just a tiny bit of boring stuff, no biggie!
Privacy policy
Last update: 17 December 2024
Introduction
89labs ("Staays", "We", "Our", "Us"), with a share capital of €11,765, having its registered office at 3 Esplanade Augustin Aussedat - 74960 ANNECY, registered with the Trade and Companies Register of ANNECY under the number 949 961 684, with the intra-community VAT number FR38949961684. 89LABS is also registered with the Atout France Register of Tourist Operators under the number IM074240014. The contact is hello@staays.com. Staays is a hotel booking website based in France.
The Director of Publication for the Service is Anthony Renaud.
Services are hosted by :
Vercel Inc., a Delaware company provides a cloud platform for on-demand deployment, associated hosting and sharing services, and analytics tools.
Its contact details are as follows:
Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
Privacy@vercel.comGoogle Kubernetes Engine (GKE) is a fully managed service that enables the deployment of Kubernetes clusters without the need to manage the underlying infrastructure.
Its contact details are as follows:
Google Ireland Limited, société de droit irlandais immatriculée en Irlande (Numéro d'immatriculation : 368047/Numéro de TVA : IE6388047V) Gordon House, Barrow Street Dublin 4 - Irlande
When you use the website https://staays.com and the mobile applications (collectively, the "platforms") of Staays (the "Service(s)"), we ("Staays", "We", "Our", "Us") may collect and process your personal data.
This Privacy and Personal Data Protection Policy (the "Policy") is intended to inform users of the Services ("User", "You", "Your") about the measures implemented to:Collect and process Your personal data in compliance with applicable French and European legislation, including Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties, as amended by Law No. 2004-801 of August 6, 2004, and by Law No. 2018-493 of June 20, 2018 ("Data Protection Act"), Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), and Directive 2002/58/EC of July 12, 2002, as amended by Directive 2009/136/EC ("ePrivacy Directive"), and any national transposing legislation or any subsequent text that may replace them.
Consult and store information relating to Your browsing on the Services that may be recorded in “cookie” files (defined in Article 9 below).
Your rights concerning your personal data.
How to contact us
We attach the greatest importance to respecting Your privacy and protecting Your personal data.
By accessing and/or using the Services, You accept that Your personal data may be collected and processed under the terms and conditions set out below.
If You do not accept the present Charter, You must cease all use of the Services.
The Charter forms an integral part of the General Terms and Conditions of Use of the Services (‘T&C) and must be read in conjunction with these T&C.
We may modify the Charter, in particular in order to comply with any legislative, regulatory, jurisprudential, editorial or technical developments under the conditions described in the T&C.
Application of this privacy policy
To provide the Platforms and other services, we need to collect, use and share personal information. This policy explains how we use your personal information when you access and use the Platforms or our other services.
Local laws
While this policy is intended to describe the broadest range of our information collection, processing and sharing activities worldwide, some activities may be more limited in certain jurisdictions depending on the particular laws or regulations of those territories/countries. For example, the laws of a particular territory/country may restrict the types of personal information we may collect or the manner in which we process such information. In such cases, we adjust our internal policies and/or practices to reflect the requirements of local legislation while complying with the General Data Protection Regulation (EU Regulation, GDPR).
1. Types of personal information we may collect
The personal information we collect may vary by territory/country or by your preferred method of interaction with us. We obtain most of your personal information directly from you via the Platforms or from other booking platforms authorised to connect you to the Hotels.
If you do not provide us with personal data, we may not be able to provide our services or fulfil our obligations to you.
The following table contains more details about the personal information we may collect and process about you.
