Privacy policy
HEBERGENEVE SAS (hereinafter “we“, “HEBERGENEVE“) attaches particular importance to the protection of your personal data. This policy explains what data we collect, why, how long we keep it, and what your rights are as a data subject, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.
1. Data controller
- HEBERGENEVE SAS
- 248 rue de Genève, 01170 Gex
- SIREN 919 295 931
- Contact: contact@hebergeneve.com
Given the size of the company, we have not appointed a data protection officer (DPO), but Mr ROUSSET Loïc, President, is the dedicated point of contact for privacy matters. For any request relating to your personal data: rgpd@hebergeneve.com.
The full detail of processing operations (art. 30 GDPR record) and joint-controllership arrangements with our partners (owners under concierge regime, Airbnb, Booking.com) is described in Annex 2 — Records of processing and joint controllership.
2. Data collected
2.1 Site visitors
When you visit hebergeneve.com, we automatically collect:
- Anonymised IP address (last bytes truncated)
- Browser type, operating system, screen resolution
- Pages viewed, visit duration, source and exit pages
- Date and time of visit
Legal basis: legitimate interest (art. 6.1.f GDPR) — anonymised audience measurement.
2.2 Travellers (contact form, booking)
When you contact us or book a stay:
- First name, last name
- Email address
- Phone number
- Message content
- Planned stay dates, number of travellers
- Property of interest (when the form is pre-filled from a listing)
Legal basis: performance of the contract / pre-contractual measures (art. 6.1.b GDPR).
2.3 Travellers (check-in and police record)
On arrival, in accordance with article R.611-42 of the CESEDA and the order of 14 June 2007, we collect via the Chekin platform:
- First name, last name, date and place of birth
- Nationality
- Type, number and expiry date of the ID document
- Home address
- Electronic signature of the rental agreement
Legal basis: legal obligation (art. 6.1.c GDPR) — foreign-traveller police record.
2.4 Owners (concierge quote request)
- First name, last name, email, phone
- Property address
- Characteristics (type, area, number of bedrooms)
- Message content
Legal basis: pre-contractual measures (art. 6.1.b GDPR).
3. Purposes
| Purpose | Retention period |
|---|---|
| Respond to contact requests | 3 years from the last contact |
| Manage the traveller relationship (booking, stay, after-stay) | 3 years from the end of the stay |
| Legal obligations (police record, invoicing) | 6 months (police record) / 10 years (accounting) |
| Manage the owner relationship (contract, fees) | Contract duration + 10 years |
| Anonymised audience measurement | 13 months maximum |
| Anti-fraud and unpaid debt management | 2 years from the incident |
4. Recipients
Your data is never sold or rented to third parties. It is only shared with the following recipients, strictly within what is necessary for the purpose:
- Smoobu GmbH (Germany) — rental management software and channel manager
- Chekin Applications Limited (Ireland) — online check-in and police-record forwarding
- Stripe Payments Europe Limited (Ireland) — payment processing
- Airbnb Ireland UC and Booking.com B.V. (Netherlands) — when you book through these platforms
- Swikly (France) — card pre-authorisation / deposit
- Brevo (France) — sending transactional emails and newsletter
- Competent public authorities (police, tax authorities) on legal request
All our processors are bound by an art. 28 GDPR-compliant contract and provide a sufficient level of guarantee. Transfers outside the European Union, where applicable, are framed by the European Commission’s Standard Contractual Clauses (decision 2021/914) and the EU-US Data Privacy Framework (DPF) for processors that have adhered to it.
5. Your rights
In accordance with articles 15 to 22 of the GDPR, you have the following rights:
- Right of access to your data
- Right to rectification of inaccurate data
- Right to erasure (subject to legal retention obligations)
- Right to restriction of processing
- Right to portability of your data
- Right to object on legitimate grounds
- Right to set post-mortem directives
To exercise these rights, write to rgpd@hebergeneve.com, specifying your request and attaching a copy of an ID (only if we are otherwise unable to identify you). We respond within one month maximum.
If you believe your rights are not respected, you can lodge a complaint with the CNIL: www.cnil.fr.
6. Cookies
The site uses the following cookies:
6.1 Strictly necessary cookies
- WordPress session cookie — expires at end of session
- Language preference cookie (Polylang) — 1 year
- Form nonce cookie — 24h
These cookies are essential to the operation of the site and do not require your consent.
6.2 Audience-measurement cookies
We use Plausible Analytics (hosted in the EU, no third-party cookie), which collects anonymised data without individually identifying visitors. No consent is required (CNIL exemption for audience measurement).
6.3 Third-party cookies (Smoobu)
When you interact with the Smoobu booking widget embedded on our listings, third-party cookies may be placed by Smoobu GmbH to operate the widget. See the Smoobu privacy policy.
7. Security
We implement appropriate technical and organisational measures to protect your data: TLS 1.3 encryption across the site, hashed passwords (bcrypt), administrator access with two-factor authentication, encrypted daily backups, application firewall (Wordfence Premium), access logs.
In the event of a data breach likely to result in a high risk to your rights, we will inform you as soon as possible in accordance with art. 34 GDPR.
8. Transfers outside the European Union
Some of our processors (Stripe, Airbnb, Booking.com) may make occasional transfers to the United States. These transfers are framed by the European Commission’s standard contractual clauses (decision 2021/914) or, where applicable, by the EU-US Data Privacy Framework. The detail of the processors concerned and the applicable safeguards is set out in Annex 2.
9. Modification of the policy
This policy may be updated to reflect regulatory changes or our practices. The last update date appears at the bottom of the page. Substantial changes will be notified to you by email if you are an active customer.
Last update: 25 April 2026 — version v2