1. SCOPE OF APPLICATION

In this charter, “The Onomo Group” refers to:

  1. The company African Hotel Development Luxembourg, hereinafter referred to as “AHD”, with its registered office at 4-6 rue du Fort Rheinsheim, L-2419 Luxembourg, Grand Duchy of Luxembourg;
  2. The subsidiaries of AHD that operate hotels under the Onomo brand in Africa.
  • The Onomo Group processes your data as part of the management of the central reservation system. This system allows The Onomo Group to collect the information necessary to organize your stays in hotels operated under one of its brands and to communicate this information to the relevant establishments. Additionally, The Onomo Group manages a global database of clients staying in these hotels.
  • Each Onomo-branded hotel processes your data to manage the contractual relationship with you (billing, payment, reservation management, etc.), to conduct marketing activities, and to comply with its legal obligations.

The Onomo Group has communicated the principles outlined in this charter to all hotels operated under the Onomo brand and to their respective owners. We are committed to doing everything possible to ensure that all hotels comply with applicable data protection laws as well as this charter.

  1. 10 PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

In accordance with the regulations in force, particularly the General Data Protection Regulation adopted in Europe, we have established the following 10 principles for processing your data within The Onomo Group:

  1. Lawfulness: We only use personal data if:
    • We have obtained the consent of the individual, OR
    • It is necessary for the performance of a contract to which the individual is a party, OR
    • It is necessary for compliance with a legal obligation, OR
    • It is necessary to protect the vital interests of the individual, OR
    • We pursue a legitimate interest in using personal data and this use does not harm the freedoms and interests of the individual.
  2. Fairness: We explain to you how the personal data we collect is useful.
  3. Specified purposes and data minimization: We only collect personal data that is truly necessary.
  4. Transparency: We inform the individuals concerned about how we use their data.
  5. Facilitating the exercise of rights: We make it easy for individuals to exercise their rights, including access to data, rectification, and deletion of data, and opposition to data processing.
  6. Data retention periods: We only retain personal data for limited periods.
  7. Data security: We ensure the security of personal data, which means their integrity and confidentiality
  8. Third-party data usage: If a third party must use personal data, we ensure that it is capable of protecting the personal data.
  9. International transfers: If personal data must be transferred outside the European Union, we ensure that this transfer is governed by appropriate legal frameworks.
  10. Data breaches: If personal data is compromised (lost, stolen, damaged, unavailable, etc.), we notify the relevant data protection authorities and the individuals concerned if the breach is likely to generate high risks for the rights and freedoms of individuals.
  1. WHAT PERSONAL DATA IS COLLECTED?

At various times, we may collect information about you or the people accompanying you, including:

  • Contact details (e.g., name, first name, phone number, email);
  • Personal information (e.g., date of birth, nationality);
  • Information about your children (e.g., first name, date of birth, age);
  • Your credit card number (for transaction and reservation purposes);
  • Information on an identity document (e.g., ID card, passport, or driver’s license);
  • Your membership number in the loyalty program (if applicable) or another partner program (e.g., an airline’s loyalty program) and information about your activities within the loyalty program;
  • Your arrival and departure dates;
  • Your preferences and interests (e.g., smoking or non-smoking room, preferred floor, type of bedding, type of newspaper read, sports, cultural interests, food and beverage preferences, etc.);
  • Your questions/comments during or after a stay at one of the establishments under the Onomo brand;
  • Technical and location information generated during the use of our websites and applications.

The collection of information on persons under the age of 16 is strictly limited to their name, nationality, and date of birth, and this information can only be provided to us by an adult. We ask you to ensure that your children do not transmit any personal data to us without your authorization (especially via the Internet). If such a transmission should occur, you can contact the Data Protection Officer to have this information deleted.

To meet your requests or provide you with tailored services (e.g., a specific dietary requirement), we may need to collect sensitive information such as racial or ethnic origins, political opinions, religious and philosophical beliefs, union membership, as well as details about health or sexual orientation. In these cases, we will only collect this data with your prior and explicit consent.

  1.  WHEN IS YOUR PERSONAL DATA COLLECTED?

Personal data may be collected on various occasions, including:

  1. Hotel activities:
  1. Room reservations;
  2. Check-in and payment;
  3. Stay at the hotel and services offered during the stay;
  4. CCTV images of hotel buildings operated under the Onomo brand;
  5. Consumption at the hotel bar or restaurant during a stay;
  6. Requests, complaints, and/or disputes.
  7. Participation in marketing programs or events:
  1. Enrollment in loyalty programs or registration in a customer database;
  2. Participation in satisfaction surveys;
  3. Competitions or online games;
  4. Participation in events organized by various hotels;
  5. Subscription to newsletters to receive offers and promotions by email.
  6. Transmission of information from third parties:
  7. Tour operators, travel agencies (online or offline), GDS reservation systems, and others.
  8. Internet activities:
  1. Connections to Onomo websites and Onomo mobile applications (IP address, cookies, in accordance with our cookie policy);
  2. Online data collection forms (online reservations, questionnaires, Onomo pages on social networks, login systems using your social network identifiers, exchanges with a chatbot);
  3. Registration for free hotel Wi-Fi (name, first name, email address).
  1. FOR WHAT PURPOSES IS YOUR DATA COLLECTED?

What is the data retention period?

The table below presents the purposes for which we process your data, the legal basis for this processing, and the associated retention periods:

Purpose/ActivityLegal basis for processing, including legitimate interest pursuedRetention period
Fulfill our obligations to our customers.Processing necessary for the performance of a contract to which you are a party. Processing necessary to comply with a legal obligation. Processing necessary for the pursuit of our legitimate interest in managing our activities and providing you with the requested products and services.10 years from the reservation, in accordance with our legal obligations.
Manage room reservations and accommodation requests, including establishing and retaining legal documents in compliance with accounting standards.
Manage your stay at the hotel: – Managing access to rooms – Monitoring your consumption (phone, bar, etc.).Processing necessary for the performance of a contract to which you are a party. Processing necessary for the pursuit of our legitimate interest in managing our activities and providing you with the requested products and services.For the duration of your stay.
Manage our relationship with customers before, during, and after your stay: Managing the loyalty program Customer database qualification Segmentation operations based on booking history and travel habits for targeted communications, in accordance with the obligations of the European ePrivacy Directive (2002/58/EC as amended in 2009). Forecasting and anticipating future customer behavior Establishing statistics, commercial scores, and reporting activities Providing contextual data to marketing tools. This happens when a customer visits a The Onomo Group website or makes a reservation Knowing and managing the preferences of loyal or non-loyal customers Sending newsletters, promotions, and tourism, hotel, or service offers, or offers from The Onomo Group partners, or contacting you by phone, in accordance with the obligations of the European ePrivacy Directive (2002/58/EC as amended in 2009). Processing necessary for the performance of a contract to which you are a party and for managing your membership in the loyalty program. Processing necessary for the pursuit of our legitimate interest in promoting our services, conducting direct marketing activities (given your commercial relationship with one of the entities of The Onomo Group), and improving our services.If you are not a member of the loyalty program, 3 years from the last time you were active with us in any way. If you are a member of the loyalty program, 6 years from the last time you were active with us in any way.
Improve our hotel service, including: Personalizing your hotel welcome, improving service quality, and customer experience Processing your personal data in our customer marketing program to conduct marketing activities, brand promotion, and better understand your needs and wishes Adapting our products and services to best meet your requests Personalizing commercial offers and relational messages to you – Informing you of special offers and any new service created by The Onomo Group or one of its subsidiaries or partners. Processing necessary for the performance of a contract to which you are a party within the framework of managing your membership in the loyalty program. Processing necessary for the pursuit of our legitimate interest in promoting our services, carrying out direct marketing actions (given your business relationship with one of the entities of the Onomo Group), and improving our services.If you are not a member of the loyalty program, 3 years from the last time you were active with us in any way. If you are a member of the loyalty program, 6 years from the last time you were active with us in any way.
Conducting cross-references, analyses, and combinations through a trusted third party of your data collected during the reservation or your stay to determine your interests, customer profile, and allow us to send you personalized offers.Processing necessary for the pursuit of our legitimate interest in promoting our services, conducting direct marketing activities (given your commercial relationship with one of the entities of The Onomo Group), and improving our services.If you are not a member of the loyalty program, 3 years from the last time you were active with us in any way. If you are a member of the loyalty program, 6 years from the last time you were active with us in any way.
Improve The Onomo Group services, including: Conducting studies and analyses of questionnaires and customer comments Managing complaints – Providing you with the benefits of our loyalty program Processing necessary for the performance of a contract to which you are a party as part of managing your membership in the loyalty program. Processing necessary for the pursuit of our legitimate interest in promoting our services, conducting direct marketing activities (given your commercial relationship with one of the entities of The Onomo Group), and improving our services.If you are not a member of the loyalty program, 3 years from the last time you were active with us in any way. If you are a member of the loyalty program, 6 years from the last time you were active with us in any way. 6 years from the closing date of your file in the event of a complaint or dispute.
Secure and improve your use of The Onomo Group websites, including: Improving navigation, Assistance and maintenance, Implementing security and fraud prevention measures Processing necessary for the pursuit of our legitimate interest in managing our activities, conducting IT services, network administration, and security to prevent fraud.13 months from the collection of information.
Secure buildings and ensure the safety of hotel activitiesProcessing necessary for the pursuit of our legitimate interest in ensuring the safety of people and buildings8 days from the capture of images, the duration may vary depending on local regulations.
Internal management of the list of customers who exhibited inappropriate behavior during their hotel stay (aggression and incivility, breach of the hotel contract, non-compliance with safety rules, theft, damage and vandalism, or payment incidents).Processing necessary for the pursuit of our legitimate interest in managing our activities, conducting IT services, network administration, and security to prevent fraud.Up to 6 months from the recording of an event.
Secure payment operations by determining the level of fraud risk associated with each transaction.   On this occasion, The Onomo Group and the hotels may use the services provided by The Onomo Group’s risk prevention provider to refine their analysis. Depending on the results of the analyses conducted, The Onomo Group may take security measures, particularly by asking the customer to use another booking channel or another payment method. These measures may result in the suspension of the reservation execution or, if the analysis result does not guarantee the security of the order, its cancellation.Processing necessary for the pursuit of our legitimate interest in managing our activities and preventing fraud risk.90 days for analysis and control
Secure property and people and combat unpaid debts. In this context, some hotels have a feature that allows them to categorize as “non-operational” any customer exhibiting inappropriate behavior corresponding to the following categories: aggression and incivility, breach of the hotel contract, non-compliance with safety rules, theft, damage and vandalism, or payment incidents. The “non-operational” status may lead the hotel that made this categorization to refuse the customer’s reservation when they return to the same hotelProcessing necessary for the pursuit of our legitimate interest in managing our activities, securing property and people, and combating unpaid debts.6 months from the registration.
Use the necessary services to identify people present in The Onomo Group hotels in the event of serious events impacting the concerned establishment (natural disasters, attacks, etc.).Processing necessary for the protection of the vital interests of customers.For the duration of the event.
Comply with any applicable legislation (e.g., retention of accounting documents), including: Managing unsubscription requests from newsletters, promotions, tourist offers, and satisfaction surveys, Managing requests from individuals regarding the protection of their personal data Processing necessary for compliance with a legal obligation.For the duration specified in the applicable local legislation.
  1. CONDITIONS FOR THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

The Onomo Group operates in many countries and strives to provide you with uniform services worldwide. To do this, it is necessary to share your personal data with internal and external recipients under the following conditions:

Specifically, information regarding your stays, your preferences, your satisfaction, and, where applicable, your loyalty program is shared among hotels operating under the The Onomo Group brand. This data is used to improve the quality of services and optimize your experience at each hotel. In this context, your data is jointly processed by The Onomo Group and the relevant hotels. To reconcile this legitimate interest with the protection of your rights and freedoms, the obligations and responsibilities of The Onomo Group and each establishment are defined in a specific co-responsibility contract. You have the option to oppose the sharing of this information between the hotels and The Onomo Group at any time by contacting the Data Protection Officer (dpo@onomohotel.com).

  1. We share your data with a limited number of authorized individuals and services within The Onomo Group to provide you with the best possible experience in our establishments. The following teams may have access to your data
  • Hotel staff;
  • Reservation staff using booking tools;
  • IT Services;
  • Business partners and marketing services;
  • Medical services if applicable
  • Generally, any appropriate person from The Onomo Group entities for certain specific categories of personal data.
  1. With service providers, suppliers, and partners: your personal data may be transmitted to a third party to provide you with services and enhance your stay, including:
    • External service providers: IT subcontractors, banks, credit card issuers, external lawyers, routers, printers, etc.
    • Business partners: The Onomo Group may, unless you object to the Data Protection Officer, enhance your profile by sharing certain information about you with its privileged business partners. In this case, cross-references, analyses, and combinations through a trusted third party of your data may be carried out. These treatments will allow The Onomo Group and its privileged contractual partners to determine your interests, customer profile, and allow us to send you personalized offers.
    • Social networking sites: To allow you to easily identify yourself on Onomo sites without having to fill out a registration form, The Onomo Group has implemented a social network login system. If you log in using this system, you explicitly authorize The Onomo Group to access the public data of your account for the relevant social network (e.g., Facebook, LinkedIn, Google, Instagram…), as well as other data mentioned when using this social network login system. The Onomo Group may also securely communicate your email address to social networks to identify if you are already a user of one of these social networks, and if so, to display personalized and relevant advertisements on your social network account.
  2. Local authorities: We may also be required to transmit your information to local authorities if required by law or in the context of an investigation and in compliance with local regulations.
  1. INTERNATIONAL TRANSFERS

As part of the purposes described in Article 6 of this charter, we may transfer your personal data to internal or external recipients who may be located in countries where the level of personal data protection may vary.

Therefore, in addition to this charter, The Onomo Group implements appropriate measures to secure the transfer of your personal data to an Onomo entity or an external recipient located in a country offering a different level of protection from that of the country where the personal data was collected.

Your data may be transmitted, particularly during the reservation process, to Onomo hotels located in Africa, including the following countries: Senegal, South Africa, Cameroon, Morocco, Mozambique, Gabon, Rwanda, Mali, Guinea, Togo, Uganda, and Côte d’Ivoire.

Data flows other than those necessary for the execution of your reservation to countries that do not offer an equivalent level of personal data protection are then governed by standard contractual clauses defined by the European Commission.

  1. DATA SECURITY

The Onomo Group implements rigorous technical and organizational measures to protect your personal data in accordance with applicable legal requirements, particularly Article 32 of the GDPR. These measures aim to prevent any destruction, loss, alteration, misuse, unauthorized access, modification, or disclosure of your data, whether illegal or accidental.

To ensure the security of your information, we have deployed a range of technical measures such as firewalls, intrusion detection systems, and advanced encryption protocols. For example, when transmitting your credit card information during a reservation, we use SSL (Secure Socket Layer) encryption technology to ensure the confidentiality and security of your transactions.

In parallel, organizational measures are in place to strengthen data processing security. This includes strict management of access through a robust identification and password system, the implementation of physical protections in our infrastructures, and strict procedures for controlling access to sensitive data. These measures ensure not only confidentiality but also the integrity, availability, and continuous resilience of our data processing systems and services.

By adopting this comprehensive approach, The Onomo Group is committed to ensuring a high level of security for your personal data, while adhering to the strictest data protection standards.

  1. COOKIES AND OTHER TRACKERS

The Onomo Group uses cookies and other trackers on its websites as well as on its mobile applications to enhance your user experience and provide personalized services. These trackers allow us to collect information about your browsing, preferences, and interactions with our digital platforms to offer you content tailored to your needs.

To learn more about the use of these trackers by Onomo, whether on our websites or our mobile applications, and to configure your preferences, we invite you to consult our tracker policy. This policy is accessible via the “Cookies” link located in the footer of our websites, as well as in the “Privacy Settings” section of our mobile applications.

We encourage you to review this policy to understand the types of trackers we use, their purposes, and the options available to you for managing your cookie and other similar technology preferences. You have the option to accept or reject certain types of trackers, which may impact your user experience and the features available.

The Onomo Group is committed to respecting your privacy choices and providing complete transparency regarding the use of your browsing data, whether on our websites or via our mobile applications.

  1. YOUR RIGHTS

You have various rights concerning your personal data collected by The Onomo Group, in accordance with the applicable legal provisions. You have the right to obtain information about the data concerning you and to access it. If you find that some of your data is inaccurate or incomplete, you can request its rectification. You also have the right to request the deletion of your personal data or to limit its processing under certain conditions defined by law.

Furthermore, you have the right to data portability, which allows you to receive the data you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another data controller. You can also define specific instructions for the processing of your data after your death to ensure that your wishes are respected.

It is important to note that you have the right to object to the processing of your personal data at any time, particularly regarding the sharing of information about your stays, preferences, and satisfaction between The Onomo Group establishments.

To exercise these rights, you can directly contact the Data Protection Officer (DPO) of The Onomo Group. You can do so by email at the following address: dpo@onomohotel.com, or by writing to the following postal address:

African Hotel Development Luxembourg

4-6 rue du Fort Rheinsheim

L-2419 Luxembourg

Grand Duchy of Luxembourg

The Onomo Group is committed to processing your request as quickly as possible and strictly respecting your rights regarding data protection. We encourage you to contact us if you have any questions or concerns about how your data is processed.

For privacy and data protection reasons, we will need to identify you to respond to your request. In case of reasonable doubts about your identity, you may be asked to attach a copy of an official identity document, such as an ID card or passport. In this case, a black and white front copy of one of these documents will suffice. All requests will be processed as quickly as possible and in compliance with applicable law.

You can also exercise your rights regarding your personal data retained and processed by a hotel as the data controller. To do so, you must directly contact the concerned hotel. You will find all the necessary information to contact a hotel on the website www.onomohotels.com.

Finally, you can lodge a complaint with a supervisory authority, and you can contact Onomo’s Data Protection Officer by writing to dpo@onomohotel.com or at the postal address above.

  1. UPDATES

We may periodically modify this charter. Therefore, we invite you to regularly review this charter, especially when making a reservation at one of our hotels.

  1. QUESTIONS AND CONTACTS

For any questions regarding the personal data policy within The Onomo Group, please contact the Data Protection Officer at dpo@onomohotel.com