VERSION 27/10/2025

ARTICLE 1: FOREWORD

The GDPR and you

Personal data protection is one of our main concerns. This is why LOUVRE HOTELS GROUP is committed to processing your personal data in accordance with the General Data Protection Regulation (Regulation EU 2016/679 of 27 April 2016) (hereinafter referred to as the “GDPR”) and the French Data Protection Act (Act No. 78-17 of 6 January 1978, as amended). The purpose of the personal data protection policy is therefore to inform you about:

• Data controllers
• How your personal data is collected and processed
• The recipients of your personal data
• Your rights regarding the use of your personal data
• Our mutual obligations in relation to the protection of personal data

This policy applies to applicants, external applicants or employees of LOUVRE HOTELS GROUP and its subsidiaries who are seeking internal mobility. For the purposes of this policy, all such persons are referred to as “applicants”.

ARTICLE 2: GLOSSARY

We promise you will understand!

Personal data means any information relating to an identified or identifiable natural person, i.e. information allowing such natural person to be directly (e.g.: surname, first name, etc.) or indirectly identified (e.g.: email address, etc.).

Personal Data Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (e.g.: collection, recording, organisation, storage, transmission of data, erasure, etc.).

The Data Controller determines the purposes (objectives) and the means of processing to achieve these purposes.

The Data Processor (or Third Party) processes Personal Data on behalf of the Data Controller and in accordance with its instructions.

ARTICLE 3: GENERAL PRINCIPLES

We have legal obligations!

Pursuant to the provisions of Article 5 of the GDPR, the collection and processing of your Personal Data complies with the following principles:

• Lawfulness, fairness and transparency: the collection and processing of your Personal Data is only permitted on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, protection of vital interest, public interest).
• Purpose limitation: the collection and processing of your Personal Data is carried out to meet one or more defined purposes.
• Minimisation of data collection and processing: the collection of Personal Data is limited to what is necessary for the proper fulfilment of the purposes for which it is collected.
• Storage limitation: the Data Controller is required to define retention periods for the Personal Data processed. Personal Data shall only be kept for as long as necessary to achieve the purpose.
• Integrity and confidentiality of data collected and processed: the Data Controller undertakes to safeguard the integrity and confidentiality of the Personal Data collected.

ARTICLE 4: DATA CONTROLLER

We are responsible for the data entrusted to us!

The processing of your Personal Data in connection with the management of your application or internal mobility is carried out by LOUVRE HOTELS GROUP, a Simplified Limited Company (Société par Actions Simplifiées), with a share capital of € 117,624,016, registered with the Trade Register of Nanterre under number 309 071 942, whose registered office is located at Tour Voltaire, 1 Place des Degrés, 92800 Puteaux, France, as the Data Controller.

This means that we control how your Personal Data is processed and that we decide on the purposes of such processing. It also means that we give specific instructions to our Data Processors, who may process your Personal Data on our behalf. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure the protection of your Personal Data.

Hotels are autonomous and independent entities. Therefore, when you apply for a position at one of these hotels, your Personal Data is processed by both the LOUVRE HOTELS GROUP and the hotel in question, each acting as a Data Controller with its own purposes.

Any Processing of Personal Data carried out by the hotels is governed by a personal data protection policy specific to each hotel in its capacity as Data Controller. All hotels are required to comply with the principles of protection of your Personal Data in accordance with the applicable regulations and to ensure that your rights are upheld when you exercise them.

ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED – WHAT DATA?

What do we know about you?

Pursuant to the minimisation principle, we only collect Personal Data that is required to fulfil our objectives. Accordingly, in connection with managing applications, the Data controllers may collect and process the following information:

• Identity data: Civility, surname, first names, date of birth;
• Contact data: Postal address, email address, telephone number;
• Professional life data: Professional experience, languages spoken, qualifications, availability (night work, etc.)
• Personal life data: Information about driving license, hobbies and interests, etc.
• CV data and free-form fields: Any information you provide and share with us.
• Connection and browsing data: IP address, connection history, cookies, etc.

Please note that when you submit your application, we do not require any sensitive data such as highly Personal Data (social security number) or legal data (criminal record), or data regarding your financial situation. This data may be collected and processed for administrative purposes if your application is successful.

