Get in touch with Nick and Mia.
+33 (0) 4 93 24 41 38
relax@le-foulon.com
Le Foulon, 4220 Route de Grasse, 06620, Gréolières, France
  2. Home
  3. Renting
  4. Terms & Conditions
  5. Privacy Policy

Privacy Policy

1. Introduction

Le Foulon ("we", "our", "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, process, store, and share your personal data when you interact with us, whether through our website (https://www.le-foulon.com), by email, phone, or in person at our premises in Gréolières, France.

We comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the relevant French data protection laws as enforced by the Commission Nationale de l'Informatique et des Libertés (CNIL).

By using our services or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

2. Who We Are

Le Foulon
4220 Route de Grasse
06620, Gréolières, France

Telephone: +33 (0) 4 93 24 41 38
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

3. Personal Data We Collect

We may collect various types of personal data from you, including but not limited to:

  • Contact Information: Name, email address, postal address, phone number.

  • Booking and Service Information: Details related to your villa rental, wedding, group holiday, party, retreat venue bookings, including dates, number of guests, specific requirements, and payment information (e.g., credit card details, billing address).

  • Communication Data: Information you provide when you communicate with us via email, phone, contact forms on our website, or social media. This may include the content of your communications and metadata associated with them.

  • Technical Data: Information about your device and how you interact with our website, such as your IP address, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths. This is primarily collected through cookies (see Section 8).

  • Survey and Feedback Data: Information you provide when participating in surveys or providing feedback on our services.

4. How We Collect Your Personal Data

We collect personal data through the following methods:

  • Directly from you: When you make an inquiry, a booking, fill out a contact form on our website, subscribe to our newsletter, communicate with us by phone or email, or provide information in person.

  • Automatically: When you visit our website, through the use of cookies and similar technologies (see Section 8).

  • From third parties: In certain circumstances, we may receive personal data about you from third-party booking platforms or travel agencies through which you make a reservation with us.

5. Purposes and Legal Basis for Processing Your Personal Data

We process your personal data for the following purposes and on the following legal bases: 

Purpose of Processing

Type of Data

Legal Basis for Processing

To provide our services and fulfil your requests: This includes managing your bookings, processing payments, communicating with you about your stay or event, and providing customer support.

Contact Information, Booking and Service Information, Communication Data

Performance of a contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

To respond to your inquiries and communications: This includes answering your questions, providing information, and addressing any concerns you may have.

Contact Information, Communication Data

Legitimate interests: It is in our legitimate interest to respond to your queries and maintain good customer relations.

To manage and improve our website and services: This includes analysing website usage, identifying technical issues, and enhancing user experience and functionality.

Technical Data, Communication Data

Legitimate interests: It is in our legitimate interest to ensure our website is functional, secure, and user-friendly, and to continuously improve our offerings.

For marketing and promotional purposes:To send you newsletters, special offers, and information about our services that may be of interest to you, if you have opted in to receive such communications.

Contact Information

Consent: We will obtain your explicit consent before sending you direct marketing communications. You have the right to withdraw your consent at any time.

To comply with legal obligations: This includes fulfilling accounting, tax, and other legal or regulatory requirements.

Contact Information, Booking and Service Information

Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

For internal record-keeping and administrative purposes: To maintain accurate records of our operations and manage our business effectively.

All categories of data collected

Legitimate interests: It is in our legitimate interest to maintain proper records for administrative efficiency and to support business operations.

For security and fraud prevention: To protect our premises, website, and data from unauthorized access, fraud, or other illegal activities.

Technical Data, limited Contact and Booking data

Legitimate interests: It is in our legitimate interest to protect our assets and operations. Legal obligation: In some cases, necessary for compliance with a legal obligation related to security.

 

6. Data Sharing and Transfers

We may share your personal data with the following categories of recipients:

  • Third-party service providers: We may engage trusted third-party service providers to assist us in operating our business and providing services to you (e.g., payment processors, IT service providers, website hosting, email service providers). These providers are contractually bound to process data only on our instructions and to implement appropriate security measures.

  • Business partners: If you have booked through a travel agent or booking platform, we may share relevant information with them to facilitate your booking.

  • Law enforcement or regulatory authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

  • Professional advisors: Such as lawyers, accountants, or consultants, where necessary for professional advice.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

International Transfers:

Le Foulon primarily processes data within the European Union (EU). If we ever need to transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the European Commission, or by ensuring the recipient country has been deemed to provide an adequate level of data protection by the European Commission.

7. Data Security Measures

We have implemented appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures include:

  • Physical security: Protecting our premises and hardware.

