Privacy Policy

Version 2

En cas de contradiction entre la version française et la version anglaise de la présente politique de confidentialité, la version française fera foi.

-

In the event of any discrepancy between the French and English versions of this Privacy Policy, the French version shall prevail.

  1. Objective and Scope of the Policy

HtoH places the utmost importance and care on protecting privacy and Personal Data, as well as complying with applicable legislation.


Regulation (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data (hereinafter "GDPR") states that Personal Data must be processed lawfully, fairly, and transparently. Therefore, this privacy policy (hereinafter the "Privacy Policy") aims to provide you with simple, clear information about the processing of personal data concerning you in the context of your browsing and operations carried out on our website.


Our Privacy Policy informs you about the uses of your personal information that we perform during your browsing on our Mobile Application (hereinafter, the "Mobile Application") and the provision of our Service (hereinafter, the "Service").


Committed to protecting your privacy, HtoH does everything possible to protect the confidentiality of your personal information and undertakes to comply with the regulations in force in France and the European Union regarding the protection of personal data.


By using our Mobile Application, you accept the terms and conditions of the Privacy Policy. In case of disagreement with any of the provisions of the Privacy Policy, we kindly ask you not to use our Mobile Application and/or not to use our Service.


We invite you to take the time to read the Privacy Policy in its entirety. We are available to answer any questions you may have at contact@htoh.io, particularly regarding the exercise of your rights over your personal data described in Article 9 below.

  1. Data Controller

In the context of your activity on the Mobile Application, we collect and use Personal Data related to you, natural persons (hereinafter "Data Subject").


For all processing, Home to Home Corporate Services, a simplified joint-stock company, registered with the RCS under number 852 343 854 RCS Nanterre with a capital of €5,537.10, located at 12, avenue du bois de la marche – 92420 Vaucresson, determines the means and purposes of the processing. Thus, we act as the data controller, as defined by the GDPR.

  1. What Personal Data Do We Collect and How?

By using our Service, you provide us with certain information about yourself, some of which can identify you ("Personal Data"). This is the case when you fill out online forms.

The nature and quality of the Personal Data collected about you vary depending on the relationships you establish with HTOH, the main ones being:

  • Identification Data: This includes all information that would allow us to identify you, such as your first name, last name, and phone number. We also collect your email address and postal address (in case of payment, the postal address will be necessary to generate an invoice). In case of a subscription, proof of identity may also be required.

  • Connection Data: This is all the information we need to access your personal account, such as your password and other information necessary for authentication and account access. We also collect your IP address for maintenance and statistical purposes.

  • Financial Data: This corresponds to banking data (credit card).

  • Documents of Various Types (PDF, Office format, Image) with titles, contents, folder names, or information related to a document, such as comments written in the documents, alert dates, and reminder dates.

  • Information Related to Your Browsing: By browsing our application, you interact with it. Therefore, certain information related to your browsing is collected.

  • Data Collected from Third Parties: Personal Data that you have agreed to share with us or on public social networks and/or that we could collect from other publicly accessible databases.

  1. Why Do We Collect Your Personal Data and How?

We collect your Personal Data for specific purposes and on different legal bases.


In the context of the execution of the contract or pre-contractual measures, your Data is processed for the following purposes:

  • Execution and provision of our Service in accordance with our General Terms and Conditions;

  • Order management;

  • Contract management;

  • Management of your customer account;

  • Management of claims and after-sales service;

  • Management of your professional and personal travel;

  • Satisfying the legitimate interests of HtoH, such as managing the commercial relationship with its prospects and customers, ensuring the proper functioning of the Mobile Application;

  • Complying with laws, regulations, and legal requests and orders applicable to HtoH.


Based on your consent, your Data is processed for the following purposes:

  • Carrying out commercial prospecting and marketing operations;

  • Transmission of your Data to partners;

  • Management of the newsletter;

  • Management of cookies requiring your consent.


In the context of the legitimate interest of HtoH, your Data is processed for the following purposes:

  • Establishment of statistics for improving products and services;

  • Conducting satisfaction surveys and polls;

  • Management of pre-litigation and litigation;

  • Simplifying your travel experience.


In the context of the legal and regulatory obligations to which HTOH is subject, your Data is processed for the following purposes:

  • Fight against Fraud;

  • Fight against Money Laundering and the Financing of Terrorism;

  • Keeping of general and auxiliary accounting;

  1. Do We Share Your Personal Data?

Your Data is intended for authorized HtoH collaborators responsible for managing and executing contracts and legal obligations, depending on the purposes of the collection and within the limits of their respective responsibilities.


They are possibly transmitted for certain tasks related to the purposes, and within the limits of their respective missions and authorizations, to the following recipients:

  • Entities of the HTOH Group in the context of outsourcing activities to another entity of the group;

  • Service providers and subcontractors to whom we call upon to perform a set of operations and tasks on our behalf, namely:

    • Cegid Notilus

    • CDS Groupe

    • Amadeus

    • Award Wallet

    • Advito

    • BCD Travel

    • Hubtobee

  • Duly authorized public authorities (judicial, regulatory, etc.) in the context of our legal and regulatory obligations;

  • Regulated professions (lawyers, bailiffs, etc.) who may intervene in the context of the implementation of guarantees, recovery, or litigation.

