Menu

Menu

Contact

Castle

the castle
& the park

Visit
Domain

Reception

Organize a

Privacy Policy

This privacy policy aims to inform any concerned person about how the entities of the Domaine du Château d’Arcelot (SAS Domaine du Château d’Arcelot, SAS Château d’Arcelot, and Marguerite Jouffroy) collect and process personal data, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (GDPR) and French Law No. 78-17 of 6 January 1978 as amended, known as the “Informatique et Libertés” law.

 

This policy applies to all processing carried out:

 

  • – on the website www.arcelot.com;
  • – in connection with on-site activities carried out by the three entities, including the organisation of tours, receptions, the rental of rooms, equipment and holiday cottages, as well as the management of staff and service providers.

 

For the purposes of this Policy, the terms “Process” or “Processing” refer to any operation or set of operations performed on the Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, extraction, consultation, use, restriction, erasure or destruction.

 

The term “Data” refers to any information relating to an identified or identifiable person, in particular by reference to an identifier such as a name, identification number, location data, or one or more specific elements pertaining to that person.

 

  1. Data Controller

The personal data processing activities are carried out by the following entities:

 

  • – SAS Domaine du Château d’Arcelot: room and equipment rental;
  • – SAS Château d’Arcelot: organisation of tours and receptions;
  • – Marguerite Jouffroy: operation of holiday cottages.

 

These entities may act as joint controllers for certain shared processing activities, particularly those relating to customer management and the website www.arcelot.com.

For any questions related to personal data protection, you may contact: comptabilite@arcelot.com.

 

  1. Data Collected

The following data may be collected:

 

  • – Identification and contact data: last name, first name, email address, phone number, postal address;
  • – Booking or quotation request data: information relating to events, tours or stays;
  • – Connection and browsing data (IP address, logs, cookies);
  • – Data relating to commercial prospecting, if you consent to receiving communications from the Domaine du Château d’Arcelot;
  • – Data relating to employees, candidates and service providers (contact details, administrative and contractual information);
  • – Data from the video surveillance system (images recorded at the entrance of the Domaine and at the Trianon).
  1. Purposes of Processing

Data is collected and processed for the following purposes:

  • management of contact requests and bookings;
  • organisation of tours, receptions, events and stays; organisation of tours, events and rentals;
  • invoicing and administrative follow-up;
  • institutional communication and commercial prospecting;
  • technical management and security of the website (cookies, audience measurement);
  • human resources management and management of staff made available;
  • management of service providers and suppliers;
  • protection of people and property through video surveillance.

 

  1. Legal Bases for Processing

Processing is based on:

 

  • – the performance of a contract or pre-contractual measures (bookings, quotations);
  • – compliance with legal obligations (invoicing, accounting);
  • – the user’s consent for commercial prospecting and cookies;
  • – the legitimate interest of the Domaine d’Arcelot to ensure the security of the website and improve its services;
  • – the legitimate interest of the Domaine d’Arcelot for the management of its activities, security and fraud prevention.

 

  1. Data Recipients

The data is intended for the internal departments of the entities of the Domaine d’Arcelot and their service providers (website host, approved IT provider, chartered accountant, secure payment operator, communication provider).

 

It is never sold or transferred to third parties for commercial purposes.

 

  1. Data Retention Period

Personal data is retained only for as long as necessary for the purposes pursued:

 

  • – contact and booking data: 5 years after the last interaction;
  • – invoicing data: 10 years (legal requirement);
  • – HR data: duration of the contract + 5 years after the employee’s departure;
  • – video surveillance images: up to 30 days;
  • – prospecting data: 3 years from the last contact;
  • – cookie data: according to the duration indicated in the cookie consent banner.

 

  1. Cookies and Trackers

The website uses cookies necessary for its proper functioning and, subject to your consent, analytical and audience measurement cookies (including Google Analytics) used to measure traffic and usage. You can accept or refuse cookies via the cookie management banner or configure your browser to disable them.

 

The placement of non-essential cookies requires your prior consent, in accordance with CNIL recommendations. You may withdraw your consent at any time.

 

  1. Rights of Data Subjects

In accordance with Articles 14 to 22 of the General Data Protection Regulation 2016/679 of 27 April 2016, any individual using the website may exercise the following rights:

 

– the right of access, rectification and deletion of collected data,

– the right to object to the Processing of their data,

– the right to restrict Processing,

– the right to data portability,

– the right to formulate instructions regarding the retention, erasure and communication of their personal data after their death, in accordance with Article 40-1 of the French “Informatique et Libertés” law.

 

These rights may be exercised by email at the following address: comptabilite@arcelot.com. Any request must include proof of identity. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

 

  1. Data Security

The Domaine du Château d’Arcelot implements all appropriate technical and organisational measures to ensure the security, integrity and confidentiality of collected personal data.

 

These measures include access management, regular backups, data encryption, and staff awareness training.

 

External service providers are contractually bound to respect confidentiality and implement GDPR-compliant security measures.

 

  1. Data Transfers Outside the European Union

Data may be transferred outside the European Union when using audience measurement tools (such as Google Analytics).

 

These transfers are governed by the standard contractual clauses adopted by the European Commission, ensuring an adequate level of protection for personal data.

 

  1. Changes to the Privacy Policy

This privacy policy may be amended at any time to reflect legal developments or changes to processing activities. Users are invited to consult it regularly on the website.