We are aware of the sensitive nature of this information and are committed to ensuring a high level of confidentiality and compliance with our legal and regulatory obligations. If you would like more information, on joining the group you will be asked to read the “Human Resources” Personal Data policy, which will be provided to you by the relevant Data Controller.

ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: FOR WHAT PURPOSES?

Let us explain!

ARTICLE 7: PERSONAL DATA COLLECTED AND PROCESSED: WHO HAS ACCESS TO YOUR PERSONAL DATA?

We do not share it with just anyone!

The Personal Data we collect may be transmitted for various purposes:

• To authorised personnel of LOUVRE HOTELS GROUP;
• To authorised personnel of the hotels in the LOUVRE HOTELS GROUP network;
• To authorized persons at our service providers who are subcontractors of LOUVRE HOTELS GROUP, in particular in charge of part of the recruitment, maintenance and security of the site, communication tools ;
• To social media sites acting as Data Processors in order to identify whether you are a user of one of these social media sites (such as LinkedIn) and enable you to apply from your profile;
• Any regulatory, statutory, governmental or other authority, agency or body and relevant sector regulator, if required by law or in the context of an investigation and in accordance with local regulations.

Please note that the use of service providers is necessary for the proper fulfilment of the purposes and we undertake to verify and guarantee their compliance with the GDPR.

LOUVRE HOTELS GROUP and the hotels undertake not to pass on your personal data to third parties or external organisations without your express consent and not to sell, transfer or communicate the data collected to unauthorised third parties.

LOUVRE HOTELS GROUP does not use automated decision-making based on your personal data. No profiling is carried out when processing your personal data, and the data we collect will never be used without human intervention, including when assessing your profile in relation to the position for which you have applied.

ARTICLE 8: YOUR RIGHTS You hold all the cards!

Pursuant to current regulations, you have the following rights regarding your personal data:

• Right to access: You can, at any time, access your personal data that we hold about you;
• Right to rectification: You can make a request to complete or correct your personal data;
• Right to object: You retain, at any time, the right to object to the use of your personal data;
• Right to restriction of data processing: You can request the restriction of the future processing of your personal data under certain conditions;
• Right to erasure: You can also request the deletion of your personal data;
• Right to data portability: You have the right to request the transmission of your personal data to another organization;
• Erasure of data after death: You can, decide what happens to your digital personal data after your death.

If you wish to exercise your rights, you can contact our data protection officer:

By email: hrgdpr@louvre-hotels.com

By post to the following address:

LOUVRE HOTELS GROUP – DPO

Tour Voltaire, 1 place des Degrés

92800 Puteaux

FRANCE

You may exercise these rights at any time, free of charge, except in cases of blatantly unfounded or excessive requests (in particular due to their repetitive nature). In this exceptional case, we reserve the right, in accordance with the GDPR, to require payment of reasonable costs or to refuse your request.

Following your request to exercise your rights, you will be sent a response within 1 (one) month of receipt of the request, which may be extended by 2 (two) months given the complexity of your request.

You also have the right to file a complaint with the relevant supervisory authority (in France: the Commission Nationale de l’Informatique et des Libertés (French Data Protection Authority), or “CNIL” www.cnil.fr ).

You may also exercise your rights in relation to your Personal Data processed by a hotel in its capacity as Data Controller. Please exercise your rights directly with the hotel and consult its Personal Data protection policy if necessary.

ARTICLE 9: WHAT ARE YOUR OBLIGATIONS

That’s right, you also have obligations!

• Accuracy of Personal Data

As an applicant, you represent that you are aware of the importance of the accuracy of your Personal Data. You therefore undertake to only provide accurate Personal Data.

In this regard, you may request that your personal data be corrected or erased as provided for in Article 8 of this policy.

• Management of Personal Data of persons under 15 years of age

We do not knowingly collect or ask for Personal Data for persons under 15 years of age.

In the event that such transmission occurs, as the legal representative of the person under the age of 15, you may contact the human resources department of LOUVRE HOTELS GROUP, whose contact details are provided in Article 8, or the relevant hotel so that this information can be deleted.