When your Data is communicated to our service providers and subcontractors, they are also required not to use the Data for purposes other than those initially intended. We do everything possible to ensure that these Third Parties preserve the confidentiality and security of your Data.


In any case, only the necessary Data is provided. We do everything possible to ensure secure communication or transmission of your Data.

We do not sell your Data.

  1. Is Your Personal Data Transferred to Third Countries?

HTOH strives to keep Personal Data in France or at least within the European Economic Area (EEA).


However, it is possible that the Data we collect when you use our Mobile Application or in the context of our Service may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.


In case of such a Transfer, we ensure that it is carried out:

  • To a country ensuring an adequate level of protection, i.e., a level of protection equivalent to what European Regulations require;

  • Within the framework of standard contractual clauses;

  • Within the framework of binding corporate rules.

  1. How Long Do We Keep Your Personal Data?

We keep your Personal Data only for the time necessary to achieve the purpose for which we hold this Data, in order to meet your needs or to fulfill our legal obligations.


The retention periods vary depending on several factors, such as:

  • The needs of HtoH's activities;

  • Contractual requirements;

  • Legal obligations;

  • Recommendations from regulatory authorities.


The table below summarizes the different maximum retention periods applicable or imposed on HtoH depending on the purposes for which your Personal Data may be processed. These maximum periods apply unless you request the deletion or cessation of use of your data before their expiration for a reason compatible with any legal obligation that may be imposed on HtoH and/or compliance with limitation periods.


Purposes - Execution of Services

Retention Periods - 5 years from the last interaction with the customer

 

Purposes - Management of the commercial relationship with customers and/or prospects

Retention Periods - 3 years after the last contact with the customer and/or prospect

 

Purposes - Proper functioning of the Site

Retention Periods - 1 year

  1. How Do We Ensure the Security of Your Personal Data?

HTOH is committed to protecting the Personal Data we collect or process against loss, destruction, alteration, unauthorized access, or disclosure.

Thus, we implement all appropriate technical and organizational measures, depending on the nature of the Data and the risks involved in processing it. These measures must preserve the security and confidentiality of your Personal Data. They may include practices such as limited access to Personal Data by authorized persons due to their functions, pseudonymization, or encryption.

Additionally, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, backup copy, software, etc.) are regularly reviewed and updated if necessary.

Although HtoH implements all possible measures to protect your Personal Data, we cannot guarantee the security of information transmitted on our Mobile Application during its transit via the Internet using an unsecured protocol.

  1. What Are Your Rights?

The GDPR provides Data Subjects with rights that they can exercise. Thus, the following are provided:

  • Right to Information: The right to have clear, precise, and complete information on the use of Personal Data by HtoH.

  • Right of Access: The right to obtain a copy of the Personal Data that the Data Controller holds on the applicant.

  • Right of Rectification: The right to have Personal Data rectified if it is inaccurate or outdated and/or to complete it if it is incomplete.

  • Right to Erasure / Right to be Forgotten: The right, under certain conditions, to have Data erased or deleted, unless HtoH has a legitimate interest in retaining it.

  • Right to Object: The right to object to the Processing of Personal Data by HtoH for reasons related to the applicant's particular situation (under conditions).

  • Right to Withdraw Consent: The right to withdraw consent at any time when the Processing is based on consent.

  • Right to Restrict Processing: The right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended.

  • Right to Data Portability: The right to request that Personal Data be transmitted in a reusable format allowing it to be used in another database.

  • Right Not to be Subject to Automated Decision-Making: The right for the applicant to refuse entirely automated decision-making and/or to exercise the additional safeguards offered in this regard.

  • Right to Define Post-Mortem Directives: The right for the applicant to define directives relating to the fate of Personal Data after their death.


Additional rights may be granted to Data Subjects by local regulations.

To this end, HtoH has implemented a procedure for managing the rights of Data Subjects in accordance with the requirements of applicable legislation. This procedure establishes:

  • The standards to be respected to ensure the transparent information of Data Subjects;

  • The legal requirements that must be respected;

  • The authorized means for submitting a request for each right, depending on the category of Data Subjects;

  • The operational processes for handling these requests in accordance with the aforementioned requirements;

  • The parties involved in these processes, their roles, and responsibilities.

To exercise your rights, you can contact the Data Protection Officer (DPO): privacy@htoh.io


By mail:

Home to Home Corporate Services

29-31, rue de l’Abreuvoir

92100 Boulogne


When you send us a request to exercise your rights, you are asked to specify as much as possible the scope of the request, the type of right exercised, the Processing of Personal Data concerned, and any other useful element to facilitate the examination of your request. Furthermore, in case of reasonable doubt, you may be asked to justify your identity.

You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, regarding the manner in which [HTOH] collects and processes your data.

  1. Update of This Privacy Policy

This Policy may be regularly updated to reflect changes in the regulations regarding Personal Data.

Last updated: May 2024