Data collected | Data Category | Legal Basis | Processing (GDPR) | Processing (Privacy Policy) |
|---|---|---|---|---|
First and last name | Identification data | N | Secure storage in an encrypted database, access limited to authorised employees | Used only for booking and booking-related communication, not shared with third parties without explicit consent |
Email address | Contact data | Consent of the user necessary for the performance of the contract and legal obligations | Secure storage in an encrypted database, access limited to authorised employees | Used to confirm bookings, manage and organise holidays, send personalised promotional offers and newsletters with the option of unsubscribing. |
Phone number | Contact data | Consent of user | Secure storage in an encrypted database, access limited to authorised employees | Used for booking confirmation and customer service, possibility of unsubscribing from marketing communications |
Billing adress | Payment data | Necessary to perform the contract | Secure storage in an encrypted database, access limited to authorised employees | Used for payment processing and invoicing, not retained after the transaction. |
Date of birth | Contact data | Consent of user | Secure storage in an encrypted database, access limited to authorised employees | Use of customer service and marketing campaigns, possibility of unsubscribing from marketing communications |
Information on passport, visa and details of your government-issued identity document | Contact and sensitive personal data | Necessary to perform the contract Explicit consent of the user | Secure storage in an encrypted database, access limited to authorised employees | Use to confirm the booking |
Credit card and/or bank account information, payment method, discounts granted, payments received, due, reminders, balances, transaction number. Purchase history (register and invoices) | Payment data | Consent of the user, necessary for the performance of the contract and legal obligation | Secure storage in an encrypted database, access limited to authorised employees, compliance with PCI-DSS standards | Used for secure payment processing, minimum data retention in accordance with legal requirements |
Stay preferences | User profile data | User consent | Secure storage in an encrypted database, access limited to authorised employees | Used to personalise offers and recommendations, preferences can be updated or deleted at any time |
Information about the holiday (Booking channels | User profile data | User consent | Secure storage in an encrypted database, access limited to authorised employees | Use to organise and manage your stay, provide platforms, correspondence, comments, market research and surveys, planning, improve customer service, personalise offers and recommendations, possibility of updating or deleting preferences at any time. |
Reservations made or in progress, wish lists, services subscribed to, amount, frequency, invoicing address, reservation history, purchases and purchase history, traveller lists, traveller preferences, user opinions and any problems encountered or reported by the User in the provision of services, correspondence with the after-sales service, food and/or drink preferences and special requests. | User profile data | User consent | Secure storage in an encrypted database, access limited to authorised employees | Used to manage and organise your stay, used to personalise offers and recommendations, preferences can be updated or deleted at any time. |
Calls, voice messages, online discussions and messages, faxes, letters and e-mails sent or addressed by or to you | Communication datas | User consent | Secure storage in an encrypted database, access limited to authorised employees Used to improve user experience, anonymised storage for internal analysis | Use to manage and organise your stay in a hotel Planning, improving and developing customer service. Security, prevention of cyber-incidents and crime, prevention of harmful activities. |
Geolocation data. | Location data | User consent | Used to display nearby hotels, temporary storage and anonymisation for internal analyses | Provision of optional localisation functionality with the option of deactivation |
Browsing Data (IP address, type of device and operating system, advertising identifier, internet connection details, log files and browsing patterns) | Site usage data | User consent | Used to improve user experience, anonymised storage for internal analysis | Used to improve the platform and services offered, not shared with identifiable third parties |
Information on Food Preferences and Restrictions | Sensitive personal data | Explicit User consent | Secure storage in an encrypted database, access limited to authorised employees | Use for personalising restoration services, minimal retention and deletion at the user's request |
2. biometric, health-related or other sensitive personal information
It may happen that the personal information listed above contains information classified as sensitive personal information under the privacy laws of certain territories/countries.
2.1. Special categories
Depending on the applicable law, sensitive personal information may mean personal information from which we can determine or infer racial or ethnic origin, political opinions, religious or other beliefs of a similar nature, trade union or professional membership, religious, philosophical or political association, health or physical or mental condition, medical treatment, genetic data, biometric information, information about an individual's sexual orientation, personal information relating to potential crimes or international sanctions, or your precise geolocation.
We may collect sensitive personal information, always with your consent, such as health or religious information that you provide to us to meet special requests (i.e. health or religious conditions that require specific accommodation or services). For example, if you provide us with details of a physical disability as part of your booking, we may pass these details to your hotel so that they can confirm appropriate access or arrange appropriate access.0
2.2. Financial information
Financial records, credit card information and location data can be sensitive personal information wherever you are.
2.3. Use
We only process sensitive personal information in your jurisdiction if and to the extent permitted or required by applicable law (for example, (i) sanctions or anti-money laundering controls, (ii) to enable hotels to meet your needs, or (iii) to ensure that we can process card payments).
2.4. Consent
It is important to note that where we rely on your consent to process your sensitive personal information, you have the right to withdraw that consent at any time.
3. How we use your personal information for this purpose
We use your personal information to provide the Platforms and other services to you. To the extent permitted by applicable law, we also use your information for our wider business interests, such as planning, risk management and marketing. We describe this in more detail below.
3.1. Reasons for use
Where we process your personal information as a user of the Platforms or as a person with whom we do business, we process that information on one or more of the following ‘legal bases’, depending on the circumstances:
Contract
When you become a member of our site, make a booking via the platforms or receive services from us, our main legal basis for using your personal information is the performance of our contract with you.
Legal obligations
If necessary, we will use your personal information to comply with our tax and other legal obligations.
Sensitive personal information
Where we use your special category information or other information treated as sensitive personal information in a specific territory/country, we must identify an additional condition. This condition will mainly be that the use is necessary to comply with the law or for another important public interest. However, we may sometimes also rely on your consent. Where we rely on your consent, we will explain at the time why we need your information and what we will do with it.
Travel Reservations
We primarily use your personal data to finalise and manage your online Travel Booking - which is essential for us to be able to provide this service to you. This includes sending you communications relating to your Travel Booking, such as confirmations (including the provision of proof of purchase and/or payment, where applicable), amendments and reminders. In some cases this may also include the processing of your personal data, for example to enable online registration with the Travel Supplier or the processing of personal data relating to any security deposits.
Client service
We provide Customer Service in over 3 languages from our local offices. We are here to help you 24 hours a day, 7 days a week. We share your data, such as your booking or user account information, with our international customer service teams to help you when you need us. For example, this may include helping you contact the right Travel Provider and answering questions you may have about your Travel Booking, or anything else.
Account features
Users can create an account on our websites or applications. The information you provide to us is used to manage that account and allow you to perform a number of useful actions. You can manage your Travel Bookings, take advantage of special offers, easily make future Travel Bookings and manage your settings.
These personal settings allow you to create and share lists, share photos, easily find previously viewed Travel Services and verify other information you have provided about your travels.
Marketing activities
We use your data for marketing purposes. When we collect this data, we will explicitly ask you whether you accept or refuse. You may withdraw your consent at any time.
These activities includes :
Using your details to send you regular information about travel products and services. You can unsubscribe from these email marketing communications easily and at any time. To do so, simply click on the ‘Unsubscribe’ link that you will find in all our newsletters and other communications, or manage your preferences from your account settings.
Personalised offers, created from your information, may be made to you on the staays.com website, on its applications and on third party applications/websites (including social networks). Site content may also be personalised. This may include offers that can be booked directly on staays.com or on co-branded sites, or other offers or products from third parties that may be of interest to you.
Communication with you
We may also contact you on other occasions by e-mail, post, telephone or SMS. The means of communication will depend on the contact details you have previously provided.
We also process communications that you send to us. This may be the case for the following reasons in particular:
When you use our services, after each reservation and stay, we may send you a questionnaire or invite you to leave a comment about your experience with staays.com. You can easily unsubscribe at any time.
We also send you other information relating to your Travel Reservations so that you know, for example, how to contact Staays.com if you need to during your stay, or to help you prepare for and enjoy your Travel. You may also receive information about your upcoming Travel Bookings or a summary of your previous Travel Bookings made on Staays.com.
In the event of inappropriate behavior, we may send you a notification and/or warning.
Improving our services
We use personal data for analytical purposes and to improve our products, for example by offering you an even more personalised experience based on how you use our platform to book your accommodation with us. Your personal data may also be used to develop and improve machine learning models and artificial intelligence tools. We want to offer you better services and an optimal user experience.
In this case, we use personal data to carry out tests, solve problems and generate statistics on our activity. Our primary aim is to obtain information about the performance of our services and how they are used, which will enable us to optimise and personalise our website and applications so that they are as intuitive as possible. Wherever possible, we endeavour to use anonymised and de-identified personal data for this analysis.
Customer comments and other information about destinations
During and after your trip, we may invite you to write a comment about your stay. We may also ask travellers who have stayed with you or for whom you have booked to leave a review. This invitation will ask you for information about the Travel Provider or destination.
If you have a Staays.com account, you can choose to display a username next to your comment rather than your real name. If you want to set up a username, go to your account settings. You can also choose to add an avatar.
When you write a review, you agree that it may appear in a number of different places (as explained in our Terms and Conditions): for example, it may appear on the relevant Travel Provider's page on our websites, on our apps, on our social network accounts and social network apps, or on the relevant Travel Provider's online platform or a business partner's website. The purpose is to inform other travellers about the quality of the Travel Service you have used, the destination you have chosen or other experiences you have decided to share.
