Privacy Policy

1) Privacy & GDPR Policy

The General Data Protection Regulation (GDPR) (EU) 2016/679 became law on 25 May 2018. It is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA.

Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area.

GDPR affects how we use and store information we receive from our guests and enquirers. It covers all data, whether electronic or paper based.

We use cookies on our website. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitors use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies. See for more information).

2) What information we collect from you

When you make a booking with us we collect the names of all the guests who will be staying, the home address, email address and telephone number of the person making the booking. We may collect this directly or via an Online Travel Agent (OTA) such as Owners Direct or If you book via one of our booking partners, they have also to comply with GDPR regulations and have their own safeguards and policies detailed on their respective websites.

3) How we use the information you give us

If you book to stay direct with us and complete a booking form, then be assured that your details are kept secure on our system via password controlled entry and are not used for any other purpose or shared with any other person or business.

We need your email address to send through booking forms, answer any queries you have regarding the property or to send you terms & conditions, booking confirmation etc. We will send you a follow up email after your stay to thank you for staying, asking you to leave a review or feedback and details of how to stay in contact with us. We don’t need explicit consent for this. We will NOT add you to a marketing mailing list.

We will use your (mobile) number to text or call you before arrival or during your stay (should you ask us to).

4) Marketing

We do not have a regular newsletter or ‘Mailchimp’ service. We do use Instagram and Facebook and occasionally Twitter to market our gite as well as our own website. We never pass your details to any third party, however, as mentioned in Section 2, we do use OTAs and they may use your data for marketing purposes – this will be described in their own Privacy and Data Processing policies.

5) Access to your Information

You have the right to request a copy of the information we hold about you. If you would like a copy of this please email us at GDPR @ chezlesroux . com.

6) Your right to be Forgotten

All customers have the right to ask us to remove their details from our records. However, this does not override the legislative requirements (e.g. the Fiche Identite Individuelle form – see below).

Legally, we ask guests to complete the French Fiche Identite Individuelle police aliens form, which we have to legally keep for six months from date of arrival. Only the local police can ask for the details on this form. Once the six-month period is up we then destroy this form and the information contained on it.

We are also required by law to keep financial records for 7 years, so guests cannot ask to be erased from these financial records.

If you choose to follow us on social media (e.g. Facebook), we don’t need consent as you have already accepted the terms & conditions on that platform. Again, we will not ask you for your email address in order to send you newsletters etc.

7) Notification of Data Breaches

The regulation requires us to notify the Information Commissioner’s Office within 72 hours of first having become aware of the breach where that breach is likely to “result in a risk for the rights and freedoms of individuals”. In such an event we are required to notify our customers “without undue delay” after first becoming aware of a data breach.