Privacy Policy

At Murmures, your privacy matters deeply to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, make a booking enquiry, or stay at our guest house.

By using our website or services, you acknowledge the practices described in this policy. We encourage you to read it carefully. If you have any questions, please reach out to us at bonjour@murmures.paris.

The data controller responsible for processing your personal data is:

We collect personal data in the following contexts:

Booking enquiries and reservations

When you submit an enquiry through our website or make a reservation (directly or via third-party platforms), we may collect your name, email address, phone number, dates of stay, number of guests, and any special requests or dietary preferences you share with us.

Identity verification at check-in

Under French law (Article R. 611-42 of the Code for Internal Security), accommodation providers are required to record the identity of every guest upon arrival. We collect your full name, date of birth, nationality, and ID document number. This information is kept in a police register (fiche de police) as required by regulation.

Contact form and email

When you contact us through our website or by email, we collect your name, email address, and any information you include in your message.

Automatically collected data

When you browse our website, certain technical data is automatically collected, including your IP address, browser type, operating system, referring URL, pages visited, and the date and time of your visit. This data is collected through cookies and analytics tools (see Section 7).

We process your personal data based on the following legal grounds under the GDPR:

• Contractual necessity: to process your booking, manage your stay, and respond to your enquiries.
• Legal obligation: to comply with French accommodation regulations, including the identity registration requirement and tax reporting obligations.
• Legitimate interest: to improve our services, ensure the security of our website, and understand how visitors use our site through anonymised analytics.
• Consent: for the use of non-essential cookies and, where applicable, for sending you promotional communications about Murmures.

Your personal data is used to:

• Process and manage your booking or enquiry
• Communicate with you regarding your reservation or stay
• Fulfil our legal obligations (identity registration, tax reporting)
• Improve the quality of our services and personalise your experience
• Analyse website usage to improve our content and performance
• Protect the security of our website against spam and abuse
• Send promotional communications, only with your prior consent

We may share your personal data with the following categories of third parties, strictly as necessary:

• Booking platforms: If you book through Airbnb, Booking.com, or Smoobu (our booking management system), your data is processed according to their respective privacy policies.
• Email service provider: We use Resend to send transactional emails (booking confirmations, enquiry responses).
• Analytics providers: Google Analytics (see Section 7) processes anonymised browsing data.
• Security services: Cloudflare provides security and performance services for our website, including Turnstile (bot protection).
• Government authorities: When required by law, particularly for the police register (fiche de police) maintained by accommodation providers.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Our website uses the following technologies:

Google Analytics (GA4)

We use Google Analytics 4 to understand how visitors interact with our website. GA4 collects anonymised data about page views, session duration, device type, and geographic region. IP addresses are anonymised before processing. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Cloudflare Turnstile

We use Cloudflare Turnstile to protect our contact and booking forms against automated submissions. Turnstile may collect limited technical data to verify that a visitor is human, without requiring a traditional CAPTCHA. Data processed by Cloudflare is subject to Cloudflare's Privacy Policy.

Essential cookies

Our website may use strictly necessary cookies to ensure basic functionality such as navigation and session management. These cookies do not require consent under applicable regulations.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

• Booking and guest data: retained for up to 3 years after your last stay, in accordance with commercial retention practices.
• Police register (fiche de police): retained for 6 months as required by French law.
• Contact form enquiries: retained for up to 12 months.
• Analytics data: retained for 14 months (Google Analytics default retention period).
• Accounting records: retained for 10 years as required by French tax law.

Once the retention period expires, your data is securely deleted or anonymised.

As a data subject, you have the following rights under the General Data Protection Regulation (EU) 2016/679:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct any inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data, subject to legal retention obligations.
• Right to restrict processing: You may request that we limit how we process your data in certain circumstances.
• Right to data portability: You may request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: You may object to the processing of your data based on legitimate interest or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at bonjour@murmures.paris. We will respond to your request within 30 days.

If you believe your data protection rights have not been respected, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority:

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website uses HTTPS encryption to secure data transmitted between your browser and our servers.

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest practical standard.

Some of our service providers (such as Google and Cloudflare) may process data outside the European Economic Area (EEA). Where such transfers occur, they are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or adequacy decisions, in compliance with the GDPR.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, the updated policy will be posted on this page with a revised date. We encourage you to review this page periodically.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: