We’re committed to protecting your privacy. Learn how we handle your personal data, why we collect it, and how you can manage it.
August 5, 2025
.
This Privacy Policy explains how Chez Cati collects, uses, and protects your personal information when you use our website and services.
We only process the personal data necessary to manage your booking, communicate with you, and fulfill legal obligations related to your stay. We do not use your data for marketing purposes unless you have explicitly provided consent.
By using our website (https://chezcati.fr), you agree to the collection and use of your information in accordance with this Privacy Policy.
1. Data Controller
1.1 Controller
DUM, operating as Chez Cati, is the data controller for all personal information collected through our website and services. This means we determine the purposes and means of processing your personal data. We are responsible for ensuring that your personal information is processed lawfully, fairly, and transparently.
Legal Entity: DUM
Operating Name: Chez Cati
Address: 32 Rue du Porche de Russan, 30190 Sainte-Anastasie, France
Siret: 899 596 183 00017
While we retain booking data for at least the duration of the reservation, certain accounting and invoicing records must be kept for longer to comply with French legal requirements. In practice, accounting and invoice documents are commonly archived for up to 10 years under French law. This ensures we can fulfill our tax obligations and maintain proper business records as required by French commercial regulations.
1.2 Payments Controller
Payment processing is managed by Stripe, Inc., our trusted third-party payment processor. Stripe acts as both a data processor on our behalf and as an independent data controller for certain payment-related activities. When you make a payment through our website, Stripe collects and processes your payment information according to their own privacy policy and data protection standards.
Stripe is PCI DSS Level 1 compliant, which represents the highest level of security certification in the payments industry. They handle all sensitive payment card information, including encryption, tokenization, and secure storage. We never directly handle or store your complete payment card details on our systems.
For payment disputes, chargebacks, or fraud prevention, Stripe may process your payment data independently as required by payment network rules and regulations. We receive only the necessary transaction details to complete your booking and maintain our financial records.
2. Personal Data We Collect
We collect personal information that you provide directly to us, as well as data collected automatically when you use our website. The types of personal data we collect include:
2.1 Information You Provide to Us
Booking and Reservation Information
When you make a reservation through our website, we collect comprehensive information necessary to process your booking and provide our services:
First name and last name (to identify guests and create reservations)
Email address (for booking confirmations, communication, and digital receipts)
Phone number (for urgent communication and check-in coordination)
Billing address (for payment processing and invoice generation)
Booking details including check-in and check-out dates, number of adult and child guests, room preferences, and any special requests or accommodations needed
Communication preferences (language, preferred contact method, frequency of updates)
Emergency contact information (when provided for safety purposes)
Dietary restrictions or accessibility needs (when relevant to your stay)
Payment Information
Payment processing is handled exclusively by our third-party payment processor, Stripe. While we do not directly store your payment card details on our systems, Stripe collects and securely processes:
Credit or debit card information (card number, expiry date, CVV code)
Billing name and address associated with the payment method
Alternative payment method details (PayPal, bank transfers, digital wallets)
Transaction history and payment status information
Currency preferences and payment country information
We receive only anonymized transaction confirmations and references necessary to link payments to your reservations. For comprehensive information about how Stripe handles your payment data, please refer to Stripe's Privacy Policy.
Contact Form Information
When you contact us through our website contact form or send direct inquiries, we collect:
Full name (for personalized responses and record-keeping)
Email address (for response delivery and follow-up communication)
Phone number (when provided for direct callback requests)
Subject matter and complete message content (to understand and respond to your inquiry)
Preferred response method and timing (when specified)
Any attachments or additional documents you choose to share
Language preferences for our response
2.2 Information Collected Automatically
Cookies and Similar Technologies
We use various types of cookies and similar tracking technologies to enhance your browsing experience and understand how our website is used:
Essential cookies: Strictly necessary for website functionality, including session management, security features, and basic navigation. These cookies cannot be disabled as they are required for the website to operate properly.
Performance cookies: Help us understand how visitors interact with our website by collecting anonymous statistical data about page views, loading times, error messages, and user journey patterns.
Functional cookies: Remember your preferences and settings to personalize your experience, including language selection, currency display, and previously viewed properties.
