PRIVACY POLICY
ARTICLE 1: INTRODUCTION
MySunbed aims to offer the best possible experience to its users and customers. In the context of the services offered and for the purpose of continuously improving our services, we collect certain personal data.
All data is collected, stored, and used by us in accordance with the General Data Protection Regulation (EU) No. 2016/679 ('GDPR') and is never sold to third-party companies.
This privacy policy aims to inform users of the site:
How their personal data is collected and processed. Personal data refers to any data that can identify a user;
What rights users have regarding their data;
Who is responsible for processing the collected and processed data;
To whom the data is transmitted;
The site's policy regarding cookies.
This privacy policy supplements the legal notice and the General Terms and Conditions of Use and Sale, which users can consult at the following address:
ARTICLE 2: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with Article 5 of European Regulation 2016/679, the collection and processing of user data on the site respect the following principles:
Lawfulness, fairness and transparency: data can only be collected and processed with the consent of the data subject. Whenever personal data is collected, the user will be informed that their data is being collected and for what purpose;
Purpose limitation: the collection and processing of data is carried out to meet one or more objectives set out in this privacy policy;
Data minimization: only the data necessary for the proper execution of the site's objectives is collected;
Storage limitation: data is retained for a limited period, of which the user is informed. Where this duration cannot be specified, the criteria used to determine it will be provided;
Integrity and confidentiality: the data controller undertakes to guarantee the integrity and confidentiality of the collected data.
To be lawful and in accordance with Article 6 of the European Regulation 2016/679, the collection and processing of personal data can only occur if at least one of the following conditions is met:
The user has expressly consented to the processing;
The processing is necessary for the performance of a contract;
The processing is necessary for compliance with a legal obligation;
The processing is necessary to protect the vital interests of the data subject or another natural person;
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED WHILE USING THE SITE
We use your data only with your consent, for contract performance, or based on legitimate interest.
Except as specified below, only MySunbed personnel have access to your data to perform booking services and respond to messages via email or the website's contact form.
Data is also processed in the following cases:
To send you our communications (MySunbed newsletters and promotional offers)
To allow you to leave reviews for establishments where you booked services.
3. A. Your User Account and Orders on MySunbed
When you create an account or place a service order on MySunbed, the following data may be recorded based on the type of service to fulfill the order:
Title, first name, and last name
City and postal code
Date of birth
Nationality
Language
Phone number
Email address
Password chosen by the user
Optional consent to receive newsletters and promotional content
Payment method used (only when ordering)
Order date and time
We will send you booking-related emails (confirmations, updates, reminders, cancellations) and user account management emails (e.g., password resets). These are required to execute the contract under appropriate data protection measures.
The personal data collected and used for this purpose is retained as long as your MySunbed account exists – 3 months from account deletion or 5 years and 3 months after inactivity.
3. B. Our Exchanges via Contact Form or Email
Our website provides a contact form to communicate with us.
You provide your first and last name, email address, and subject of your request. Address, phone number, and other data in the message are optional.
We draw your attention to our privacy policy when you type your message.
You may also contact us via the provided email address. In this case, any personal data included in the email is stored.
This data is processed with your consent to respond to your questions.
This data is retained as long as your account exists – or 5 years and 3 months after inactivity or if no account exists.
3. C. Subscription to Our Communications
You can subscribe to our communications via homepage, account creation, or during booking.
Only messages about our services are sent. We may remind you of incomplete bookings, ask for survey feedback, or notify you after regular/inactive usage.
- Homepage subscription
You fill in name and email, and agree to receive communications.
- During account creation
You tick the box to accept communications.
- During order validation
You tick the box to accept communications.
Processing is based on your consent and intended only to keep you informed.
To improve quality, we track email opens and clicks with tracking pixels.
Your consent is requested and linked to this policy.
You can unsubscribe anytime using the link in emails or by emailing contact@mysunbed.com.
Your consent is the legal basis (Art. 6(1)(a) GDPR).
Data is retained while your account is active – or 5 years and 3 months after inactivity or deletion.
3. D. Reviews of Establishments
When you leave reviews, we collect the following data for public display:
1. Review content
2. Rating
3. Establishment name
4. Date and time
5. Response to review
Your consent is the legal basis (Art. 6(1)(a) GDPR).
You can edit or delete reviews you have left at any time from your personal space or by contacting us by email at: contact@mysunbed.com
Data is retained while your account is active – or 5 years and 3 months after inactivity or deletion.
3. E. Data Sharing with Third Parties
Data may be transmitted to the following third party(ies):
- Payment service provider
Stripe handles payments and stores data as required. Learn more at https://stripe.com/fr/privacy
- Partner establishment performing the reserved service
The partner establishment with which you made a reservation will receive the following information:
o Booking date
o Service date
o Unique booking number
o Last name
o First name
o Email
o Phone
o Reservation details
o Comments added when booking
This data is sent after your booking is validated, to fulfill the service.
You may choose to receive the partner’s marketing communication when booking.
If declined, we’ll inform the partner your data is only for service execution.
Partners are contractually bound to comply. Report misuse via the contact form or email contact@mysunbed.com.
3. F. DATA HOSTING
Data is hosted on Amazon Web Services (AWS) in Dublin, Ireland.