  • Access controls: Limiting access to personal data to authorised personnel only.

  • Data encryption: Encrypting data where appropriate, especially for sensitive information.

  • Regular security assessments and audits: To identify and address potential vulnerabilities.

  • Employee training: Ensuring our staff are aware of their data protection obligations.

  • Secure networks and systems: Implementing firewalls and other network security measures.

Despite these measures, no data transmission over the internet or electronic storage method can be guaranteed to be 100% secure.

8. Cookies

Our website uses cookies to enhance your Browse experience, analyse website traffic, and for other purposes as described in the following table.

The cookies on this website are disabled.
This decision can be reversed anytime by clicking the below button "Allow Cookies".

What are cookies?

Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site.

Types of cookies we use:

  • Strictly Necessary Cookies: These cookies are essential for our website to function correctly (e.g., to save your cookie consent choices). You cannot refuse these cookies without impacting how our website operates.

  • Audience Measurement Cookies (Analytics Cookies): These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., pages visited, time spent on pages, referral source). We use tools like AT Internet, which, under CNIL guidelines, may be exempt from requiring explicit consent under certain conditions if data is anonymized and limited in retention. However, we aim to provide you with an option to refuse these.

Your cookie choices:

Upon your first visit to our website, you will be presented with a cookie banner allowing you to manage your preferences. In accordance with CNIL requirements, this banner will include a "Reject All" button for non-essential cookies. You can also adjust your browser settings to refuse or delete cookies. However, please note that blocking some types of cookies may impact your experience of the site and the services we are able to offer.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The specific retention periods vary depending on the type of data and the purpose of processing:

  • Booking and Service Data: Generally retained for the duration of the contract and for a period thereafter as required by tax and accounting laws (e.g., 10 years in France for accounting records).

  • Communication Data: Retained for a period necessary to manage ongoing inquiries and maintain business records, typically up to 1-2 years after the last interaction, unless longer retention is required by law.

  • Marketing Consent Data: Retained until you withdraw your consent or object to processing for direct marketing purposes.

  • Technical Data (Cookies): As detailed in our Cookie Policy, e.g., audience measurement cookies for up to 13 months.

  • Data for Exercising Rights: Information related to your data subject requests will be retained for the remainder of the current year plus two years to demonstrate compliance with your request.

Once the retention period expires, your personal data will be securely deleted or anonymised.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be informed (Article 13 & 14 GDPR): To receive clear, transparent, and easily understandable information about how we use your personal data and your rights. This Privacy Policy serves this purpose.

  • Right of access (Article 15 GDPR): To obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and certain information about its processing.

  • Right to rectification (Article 16 GDPR): To have inaccurate personal data concerning you rectified without undue delay, and to have incomplete personal data completed.

  • Right to erasure ('right to be forgotten') (Article 17 GDPR): To request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This is not an absolute right and applies in specific circumstances.

  • Right to restriction of processing (Article 18 GDPR): To 'block' or suppress the processing of your personal data in certain circumstances (e.g., if you contest the accuracy of the data, for a period enabling us to verify its accuracy).

  • Right to data portability (Article 20 GDPR): To obtain your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance from us, where technically feasible.

  • Right to object (Article 21 GDPR): To object to the processing of your personal data in certain situations, particularly where processing is based on legitimate interests or for direct marketing purposes.

  • Rights in relation to automated decision-making and profiling (Article 22 GDPR): To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply. Le Foulon does not currently engage in such automated decision-making or profiling activities with significant effects.

  • Right to withdraw consent (Article 7(3) GDPR): Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11. How to Exercise Your Rights

To exercise any of your rights, please contact us using the contact details provided below:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Postal Address: Le Foulon, 4220 Route de Grasse, 06620, Gréolières, France

To help us respond to your request effectively, please:

  • State which right you wish to exercise.

  • Provide enough information to allow us to identify you (e.g., name, email address, booking reference). We may ask for additional information to verify your identity before processing your request.

  • Describe the personal data or processing activities your request relates to.

We will respond to your request without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. 

12. Lodging a Complaint

If you have concerns about our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés):

CNIL
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France

Website: www.cnil.fr

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be posted on our website, and we will indicate the effective date of the latest revision. We encourage you to review this policy periodically. If significant changes are made, we will notify you directly through appropriate means (e.g., email or a prominent notice on our website).

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please do not hesitate to contact us:

Le Foulon
4220 Route de Grasse
06620, Gréolières, France

Telephone: +33 (0) 4 93 24 41 38
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Effective Date: 27 June 2025