Marketing cookies: When consent is provided, these cookies enable us to deliver relevant advertisements and track the effectiveness of our marketing campaigns across different platforms.
Analytics Data
We use Google Analytics 4 to better understand visitor behavior and improve our website experience. This service collects anonymized data including:
IP address (automatically anonymized to protect privacy)
Browser type, version, and capabilities (Chrome, Firefox, Safari, etc.)
Operating system and device information (Windows, macOS, iOS, Android)
Screen resolution and viewport dimensions
Pages visited, time spent on each page, and navigation patterns
Referring website or source of traffic (search engines, social media, direct visits)
Date, time, and duration of website visits
Geographic location at country and city level (derived from anonymized IP)
Language preferences and regional settings
User engagement metrics (scroll depth, clicks, form interactions)
Technical Data
Our web servers automatically collect technical information necessary for website operation and security:
Detailed log data including IP addresses, browser types, Internet Service Provider information, and referring/exit page URLs
Device information such as device type, unique device identifiers, and hardware capabilities
Usage patterns including features accessed, time spent on different sections, and link clicks
Error logs and performance metrics to identify and resolve technical issues
Security-related data to prevent fraud and protect against malicious activities
2.3 Third-Party Services
Our website integrates with several third-party services that may collect and process personal data according to their respective privacy policies:
Bookingmood
Our comprehensive booking management system, Bookingmood, processes and stores reservation data including:
Complete guest profiles with contact information and booking history
Detailed booking information including dates, preferences, and special requests
Real-time availability calendars and pricing information
Reservation modification history and cancellation records
Guest communication logs and service notes
Integration data with our property management systems
Bookingmood operates under strict data protection standards and serves as our data processor for reservation management. For detailed information about their data handling practices, please refer to the Bookingmood Privacy Policy.
Framer
Our website is designed and hosted on the Framer platform, which may collect:
Technical data necessary for reliable website delivery and performance
Performance metrics including page load times and server response rates
Security monitoring data to protect against attacks and unauthorized access
Content delivery optimization data to improve user experience across different geographic locations
Google Services
We utilize several Google services that may process anonymized data:
Google Analytics: For website traffic analysis and user behavior insights
Google Fonts: For consistent typography across different devices and browsers
Google Maps: For location services and directions to our property
2.4 Legal Basis for Processing
We collect and process your personal data based on the following legal foundations under applicable data protection laws:
Contract Performance: Processing is necessary to fulfill our contractual obligations when you book accommodation with us, including reservation processing, service delivery, payment handling, and customer support.
Legal Obligations: We process certain data to comply with applicable laws and regulations, including French hospitality regulations, tax requirements, anti-money laundering laws, and safety regulations.
Legitimate Interests: We have legitimate business interests in processing certain data for fraud prevention, website security, service improvement, and business analytics, provided these interests do not override your fundamental rights and freedoms.
Consent: Where you have provided explicit consent for specific processing activities, such as marketing communications, optional data collection, or non-essential cookies.
3. How We Use Your Personal Data
We use the personal information we collect for the following comprehensive purposes:
3.1 To Provide Our Core Services
Comprehensive Booking Management
We process your information to deliver seamless accommodation services:
Process and confirm your accommodation reservations with detailed confirmation emails
Send pre-arrival information including check-in procedures, property access codes, and local area guidance
Manage sophisticated check-in and check-out procedures, including digital key distribution and departure instructions
Coordinate your entire stay experience at our property in France, from arrival to departure
Handle special requests, dietary requirements, accessibility accommodations, and personalized service preferences
Manage booking modifications, extensions, and cancellations according to our terms and conditions
Provide 24/7 customer support and emergency assistance during your stay
Secure Payment Processing
All payment-related processing to ensure smooth financial transactions:
Process payments securely for your reservations through our Stripe integration
Generate detailed invoices with proper VAT calculations and payment confirmations
Handle refunds, payment disputes, and chargeback procedures when necessary
Maintain comprehensive and accurate financial records for business and legal compliance
Manage foreign currency conversions and international payment processing
Provide transparent pricing information including taxes, fees, and optional services