Calls follow up
When you contact Customer Service, we use an automatic telephone number detection system to find the booking that matches your number. This saves you and our agents time. However, they may ask you to identify yourself so that the details of your booking remain confidential.
Calls made to our Customer Service department may be listened to in real time or recorded for training or service quality control purposes. This includes the use of recordings for complaints handling, legal action and fraud detection.
We do not record all calls. Where a call is recorded, each recording is retained for a limited time before being automatically destroyed. This applies unless we deem it necessary to retain the recording as part of a fraud investigation or for legal purposes.
Promoting a safe and trustworthy service
In order to create an environment of trust for you, your travel companions, our business partners and our Travel Suppliers, we continually use and analyse personal data to detect and prevent fraud and other illegal or undesirable activities.
We also use personal data for security and risk assessment purposes, such as when you report a security concern or when we need to authenticate users and bookings. We may therefore have to block certain bookings or put them on hold until we have completed our assessment.
4. Disclosure of your personal information
The database of Personal Data created for Your use of the Services is strictly confidential. 89LABS undertakes to take all the necessary precautions and organisational and technical measures to preserve the security, integrity and confidentiality of the Personal Data, and in particular to prevent this data from being distorted or damaged, or from being accessed by unauthorised third parties.
Our service providers
We may subcontract the processing of certain functions or the provision of services and/or information to third parties. When we subcontract the processing of your personal information to third parties or provide your personal information to third party service providers, we limit ourselves to cases that are strictly necessary. We supervise data transfers in compliance with the GDPR and require these third parties to protect your personal information with appropriate security measures.
Hotels bookings
Our platforms and services allow you to book and make related requests at hotels that we do not own or operate. When you book a hotel or make a related request, we will pass the information about you that you provide to us to the owner and/or operator of the hotel. The information we provide to these third parties will be treated in accordance with their own privacy policies and procedures, not those of 89Labs.
Company transfers
In the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control over such information, may be one of the transferred assets. In such cases, we may also transfer information to third party legal, technical or financial advisors in connection with the relevant transaction.
Similarly, we may disclose your personal information to a third party we acquire in order to facilitate mergers and acquisitions of our business and for the purposes described above.
Regulators and official authorities
We reserve the right to disclose any personal information we hold about you if we are compelled to do so by a court of law or legally required to do so by a government entity or if we determine that it is necessary or desirable to comply with the law or to protect or defend our rights or property under applicable law..
5. International bank transfer
Due to the international nature of our business, we will need to transfer your personal information to other territories/countries. These territories/countries may have different data protection laws and compliance requirements from the country in which you are located. For example, we will transfer your personal information to your hotel. You can see the territories/countries where each hotel is based on our website.
Where we transfer your personal information to another country, we will ensure that that country has been recognised as offering an adequate level of data protection or implement EU approved standard contractual clauses (GDPR or, where applicable, appropriate clauses approved for use in other jurisdictions). Where we do not have an appropriate safeguard in place, we will identify an exemption, such as your consent or the contract for your hotel stay.
Please contact us if you would like further information about the specific mechanism we use when transferring your personal information, using the contact details provided in section 10 (Contact) below.
6. Retention
We will only retain your personal information (including sensitive personal information) for as long as is reasonably necessary for the purposes for which the information was collected, or as otherwise required by law.
Once the purpose for collecting your personal information has been fulfilled, we will delete your personal information. i.e. three years after our last contact with you, subject to: regulatory requirements to which we are subject, including tax, employment, accounting and securities laws and regulations; whether legal proceedings could be brought against us in which the information would be relevant; the need for the information to provide the Platforms and other services to our customers; and the types and sensitivity of personal information processed (which may result in a shorter period).
7. Children
We do not sell products or services intended for purchase by children. You may only use our websites if you are at least 18 years old and can form legally binding contracts under applicable law. We will only collect information about children with the specific permission of their parents or guardians.
