Last update: January 31, 2024 The protection of our customers' personal data is at the heart of our concerns. This document applies to the data we collect online, on our websites and mobile applications, but also to the data we collect offline in the resorts or in the ski area, or during events. We would like to provide you with all the information you need to understand how we use your data:

1. Who is responsible for the use of your data?

When you book and/or access our services, your personal data is processed by :
La Compagnie des Alpes, the parent company of the Compagnie des Alpes Group, with share capital of €25,266,567.50, registered in the Paris Trade and Companies Register under number 349 577 908, with registered offices at 50-51 boulevard Haussmann 75009 Paris,
And,
– Grand Massif Domaines Skiables, an affiliated company of the Compagnie des Alpes group and operator of the Grand Massif ski area, with capital of €6,697,620, registered with the Annecy Trade and Companies Register under number B 602 056, having its head office at Flaine (74300) Téléphérique de Flaine – Grandes Platières.

In the present policy, “we” refers to these two companies, which may act together as joint data controllers for the processing operations referred to below.
While Compagnie des Alpes is responsible for managing and supervising the IT system used to collect and process your data, it is the sole responsibility of GMDS, as an independent data controller, to manage the contractual relationship with you, provide you with the services you have ordered, and carry out marketing and advertising operations for its services and brands or ancillary services in the ski area (wifi, photos, ski lockers).

2. With whom is your data shared?

Internal recipients within the Compagnie des Alpes Group:
Your data is processed jointly by GMDS and Compagnie des Alpes, the parent company of the Compagnie des Alpes Group.
Within these two companies, your data is only accessible to a limited number of people, within specific departments (customer services, sales, accounting, IT, etc.), only if access to the data is necessary for the needs of their functions.
Your data will not be shared with other Compagnie des Alpes Group companies, unless you have expressly authorized us to do so.
Recipients outside the Compagnie des Alpes Group:
Your data may also be shared with recipients outside the Compagnie des Alpes Group:
– To all our technical service providers whose intervention is necessary to carry out the processing mentioned below (IT service providers, payment service providers, etc.), for the purpose of processing your order and improving our services and exclusively within the limits of our instructions;

– To social networks, only if you choose to create your customer account via the quick “social login” procedure.
If you choose this option, you will be able to use your Apple or Google account to register on our site, without having to re-enter your personal information. By using this feature, you agree to share certain information about you with us, from your social network.
The data transmitted to us by the social network is your first and last name and e-mail address. This data is required to create your customer account. We do not communicate information to social networks about your activities and orders on the skipass-grand-massif.com site and our mobile application, however these networks will have information relating to connections to your account. We invite you, before using the “Social Login”, to read the privacy policies of the social networks in order to inform yourself about their use of your data.
Apple
Google

– Only with your express consent, to our partners, in order to receive more promotional offers and other good deals by e-mail (e.g. tourist office, ski school, etc.) from them. In this case, the list of partners will be communicated to you when we receive your consent.

You may also receive communications relating to activities in the resort where you have purchased your lift passes. These communications are sent to you thanks to our partnership with the tourist offices, with whom we write newsletters about the destination, the ski lifts being a major player in the life of the resort. Your data is neither shared nor re-used by these partners in this context.

– Where applicable, to national or local authorities, if required by law or as part of an investigation and in accordance with regulations.

3. When is your personal data collected?

We may collect your personal data on various occasions:
Online:
On our website or mobile application, to order lift passes, receive our newsletters, log in to your account or take advantage of our digital services.
Within our resorts and ski areas:
When you use our facilities, alone or with friends and family: at the checkout, at our automatic terminals, accessibility for disabled people, access to reduced rates, use of our public wifi, video surveillance.
When we interact with you:
When you open or reply to a newsletter, take part in a satisfaction survey or a competition. When you contact customer service to make a complaint.

Via our Partners:
When you access our services through an intermediary (e.g. travel agencies, partner distributors, tourist offices).

4. What data do we collect?

We only collect data that is strictly necessary for their use, no more!
Depending on your visit to the ski area, the resort, or our websites, we may collect the following information:
– Information required to create your customer account (surname, first name, e-mail address, date of birth, postal address)
– Payment information
– Telephone number
– Photographs (for lift pass requirements or via devices or terminals made available in the ski area)
– Passage data (ski pass consumption)
– Browsing data on our site and mobile application (on this subject, please consult our information on cookies).
– Geolocation and geofence (for services on our mobile application only)
– If necessary and depending on the product subscribed to, the surnames, first names, ages and e-mail addresses of your relatives for groups and families
– Supporting documents for access to reduced rates or priority access, the conditions of which are detailed on our website. You will be asked to present original supporting documents at our ticket offices in the resort. A scan of this document may be made, solely for the purpose of combating fraud.