3.2 To Maintain Excellent Communication
Comprehensive Service-Related Communications
We maintain regular communication throughout your booking journey:
Send immediate booking confirmations with all relevant details and next steps
Provide timely updates about any changes to your reservation or our services
Deliver detailed pre-arrival instructions including directions, parking information, and check-in procedures
Send property access information including door codes, Wi-Fi passwords, and facility instructions
Respond promptly and comprehensively to all inquiries via contact form, email, or phone
Provide dedicated customer support before, during, and after your stay with personalized assistance
Send follow-up communications to ensure satisfaction and address any post-stay concerns
Essential Administrative Communications
Important business and legal communications:
Send detailed receipts and invoices for your records with proper tax documentation
Notify you about any changes to our terms of service, privacy policies, or operational procedures
Send mandatory legal notices, safety information, and regulatory compliance communications
Provide important updates about our property, facilities, or services that may affect your stay
Communicate emergency procedures and local safety information when relevant
3.3 To Continuously Improve Our Services
Advanced Analytics and Performance Monitoring
We analyze comprehensive data to enhance your experience:
Analyze detailed website usage patterns to identify areas for improvement in user interface and booking flow
Study booking trends, seasonal patterns, and customer preferences to optimize our offerings
Monitor and optimize website functionality, loading speeds, and mobile responsiveness
Identify and resolve technical issues promptly to maintain seamless user experience
Develop new features and services based on user behavior analysis and feedback
Conduct A/B testing on website elements to improve conversion rates and user satisfaction
Customer Experience Enhancement
Personalizing and improving every aspect of your interaction with us:
Personalize your website experience based on previous visits and preferences
Remember your booking preferences, communication choices, and service requirements for future visits
Streamline the booking process for returning guests with saved information and preferences
Tailor our services and recommendations to better meet individual guest needs and expectations
Create detailed guest profiles to provide more personalized service during future stays
3.4 To Ensure Security and Prevent Fraud
Comprehensive Security Measures
Protecting both our guests and our business through advanced security protocols:
Implement sophisticated fraud detection systems to identify and prevent fraudulent transactions
Verify guest identity through multiple channels to prevent unauthorized bookings and identity theft
Monitor for unusual booking patterns, suspicious payment activities, and potential security threats
Protect against malicious activities including cybersecurity threats and data breaches
Maintain robust system security with regular updates, monitoring, and threat assessment
Conduct security audits and vulnerability assessments to maintain the highest protection standards
3.5 To Comply With Legal and Regulatory Obligations
Legal Compliance and Reporting
Ensuring full compliance with all applicable laws and regulations:
Comply with comprehensive French hospitality laws and tourism regulations
Maintain detailed guest records as required by local and national authorities
Report necessary information to tax authorities, including VAT calculations and tourist tax collection
Respond appropriately to legal requests from law enforcement or government agencies
Fulfill all obligations as a licensed accommodation provider in France
Maintain proper business licenses and regulatory compliance documentation
Comply with data protection laws including GDPR and French data protection regulations
3.6 For Marketing Purposes (With Explicit Consent Only)
Targeted Marketing Communications
Only when you have explicitly provided consent, we may use your information for:
Send personalized promotional offers and exclusive special deals tailored to your preferences
Share exciting news about property improvements, new amenities, and enhanced services
Send seasonal greetings, holiday offers, and special occasion promotions
Provide curated information about local events, festivals, and attractions in our region
Send post-stay satisfaction surveys to gather feedback and improve our services
Create targeted marketing campaigns based on your booking history and preferences
Easy Opt-Out Options
You maintain complete control over marketing communications and can opt-out at any time through:
Clicking the prominent "unsubscribe" link in any marketing email
Contacting us directly at info@chezcati.fr to update your communication preferences
Adjusting your communication preferences in your online account settings
Requesting removal from specific marketing lists while maintaining service communications
3.7 To Manage and Optimize Our Business Operations
Comprehensive Business Management
Using data to maintain and improve our business operations:
Maintain accurate and comprehensive business records for financial and operational analysis
Conduct regular internal audits and quality assurance procedures to maintain service standards
Train staff effectively and improve service delivery based on guest feedback and operational data
Manage relationships with service providers including Bookingmood, Stripe, and other essential partners
