en
Gift idea
Booking +33 (0)4 78 16 01 01

Privacy & cookie policy

Management of personal data

The visitor is informed of the regulations concerning marketing communication, France’s Digital Economy Law of 21st June 2014, the French Data Protection Act of 6th August 2004 and the General Data Protection Regulation (GDPR: no. 2016/679)

Hereinafter, “visitor” relates to any individual consulting the website https://www.villa-maia.com from a terminal with a unique identifier

Data controller

For the personal data collected during the visitor’s use of the website, the data controller is: Maïa hospitality, represented by Séverine MAISONNEUVE.

As the controller of the data we collect, we undertake to comply with the applicable legal provisions in force. In particular, it is up to us to establish the purposes of our data processing operations and to provide our visitors, upon receiving their consent, with complete information regarding the processing of their personal data. It is also our responsibility to keep an accurate register of processing operations. Every time we process personal data, we take all reasonable measures to ensure the accuracy and relevance of the personal data in terms of the purposes for which we are processing them.

Which data are collected?

We may process all or some of the following data:

  • Surname
  • First name
  • Company
  • Telephone number
  • E-mail address
  • Postal address
  • Consent
  • IP address

Purposes of processing 

We collect your personal data for specific purposes and on various legal grounds. As part of the execution of the contract or pre-contractual measures, your data is processed for the following purposes:

  • Creation of customer accounts and profile sheets;
  • Billing of customers and suppliers;
  • Handling complaints;
  • Managing reservations;
  • Concierge services;
  • As part of Maïa Hospitality’s legitimate interest, your data is processed for the following purposes:
  • Commercial prospecting;
  • Satisfaction surveys;

Data storage period

  • Customer relationship management: 5 to 10 years from the end of the relationship
  • Commercial prospecting: 3 years from the last contact
  • Management of cookies and trackers requiring your consent: 13 months maximum – 25 months maximum for information from cookies
  • Conducting satisfaction surveys and polls: 3 years from the end of the relationship
  • Traffic statistics on social networks: From the aggregation of data
  • Keeping general and auxiliary accounting: 10 years

Transmission of your personal data 

We do not sell your personal data. Within the limits of their respective attributions and for the purposes mentioned above, the main persons likely to have access to your data are the employees of Villa Maïa to respond to your contact request and the employees of the WOW agency as part of their intervention on the website. Only your IP address may be transmitted to Google Inc. solely for statistical and analysis purposes.

Right of access, rectification, deletion, and opposition 

In accordance with current European regulations, as a visitor to our site, you have the following rights: The GDPR provides the Data Subjects with rights they can exercise. These include:

  1. Right to information: the right to have clear, precise, and complete information on the use of personal data by Maïa Hospitality.
  2. Right of access: the right to obtain a copy of the personal data that the Data Controller holds about the requester.
  3. Right to rectification: the right to have personal data corrected if it is inaccurate or outdated and/or to complete it if it is incomplete.
  4. Right to erasure / right to be forgotten: the right, in certain conditions, to have data erased or deleted, unless Maïa Hospitality has a legitimate interest in retaining it.
  5. Right to object: the right to object to the processing of personal data by Maïa Hospitality for reasons related to the requester’s particular situation (under conditions).
  6. Right to withdraw consent: the right to withdraw consent at any time when the processing is based on consent.
  7. Right to restriction of processing: the right, in certain conditions, to request that the processing of personal data be temporarily suspended.
  8. Right to data portability: the right to request that personal data be transmitted in a reusable format to be used in another database.
  9. Right not to be subject to automated decision-making: the right for the requester to refuse fully automated decision-making and/or to exercise additional guarantees offered in this regard.
  10. Right to define post-mortem directives: the right for the requester to define directives regarding the fate of personal data after their death.

As soon as we learn of the death of a visitor, in the absence of instructions from them, we undertake to destroy their data, unless the data need to be kept for purposes of proof or to meet a legal obligation..

If you wish to know how we use your personal data, correct it, or object to its processing, you can contact us in writing at the following address: dpo@groupe-maia.com

In such circumstances, you must indicate which personal data you would like to correct, update or delete, identifying yourself with a copy of a form of identification (identity card or passport).

Requests to delete personal data will be subject to the obligations imposed by law, relating to the retention or archiving of documents in particular. Finally, you can file a complaint with the supervisory authorities, in particular with CNIL (https://www.cnil.fr/fr/plaintes).

Data transfers outside the European Union

We will not process, host or transfer the information collected on our visitors to countries outside the European Union or that are considered “unsuitable” by the European Commission without first informing the visitor. Nevertheless, we retain the freedom to choose our technical and commercial data processors provided that they offer sufficient guarantees with regard to the requirements of the General Data Protection Regulation (GDPR: no. 2016/679).

