Dated: July 4th 2022

Club St Barths, (“we”, “us” or the “Club”) is committed to protecting your privacy and only collects personal data in compliance with the EU General Data Protection Regulation No. 2016/679 of 27 April 2016 (the “GDPR”) and French data protections laws. This privacy policy (the “Privacy Policy”) explains the personal data that we, as data controller, process or might process from you when you visit our website, when we welcome you as our guest or when you otherwise interact with us.

WHAT TYPES OF PERSONAL DATA ARE COLLECTED, FOR WHAT PURPOSES AND FOR HOW LONG THE DATA WILL BE RETAINED?
1/ What personal data do we or are we likely to collect?

We collect or may collect:

  • identification data, including your name, first name, address, telephone number, personal e-mail, VAT number, company number;
  • identification data relating to the guests you invited to the Club, including their name, first name, address, telephone number, personal e-mail, VAT number, company number;
  • data relating to your visit, including check-in, check out, use of our facilities and services, and attendance to our events;
  • financial and transaction data, namely data relating to the means of payment, bank account number, billing details, etc.;
  • technical information about your visit on our website, including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • professional or employment related information for applicants, including a CV, a motivation letters, the employment history, the citizenship or residency.
  • the topics you are most interested-in receiving information about.
2/ What is the purpose and legal basis for such personal data processing?

We need the information above-mentioned in order to:

  • to manage your membership and your reservations, to carry out operations and the transactions related your visit, use of our facilities and services, and attendance to our events or to issue and process our invoices. The legal basis for the processing of your personal data here is the performance of the contract to which you are party (article 6.1.b. of the GDPR);
  • to comply with our legal, regulatory or tax obligations. The legal basis for the processing of your personal data in this case is the compliance with our legal obligations (article 6.1.c. of the GDPR);
  • to communicate with you on our events organized at the Club. The legal basis for the processing of your personal data here would be our legitimate interests to improve your experience with us (article 6.1.f GDPR);
  • to communicate with you regarding our promotional offers. The legal basis for processing your personal data is your consent (article 6.1.a. of the GDPR);
  • to improve the design, layout and overall functionality of our website and analyse data for statistical purposes. The legal basis for this processing is our legitimate interests to improve your experience with us (article 6.1.f GDPR);
  • to defend our interests in the context of litigation or pre-litigation in which we are a party. The legal basis for this processing is our legitimate interest to exercise and defend our rights (article 6.1.f. GDPR).

to process your application when you apply for a position at the Club as a job applicant, potential candidate for employment, or participant in our recruiting programs and events. The legal basis for this processing is our legitimate interests (article 6.1.f GDPR). We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and explain how the law allows us to do this.

3/ Cookies used on our website

We use cookies, trackers and similar technologies on our website. Cookies are small data files that are stored on your computer for record keeping purposes. For further information about our use of cookies and on how to avoid them, please consult our cookie policy available at www.ocsbh.com

4/ How we manage your advertising, marketing and your communications preferences

To share our news, offers and services, we may use direct marketing by email, phone, text and post.

Here are some examples of our direct marketing activities which may be directed specifically at you:

  • our newsletter via email;
  • invitations and promotions by post, to tell you about special events at the Club; and/or
  • phone calls, to tell you something that might be relevant to you or your business.

You can opt out of direct marketing at any time. The easiest way to do this is to click the unsubscribe link at the bottom of your email or by contacting our office in charge of personal data protection issues within the Club by email at membership@ocsbh.com

5/ Who do we share personal data with?

Your personal data might be transmitted to:

  • suppliers and service providers, such as outsourced service providers for administration and management such as booking and reservation systems, customer relationship management systems or payment processing and fraud prevention providers;
  • technology and media services providers that assist us in the improvement and optimisation of our website;
  • judicial, tax or regulatory authorities in the performance of their duties and the exercise of their powers.
6/ How long do we keep such personal data?

We will only keep your personal data for as long as we need to fulfil the purposes we collected it for, including for satisfying any legal or accounting requirements, and according to the following criteria:

  • for the duration of our contractual relationship;
  • for the purpose of complying with document retention obligations under the regulations applicable to the Club;
  • in the event of a dispute, your data will be stored for the duration of the relevant procedure and until a final decision is rendered or the expiry of the time limit to lodge an appeal whichever is the earlier.

At the end of these periods, your data will be stored until the expiry of the applicable limitation period and in accordance with the regulations in force.

In some circumstances we may remove your identity from your personal data, so that it can no longer be associated with you, namely for statistical purposes, in which case we may use this information indefinitely without further notice to you.

DATA SECURITY

We want to keep your personal data safe and to this end have implemented appropriate security measures to prevent it being accidentally lost, used or accessed in an unauthorised way, altered or shared. We also make sure that only people with a need to know are able to access your data, including employees, agents, contractors and other third parties, who will only process your personal data on our instructions and are subject to a duty of confidentiality. We have implemented procedures in case of a data breach. We will notify you and any applicable data protection authority of a breach where we are legally required to do so.

INTERNATIONAL TRANSFERS

We might transfer your personal to our third party suppliers, such as our local bank account manager, or third party payments who may be located in countries other than your country of residence and in particular outside the European Union, United States of America, United Kingdom and Russia. We will always protect your privacy and this Privacy Policy shall apply no matter where your information is transferred to in the world.

If these transfers to these countries are necessary to offer you our services, we will ensure that it is protected and transferred in a manner consistent with legal requirements and applicable laws. Information can be transferred outside Europe in a number of ways. Examples include: the country to which we send your information may be approved by the European Commission, or the recipient may have signed a contract based on the “model contractual clauses” approved by the European Commission, obliging them to protect your information.

WHAT ARE YOUR RIGHTS?
1/ What are your rights?

You have rights under data protection laws in relation to your personal data:

  • the right to access your personal data: you can request to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • the right to request the correction of your personal data: you can ask to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
  • the right to request the erasure of your personal data or to restrict its use: you can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below).
  • The right to object to the processing of your personal data: you have the right to object where we are processing your personal data for direct marketing purposes or where the processing of your personal data relies on a legitimate interest.
  • The right to portability: we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format, being specified that such right is limited to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • The right to withdraw consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.
2/ How to exercise your rights?

You may exercise the rights detailed above by sending a request in writing to our office’s manager in charge of personal data protection issues within the Club by email at membership@ocsbh.com or by post at the following address: Ocean Club St Barths, Rue de la République, Gustavia, 97133 SAINT BARTHELEMY.

If you are not happy with the way we handled your personal information or any privacy query that you have raised with us or if you disagree with our Privacy Policy, you have a right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at https://www.cnil.fr/en/home.

CHANGES TO OUR PRIVACY POLICY

We might update and change the Privacy Policy from time to time to reflect any changes in the law or in our internal process of personal data. we will post the details on the page or send you an email if appropriate.