Evaluate and continuously improve our business performance through data-driven insights
Plan capacity, pricing strategies, and service improvements based on booking patterns and market analysis
4. Data Sharing and Third Parties
We are committed to protecting your privacy and do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We only share your data in the following specific circumstances:
4.1 Essential Service Providers
We work with trusted third-party service providers who process personal data on our behalf under strict contractual obligations:
Stripe (Payment Processing)
Purpose: Secure payment processing and financial transactions
Data shared: Payment information, billing details, transaction records
Location: Global operations with data centers in multiple regions
Safeguards: PCI DSS Level 1 compliance, encryption, tokenization
Bookingmood (Reservation Management)
Purpose: Booking system management and guest communication
Data shared: Reservation details, guest information, booking history
Location: European Union
Safeguards: GDPR compliance, data processing agreements, security certifications
Framer (Website Hosting)
Purpose: Website delivery and performance optimization
Data shared: Technical data necessary for website functionality
Location: Global content delivery network
Safeguards: Industry-standard security measures and data protection practices
Google Analytics (Website Analytics)
Purpose: Website performance analysis and user behavior insights
Data shared: Anonymized usage data, aggregated statistics
Location: Global processing with EU data residency options
Safeguards: Data anonymization, IP address masking, data retention controls
4.2 Legal and Regulatory Requirements
We may share your information when legally required or necessary:
Law Enforcement and Government Agencies
When required by applicable laws or valid legal processes
To comply with subpoenas, court orders, or regulatory investigations
For national security purposes as required by French or EU authorities
To assist in criminal investigations when legally obligated
Tax and Regulatory Authorities
Tourist tax reporting to local municipalities
VAT and income tax reporting to French tax authorities
Business registration and licensing compliance
Anti-money laundering reporting when required
4.3 Business Protection and Safety
Limited sharing for legitimate business protection:
Fraud Prevention
Sharing necessary data with payment processors to prevent fraudulent transactions
Coordinating with industry fraud prevention networks
Reporting suspicious activities to relevant authorities
Business Continuity
In the event of a business merger, acquisition, or sale, personal data may be transferred with appropriate notice and protection measures
To professional advisors (lawyers, accountants, consultants) under confidentiality agreements
5. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal requirements, and protect our legitimate business interests:
5.1 Booking and Guest Information
Retention Period: 7 years from the completion of your stay Purpose: Compliance with French tax laws, accounting regulations, and potential legal claims Details: Complete booking records, guest information, and service history are retained to meet legal obligations and provide customer service for future bookings
5.2 Contact Form Inquiries and Communications
Retention Period: 2 years from the last communication Purpose: Customer service continuity and business relationship management Details: Email correspondence, contact form submissions, and customer service logs are retained unless longer retention is required for legal purposes
5.3 Marketing Preferences and Consent Records
Retention Period: Until consent is withdrawn or 3 years after last interaction Purpose: Compliance with consent management requirements and marketing law obligations Details: Records of marketing consent, preferences, and opt-out requests are maintained to ensure proper consent management
5.4 Analytics and Website Usage Data
Retention Period: 26 months (Google Analytics default setting) Purpose: Website optimization and user experience improvement Details: Anonymized website usage data is automatically deleted after 26 months to balance business needs with privacy protection
5.5 Payment and Financial Records
Retention Period: 10 years for accounting records, 7 years for transaction details Purpose: Compliance with French commercial law and financial regulations Details: Invoice records, payment confirmations, and tax-related documentation are retained according to legal requirements
5.6 Data Deletion Procedures
When personal data reaches the end of its retention period:
Data is automatically purged from active systems according to established schedules
Backup copies are securely deleted during regular backup rotation cycles
Hard copies of documents are securely destroyed using certified document destruction services
We maintain logs of data deletion activities for compliance purposes
Data Deletion Requests: If you request deletion of your personal data, we will comply promptly unless retention is required by law or necessary for legitimate business reasons (such as preserving billing records for tax compliance). For security and disaster-recovery purposes, residual copies may remain in encrypted backups for a limited period before automatic deletion.
6. Your Rights
If you are located in the European Union, you have comprehensive rights under the General Data Protection Regulation (GDPR) regarding your personal data. We are fully committed to respecting your privacy and enabling you to exercise these rights effectively. You may contact us at info@chezcati.fr to make any request.