We undertake to exercise all the necessary precautions to safeguard the security of your details and, in particular, to ensure that they are not communicated to unauthorised persons. However, if we do become aware of an incident affecting the integrity or confidentiality of some of your details, we undertake to inform you and to communicate the corrective actions taken as soon as possible.

Incident notification

No matter how much effort is made, no transfer method online and no method of electronic storage is completely safe. As a result, we are unable to guarantee complete security. Should we become aware of a security breach, we will notify the visitors concerned so that they can take appropriate action. Our incident notification procedures take into account our legal obligations, both at a national and European level. We undertake to inform you of all matters relating to the security of your personal data and to provide you with all the information necessary to help you comply with your own regulatory reporting obligations.

No personal information is published without your knowledge or is exchanged, transferred, assigned or sold to third parties in any format. Only a hypothetical takeover of the company and its rights would allow the aforementioned information to be transferred to the purchaser, which would be bound by the same data storage and alteration obligations concerning a visitor of our website.

Security

To guarantee the security and confidentiality of your personal data, we use security measures such as:

  • HTTPS encryption
  • Data hashing
  • Continuous firewall monitoring
  • Systematic checking of natural persons with access to our servers.

When processing your personal data, we take all reasonable measures to protect against any loss, misuse, unauthorised access, disclosure, tampering or destruction.

Hyperlinks, cookies and web beacons (“tags”)

Our website contains a number of hyperlinks to other websites.
Items on this website may include embedded content (for example, videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor went to this other website. However, we are unable to check the content of the websites visited and will, therefore, not assume any related responsibility. These websites may collect your personal data, use cookies, embed third-party tracking tools and track your interactions with this embedded content if you have an account linked to their website. Unless you decide to disable cookies, you accept the website’s use of them. You may disable these cookies at any time, free of charge, using the deactivation options offered to you and listed below as a reminder. You do so in the knowledge that this may reduce or prevent your access to all or part of the services offered by our website.

Cookies

A cookie is a small information file that is sent to your browser and saved on your terminal (e.g., computer, smartphone). This file contains information such as IP address, internet service supplier, operating system, and the date and time of access. Under no circumstances do the cookies on our website risk damaging your terminal. The cookies used on our website are intended solely for the statistical analysis of visits.

You can configure your browser to accept or decline cookies. You may also configure your browser so that you are given the option to accept or decline cookies promptly, before a cookie may be saved on your terminal. If you choose to decline cookies, your browsing and your experience on the website may be restricted. By clicking on the icons dedicated to social networks on the website, these social networks may also store cookies on your terminals (computer, tablet, mobile phone).

When you browse our website, information may be stored or read on your device.

Audience measurement tools are deployed to obtain information about visitor navigation. They help understand how users arrive on the site and reconstruct their journey. These tools use technologies to track users on the site and associate a “referrer” or a campaign with a unique identifier.

This site uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter “Google”) that helps us analyze the use of the site. To this end, Google Analytics uses cookies, which are text files placed on your computer. The information generated by the cookies regarding the use of the site – typical information about internet access (including your IP address) and your visitor behavior analyzed anonymously – is transmitted to Google, which stores it, including on servers located in the United States. We anonymize your IP address before sending it to Google. In accordance with the data protection shield certification, Google declares that it complies with the EU-US data protection shield framework. Google may transfer the information collected by Google Analytics to third parties when required by law or when these third parties process the information on behalf of Google. The Google Analytics terms of use specify that Google does not link the IP address of the data subject with other data held by Google.

Refusing cookies: You can refuse the use of Google Analytics cookies by downloading and installing the browser add-on for disabling Google Analytics: Google Analytics Opt-out Browser Add-on.

Cookies are also used to determine whether the data subject has accepted (or not) the use of cookies on the Council’s site, so that the question is not asked each time they visit.

Statistics and audience measurement

After receiving your acceptance, we create a collection of data regarding your visit, such as: the number of pages visited, the pathway, the name of the pages. We may occasionally use web beacons (also known as tags, action tags, single-pixel GIFs, clear GIFs, invisible GIFs and 1×1 GIFs) and implement them via a specialist web analytics partner, which may be located (and may therefore store the corresponding information, including your IP address) in a foreign country. The external service provider may collect information on visitors to the website and other websites using these tags. They may also compile reports for us on website activity and may provide other services relating to the use of the website and the internet.

Alterations and contacts

We may update this privacy policy in response to legal, technical or commercial developments. When updating our privacy policy, we will take appropriate steps to notify you, depending on the extent of the alterations that we make. We will obtain your consent for all significant alterations to the privacy policy if and when required by applicable data protection laws.

Last update : april 2025

LYON | FRANCE