• Free fields

In general, failure to complete the fields marked with an asterisk (*) on the website will prevent us from providing you with all or part of the website’s features. Your application may not be considered if these mandatory fields are not completed.

The other fields are optional and are intended to allow you to provide information that you consider useful for the processing of your application for the position in question.

When a form includes a free text field, we ask that you only provide information that is strictly objective and essential to your application and that you never disclose sensitive data (such as credit card numbers, health data, etc.).

• Sensitive Personal Data

We do not collect “sensitive” Personal Data.

We remind you that revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the purpose of specifically identifying a natural person, data concerning health or data pertaining to a natural person’s sex life or sexual orientation is considered sensitive Personal Data.

If you willingly provide us with sensitive Personal Data, especially in the free field when you apply, in your CV, or during your interviews in connection with your application, you acknowledge that you have given us your explicit consent to process these special categories of Personal Data.

ARTICLE 10 – HOW DO WE PROTECT YOUR PERSONAL DATA?

Cybersecurity: we are all stakeholders, we are all affected, we are all responsible!

We implement appropriate technical and organisational measures to:

• Protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access to such Personal Data.
• Ensure the confidentiality, integrity, availability and ongoing resilience of systems and services
• Restore the availability of Personal Data and access thereto within appropriate timeframes in the event of an incident

We operate systems and networks protected by industry-standard security measures and use secure protocols on unsecured networks to protect the transmission of your Personal Data. In addition, access to your Personal Data is restricted to authorised personnel and service providers.

Although we strive to protect our recruitment site and systems at all times, we cannot control all risks associated with the operation of the Internet and draw your attention to the existence of potential risks inherent in its operation.

When we need to share your Personal Data with our Data Processors, we take all necessary measures to ensure that the third party recipients have implemented appropriate technical and organisational measures to protect your Personal Data.

ARTICLE 11: DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

Even outside Europe, we take care of your Personal Data!

As part of providing our services, we may need to transfer your Personal Data to recipients, especially Third Parties or hotels in the network, which may be located outside the European Economic Area (EEA), in countries that may have different rules on the protection of Personal Data.

In the event of a transfer of Personal Data outside the EEA, we undertake to comply with the requirements of the applicable regulations and to implement the appropriate safeguards needed for such a transfer.

ARTICLE 12: UPDATES TO THE DATA PROTECTION POLICY

It is important to keep up to date!

If any clause of this policy is invalid, especially due to a change in legislation, applicable personal data protection regulations or a court decision, this shall in no way affect the validity of the other clauses of the policy.

This policy is governed by French law.

It is subject to updates. The previous policy will then be lawfully replaced by the new version posted online. The latter will immediately become enforceable upon you. Use of the website is subject to the policy in force at the time of use.

We recommend that you consult the policy on a regular basis to be kept informed of any changes and updates.

ARTICLE 1: WHAT IS A COOKIE?

A cookie is a text file that is placed on your device (computer or mobile device) when you visit a website, mobile application, or online advertisement. Cookies are managed by your web browser or the mobile application you use, and only the issuer of a cookie can decide to read or modify the information contained therein.

Cookies have several functions, such as allowing you to navigate efficiently on a website or mobile application, remembering your choices, and offering you relevant advertising content based on your interests expressed during your browsing.

FOREWORD

LOUVRE HOTELS GROUP and its partners use cookies to secure and optimize your browsing experience on the website. These cookies enable LOUVRE HOTELS GROUP and its partners to collect information over time as you browse the website, including certain Personal Data.

Some cookies placed by our partners may allow them to track your browsing habits when you leave our site. Please note that we do not control our partners' websites and are not responsible for their privacy statements, which we encourage you to read.

The purpose of this policy is to explain what cookies are, how they are managed on our site, and how you can opt out of them.

Capitalized terms refer to the definitions in the privacy policy above.

ARTICLE 2: IS YOUR CONSENT REQUIRED?

Your consent is required in all cases except for cookies that are strictly necessary for the proper functioning and security of the website.

Website publishers must:

• Inform users of the purpose of cookies;
• Obtain user consent (except for strictly necessary cookies);
• Provide a means for users to withdraw this consent.

You can withdraw your consent at any time via the “Preference Center” tab in the banner at the bottom of our website.

