1. SCOPE

In this charter, “Onomo Group” refers to:

1. The company Africa Hotel Developpement Luxembourg hereinafter “AHD”, having its registered office at 4-6 rue du Fort Rheinsheim, L-2419 Luxembourg, Grand Duchy of Luxembourg;
2. The subsidiaries of AHD which operate hotels under the Onomo brand in Africa

• The Onomo group has transmitted the principles set out in this charter to all hotels operated under the Onomo brand as well as to their respective owners. We are committed to doing everything possible to ensure that all hotels comply with applicable personal data protection laws as well as this charter.
• Each Onomo brand hotel processes your data to manage the contractual relationship with you (invoicing, payment, reservation management, etc.), to carry out marketing activities and to comply with its legal obligations.

The Onomo group has transmitted the principles set out in this charter to all hotels operated under the Onomo brand as well as to their respective owners. We are committed to doing everything possible to ensure that all hotels comply with applicable personal data protection laws as well as this charter.

2. 10 PRINCIPLES FOR THE PROTECTION OF YOUR PERSONAL DATA

In accordance with current regulations, in particular the General Data Protection Regulations adopted in Europe, we have established the following 10 principles for the processing of your data within the Onomo Group:

1. Lawfulness: we only use personal data if :
   • we have obtained the consent of the person, OR
   • this is necessary for the performance of a contract to which the person is a party, OR
   • this is necessary for compliance with a legal obligation, OR
   • this is necessary to safeguard the vital interests of the person, OR
   • we pursue a legitimate interest by using personal data and this use does not affect the freedoms and interests of the person.
2. Fairness: we explain to you how the personal data we collect is useful to us
3. Purposes determined and data minimization: we only collect the personal data that we really need.
4. Transparency: we inform the data subjects of how we use their data.
5. We facilitate the exercise of their rights by the data subjects: access to data, rectification and erasure of data and opposition to data processing.
6. Retention periods: we only keep personal data for limited periods.
7. We ensure the security of personal data, i.e. their integrity and confidentiality.
8. If a third party has to use personal data, we ensure that they are able to protect the personal data.
9. If personal data has to be transferred outside the European Union, we ensure that this transfer is governed by the appropriate legal arrangements.
10. If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify this violation to the competent data protection authorities and to the data subjects, if the violation is likely to generate high risks for the rights and freedoms of individuals.

3. WHAT PERSONAL DATA IS COLLECTED?

At various times, we may collect information about you or about the people accompanying you, including:

• contact details (for example name, first name, telephone number, email);
• personal information (for example date of birth, nationality);
• information about your children (for example first name, date of birth, age);
• your credit card number, (for transaction and reservation purposes);
• information appearing on an identity document (for example identity card, passport or driving license);
• your loyalty program membership number (if applicable) or other partner program (e.g. airline loyalty program) and information relating to your activities under the loyalty program;
• your arrival and departure dates;
• your preferences and interests (e.g. smoking or non-smoking room, preferred floor, type of bedding, type of printed press read, sports, cultural interests, food and drink preferences, etc.);
• your questions/comments, during or following a stay in one of the establishments under an Onomo brand;
• technical and location information generated in connection with the use of our websites and applications.

The collection of information on persons under 16 years of age is strictly limited to their name, nationality and date of birth, and this information can only be provided to us by an adult. We thank you for ensuring that your children do not transmit any personal data to us without your authorization (in particular via the Internet). If such a transmission should occur, you can contact the Data Protection Officer so that this information is deleted.

In order to respond to your requests or to provide you with a suitable service (for example a specific diet), we may collect sensitive information such as racial or ethnic origins, political opinions, religious and philosophical beliefs, membership of a union, as well as details concerning health or sexual orientation. In these cases, we will only collect this data with your prior and explicit consent.

4. ON WHAT OCCASIONS IS YOUR PERSONAL DATA COLLECTED?

Personal data may be collected on different occasions, including:

1. Hotel activities :
   a. Room reservations ;
   b. Check-in and check-out;
   c. Hotel stay and services offered in the stay area;
   d. Video surveillance images of hotel buildings operated under the Onomo brand;
   e. Consumption at the hotel bar or restaurant during a stay;
   f. Requests, complaints and/or disputes.
2. Participation in marketing programs and events :
   a. Registration in loyalty programs or customer database;
   b. Contribution to satisfaction surveys;
   c. On-line competitions or games;
   d. Participation in events organized by the various hotels;
   e. Subscription to newsletters, in order to receive offers and promotions by e-mail.
3. Transmission of information from third parties :
   a. Tour operators, travel agencies (online and offline), GDS reservation systems and others;
4. Internet activities :
   a. Connections to Onomo sites and Onomo mobile application (IP address, cookies in accordance with our tracer policy);
   b. Online collection forms (online reservations, questionnaires, Onomo pages on social networks, connection devices using your social network identifiers, exchanges with a conversational agent or “chatbot”).
   c. Registration for free hotel wifi (name, first name, e-mail address)

5.  FOR WHAT PURPOSES IS YOUR DATA COLLECTED

What is the data retention period?

The table below presents the purposes for which we process your data, the legal basis for this processing as well as the associated retention periods:

Purpose / Activity	Legal basis for processing, including legitimate interest pursued	Shelf life
Fulfilling our obligations to our customers.	Processing necessary for the performance of a contract to which you are a party. Processing necessary to comply with a legal obligation. Processing necessary for the pursuit of our legitimate interest in managing our business and providing you with the products and services you have requested.	10 years from the date of reservation, in accordance with our legal obligations.
Manage room reservations and accommodation requests, in particular drawing up and keeping legal documents in compliance with accounting standards.
Manage your stay at the hotel: – Room access management – Track your consumption (telephone, bar, etc.).	Processing necessary for the performance of a contract to which you are a party. Processing necessary for the pursuit of our legitimate interest in managing our business and providing you with the products and services you have requested.	For the duration of your stay.
Manage our relationship with our customers before, during and after your stay: – Loyalty program management – Qualification of customer database – Segmentation operations based on booking history and travel habits to send targeted communications, in compliance with obligations under the European ePrivacy Directive (2002/58/EC as amended in 2009) – Forecast and anticipate future customer behavior – Establish statistics and commercial scores, as well as reporting actions – Provide contextual data for marketing tools. This occurs when a customer visits a Group website or makes a reservation. – Knowing and managing the preferences of loyal and non-loyal customers – Send you newsletters, promotions and offers for tourism, hotels or services, or offers from Onomo Group partners, or contact you by telephone, in accordance with the obligations arising from the European ePrivacy Directive (2002/58/EC as amended in 2009).	Processing necessary for the performance of a contract to which you are a party and for the management of your loyalty program membership. Processing necessary for the pursuit of our legitimate interest in promoting our services, carrying out direct marketing actions (taking into account your commercial relationship with one of the Onomo Group’s entities) and improving our services.	If you are not a member of the loyalty program, 3 years from the date on which you were last active with us in any way. If you are a member of the loyalty program, 6 years from the date on which you were last active with us in any way.
Improve our hotel service, in particular: – Personalizing your welcome at the hotel, improving service quality and the customer experience – Process your personal data in our customer marketing program, in order to carry out marketing operations, promote brands and gain a better understanding of your needs and wishes. – Tailor our products and services to best meet your requirements – Personalize offers and relational messages for you – Inform you of special offers and new services created by the Onomo Group or one of its subsidiaries or partners.	Processing necessary for the performance of a contract to which you are a party in connection with the management of your loyalty program membership. Processing necessary for the pursuit of our legitimate interest consisting in promoting our services, carrying out direct marketing actions (taking into account your commercial relationship with one of the Onomo Group’s entities) and improving our services.	If you are not a member of the loyalty program, 3 years from the date on which you were last active with us in any way. If you are a member of the loyalty program, 6 years from the date on which you were last active with us in any way.
Carry out cross-checks, analyses and combinations via a trusted third party of your data collected at the time of booking or during your stay, in order to determine your centers of interest, your customer profile and to enable us to send you personalized offers.	Processing necessary for the pursuit of our legitimate interest consisting in promoting our services, carrying out direct marketing actions (taking into account your commercial relationship with one of the Onomo Group’s entities) and improving our services.	If you are not a member of the loyalty program, 3 years from the date on which you were last active with us in any way. If you are a member of the loyalty program, 6 years from the date on which you were last active with us in any way.
To improve the Onomo Group’s services, in particular: – Studies and analysis of customer questionnaires and comments – Complaints management – To enable you to benefit from the advantages of our loyalty program.	Processing necessary for the performance of a contract to which you are a party in connection with the management of your loyalty program membership. Processing necessary for the pursuit of our legitimate interest consisting in promoting our services, carrying out direct marketing actions (taking into account your commercial relationship with one of the Onomo Group’s entities) and improving our services.	If you are not a member of the loyalty program, 3 years from the date on which you were last active with us in any way. If you are a member of the loyalty program, 6 years from the date on which you were last active with us in any way. 6 years from the date of closure of your file in connection with a complaint or claim.
To secure and improve your use of Onomo Group websites, in particular: – Improving navigationSupport and maintenance, and – Implementation of security and fraud prevention measures.	Processing necessary for the pursuit of our legitimate interest in managing our business, providing IT services, administration and network security in order to prevent fraud.	13 months from the date of collection.
Securing buildings and guaranteeing the safety of hotel operations	Processing necessary for the pursuit of our legitimate interest in ensuring the safety of people and buildings	8 days from image capture, which may vary according to local regulations
Internal management of a list of customers who have behaved inappropriately during their stay at the hotel (aggression and incivilities, failure to comply with the hotel contract, failure to comply with security rules, theft, damage and vandalism or payment incidents).	Processing necessary for the pursuit of our legitimate interest in managing our business, providing IT services, administration and network security in order to prevent fraud.	Up to 6 months from event registration.
Secure payment operations by determining the level of fraud risk associated with each transaction. On this occasion, the Onomo Group and the hotels may use the services provided by the Onomo Group’s risk prevention provider to refine their analysis. Depending on the results of these analyses, the Onomo Group may take security measures, in particular requesting the customer to use another reservation channel or payment method. The effect of these measures will be to suspend the execution of the reservation or, if the result of the analysis does not guarantee the security of the order, to cancel it.	Processing necessary for the pursuit of our legitimate interest in managing our business and preventing the risk of fraud.	90 days for analysis and control purposes
Protecting people and property, and combating non-payment. In this context, some hotels have a function that enables them to register as “inoperative” any customer who behaves inappropriately in any of the following ways: aggression and incivility, non-compliance with the hotel contract, non-compliance with security rules, theft, damage and vandalism, or payment incidents. The status of “inoperative” may lead the hotel to refuse the customer a reservation when he or she returns to the same hotel.	Processing necessary for the pursuit of our legitimate interest in managing our business, securing property and persons and combating non-payment.	6 months from registration.
Use the necessary services to trace the identity of people present in Onomo Group hotels in the event of serious events affecting the establishment concerned (natural disasters, attacks, etc.).	Processing necessary to protect the vital interests of customers.	For the duration of the event.
Comply with all applicable legislation (e.g. retention of accounting records), including : – Management of requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys – Handling requests from data subjects for protection of their personal data.	Processing required to comply with a legal obligation.	For the period specified in the applicable local legislation.

6. CONDITIONS OF ACCESS TO YOUR PERSONAL DATA BY THIRD PARTIES

The Onomo Group operates in many countries and strives to offer you uniform services throughout the world. To this end, it is necessary to share your personal data with internal and external recipients, according to the following conditions:

In particular, information concerning your stays, your preferences, your satisfaction and, where applicable, your loyalty program is shared between the hotels operating under the Onomo Group brand. This data is used to improve the quality of services and optimize your experience in each hotel. In this context, your data is processed jointly by the Onomo Group and the hotels concerned. In order to reconcile this legitimate interest with the protection of your rights and freedoms, the obligations and responsibilities of the Onomo Group and each establishment are defined in a specific co-responsibility contract. You may object at any time to the sharing of this information between the hotels and the Onomo Group by contacting the Data Protection Officer (dpo@onomohotel.com).

1. We share your data with a limited number of authorized individuals and departments within the Onomo Group, in order to provide you with the best possible experience in our establishments. The following teams may have access to your data:

• Hotel staff ;
• Reservation staff using reservation tools ;
• IT Services ;
• Sales partners and marketing services ;
• Medical services if required ;
• Generally, any person appropriate to Onomo Group entities for certain specific categories of personal data.

2. With service providers and partners: your personal data may be transmitted to a third party in order to provide you with services and improve your stay, in particular :
   • External service providers: IT subcontractors, banks, credit card issuers, external lawyers, routers, printers, etc.
   • Commercial partners: unless you object to the Data Protection Officer, the Onomo Group may enrich your profile by sharing certain information about you with its preferred commercial partners. In this case, your data may be cross-checked, analyzed and combined via a trusted third party. This processing will enable the Onomo group and its preferred contractual partners to determine your centers of interest, your customer profile and to enable us to send you personalized offers.
   • Social networking sites: To enable you to identify yourself easily on Onomo sites without having to fill in a registration form, the Onomo group has set up a connection system by social network. If you log in using this system, you explicitly authorize the Onomo group to access the public data of your account for the social network concerned (e.g. Facebook, LinkedIn, Google, Instagram…), as well as the other data mentioned when using this connection system by social network. The Onomo Group may also securely communicate your e-mail address to social networks in order to identify whether you are already a user of one of these social networks and, if so, to display personalized and relevant advertising on your social network account.
3. Local authorities: we may also pass on your information to local authorities, if required by law or as part of an investigation and in accordance with local regulations.

7. INTERNATIONAL TRANSFERS

For the purposes described in article 6 of this charter, we may transfer your personal data to internal or external recipients, who may be located in countries where the level of personal data protection may vary.

Thus, in addition to this charter, the Onomo Group implements appropriate measures to secure the transfer of your personal data to an Onomo entity or an external recipient located in a country offering a level of protection different from that of the country of origin of the data.

Your data may be transmitted, notably as part of the reservation process, to Onomo hotels located in Africa, in particular in the following countries: Senegal, South Africa, Cameroon, Morocco, Mozambique, Gabon, Rwanda, Mali, Guinea, Togo, Uganda and Ivory Coast.

Data flows, other than those necessary for the execution of your reservation, to countries that do not offer equivalent personal data protection are governed by the standard contractual clauses defined by the European Commission.

8.  DATA SECURITY

The Onomo Group implements rigorous technical and organizational measures to protect your personal data, in accordance with the legal requirements in force, in particular Article 32 of the RGPD. These measures aim to prevent any destruction, loss, alteration, misuse, unauthorized access, modification or disclosure of your data, whether unlawful or accidental.

To guarantee the security of your information, we have deployed a range of technical measures such as firewalls, intrusion detection systems and advanced encryption protocols. For example, when transmitting your credit card information at the time of booking, we use SSL (Secure Socket Layer) encryption technology, ensuring the confidentiality and security of your transactions.

At the same time, organizational measures are put in place to reinforce the security of data processing. These include rigorous management of access via a robust identification and password system, the implementation of physical safeguards in our infrastructures, and strict procedures for controlling access to sensitive data. These measures ensure not only confidentiality, but also the integrity, availability and ongoing resilience of our data processing systems and services.

By adopting this global approach, the Onomo Group is committed to guaranteeing a high level of security for your personal data, while complying with the strictest data protection standards.

9. COOKIES AND OTHER TRACKERS

The Onomo Group uses cookies and other trackers on its websites and mobile applications to enhance your user experience and offer personalized services. These tracers enable us to collect information about your browsing, your preferences and your interactions with our digital platforms, in order to offer you content tailored to your needs.

To find out more about Onomo’s use of cookies, whether on our websites or mobile applications, and to configure your preferences, we invite you to consult our cookies policy. This policy can be accessed via the “Cookies” link in the footer of our websites, as well as in the “Privacy settings” section of our mobile applications.

We encourage you to read this policy to understand the types of cookies we use, the purposes for which they are used, and the options available to you to manage your preferences regarding cookies and similar technologies. You have the option of accepting or refusing certain types of cookies, which may have an impact on your user experience and the functionalities available to you.

The Onomo Group is committed to respecting your privacy choices and providing you with full transparency regarding the use of your browsing data, whether on our websites or via our mobile applications.

10. YOUR RIGHTS

You have various rights concerning your personal data collected by the Onomo Group, in accordance with the legal provisions in force. You have the right to obtain information about your personal data and to access it. If you find that any of your data is inaccurate or incomplete, you may request that it be corrected. You also have the right to request the deletion of your personal data or to limit its processing, under certain conditions defined by law.

In addition, you have the right to data portability, which allows you to receive the data you have provided to us in a structured, commonly used and machine-readable format, and to pass it on to another data controller. You can also define specific instructions for the processing of your data after your death, to ensure that your wishes are respected.

It is important to note that you have the right to object to the processing of your personal data at any time, particularly with regard to the sharing of information about your stays, preferences and satisfaction between Onomo Group establishments.

To exercise these rights, you may contact the Onomo Group’s Data Protection Officer directly. You can do so by e-mail to the following address: dpo@onomohotel.com, or in writing to the following postal address:

The Onomo Group is committed to processing your request as quickly as possible and to scrupulously respecting your personal data protection rights. We encourage you to contact us if you have any questions or concerns about how your data is processed.

Africa Hotel Developpement
4-6 rue du Fort Rheinsheim
L-2419 Luxembourg
Grand Duchy of Luxembourg

In the interests of confidentiality and the protection of your personal data, we will need to identify you in order to respond to your request. If you have reasonable doubts about your identity, you may be asked to enclose a copy of an official identity document, such as an identity card or passport. In this case, a black and white copy of one of these documents will suffice. All requests will be processed as quickly as possible and in accordance with applicable law.

You may also exercise your rights concerning your personal data stored and processed by a hotel in its capacity as data controller. To do so, you must contact the hotel directly. You can find all the information you need to contact a hotel at www.onomohotels.com.

Finally, you may lodge a complaint with a supervisory authority and you may contact Onomo’s data protection officer by writing to dpo@onomohotel.com or to the postal address above.

11.  UPDATES

We may modify this charter from time to time. Consequently, we invite you to consult this charter regularly, particularly when making a reservation at one of our hotels.

12. QUESTIONS AND CONTACTS

If you have any questions about the Onomo Group’s personal data policy, please contact the Data Protection Officer dpo@onomohotel.com.