6.1 Right of Access
What it means: You can request a copy of all personal data we hold about you How to exercise: Contact us with identification verification Response time: Within one month of receiving your request What we provide: Complete data inventory, processing purposes, retention periods, and third-party sharing details
6.2 Right to Rectification
What it means: You can request correction of inaccurate or incomplete personal data How to exercise: Contact us with details of the corrections needed Response time: Immediate for simple corrections, within one month for complex cases Our commitment: We will also notify relevant third parties of any corrections made
6.3 Right to Erasure ("Right to be Forgotten")
What it means: You may request deletion of your personal data in specific circumstances Limitations: We cannot delete data required by law or for legitimate business purposes (e.g., tax records, invoicing) How to exercise: Submit a written request with justification Our process: We will assess your request and inform you if deletion is possible or if legal retention requirements apply
6.4 Right to Object to Processing
What it means: You can object to processing based on legitimate interests or for marketing purposes How to exercise: Contact us with specific objections and reasons Our response: We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests Marketing: You can object to marketing communications at any time with immediate effect
6.5 Right to Restrict Processing
What it means: You can request temporary suspension of data processing in specific circumstances When applicable: While verifying data accuracy, during objection assessment periods, or for legal claim purposes Effect: We will store but not actively process your data during restriction periods Duration: Until the underlying issue is resolved
6.6 Right to Data Portability
What it means: You can request transfer of your data in a structured, machine-readable format Scope: Applies to data processed based on consent or contract performance Format: JSON, CSV, or other commonly used structured formats Direct transfer: Where technically feasible, we can transfer data directly to another service provider
6.7 Right to Withdraw Consent
What it means: Where processing is based on consent, you can withdraw it at any time Effect: Withdrawal does not affect the lawfulness of processing before withdrawal How to exercise: Contact us or use opt-out mechanisms in communications Scope: Applies to marketing communications, optional data collection, and non-essential cookies
6.8 Right to Lodge a Complaint
What it means: You can file a complaint with a supervisory authority if you believe your rights have been violated Primary authority: Commission Nationale de l'Informatique et des Libertés (CNIL) in France Alternative: You may also contact the supervisory authority in your EU country of residence Our commitment: We encourage you to contact us first so we can address your concerns directly
6.9 Exercising Your Rights
How to contact us: Send detailed requests to info@chezcati.fr Identity verification: We may need to verify your identity before responding to certain requests to protect your privacy Response timeline: We will acknowledge your request within 72 hours and provide a full response within one month Complex requests: For complex requests, we may extend the response period by up to two additional months with explanation No cost: Exercising your rights is generally free of charge Excessive requests: We reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests
7. Data Security
Protecting your personal information is our top priority, and we implement comprehensive security measures to safeguard your data against unauthorized access, alteration, disclosure, or destruction.
7.1 Technical Security Measures
Encryption and Data Protection
All data transmission is secured using industry-standard SSL/TLS encryption protocols
Personal data is encrypted at rest using AES-256 encryption standards
Database encryption with regularly rotated encryption keys
Secure backup systems with encrypted storage and controlled access
Access Controls and Authentication
Multi-factor authentication required for all administrative access
Role-based access controls ensuring staff can only access data necessary for their job functions
Regular access reviews and immediate revocation of access for former employees
Unique user accounts with strong password requirements and regular password updates
Infrastructure Security
Secure hosting environments with 24/7 monitoring and intrusion detection
Regular security updates and patches applied to all systems
Firewall protection and network segmentation to isolate sensitive data
7.2 Organizational Security Measures
Staff Training and Awareness
Comprehensive data protection training for all employees handling personal data
Regular security awareness updates and best practices communication
Clear data handling procedures and incident response protocols
Confidentiality agreements for all staff and contractors
Data Handling Procedures
Strict data minimization principles ensuring we only collect and retain necessary information
Secure data disposal procedures for both digital and physical records
Regular data audits to ensure compliance with retention policies
Incident response plan for potential data breaches with clear escalation procedures
7.3 Monitoring and Compliance
Continuous Monitoring
24/7 system monitoring with automated threat detection and response
Regular security assessments and compliance audits
Logging and monitoring of all data access and processing activities
Regular backups with tested recovery procedures
Third-Party Security
All service providers undergo security assessments before engagement
Contractual data protection requirements for all third-party processors
Regular review of third-party security practices and compliance
Immediate notification requirements for any security incidents involving our data
7.4 Incident Response
Breach Notification
Immediate assessment and containment of any potential security incidents
Notification to relevant supervisory authorities within 72 hours when required
Direct communication to affected individuals when there is a high risk to their rights and freedoms
Detailed incident documentation and post-incident analysis for continuous improvement
While no method of electronic storage or transmission is ever completely secure, we continuously evaluate and enhance our security measures to maintain the highest standards of data protection. We regularly update our systems and practices to address emerging threats and maintain compliance with evolving security standards.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience, understand how you use our website, and provide personalized content where appropriate.