5. How do we use your data and how long do we keep it?

At the end of the retention periods defined below, we delete your data from our systems or make it anonymous so that it can no longer be used to identify you.

Data retention periods

6. Are there any special measures for children?

Although the family dimension of our activities is at the heart of our concerns, we do not direct any data processing specifically towards children.
In the event of use of our services by a person under the age of 15, we recommend that they be accompanied by an adult. The consent of parents or legal guardians may be obtained at the time of collection of their personal data, if required.

7. Where is your data stored?

All your personal data is stored exclusively on servers located within the European Union.
Although hosted within the European Union, this data may be accessed from third countries when we use technical service providers (e.g. AWS, Microsoft, Google) based abroad (i.e. USA, Israel). Accesses from these countries are considered as data transfers, but are necessary for the proper operation and maintenance of the IT tools they offer. These service providers have real expertise, which justifies their involvement.
We make every effort with these service providers to ensure that your data is protected in accordance with European regulations. These service providers only act in accordance with our instructions. A contract is systematically concluded with them and transfers of personal data are governed by the signing of reinforced contractual clauses specifically provided for this purpose (standard contractual clauses -CCT- published by the European Commission) whenever the laws of the country concerned do not offer protection equivalent to the RGPD (so-called “adequate” countries). Where necessary, additional technical or legal measures are put in place.

8. How secure is your data?

The security of your personal data is a core concern for all Compagnie des Alpes Group companies, who pool their resources to ensure that you benefit from an appropriate and up-to-date level of security.
In order to preserve the confidentiality and security of your personal data, and in particular to protect it against unlawful or accidental destruction, accidental loss or alteration, or unauthorized disclosure or access, the Compagnie des Alpes Group takes appropriate technical and organizational measures, and imposes the same level of requirements on its subcontractors. These measures are adapted according to the sensitivity of the data processed and the level of risk.Groupe Compagnie has implemented procedures to detect, analyze and track security incidents and any suspected breach of your personal data, and to block access to the data at any time. We have also put in place procedures for managing personal authorizations, to ensure that access to data is as restricted as possible.Despite our best efforts, vulnerabilities may still exist in our systems. If you believe you have detected a vulnerability, we invite you to contact us via this form (vulnerability disclosure page), respecting the principles described there.

9. What are your rights regarding your data?

You have several rights with regard to your personal data in our possession:
– The right to object: You no longer wish to receive our commercial communications, object to a decision linked to your profiling, or withdraw a consent
– The right to rectify your data: a move? a change of email address? let us know by keeping your data up to date!
– The right to access your data: you can request a copy of all your personal data in our possession, in a comprehensible format.
– The right to delete your data: You wish to delete your entire customer account and all your personal data in our possession. We will comply with your request, with the exception of accounting and tax records relating to your transactions, as well as those required for the constitution of our evidence files (in the event of any litigation), which must be kept.
– The right to freeze the use of your data: if you are faced with a contentious situation and wish to prevent the deletion of your data, your data will be retained without being used.
– The right to take your data with you: You want to retrieve part of your data. You are then free to store it elsewhere, or to transfer it easily from one system to another, for re-use for other purposes.

You will find all our contact information below to exercise these rights.

10. If you have any questions, please contact us!

Have a question? Would you like to stop receiving our newsletters? Delete your account?
We have appointed a Data Protection Officer to answer all your questions and ensure the protection of your personal data.
To contact him, click here!

We invite you to fill in the appropriate form, and your request will be processed within a month. For mobile applications, don’t forget that you can modify your authorizations at any time from your phone’s settings, for each of your applications.
Form in French
English form

You can also contact him:
– By post at the following address: GMDS – Service Protection des données personnelles – 8 rue du Château – 74340 SAMOENS;
Or
– By e-mail at the following address: gmds.privacy@compagniedesalpes.fr

If we have serious doubts about your identity, and if it cannot be done otherwise, you may be asked to provide proof of identity in order to process your request, simply to ensure that we are dealing with the right person.
If, despite our efforts, you feel that our response is incomplete, you may contact the CNIL.