Privacy Policy

Last updated: 17 March 2026

Table of Contents

• 1. Introduction
• 2. Data Controller
• 3. Data Collected
• 4. Purposes of Processing
• 5. Data Recipients
• 6. Hosting and Data Transfer
• 7. Retention Period
• 8. Your Rights (Access, Rectification, Deletion)
• 9. Cookies and Trackers

1. Introduction

The purpose of this privacy policy is to inform you about how we collect, use, and protect your personal data when using our accommodation booking site.

We are committed to respecting the privacy of our users and complying with the General Data Protection Regulation (GDPR) and the French “Informatique et Libertés” law.

2. Data Controller

The controller for the data collected on this site is:

• Name / Trade Name: Didier Azibert (EI), operating under the trade name Runzil.
• Postal Address: 39 rue des Ormeaux, 97434 Saint-Paul, La Réunion (France).
• Contact Email: contact (at) runzil.com

3. Data Collected

As part of the booking of our accommodations, we are required to collect the following information:

• Identity: Last name, first name. A copy of an identity document (ID card or Passport) may be requested for identity verification or to fulfill legal obligations (police form for foreign travelers).
• Contact: Email address, phone number, postal address.
• Booking Information: Dates of stay, number of travelers.
• Payment and Security Deposit Data: Transactions are processed securely by our providers. We do not store your full credit card numbers on our own servers.
• Connection Data: IP address, connection logs (secured via Cloudflare), anonymized navigation data (via Umami).

4. Purposes of Processing

Your data is collected for the following reasons:

1. Booking Management: Validation of the stay, sending the rental contract, communication of access codes.
2. Security and Fraud Prevention: Verification of the tenant’s identity, protection of the website (WAF), and securing the security deposit.
3. Legal Obligations: Invoicing, accounting, and individual police forms for foreign travelers (Article R. 611-42 of the French CESEDA code).
4. Customer Relations: Responding to your information requests via the contact form.
5. Site Improvement: Privacy-friendly audience measurement, without individual tracking, via Umami.

The legal basis for this processing is the execution of the rental contract (GTC), compliance with our legal obligations, and our legitimate interest (for network security and anonymous statistics).

5. Data Recipients

Your data is strictly confidential. It may be shared with our technical sub-contractors:

• Host and Management Software (PMS): The company Hostex.io, which provides the site’s technical infrastructure and the booking engine.
• Payment Providers:
  • Stripe (or equivalent) for payment of the stay.
  • Tyllt for the secure management of the bank pre-authorization (security deposit).
• Technical Security: Cloudflare, used as a content delivery network (CDN) and firewall, through which traffic passes.
• Audience Measurement: Umami (anonymized statistics).
• Third-party Content Providers: If you view integrated content on our site (e.g., YouTube videos, Instagram posts), these platforms (Google, Meta) may process your connection data according to their own privacy policies.
• Cleaning/Reception Staff: Only information necessary for the welcome (name, dates), if applicable.
• Authorities: In case of a legal obligation (e.g., tax or judicial request, police form).

We never sell or rent your data to third parties for commercial purposes.

6. Hosting and Data Transfer

The site is edited by Didier Azibert (Runzil) but hosted by the Hostex.io solution. Traffic passes through the Cloudflare network infrastructure.

We ensure that our providers comply with current security standards. Regarding certain technical tools (e.g., Stripe, Cloudflare, third-party integrations), data may be transferred outside the European Union (notably to the United States); these transfers are governed by standard contractual clauses or the Data Privacy Framework.

7. Retention Period

• Data relating to booking and invoicing: Kept for 10 years (French accounting obligation).
• Police forms (foreigners): Kept for 6 months then destroyed/anonymized.
• Contact data (excluding invoicing): Kept for 3 years after the end of the commercial relationship, unless you request its deletion.
• Statistical data (Umami): As IP addresses are anonymized at the source, no personal data is kept for audience measurement purposes.

8. Your Rights (Access, Rectification, Deletion)

In accordance with the GDPR, you have the following rights regarding your data:

• Right of access and rectification.
• Right to erasure (“right to be forgotten”).
• Right to restriction of processing.
• Right to data portability.
• Right to lodge a complaint with the CNIL (www.cnil.fr) if you feel your rights are not being respected.

How to exercise your rights?

For any request relating to your personal data (access, deletion, modification), we have set up a simplified procedure via a dedicated form.

Please click on the following link to submit your request: 👉 Request for exercise of rights (GDPR)

We commit to responding to you within one month of receiving your request via this form.

9. Cookies and Trackers

Our cookie policy is minimalist and respectful of your privacy:

1. Strictly necessary technical cookies: Essential for the proper functioning of the booking process (session, cart, Cloudflare security). They do not require your consent according to the ePrivacy directive.
2. Cookie-less audience measurement: We use Umami for our statistics. This tool is configured to place no tracking cookies on your device and does not track users across different sites.
3. Third-party content (Media): Our site may integrate external media (YouTube videos in “enhanced privacy/no-cookie” mode, Instagram posts). Interacting with or viewing this content may result in the placement of cookies by these platforms (Google, Meta). You can configure your browser to block these third-party trackers.