For detailed information about cookies and tracking technologies, please refer to our separate Cookie Policy.
9. International Data Transfers
As part of providing our services, some of your personal data may be transferred to, processed, or stored in countries outside of the European Union. We ensure that all such transfers are conducted with appropriate safeguards to protect your privacy rights.
9.1 Why International Transfers Occur
Service Provider Infrastructure
Some of our essential service providers operate global infrastructure that may process data outside the EU
Cloud storage and backup systems may replicate data across multiple geographic regions for reliability and performance
Payment processing through Stripe involves global payment networks that operate internationally
Business Operations
Customer support services may involve international team members or service providers
Website hosting and content delivery networks operate globally to ensure optimal performance
Analytics and security services may process data through international networks
9.2 Countries and Regions Involved
United States
Google Analytics and other Google services (covered by EU-US Data Privacy Framework)
Stripe payment processing (covered by adequate safeguards and certifications)
Website hosting and content delivery services
Other Countries
Payment processing may involve countries based on your chosen payment method and bank location
Email delivery services may route through various countries for optimal delivery
Security and fraud prevention services may analyze data through international networks
9.3 Legal Safeguards and Protections
Adequacy Decisions We prioritize transfers to countries that have received adequacy decisions from the European Commission, meaning they provide essentially equivalent data protection to the EU.
Standard Contractual Clauses (SCCs) For transfers to countries without adequacy decisions, we use the European Commission's Standard Contractual Clauses, which provide legally binding data protection obligations.
9.4 Specific Service Provider Protections
Stripe (Payment Processing)
Certified under various international data protection frameworks
Implements technical and organizational measures equivalent to EU standards
Provides data localization options where technically feasible
Subject to regular third-party security audits and compliance assessments
Google Services
Covered by the EU-US Data Privacy Framework for certain services
Offers data residency and localization options for EU customers
Implements comprehensive data protection measures including encryption and access controls
Provides transparency reports and detailed privacy controls
9.5 Your Rights Regarding International Transfers
Information Rights You have the right to obtain information about:
Which of your personal data is transferred internationally
The countries involved in processing your data
The safeguards in place to protect your data
The legal basis for each transfer
Objection Rights You may object to international transfers in certain circumstances:
When transfers are based on legitimate interests that you believe are overridden by your rights
For marketing purposes processed outside the EU
When you believe adequate protection is not in place
Contact us if you have specific concerns about international transfers of your data, please contact us at info@chezcati.fr. We will provide detailed information about the safeguards in place and work with you to address any concerns.
10. Children's Privacy
Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. We are committed to protecting children's privacy and complying with applicable laws regarding minors.