8. Your privacy rights and specific territories/countries.
European Economic Area, Switzerland and United Kingdom
If you are based in the United Kingdom, the European Economic Area or Switzerland, you are under the protection of the European RGPD. You have the right to:
Access your information
Object to the use of your information
Delete information
Portability of your information to other organizations
Correct and update your information if it is inaccurate
Restrict our use of your information while any concerns you raise are resolved
File a complaint with the CNIL
For more information : https://www.cnil.fr/fr
To contact the CNIL, use one of the following options:
Means of Contact | Details |
|---|---|
By phone | +33 (0)1 53 73 22 22 (Monday to Thursday: 9 am – 6:30 pm, Friday: 9 am – 6 pm) |
By mail | CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 |
By online form | CNIL – Use the contact form appropriate for your request. |
By fax | +33 (0)1 53 73 22 00 |
To withdraw your consent, please contact us to hello@staays.com or by mail tot Anthony Reynaud – 89LABS – 3 esplanade Augustin Aussedat 74960 Annecy
To exercise these rights, please contact us using the relevant details provided in section 10 (Contact) below. Please be sure to include your full name, address and telephone number as well as a copy of a document proving your identity (such as an ID card or passport) so that we can verify your identity and whether we have any personal information about you, or in case we need to contact you to obtain any additional information we may need to make this decision. Where you make several successive requests, we may respond to your subsequent request by referring to our previous response and identifying only those elements that have materially changed.
Please note that these rights are not absolute and there are situations in which they cannot be exercised or are irrelevant. You can find more information about your rights on the website of the data protection authority in your country.
We will ensure that other countries outside the European Economic Area have been recognized as offering an adequate level of data protection or we will implement approved standard contractual clauses and in compliance with the European RGPD Regulation.
United-States
Depending on the privacy laws of your state of residence, you may also be able to make some or all of the following requests concerning your personal information:
Access/Right to Know - You have the right to confirm whether we process personal information about you, and you may request that we disclose to you the categories of personal information collected about you (including sensitive personal information), the categories of sources from which personal information is collected, the categories of personal information sold or disclosed, the business purpose for collecting and selling personal information, the categories of third parties with whom we share personal information, the specific personal information collected about you. We will also provide you with information about the processing of your personal information, and information about the logic involved in any automated decision-making processes we use (if applicable), as well as a description of the likely outcome of the process for you.
Deletion - You may request that we delete your personal information that we hold about you, subject to certain exceptions.
Do not sell or share my personal information for behavioral advertising purposes - You may request to opt-out of the sale of your personal information and the sharing of your personal information for cross-contextual behavioral advertising purposes. We use cookies and related technologies for advertising purposes, which may constitute a “sale” or “sharing” of your personal information under certain privacy laws. If you wish to opt out of this cookie-based tracking for advertising purposes, you can update your cookie preferences on our websites by clicking on the cookie center link in the footer of the page you are viewing..
Your opt-out from cookie-based tracking for advertising purposes is specific to the device, website and browser you use and is removed each time you clear your browser cache. This means you need to adjust your cookie preferences on every website, device and browser you use.
Correct or update my personal information - You have the right to request that we correct, update or modify the personal information we maintain about you. If you have an account, you can also update your profile information at any time by visiting the account settings page in your account.
Opting out of automated decision making - You have the right to request to opt out of any profiling or automated decision making, to the extent that we engage in these processing activities.
Limit the use of my sensitive personal information - If you reside in California, with respect to the sensitive personal information identified below, you may request that we limit our use and sharing of such information to only those uses necessary to fulfill our purposes. Relationship with you (such as providing the Platforms and other services, maintaining the quality of the Platforms and other services, or protecting them from illegal activity), or as otherwise permitted by applicable privacy laws.
Eligible persons may request to exercise these rights by sending us an e-mail or calling us using the contact details below or by clicking on the link in the footer of the page you are viewing:
- E-mail - hello@staays.com
We may refuse certain requests, or respond to a request only in part, on the basis of our legal rights and obligations. For example, we may retain personal information to the extent permitted by law, for example for tax or other record-keeping purposes, to maintain an active account, to process transactions and to facilitate user requests.
We will take reasonable steps to verify your identity before responding to your requests. The verification steps will vary depending on the sensitivity of the personal information, the nature of your request and whether or not you have an account with us.
You may designate an authorized agent to make a request on your behalf. When submitting the request, please ensure that the authorized agent is identified as an authorized agent and that he or she has the necessary information to complete the verification process.
In order to exercise these rights, please note the following additional details regarding how we collect and use your personal information as described in this policy:
We may collect and use for our business and commercial purposes the following categories of personal information, in accordance with applicable California law: identifiers; California customer records (such as date of birth, contact and payment information); characteristics of classifications protected under California or federal law (such as demographic information like age and gender); business information; biometric information; information about Internet or other electronic network activity; geolocation data; audio, electronic or visual information; sensitive personal information; and inferences. Please see the sections above for details of the information and sensitive information we collect.