If you withdraw your consent for certain categories of cookies, Louvre Hotels Group cannot be held responsible in any way for any malfunctions in the use or display of the website that you may encounter.

ARTICLE 3: WHAT TYPES OF COOKIES DO WE USE?

The cookies used by Louvre Hotels Group and its partners fall into the following categories:

• Strictly necessary cookies: these cookies are essential for the proper functioning of our website. They enable you to browse the website and use its essential features (facilitating your browsing, managing your authentication, remembering your language, etc.). These cookies do not require your consent. They can be blocked from your browser. However, this may have potentially negative effects on the functioning of and access to certain parts of the website.
• Functionality cookies: these cookies may be set by us or our partners to establish a profile of your interests. They enable us to understand your usage habits, interactions, and preferences, and activate certain features to improve your browsing experience. If you do not allow these cookies, certain features of the site may not function properly.
• Performance cookies: these cookies may be set by us or our partners. They enable us to understand how our site is used, compile statistics and identify our most popular pages and content in order to improve the functioning of our site and the experience we offer you. Refusing these cookies will affect our ability to optimize our products and services.
• Targeted advertising cookies: these cookies may be set by us or our partners. They enable us to define a profile of your interests in order to offer you more relevant advertising and/or to measure the performance of our advertising campaigns. If you do not allow these cookies, your advertising will be less targeted.

You can:

View the complete list of cookies by category in the “Preference Center” accessible in the banner at the bottom of our site.

Manage your consent to the use of these different categories of cookies via the “Preference Center” accessible in the banner at the bottom of our site.

Consult the “Google Privacy Policy and Terms of Use” via the link below: https://business.safety.google/privacy/

ARTICLE 4: IS IT POSSIBLE TO IDENTIFY ME USING COOKIES?

Cookies enable the recording of information such as the pages visited on the website, information related to your application, login information, search history, and language preferences. Some cookies used by our advertising partners to track your online activity in order to offer you targeted advertising process data that may be considered Personal Data and, as a result, subject to the GDPR.

ARTICLE 5: HOW LONG ARE COOKIES STORED?

Cookies are stored either for the duration of your visit to the website or for a maximum period of thirteen (13) months after they were first placed on your device, and user choices are stored for six (6) months so that you are not asked again for a certain period of time.

At the end of the storage period, the Personal Data collected through cookies will be deleted.

ARTICLE 6: HOW TO OPPOSE THE USE OF COOKIES?

Except for strictly necessary cookies, the storage of a cookie on a device is subject to your consent, which you can express and modify at any time through the various choices offered to you via the “Preference Center” accessible in the banner at the bottom of our site.

Other options are available to users to oppose cookies:

• Cookie settings in your browser
• Users can configure their browser so that HTTP cookies are stored on their device or, conversely, are rejected, either systematically or depending on their issuer.
• Users can also configure their browser so that they are asked to accept or refuse cookies on a case-by-case basis, before a cookie is likely to be stored on their device.

Each browser has different settings for managing cookies and cookie preferences. These settings can be found in the browser's help menu, which will tell you how to change your cookie preferences:

• For Microsoft Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
• For Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=fr
• For Safari: https://support.apple.com/kb/PH21411?locale=fr_FR&viewlocale=fr_FR
• For Safari iPhone/iPad: https://support.apple.com/fr-fr/HT201265
• For Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences
• For Opera: http://help.opera.com/Windows/10.20/fr/cookies.html

Advice from the CNIL

The CNIL website offers advice on how to limit the traceability of your web browsing.

You can access their article on the subject via the following link: https://www.cnil.fr/fr/cookies-et-autres-traceurs/comment-se-proteger/maitriser-votre-navigateur

ARTICLE 7: GENERAL INFORMATION AND MODIFICATIONS TO OUR POLICY

In the event that one of the clauses of this policy is invalid, in particular due to a change in legislation, applicable regulations on the protection of personal data, or a court decision, this shall in no way affect the validity of the other clauses of the policy. This policy is governed by French law. This policy is subject to updates, which will be posted online. The previous policy will then be automatically replaced by the new version. The latter will immediately become binding on you. Use of the site is subject to the policy in force at the time of use.

In order to stay informed of any changes and updates, we recommend that you consult the policy regularly.