← Back

Privacy policy

Last updated: May 2026

This page describes how SARL GALLIA (hereafter "we") processes the personal data you send us via the table.galliahotel.fr site, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

1. Data controller

SARL GALLIA — 24 Boulevard Berthollet, 73100 Aix-les-Bains, France — Chambéry Trade Register 919 716 746.<br/>Contact: contact@galliahotel.com.

2. Data collected

When you make a reservation, we collect only the strictly necessary information:

  • first and last name;
  • email address;
  • phone number;
  • date, time and party size;
  • where applicable, occasion, allergies, and free-form message (optional fields);
  • newsletter opt-in, if you have explicitly accepted it.

We do not collect any banking data — the reservation is free and confirmed without a deposit.

3. Purposes & legal bases

  • Reservation management (recording, confirmation, modification, reminder, cancellation) — legal basis: pre-contractual measures at your request (Article 6.1.b GDPR).
  • Operational communication by email and, if needed, by phone — legal basis: legitimate interest in keeping you informed of your reservation.
  • Newsletter, only if you have explicitly ticked the corresponding box — legal basis: consent (Article 6.1.a GDPR), withdrawable at any time.
  • Anonymous traffic statistics via Vercel Analytics (no cookies, no personal identifier) — legal basis: legitimate interest in measuring site traffic.

4. Recipients & processors

Your data is accessible to the restaurant and Hôtel Gallia team. We use the following processors, contractually bound to comply with the GDPR:

  • Vercel Inc. (USA) — site hosting. Transfers to the United States are governed by the standard contractual clauses of the European Commission.
  • Neon (European Union — Frankfurt) — reservations database.
  • Upstash (European Union) — technical rate limiting (anti-abuse).
  • Brevo (France) — sending of transactional confirmation and reminder emails.

Your data is never sold or passed on to third parties for commercial purposes.

5. Retention period

  • Reservations: 3 years from the date of the meal, for customer relationship management and internal statistics, then deletion.
  • Transactional emails (Brevo logs): 6 months.
  • Newsletter: until you unsubscribe (link in every email).

6. Your rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights at any time:

  • access, rectification, erasure;
  • restriction and objection to processing;
  • portability of your data;
  • withdrawal of consent (newsletter) at any time;
  • instructions regarding the fate of your data after your death.

To exercise these rights, write to us at contact@galliahotel.com or by post to: SARL GALLIA — 24 Boulevard Berthollet, 73100 Aix-les-Bains, France. We will respond within one month at the latest.

If you feel your rights are not being respected, you can file a complaint with the CNIL (French data protection authority).

7. Cookies

The site does not use any advertising or tracking cookies. The only cookies set are strictly necessary for the site to function (load balancing, browsing preferences). On that basis, and in line with the CNIL's recommendation, no consent banner is required.

Audience measurement is provided by Vercel Analytics, which aggregates visits anonymously and without cookies (no persistent identifier is stored on your device).

8. Security

Exchanges between your browser and our servers are encrypted in HTTPS. Access to reservation data is restricted to authorised staff, via individual authentication. In accordance with Article 32 of the GDPR, we implement technical and organisational measures appropriate to the sensitivity of the data processed.

9. Policy updates

This policy may be updated. The last update date appears at the top of this page.