We use the above categories of personal information for the business purposes described in the section above.
We collect personal information from the following categories of sources, as described in more detail above: directly from you, automatically from your devices, from our service providers, from social networks, from our business partners and from our affiliates and parents.
We may disclose each of these categories of personal information to the extent permitted by applicable law with the following categories of parties, as described in more detail above: affiliates and parents, service providers, business partners, advertising networks, data analytics providers, social media networks, other booking platforms, with entities for legal compliance purposes, and with potential acquirers or creditors.
We may “sell” or “share” the following categories of personal information: identifiers; California Customer Records; demographic information; business information; website or mobile application data or other electronic network activities; geolocation data; and deductions. We sell and share this personal information with advertisers, advertising networks and social networks. We do not knowingly sell or share personal information of consumers under the age of 16.
We do not use or disclose sensitive personal information for purposes other than those specified in applicable California privacy regul
RPC
If you reside in the People's Republic of China (for policy purposes, excluding the Hong Kong Special Administrative Region, the Macau Special Administrative Region and Taiwan, the “PRC”), the Personal Information Protection Law (PIPL) applies to the processing of your personal information. Unless otherwise stated in the following paragraphs, the rules indicated in this PRC section apply in addition to and, in the event of contradictions, in place of the other sections of the Policy.
Legal basis for processing
We will seek your consent or follow other applicable legal bases to process your personal information. In particular, we rely on your consent to process your personal information in order to carry out direct marketing activities.
Sensitive personal information
There may be cases in which the personal information you provide to us or that we collect is considered sensitive personal information under the PIPL (for example, government identifiers and financial information). We will only process sensitive personal information if and to the extent permitted or required by applicable law, including obtaining your separate consent where necessary. We will seek to protect such information rigorously using security measures required by applicable laws and, therefore, your sensitive personal information must not be processed in a way that would result in negative implications for your personal rights (for example, damage to your reputation, physical or mental health, safety of persons or property).
International sharing and transfer
Where necessary for the purposes described in the Policy, subject to your consent where required, your personal information may be shared with third parties located within or outside the PRC. We will only share personal information that is necessary for the purposes indicated in the sections above.
If required by applicable laws, we will conduct a security assessment and/or undergo personal information protection certification or sign standard contracts for the cross-border transmission of personal information and take the necessary measures to ensure that the processing of the overseas recipient's personal information meets the relevant personal requirements.
Your rights under PIPL
You may have certain rights in relation to your personal information. These rights include access, rectification, erasure, restriction or objection, withdrawal of consent, data portability, account deletion, right to request explanations.
To exercise these rights, please contact us using the relevant details provided in section 10 (Contact) below. To ensure security, we will process your request as soon as possible and within the required timeframe after verifying your identity. We may refuse requests that are unreasonably repetitive, require too many technical methods (for example, the development of new systems or fundamental changes to current practices), present risks to the rights and interests of others or are highly impractical.
Mexico
If you are based in Mexico or otherwise subject to Mexican data protection laws (including data protection under the Federal Law on the Protection of Data Held by Private Parties (the Law)), the data controller for the use, processing and protection of your personal data will be the company with which you have contracted our services. You will find the relevant contact details in section 9 (Contact) below.
As the owner of your personal data, you have the right to:
Access your information and find out how we use it and the specific terms and conditions governing its use
Object to the use and sharing of your information
Unsubscribe from direct marketing
Remove your information from our database when you consider that it is not being processed in accordance with applicable laws
Correct and update your information if it is inaccurate, out of date or incomplete.
Please note that these rights are not absolute and that there are situations in which they cannot be exercised or are irrelevant. You can find out more about your rights on the website of the National Institute for Transparency, Access to Information and Protection of Personal Data.
Consent
If you are based in Mexico or subject to Mexican data protection laws, you consent, where applicable, to 89Labs' use of your personal information as described in this policy, unless you expressly object, by sending an e-mail to hello@staays.com. Consent is not required for any processing necessary for a contract between you and 89Labs, or for matters referred to in Article 10 of the Act.
