BOOK NOW

Privacy

Privacy Policy

1. Who We Are

This Privacy Policy is issued by TTP Investments Ltd, a company with registered office at Suite 1, 7th Floor 50 Broadway, London, United Kingdom, SW1H 0BL and company number 07290843, trading as TheProm (“we”, “us”, “our”). TheProm operates travel and accommodation services and the website theprom.fr.

We are the data controller in respect of the personal data described in this Privacy Policy. This means we determine the purposes and means of processing your personal data.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR). As a UK-incorporated company, we also comply with UK GDPR where applicable to data subjects in the United Kingdom.

2. Personal Data We Collect

2.1 Data you provide to us

When you make a booking request, complete check-in formalities, contact us, or subscribe to marketing communications, we may collect:

  • Full name
  • Email address
  • Telephone number
  • Home or billing address
  • Passport, national identity card, or other government-issued identification document (number, issuing country, date of birth, expiry date, and document image where required for identity verification or legal registration purposes)
  • Nationality
  • Payment card details (processed securely by our payment processor – we do not store full card numbers)
  • Booking preferences, special requests, and accessibility requirements
  • Pet information (where a pet is included in a booking)
  • Communications you send to us, including complaints and incident reports

2.2 Data collected automatically

When you visit theprom.fr, we automatically collect certain technical and usage data, including:

  • IP address and approximate location derived from it
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on pages, and navigation paths
  • Referring website or source
  • Cookie identifiers and similar tracking data (see Section 8)

2.3 Data received from third parties

We may receive personal data about you from:

  • Booking platforms (e.g. Booking.com and other OTAs): booking details, contact information, and payment confirmation shared by the platform when you make a booking through their service.
  • Cloudbeds (our reservation management system): booking and guest data consolidated from all booking channels.
  • Identity verification provider: verification status and flags resulting from identity checks completed before or during check-in.

3. Why We Use Your Personal Data

The table below sets out the purposes for which we process personal data, the categories of data used, and the legal basis for each.

Purpose

Legal basis

Processing and managing your booking request, issuing a Booking Confirmation, and administering your stay

Performance of a contract (GDPR Art. 6(1)(b))

Processing payment for your booking and managing payment disputes or chargebacks

Performance of a contract (GDPR Art. 6(1)(b))

Verifying your identity before or at check-in, including through our remote identity verification tool or manual document inspection

Performance of a contract; Legal obligation (GDPR Art. 6(1)(b) and (c))

Registering foreign guests with the relevant French authorities where required by law

Legal obligation (GDPR Art. 6(1)(c))

Collecting, calculating, and remitting tourist tax (taxe de séjour) to the relevant local authority

Legal obligation (GDPR Art. 6(1)(c))

Communicating with you before, during, and after your stay, including pre-arrival formalities and post-departure follow-up

Performance of a contract (GDPR Art. 6(1)(b))

Handling complaints, incidents, and disputes, including liaison with insurers, mediators, or legal advisers

Legitimate interests: protecting our legal rights and resolving disputes fairly (GDPR Art. 6(1)(f))

Preventing and detecting fraud, unauthorised access, damage, and other breaches of our General Terms and Conditions

Legitimate interests: protecting our property and business (GDPR Art. 6(1)(f))

Complying with accounting, tax, and other legal obligations

Legal obligation (GDPR Art. 6(1)(c))

Improving our website, services, and guest experience through analytics (Google Analytics)

Legitimate interests (GDPR Art. 6(1)(f)), subject to cookie consent where required

Sending you marketing communications about The Prom’s suites, offers, and news (via Mailchimp)

Consent (GDPR Art. 6(1)(a)) — you may withdraw consent at any time

Retargeting you with advertising on third-party platforms (Meta/Facebook Pixel)

Consent (GDPR Art. 6(1)(a)) — you may withdraw consent at any time via our cookie settings

Legitimate interests balancing: Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests – see Section 9.

4. Special Category and Sensitive Data

We do not routinely collect special category data (such as health data, biometric data, or data revealing racial or ethnic origin). However:

  • Where you make an accessibility request, we may process limited health-related information to the extent necessary to accommodate your needs. We process this on the basis of your explicit consent and/or to protect your vital interests.
  • Passport and identity document data includes nationality, which may indirectly reveal ethnic or national origin. We process this data only where required by French law for guest registration or for identity verification purposes. Relevant images or data are held only for the legally required retention period.

5. Who We Share Your Data With

We do not sell your personal data. We share it only as described below.

5.1 Service providers (data processors)

We use the following categories of service provider who process personal data on our behalf and under our instruction:

Provider / category

Purpose

Cloudbeds

Reservation management system — stores and manages all booking and guest data

Mailchimp (Intuit Inc.)

Email marketing platform — sends marketing communications to guests who have consented

Google LLC (Google Analytics)

Website analytics — collects anonymised/pseudonymised usage data to help us understand how visitors use theprom.fr

Meta Platforms Ireland Ltd

Advertising pixel — tracks conversions and enables retargeting advertising on Facebook and Instagram, subject to your consent

IT and hosting providers

Website hosting, email infrastructure, and data storage

Legal, accounting, and insurance advisers

Professional services where your data is necessary for advice or a claim

5.2 Other disclosures

We may also share your personal data with:

  • Booking.com and other OTAs: where your booking was made through a third-party platform, we share necessary booking and stay information with that platform.
  • French public authorities: where required by law, including the police, tax authorities, and local authorities (e.g. for tourist tax remittance and foreign guest registration).
  • Médiation Tourisme et Voyage (MTV): where you refer a complaint to the consumer mediator, relevant correspondence and booking information may be shared.
  • Law enforcement and courts: where we are legally required to do so, or where necessary to protect our rights or the safety of others.
  • Acquirers of our business: in the event of a sale, merger, or restructuring of our business, your data may be transferred to the relevant successor entity, subject to the same protections as described in this policy.

6. International Transfers of Personal Data

Some of our service providers are based outside the European Economic Area (EEA). In particular:

  • Cloudbeds, Mailchimp (Intuit), and Google LLC are based in the United States.
  • Meta Platforms Ireland Ltd is based in Ireland (EEA) but may transfer data to Meta’s US infrastructure.

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Reliance on the EU–US Data Privacy Framework (DPF) where the recipient is certified; or
  • Other mechanisms recognised under GDPR Chapter V.

As a UK-incorporated company, transfers of personal data from France to the United Kingdom are covered by the European Commission’s adequacy decision in respect of the UK (adopted June 2021), which remains in force. No additional safeguards are required for UK transfers at this time.

You may request further information about the specific safeguards applicable to a particular transfer by contacting us at the details in Section 12.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. The key retention periods are:

Category of data

Retention period

Booking records and correspondence (name, contact details, stay details, payment confirmation)

7 years from the end of the financial year in which the booking was made (French accounting and tax law requirement)

Identity document images and copies taken for check-in verification

Up to 3 months following check-out, unless a longer period is required by French law for guest registration purposes or by an ongoing dispute or legal proceeding

Foreign guest registration records

As required by applicable French law (currently 3 months for most categories)

Security Deposit records and damage documentation

Until the dispute resolution period has expired and any claim has been settled, and in any event no longer than 3 years following check-out unless a legal proceeding is pending

Marketing consent and email communication history

Until you withdraw consent or unsubscribe, plus a reasonable period to demonstrate compliance with your request

Website analytics data (Google Analytics)

26 months (Google’s standard retention setting, which we review periodically)

Complaints and incident records

3 years from the date of resolution, or longer if the matter is subject to legal proceedings

When data is no longer required, we securely delete or anonymise it. Where data is held by a third-party processor, we request deletion in accordance with our contractual terms with that provider.

8. Cookies and Tracking Technologies

Our website theprom.fr uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit a website.

8.1 Types of cookies we use

Cookie type

Description and purpose

Strictly necessary

Required for the website to function. These cannot be disabled. They include session management, security, and booking form functionality.

Analytics (Google Analytics)

Used to collect anonymised information about how visitors use our site — pages viewed, time spent, and navigation paths. This data helps us improve our website and services. These cookies are set only with your consent.

Marketing / retargeting (Meta Pixel)

Used to track conversions from Facebook and Instagram advertising, and to enable us to show targeted advertisements to visitors of theprom.fr on those platforms. Set only with your consent.

8.2 Managing your cookie preferences

When you first visit theprom.fr, you will be presented with a cookie consent banner. You may accept all cookies, accept strictly necessary cookies only, or customise your preferences. You may change your preferences at any time via the [Cookie Settings] link in the website footer.

You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Further guidance on managing cookies is available at www.allaboutcookies.org.

Withdrawing consent for analytics or marketing cookies does not affect the lawfulness of processing carried out before withdrawal.

9. Marketing Communications

We send marketing emails and newsletters about The Prom’s suites, availability, offers, and news only to people who have given us their consent to do so.

You may withdraw your consent and unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email we send you;
  • Emailing us at legal@theprom.fr with the subject line “Unsubscribe”; or
  • Contacting us at the details in Section 12.

Once you unsubscribe, we will stop sending marketing communications within a reasonable period (typically within 5 working days). We will retain a record of your opt-out preference to ensure we do not contact you again.

We do not share your contact details with third parties for their own marketing purposes.

10. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

Right

What it means

Right of access (Art. 15)

You may request a copy of the personal data we hold about you and information about how we use it.

Right to rectification (Art. 16)

You may ask us to correct inaccurate or incomplete personal data.

Right to erasure (Art. 17)

You may ask us to delete your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal basis for processing.

Right to restriction (Art. 18)

You may ask us to restrict processing of your data in certain circumstances, for example while a dispute about its accuracy is resolved.

Right to data portability (Art. 20)

Where processing is based on contract or consent, you may request that we provide your data to you in a structured, commonly used, machine-readable format.

Right to object (Art. 21)

You have the right to object to processing based on legitimate interests (including profiling). We will cease processing unless we can demonstrate compelling legitimate grounds. You may also object to direct marketing at any time.

Rights in relation to automated decision-making (Art. 22)

We do not make solely automated decisions that produce legal or similarly significant effects about you. If this changes, we will update this policy and notify you.

Right to withdraw consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact our Privacy Team at legal@theprom.fr. We will respond within one month. In some cases we may need to verify your identity before processing your request.

There is no charge for exercising your rights, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to respond.

11. Complaints

If you have a concern about how we handle your personal data, please contact us in the first instance at legal@theprom.fr. We will endeavour to resolve your concern promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

12. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or our data processing activities, please contact our Privacy Team by email at legal@theprom.fr.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, the services we use, or legal requirements. When we make material changes, we will update the version number and date at the top of this page and, where appropriate, notify you by email.

The version of this Privacy Policy in force at the time you submit a Booking Request is the version that applies to your booking, as noted in clause 2.5 of our General Terms and Conditions.

We encourage you to review this policy periodically.

Document version: 2.4

Book Your Stay

Select your dates to check availability