumer or Professional of these General Terms and Conditions of Sale and Use, the Company’s Privacy Policy or any legal or regulatory provision or provision resulting from an applicable international agreement.

XIV. Data Portability

The Company undertakes to offer you the possibility of having all data concerning you returned to you upon request. The User is thus guaranteed greater control over their data and retains the possibility of reusing it. This data must be provided in an open and easily reusable format, directly to another data controller when desired and technically possible.

XV. Deletion of data

Deletion of data on request
The User, Customer, Consumer or Professional may delete their Data at any time by simply requesting this from the Company or directly via a link at the bottom of each of our newsletter emails.

Deletion of a booking in the event of a breach of the Privacy Policy
In the event of a breach of one or more provisions of this document or any other document incorporated herein by reference, the Company reserves the right to cancel your booking without the possibility of a refund if payment has already been made.

XVI. Transfer of Data to Countries with an Equivalent Level of Protection

The Company undertakes to comply with the applicable regulations relating to data transfers, even though the Company does not currently transfer data to foreign countries for almost all of its processing operations. When necessary to provide our services, this is done in accordance with the following terms and conditions:

The Company transfers the personal data of its Users, Customers, Consumers and Professionals to countries recognised as offering an equivalent level of protection and recognised by the CNIL as having a sufficient level of protection.

The Company transfers the personal data of its Users, Customers, Consumers and Professionals to recipients who can provide sufficient guarantees of GDPR compliance.

The Company only transfers the personal data of its Users, Customers, Consumers and Professionals to the extent strictly necessary for the purpose of the processing in question, i.e. the booking of hotel services.

Currently, the only processing operations concerned by this provision are:

The booking of services offered by the Company to users who have decided to make a booking via the subcontractor D-EDGE from the Company’s website. Only the following data is transferred: CUSTOMER ID, email address, purchase amount, product description, email address, telephone number, postal address (if provided), 16-digit credit card number and expiry date.

The management of ethical and personalised commercial relations through information posted on Facebook via the ‘Custom Audience’ feature offered by Facebook.

Questionnaires completed by the customer on Google services (Google Doc, Google Drive, Google Form, Google Sheet, etc.). Personal Data depends on what the customer wishes to share (company name, SIRET number, surname, first name, email address).

For a list of countries with an adequate level of legal protection: CNIL – Data protection around the world

XVII. Changes to the Privacy Policy

The Company reserves the right to change this Privacy Policy at any time, in particular in accordance with changes to the laws and regulations in force. You will be notified of any changes via our website and/or by email, where possible at least thirty (30) days before they come into effect. We recommend that you check these rules from time to time to stay informed of our procedures and rules regarding your personal information.

In the event of any changes to this Policy, the Company undertakes not to substantially reduce the level of confidentiality without prior notice to the persons concerned.

XVIII. Applicable Law and Disputes

This Privacy Policy is governed by French law. This reference document is written in French. In the event that it is translated into one or more languages, only the French text shall be binding in the event of a dispute. The invalidity of a clause does not invalidate the Privacy Policy. The temporary or permanent non-application of one or more clauses of this Policy by the Company shall not constitute a waiver of its other clauses, which shall continue to have effect.

Any dispute to which the Privacy Policy may give rise, in particular concerning its validity, interpretation and execution, its consequences and its consequences shall be submitted to the competent courts within the jurisdiction of the city of Rennes.

XIX. Contact

Any questions regarding the Company’s Privacy Policy may be sent by email to contact@maison-obono.com or by post to the following address:

Maison Obono, Impasse Kerdréan, 56400 LE BONO
Telephone: +33 2 97 57 84 00
Email address: contact@maison-obono.com

Réserver

Rejoignez-nous

Réservation

Réserver

Join us

Reservation

Sunday Chill Offer!

Your Sundays will never be the same thanks to our Sunday Chill offer.

Enjoy our brunch & a one-hour spa treatment for €120 per person.

Contact us to book