AWS complies with EU data privacy regulations.
Their privacy policy is available below:
- AWS: https://aws.amazon.com/fr/compliance/
ARTICLE 4: DATA CONTROLLER
4. A. DATA CONTROLLER
The data controller is: SAS MYSUNBED
The data controller can be contacted via the contact form or by email at contact@mysunbed.com
The data controller is responsible for determining the purposes and means of the processing of personal data.
4. B. OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect collected personal data, not to transmit it to third parties without informing the user, and to comply with the purposes for which the data was collected.
The website has an SSL certificate to ensure the security of information and data transfer via the website.
An SSL certificate ('Secure Socket Layer') aims to secure data exchanged between the user and the website.
The data controller also undertakes to notify the user in case of rectification or deletion of the data, unless this involves disproportionate procedures, costs, or efforts.
If the integrity, confidentiality, or security of the user's personal data is compromised, the data controller commits to informing the user by any means.
ARTICLE 5: USER RIGHTS
In accordance with regulations concerning the processing of personal data, the user has the following rights.
To exercise their rights, the user must provide: their first and last name, email address, and, if applicable, their personal space ID.
The data controller must respond within 30 (thirty) days.
5. A. PRESENTATION OF USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
a. Right of access, rectification, and erasure
The user may view, update, modify, or request the deletion of their data by following this procedure:
The user must send a message to the data controller, specifying the subject of the request, by email to contact@mysunbed.com or via the contact form.
If applicable, the user may request the deletion of their personal space by following this procedure:
The user must send a message to the data controller, specifying the subject of the request, by email to contact@mysunbed.com or via the contact form. Deletion will then take effect within 30 business days.
b. Right to data portability
The user may request the portability of their personal data held by the site to another site, following the procedure below:
The user must send a message to the data controller, specifying the subject of the request, by email to contact@mysunbed.com or via the contact form.
c. Right to restrict or object to processing
The user may request restriction of processing or object to the processing of their data by the site, unless the site can demonstrate compelling legitimate grounds that override the interests, rights, and freedoms of the user.
To exercise this right, the user must follow the procedure below:
The user must send a message to the data controller, specifying the subject of the request, by email to contact@mysunbed.com or via the contact form.
d. Right not to be subject to a decision based solely on automated processing
In accordance with Regulation 2016/679, the user has the right not to be subject to a decision based solely on automated processing if the decision produces legal effects or significantly affects them.
e. Right to determine the fate of data after death
Users are reminded that they can define the fate of their data after death, in accordance with Law No. 2016-1321 of October 7, 2016.
f. Right to contact the relevant supervisory authority
If the data controller does not respond to the user's request and the user wishes to challenge this decision or believes that one of the rights listed above has been violated, they may contact the CNIL (https://www.cnil.fr) or any competent judge.
ARTICLE 6: USE OF COOKIES
The website may use 'cookies'.
A 'cookie' is a small file (less than 4 KB) stored by the site on the user's hard drive, containing browsing data.
These files allow us to process statistics and traffic information, facilitate navigation, and improve the service for the user's comfort.
User consent is required for the use of cookies involving the storage and analysis of personal data.
This user consent is considered valid for a maximum of 6 (six) months. After this period, the site will again request the user's permission to save cookies on their hard drive.
a. User objection to the use of cookies by the site
Cookies not essential to the functioning of the site are only placed after obtaining the user's consent. The user may withdraw their consent at any time as follows:
The user must send a message to the data controller, specifying the request, by email to contact@mysunbed.com or via the contact form.
More generally, the user is informed that they can oppose the storage of cookies by configuring their browser software.
For your information, here are the steps to configure your browser to refuse cookies:
If the user disables cookies, they can continue browsing the site. However, any malfunction caused by this action cannot be considered the responsibility of the site editor.
b. Description of cookies used by the site
We authorize Google Analytics and Google Optimize to install these technologies on our site. These are analytics services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics and Google Optimize help us analyze how you browse the site and improve your experience and our services. You can prevent Google Analytics and Optimize from using your data by installing the opt-out browser add-on.
Data may be sent to servers located in the United States. More information is available in Google's Privacy Policy and Terms of Service.
While browsing the site, the user is informed that third-party cookies may be saved.
Social media buttons (Facebook, Google) used for registration or login may also store cookies.
These sites have their own privacy policies and terms of use that may differ from this site. Users are encouraged to read them.
For more information about cookies, visit the CNIL website: https://www.cnil.fr/en/cookies-the-tools-to-control-them
ARTICLE 7: CONDITIONS FOR MODIFICATION OF THE PRIVACY POLICY
This privacy policy can be accessed at any time at the following address: Privacy Policy
The publisher of the site reserves the right to modify it in order to ensure its compliance with the law in force.
As a result, the user is encouraged to consult this privacy policy regularly to stay informed of the latest changes made to it.
The user is informed that the last update of this privacy policy was made on: 13/03/2021.
ARTICLE 8: USER ACCEPTANCE OF THE PRIVACY POLICY
By browsing the site, the user acknowledges having read and understood this privacy policy and accepts its conditions, particularly with regard to the collection and processing of their personal data, as well as the use of cookies.