Where we rely on your consent to process your personal information, you have the right to withdraw that consent. However, in some cases, we may not be able to respond to your request or may cease processing your information immediately due to legal or tax obligations to which we are subject. In addition, withdrawing your consent for certain purposes may result in our inability to provide the service you have requested or the termination of the agreement we have with you. Consequently, you may withdraw your consent or object only to those purposes that are not essential to the performance of our agreement with you or to the fulfilment of our obligations.
Your consent may be given by accepting this policy, through a third party, in person or by any other reasonable means used by 89Labs.
By providing personal information of third parties to 89Labs, you confirm that you have provided the third party with a copy of this policy and, where necessary, have obtained their consent to any processing of their personal data by 89Labs.
The foregoing is without prejudice to your ability to exercise your rights under the law.
Limiting the use and disclosure of your information
You can limit the use and disclosure of your personal information by registering with :
The public register to avoid advertising, managed by the Federal Consumer Protection Agency (PROFECO), which prevents your data from being used to receive advertising or offers of goods and services. To do so, please visit the official PROFECO website; or
Our opt-out list, which ensures that your personal information is not processed by us for marketing, advertising or commercial purposes.
How to make a request
In order to (i) exercise any of your rights; (ii) withdraw your consent, and (iii) limit the use or disclosure of your personal information, or obtain more information about the procedure and requirements for doing so, you should submit a request to our Privacy Department using the relevant contact details provided in section 9 (Contact) below. Your request must include:
Full name of the owner of the personal data ;
A description of the personal data related to your request;
A specific reference to the right(s) you wish to exercise, if any, or if you wish to withdraw your consent or limit the use or disclosure of your personal data; and
Your address or any other means by which we can reply to your request.
To verify your identity, please attach a copy of your official identification document to your request. If the request is made by a legal representative, you must provide proof of their authority to act on your behalf.
Please note that the team in charge of processing your request to exercise your rights or revoke consent will respond to your request within twenty (20) working days from the date you submitted your request.
9. Cookies policy
When using the Services, information relating to the browsing of Your computer, tablet, smartphone, etc. (“Terminal”) may be recorded in text files called “cookies” installed on Your Terminal, subject to the choices You may have expressed concerning “cookies” and which You may modify at any time (see Article 9.4 below).
9.1 What is a cookie ?
A “cookie” is a small text, image or software file that We may record on the hard disk of Your Terminal through Your Internet browser when You use the Services, subject to Your agreement and unless You object.
A “cookie” enables its issuer, during its period of validity, to recognize the Terminal concerned each time this Terminal accesses digital content containing “cookies” from the same issuer.
Once installed, “cookies” enable Us to recognize You each time You visit the Services, and therefore to enable You to benefit from all the functionalities of the Services, to indicate Your visit to a particular page and thus to provide You with an additional service. They also enable Us to improve Your browsing comfort, secure Your connection or adapt the content of a page to Your centers of interest or usage preferences.
The information recorded by “cookies”, for a limited period of validity (see Article 10.3 below), concerns in particular the pages visited, the advertisements You have clicked on, the type of browser You are using, as well as other data that Our online services process automatically, such as the identity of Your Internet access provider, Your IP address or the information You have entered on the Services (in order to avoid re-entering it).
Cookies” are not active files, and therefore cannot host viruses. For more information, please visit www.allaboutcookies.org.
9.2 What are cookies used for ?
Only the sender of a “cookie” is likely to read or modify the information contained therein.
Cookies” are used for the purposes described below, subject to Your choices, which You may express and modify at any time via the settings of the browser software used when You browse the Services.
9.2.1 Browsing cookies
Navigation “cookies” are used to improve the performance of the Services in order to provide the User with a better use of the Services. These “cookies” do not require the User's prior information and consent to be deposited on the User's Terminal.
More specifically, these browsing “cookies” enable us to:
Adapt the presentation of the Services to Your Terminal's display preferences (language used, display resolution, operating system used, etc.) when You use the Services, depending on the hardware and software Your Terminal is equipped with;
Allow access to a reserved area subject to login and password;
To store information relating to forms that You have filled in when using the Services;
To memorize Your usage preferences, display settings and the readers You use, in order to facilitate Your navigation during Your next visit to the Services;
To adapt the informational or promotional content of the Services according to Your assumed or declared interests and preferences, or as a result of Your navigation on the Services, and according to Your place of connection to the Services;
To implement security measures, for example when the User is asked to reconnect to a Service after a certain period of time has elapsed.
