Latest update : 31st January 2024
We take the protection of our customers’ personal data very seriously.
This document applies to the data we collect online, on our websites and mobile applications, but also to the data we collect offline in the resorts or in the ski area or during events.
We would like to provide you with all the information you need to understand how we use your data:
When you book and/or access our services, your personal data is processed by both:
- La Compagnie des Alpes, the parent company of the Compagnie des Alpes Group, with a share capital of €25,266,567.50, registered with the Paris Trade and Companies Register under n° 349 577 908, and whose registered office is at 50-51 boulevard Haussmann 75009 Paris,
And,
- Grand Massif Domaines Skiables, an company affiliated with the Compagnie des Alpes Group and operator of the Grand Massif ski area with a share capital of €6,697,620, registered with the Annecy Trade and Companies Register under n° B 602 056, and whose registered office is at Flaine (74300) Téléphérique de Flaine - Grandes Platières.
In this policy, ‘we’ or ‘us’ refers to both companies, which may act together as joint controllers for the processing operations referred to below. Although the Compagnie des Alpes is responsible for managing and supervising the IT system used to collect and process your data, it is the sole responsibility of GMDS, as an independent data controller, to manage the contractual relationship with you, to provide you with the services you have ordered, and to carry out marketing and advertising operations for its services and brands or ancillary services within the ski area (Wi-Fi, photos, ski lockers).
Recipients within the Compagnie des Alpes Group:
Your data is processed jointly by GMDS and Compagnie des Alpes, the parent company of the Compagnie des Alpes Group.
Within these two companies, your data is only accessible to a limited number of people in specific departments (customer services, sales, accounting, IT, etc.), only if access to the data is necessary for the purposes of their work.
On the other hand, your data is not shared with other companies within the Compagnie des Alpes Group, unless you have expressly authorised it.
Recipients external to the Compagnie des Alpes Group:
Your data may also be shared with recipients outside the Compagnie des Alpes Group:
- With all our technical service providers whose intervention is essential for carrying out the processing mentioned below (IT service providers, payment service providers, etc.), with the aim of processing your order and improving our services and exclusively within the scope of our instructions;
- With social media networks, but only if you choose to create your customer account using the speedy ‘social login’ procedure.
If you choose this option, you will be able to use your Apple or Google account to subscribe to our site, without having to re-register details about yourself. By using this feature, you consent to us sharing certain information about you from your social media account.
The data sent to us from the social network is your surname, first name and email address. This data is necessary for the creation of your customer account. We do not communicate information to social networks about your activities and orders on the skipass-grand-massif.com website and our mobile application, however these networks will have information regarding connections to your account. Before using ‘Social Login’, we invite you to read the privacy protection policies of the social networks to find out how they use your data.
· Apple
· Google
- Only if you give your express consent, to our partners, in order to receive additional promotional offers and other great deals by email (e.g. tourist office, ski school, etc) from them. In this case, the list of partners will be communicated to you at the time your consent is obtained.
It is also possible that you may receive communications relating to activities in the resort where you purchased your lift passes. These communications are sent to you as a result of our partnership with the tourist offices, with whom we produce newsletters about the destination, the ski lifts being an important element in the life of the resort. However, your data is neither shared nor re-used by these partners in this context.
- Where applicable, to national or local authorities, if required by law or as part of an investigation and in accordance with regulations.
We may collect your personal data at different times:
Online:
On our website or our mobile application, when you order lift passes, receive our newsletters, log in to your account or take advantage of our digital services.
Within our resorts and ski areas:
When you use our equipment, on your own or with friends and family: at the checkout, at our automatic terminals, disabled access, access to reduced rates, use of our public Wi-Fi, video surveillance.
During our interactions with you:
When you open or reply to a newsletter, take part in a satisfaction survey or a competition. When you contact customer service to make a complaint.
Via our Partners:
When you access our services through an intermediary (e.g. travel agencies, distribution partners, tourist offices).
We only collect data which is strictly necessary for its use, and no more!
Depending on how you use the ski area, the resort or our websites, we may collect the following information:
- Information necessary for the creation of your customer account (surname, first name, e-mail address, date of birth, postal address)
- Payment information
- Telephone number
- Photographs (for lift pass purposes or through terminals available within the ski area)
- Passage date (use of lift pass)
- Browsing data on our website and mobile application (on this matter, please consult our information on cookies).
- Geolocation and geofencing (for services on our mobile application only)
- If necessary, and depending on the product purchased, the surnames, first names, ages and email addresses of your family and friends for groups and families.
- Supporting documents for reduced prices or priority access, the conditions of which are detailed on our website. You will be asked to present original supporting documents at our resort ticket offices. A scan of this document may be made, solely for the purposes of fraud prevention.
At the end of the data storage periods defined below, we delete it from our systems or make it anonymous so that it can no longer be used to identify you.
Duration of data storage
Although the family aspect of our activities is at the heart of our considerations, we do not process data specifically relating to children.
In the event of use of our services by a person aged under 15, we recommend that they be accompanied by an adult. The consent of parents or legal guardians may be obtained at the time of collecting their personal data, where necessary.
All your personal data is stored exclusively on servers located in the territory of the European Union. Although hosted in the European Union, this data may be accessible from non-EU countries when we have recourse to technical service providers (e.g. AWS, Microsoft, Google) which are based abroad (i.e. USA, Israel). Any access from these countries is considered to be a transfer of data, but is necessary for the proper operation and maintenance of the IT tools they offer. These service providers have a genuine expertise justifying their involvement. We make every effort with these service providers to ensure that your data is protected in accordance with European regulations. These service providers only act in accordance with our instructions. A contract is systematically drawn up with these parties, and transfers of personal data are subject to the signature of enhanced contractual clauses specifically designed for this purpose (standard contractual clauses - SCCs - published by the European Commission) where the laws of the country concerned do not offer protection equivalent to that provided by GDPR (so-called ‘adequate’ countries). Where necessary, additional technical or legal measures are put in place.
The security of your personal data is a core concern for the companies within the Compagnie des Alpes group, who pool their resources in order to provide you with an appropriate level of security that is both up to date and state-of-the-art.
In order to preserve the confidentiality and security of your personal data, and particularly to protect it against unlawful or accidental destruction, accidental loss or alteration, or unauthorised disclosure or access, the Compagnie des Alpes Group takes appropriate technical and organisational measures, and imposes the same degree of stringency on its subcontractors. These measures are adapted according to the degree of sensitivity of the data processed and the associated level of risk.
The Compagnie Group has put in place procedures to detect, analyse and monitor security incidents and any suspected breach of your personal data, and to be able to block access to the data at any given moment. Procedures for managing individual authorisations have also been put in place to ensure that access to data is as restricted as possible.
Despite our best efforts, vulnerabilities may still be present in our systems. If you think that you have detected a flaw, we encourage you to contact us using this form (vulnerability disclosure page), in accordance with the principles described therein.
You have a number of rights in relation to your personal data in our possession:
- The right to object: You no longer wish to receive our commercial communications, to object to a decision linked to your profile, or to withdraw consent.
- The right to rectify your data: moving house? change of email address? let us know by keeping your details up to date!
- The right to access your data: you may request a clearly understandable copy of all of the personal data we hold about you.
- The right to delete your data: You wish to delete your entire customer account and erase all of your personal data in our possession. We will comply with your request, with the exception of accounting and tax records relating to your transactions, as well as those required for compiling our legal evidence files (in the event of possible legal action), which we are obliged to keep.
- The right to freeze the use of your data: if you are facing a litigious situation and wish to prevent the deletion of your data, your data will be kept without being used.
- The right to take your data with you: You want to retrieve part of your data. You are at liberty to store it elsewhere or to transfer it easily from one system to another, with a view to re-using it for other purposes.
You will find all our contact details below for you to exercise these rights.
Do you have a question? Would you like to stop receiving our newsletters? Delete your account?
We have appointed a Data Protection Officer to answer all your questions and ensure the protection of your personal data.
Find out how to contact him/her here!
Please fill in the form provided and your request will be processed within the next four weeks. For mobile applications, don't forget that you can change your authorisations at any time in your phone settings, for each of your applications.
Form in French
Form in English
You can also contact him/her:
- By post at the following address GMDS - Service Protection des données personnelles - 8 rue du Château - 74340 SAMOENS ;
Or
- By e-mail at the following address:
gmds.privacy@compagniedesalpes.fr
If there are serious doubts about your identity, and if it cannot be done otherwise, you may be asked to provide proof of identity to enable us to process your request, simply to ensure that we are dealing with the right person.
If, despite our efforts, you feel that our response is insufficient, you can contact the CNIL (French Data Protection Authority).
MEET THE UNEXPECTED
The right info at the right time!
To keep skiing even when you’re not on the slopes!
Bonjour,
Vous souhaitez participer à l'évolution du domaine skiable du Grand Massif et nous vous en remercions !
Complétez le formulaire ci-dessous pour vous tenir informé sur le Grand Massif et participer aux enquêtes de satisfaction :
GRAND MASSIF DOMAINES SKIABLES (GMDS)
8 rue du Château – 74340 – SAMOENS – FRANCE