10.1 Age Restrictions
Booking Requirements
All reservations must be made by individuals who are at least 18 years old
The primary guest must be a legal adult capable of entering into binding contracts
We require age verification during the booking process when necessary
Minors may stay at our property but must be accompanied by a parent or legal guardian who makes the reservation
Website Usage
Our website is designed for adult users making accommodation bookings
We do not create content specifically targeted at children
We do not use tracking technologies to build profiles of users known to be under 18
We do not engage in marketing activities directed at minors
10.2 Inadvertent Collection of Children's Data
Detection Procedures If we discover that we have inadvertently collected personal information from a child under 18:
We will immediately assess the scope and nature of the collected information
We will promptly delete all personal information relating to the child from our systems
We will terminate any accounts or services associated with the minor
We will implement additional safeguards to prevent similar occurrences
Parental Notification If you are a parent or legal guardian and believe your child has provided personal information to us:
Contact us immediately at info@chezcati.fr with details of the situation
Provide verification of your parental relationship to the child
We will work with you to promptly remove any collected information
We will provide confirmation once the data has been deleted from our systems
10.3 Family Bookings
Accompanied Minors
Personal information is collected only for the adult who makes the reservation
Children's names may be collected for occupancy and safety purposes only
We do not collect detailed personal profiles or track children's activities
All communication regarding the booking is directed to the adult guest
Safety and Legal Requirements
We may collect limited information about accompanying children for safety and legal compliance
Local regulations may require guest registration information including ages of all occupants
Emergency contact information may include details about accompanying minors
Such information is used only for legal compliance and safety purposes
10.4 Third-Party Services and Children
Service Provider Obligations
All our third-party service providers are contractually required to comply with children's privacy protection laws
We verify that third parties do not knowingly collect information from children
Payment processors and booking systems have their own age verification procedures
Analytics services are configured to exclude tracking of users identified as minors
Monitoring and Compliance
We regularly review our data collection practices to ensure compliance with children's privacy laws
We conduct periodic audits of third-party services to verify their children's privacy protections
We maintain documentation of our children's privacy protection measures
We update our procedures as laws and best practices evolve
If you have any concerns about children's privacy or believe we may have inadvertently collected information from a minor, please contact us immediately at info@chezcati.fr.
11. Changes to This Privacy Policy
We may periodically update this Privacy Policy to reflect changes in our practices, services, legal requirements, or industry standards. We are committed to maintaining transparency about how we collect, use, and protect your personal information.
11.1 Types of Changes
Routine Updates
Clarifications of existing practices without material changes to data processing
Updates to contact information or organizational details
Minor corrections or formatting improvements
Updates to third-party service provider information
Material Changes
New types of personal data collection or processing purposes
Changes to data retention periods or deletion practices
New third-party service providers or data sharing arrangements
Modifications to your rights or how to exercise them
Changes to international data transfer practices
11.2 Notification Process
How We Notify You
All updates will be published on this page with a revised "Last Updated" date
Material changes will be highlighted prominently on our website
For significant changes affecting your rights, we will send email notifications to registered users
We may also post notices on our social media channels for widespread awareness
Advance Notice
We will provide at least 30 days' notice before material changes take effect
For changes requiring new consent, we will seek your permission before implementing changes
You will have the opportunity to review changes and make informed decisions about continued use of our services
During the notice period, the previous version of the policy will remain accessible
11.3 Your Options
Continued Use
Continued use of our website and services after changes take effect constitutes acceptance of the updated policy
If you disagree with material changes, you may discontinue using our services
For existing bookings, the policy version in effect at the time of booking will generally apply
Withdrawing Consent
If changes require new consent for data processing, you can choose not to provide such consent
You may withdraw previously given consent for data processing not essential to our services
Essential processing for existing bookings will continue as necessary to fulfill our contractual obligations
11.4 Accessing Previous Versions
We maintain records of previous versions of this Privacy Policy for reference and compliance purposes. If you need to review a previous version of our policy that was in effect during your interaction with us, please contact us at info@chezcati.fr with the approximate dates of your booking or website usage.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your privacy rights.
12. Contact Us
We are committed to addressing your privacy concerns and questions promptly and thoroughly. If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please don't hesitate to contact us.
12.1 Primary Contact Information
Email: info@chezcati.fr
Our primary communication channel for all privacy-related inquiries
We aim to respond to all emails within 24-48 hours during business days
For urgent privacy matters, please mark your email as "URGENT - Privacy Inquiry"
Phone: +33 6 63 12 76 86
Legal Entity: DUM
Address: 32 Rue du Porche de Russan, 30190 Sainte-Anastasie, France
Siret: 899 596 183 00017
12.2 Information to Include
When contacting us about privacy matters, please include:
Your full name and email address associated with any booking or inquiry
Specific details about your privacy concern or request
Reference number for any existing booking or communication
Preferred method and language for our response
Any relevant dates or timeframes related to your inquiry
About This Policy: This Privacy Policy is designed to be comprehensive and transparent about our data practices. We regularly review and update it to ensure accuracy and compliance with applicable laws. If you notice any inconsistencies or have suggestions for improvement, please let us know at info@chezcati.fr.