9.2.2 Statistical cookies
Statistical “cookies” issued on the Services are used to compile statistics and measures of visitor numbers and the use of the various elements making up the Services (sections and content visited, path taken, etc.), enabling Us to improve the interest and ergonomics of the Services.
The results of statistical cookie analyses are processed anonymously and for statistical purposes only.
9.2.3 Advertising cookies and third-party cookies
Advertising “cookies” and third-party “cookies” are used in particular to:
Determine in real time which advertisement to display based on Your recent browsing history, in order to limit the number of times an advertisement is displayed and to help measure the effectiveness of an advertising campaign;
To personalize Your browsing experience on the Services, to maintain and improve the quality of Our Services and to protect You from fraudulent activity. When third-party sites, such as social networking sites, receive information contained in “cookies” through the use of a specific module of the Services, this information is assumed to be anonymous and is intended solely to enable Your identification on the Services.
9.2.4 Validity of cookies
The “cookies” issued on the Services are session “cookies” (the duration of which is limited to the time of a connection to the Services) and persistent “cookies” (the duration of which, however limited, is longer than the duration of a connection).
Session cookies are active only for the duration of your visit, and are deleted when you close your browser. Persistent cookies remain stored on the hard disk of Your Terminal once Your browser has been closed.
In accordance with Applicable Regulations and the recommendations of the Commission Nationale Informatique et Libertés (“CNIL”), 89labs undertakes not to retain Your Personal Data beyond the period strictly necessary for the purposes for which they were collected, and in accordance with Applicable Regulations. Personal Data will be kept for 3 years from the last interaction initiated by the User on our site or platforms.
89LABS undertakes to anonymize or delete Your Personal Data as soon as the established purpose and/or retention period has expired.
At the end of this period, Your consent must be obtained again for the collection of cookies subject to consent.
9.2.5 Your choices concerning cookies
All the rights of the User recognized in Article 5 of the Charter are also applicable to the use of “cookies”.
You have several options for managing cookies.
The User understands that cookies improve browsing comfort on the Services. Any settings that the User may make may modify his or her browsing on the Services and his or her conditions of access to certain services requiring the use of cookies. 89Labs cannot be held responsible for the consequences of less efficient operation of the Services due to the impossibility of installing or reading “cookies” required for their proper operation, once the User has rejected or deleted them.
Users may configure their browser software so that cookies are stored in their Terminal or, on the contrary, rejected, either systematically or depending on the sender. Users may also configure their browsing software so that acceptance or rejection of cookies is proposed from time to time, before a cookie is likely to be recorded on their Terminal.
Please note that exercising your right to refuse cookies will not prevent the display of advertisements. Only advertisements using the Services' personalization services will cease. In other words, the User will no longer be exposed to advertising tailored to his or her centers of interest via the use of “cookies” on the Services, but will continue to be shown advertising whose content will no longer necessarily be in line with his or her centers of interest, or may even be dubious.
The help menu or dedicated section of Your browser will enable You to find out how to express or modify Your preferences with regard to “cookies” :
For Internet Explorer™ : windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
For Safari™ : support.apple.com/fr-fr/guide/safari/sfri11471/mac
For Chrome™ : support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647
For Firefox™ : support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies
For Opera™ : help.opera.com/en/latest/web-preferences/#cookies
iOS : support.apple.com/fr-fr/HT201265
Android : support.google.com/accounts/answer/61416?co=GENIE.Platform%3DAndroid&hl=fr
10. Contact
General
If you have any questions about this policy or wish to exercise any of your rights, please contact us by clicking on the link in the footer of the page you are viewing.
You can also contact us by e-mail at hello@staays.com , by post at 89Labs - 3 esplanade Augustin Aussedat - 74960 Annecy , by submitting a form on our website.
This policy may be modified, changed or updated as a result of new legal requirements, internal needs, improvements to our privacy practices or for other reasons. Any changes to this policy will be posted on this Web site.
CNIL
(Commission nationale de l’informatique et des libertés) is the French authority responsible for protecting personal data.
To assert your data protection rights, you must first contact the organizations that hold your data, i.e. 89Labs, directly. To find out how to contact them, see above.
In the event of difficulties, an unsatisfactory response or no response at all, you can refer the matter to the CNIL.
For further information: https://www.cnil.fr/fr
There are several ways of contacting the CNIL: