PRIVACY POLICY

Last updated: January 24, 2026

Protecting your privacy is part of our commitment to delivering exceptional experiences.

1. Who we are

The Corfu Collection is a French simplified joint-stock company (EI), registered with the Vannes Trade and Companies Register under number 851 808 451, with its registered office at 56000 Vannes, France (hereinafter referred to as “We”, “Us” or “The Corfu Collection”).

The Corfu Collection acts as the data controller of your personal data.

We place great importance on the protection of your personal information and are committed to complying with applicable regulations, including the General Data Protection Regulation (GDPR) and French data protection laws.

2. What data do we collect?

We may collect the following categories of personal data:

– Identity data: first name, last name, date of birth, gender.
– Contact details: email address, telephone number, postal address.
– Stay-related information: booking history, copies of identity documents, bank details.
– Sensitive data (only if provided by you): allergies, dietary requirements, special needs, and potentially religious beliefs or personal convictions.
– Website usage data: cookies, interactions, preferences, browsing behavior.
– Any information you voluntarily provide through our website or services.

Third-party data: if you provide us with personal data relating to other individuals (e.g. guests participating in a stay), you must ensure that they have been informed and have given their consent.

3. Cookies and trackers

3.1 What is a cookie?

A cookie is a small file stored on your device that helps improve your browsing experience (login, personalization, statistical tracking, recommendations, etc.).

3.2 Our use of cookies

We use cookies for the following purposes:

– Website functionality and security
– Analytics and performance measurement
– Content personalization and targeted advertising

Your consent is requested during your first visit and must be renewed every six (6) months for cookies requiring consent. You may manage your preferences at any time.

4. How do we collect your data?

4.1 Directly from you

– Creation of a client or property owner account
– Booking requests or information inquiries
– Communications via email, telephone or messaging services (e.g. WhatsApp)

4.2 Through third-party services

We rely on trusted third-party providers for:

– Analytics & statistics: Google Analytics 4, Meta Events Manager
– Customer relationship management: Airtable
– Forms and surveys: ContactForm7
– Advertising & remarketing: Google Ads, Meta Ads, Pinterest Ads
– Hosting & infrastructure: O2Switch

Each service is detailed in our legal notices, including its purpose and a link to its privacy policy.

5. Legal bases for processing

Your personal data is processed based on one or more of the following legal grounds:

– Contract performance: bookings, services, customer relationship management
– Consent: newsletters, marketing communications, sensitive data
– Legal obligations: KYC requirements, accounting and tax obligations
– Legitimate interest: service improvement, statistics, security

You may withdraw your consent at any time without affecting the lawfulness of prior processing.

6. Data sharing

Your data may only be shared with:

– Our internal teams to process your requests
– Trusted partners and service providers (hosting, payment, customer support) offering adequate security guarantees
– Independent real estate partners (with your consent) to propose properties
– Public authorities where required by law

We never sell your personal data to non-partner third parties.

7. Data transfers outside the EU

Your data may be transferred outside the European Economic Area (EEA). Such transfers are carried out in compliance with applicable regulations, based on:

– Your explicit consent, or
– Standard contractual clauses, or
– An adequacy decision issued by the European Commission

8. Data security

We implement appropriate technical and organizational measures to protect your personal data against loss, unauthorized access, alteration or disclosure.

⚠️ Disclaimer: No data transmission over the Internet is entirely secure. If you suspect any security issue, please contact us immediately.

9. Data retention periods

– Newsletter subscriptions: 3 years after last contact
– Data shared with partners: 3 years or until consent withdrawal
– Unconfirmed bookings: 10 years after last contact
– Confirmed bookings: Contracts and invoices: 10 years / Copies of identity documents: 2 months / Files related to bodily injury claims: 10 years

After these periods, data is deleted or anonymized unless required for legal proceedings.

10. Your rights

You have the following rights regarding your personal data:

– Right of access
– Right to rectification
– Right to erasure (“right to be forgotten”)
– Right to restriction of processing
– Right to data portability
– Right to object, particularly to marketing communications
– Right to withdraw consent at any time
– Right to provide post-mortem instructions regarding your data

To exercise your rights, please contact: info@thecorfucollection.com
You also have the right to lodge a complaint with the French Data Protection Authority (CNIL).

11. Changes to this policy

We may update this Privacy Policy from time to time. The date of the latest update is indicated at the top of this page. Any significant changes will be communicated via our website.