Privacy Statement
Last updated: October 28, 2025
Protecting our customers’ personal data is at the heart of our priorities.
This document applies to data we collect online, on our websites and mobile applications, as well as to data we collect offline at resorts or on the ski area or during events.
We want to give you all the information you need to understand how your data is used:
Who is responsible for using your data?
With whom is your data shared?
When is your personal data collected?
What data do we collect?
How do we use your data and for how long do we retain it?
Are there specific measures for children?
Where is your personal data stored?
How is your personal data secured?
What are your rights over your data?
Any questions? Contact us!
1. Who is responsible for using your data?
When you book and/or access our services, your personal data is processed by both:
Compagnie des Alpes, parent company of the Compagnie des Alpes Group, with share capital of €25,364,131.00, registered with the Paris Trade and Companies Register under number 349 577 908, with its registered office at 50–51 boulevard Haussmann, 75009 Paris,
And,
Pralognan – Domaine de Montagne, an affiliated company of the Compagnie des Alpes Group and operator of the Pralognan-la-Vanoise area, with share capital of €1,000,000.00, registered with the Chambéry Trade and Companies Register under number 989 823 653, with its registered office at 137 Rue François Guise, 73000 Chambéry.
In this policy, “we” refers to these two companies, which may act together as joint controllers for the processing operations referenced below.
While Compagnie des Alpes is responsible for managing and supervising the IT system used to collect and process your data, Pralognan – Domaine de Montagne, as an independent controller, is solely responsible for managing the contractual relationship with you, providing the services ordered, and carrying out marketing and advertising operations relating to its services and brands or ancillary services on the ski area (Wi-Fi, photos, ski lockers).
2. With whom is your data shared?
Internal recipients within the Compagnie des Alpes Group:
Your data is jointly processed by Pralognan – Domaine de Montagne and Compagnie des Alpes, the parent company of the Group.
Within these two companies, your data is accessible only to a limited number of people, within specific departments (customer service, sales, accounting, IT, etc.), and only where access is necessary for their duties.
Your data is not shared with other companies in the Compagnie des Alpes Group unless you have expressly authorized it.
External recipients outside the Compagnie des Alpes Group:
Your data may also be shared with recipients outside the Group:
All our technical service providers whose involvement is necessary to carry out the processing operations mentioned below (IT providers, payment providers, etc.), in order to process your order and improve our services, and strictly within the limits of our instructions.
When purchasing on our website or app, you may be offered alternative payment methods such as Apple Pay or Google Pay. Use of these payment methods is optional and at your discretion. For your information, your bank card number is never transmitted. To execute the payment, the following information is shared with us:From Apple: your postal code, your email address, the Apple account number, and, if necessary, the delivery address.
From Google: your postal code, the virtual account number, information about the payment method, and your personal information.
In addition, in the context of payment, we will share the following information:With Apple: the existence of the transaction, but not the nature of the items you purchased or their amounts.
With Google: the existence of the transaction, its date, time and amount, the merchant’s location and description, a description of the goods and services purchased, your name, email, and the payment method used.
For more information, please refer to Apple’s privacy policy and Google’s terms of use, as well as Google Pay’s additional terms.
With social networks, only if you choose to create your customer account using the fast “social login” procedure. If you choose this option, you can use your Facebook, Apple or Google account to register on our site without re-entering your details. By using this feature, you consent to share with us certain information about you from your social network. The data transmitted to us by the social network are your first name, last name and email address. These data are necessary to create your customer account. We do not share information with social networks about your activities and orders on https://www.skipass-pralognan.com/en/ and our mobile app; however, those networks will have information regarding logins to your account. Before using Social Login, we invite you to read the social networks’ privacy policies to understand how they use your data.
Only if you expressly consent, with our partners, so that you may receive more promotional offers and other deals by email (e.g., tourist office, ski school, other Compagnie des Alpes Group companies). In this case, the list of partners will be provided to you when we collect your consent.
You may also receive communications about activities at the resort where you purchased your lift passes. These communications are sent thanks to our partnership with tourist offices, with whom we draft destination newsletters, as lift operators are key players in resort life. Your data is not shared with or reused by these partners in this context.
Where applicable, with national or local authorities, if required by law or as part of an investigation and in accordance with regulations.
3. When is your personal data collected?
We may collect your personal data on different occasions:
Online:
On our website or mobile app, for your lift pass orders, to receive our newsletters, to log in to your account, or to use our digital services.
Within our resorts and ski areas:
When you use our facilities, alone or with your loved ones: at ticket offices, our self-service kiosks, photography devices, accessibility for persons with disabilities, access to reduced rates, use of our public Wi-Fi, ski lockers, video surveillance.
During our interactions with you:
When you open or respond to a newsletter, take part in a satisfaction survey or a contest. When you contact customer service to lodge a complaint.
Via our Partners:
When you access our services through an intermediary (e.g., travel agencies, partner distributors, tourist office).
4. What data do we collect?
We only collect data that are strictly necessary for their intended use—no more. Depending on your journey on the ski area, in the resort, or on our website, we may collect the following information:
Information needed to create your customer account (first name, last name, email address, date of birth, postal address)
Payment information
Phone number
Photographs (for lift pass requirements or via devices/terminals provided on the ski area)
Gate passage data (use of the ski pass)
Browsing data on our website and mobile app (see our cookie information on this topic)
Geolocation and geofencing (for services on our mobile app only)
Supporting documents for access to reduced rates or priority access, the conditions for which are detailed on our website. You will be asked to present original supporting documents at our resort ticket offices. A copy of this document may be made solely for anti-fraud purposes.
Proof of identity in case of doubt about your identity and before we can respond to your request.
5. How do we use your data and for how long do we retain it?
At the end of the retention periods defined below, we delete your data from our systems or anonymize it so that it no longer allows you to be identified.
6. Are there specific measures for children?
While the family dimension of our activities is central to our approach, we do not conduct any data processing specifically targeted at children.
If our services are used by a person under 15 years of age, we recommend that they be accompanied by an adult. Parental or legal guardian consent may be collected at the time their personal data are gathered, if needed.
7. Where is your data stored?
All your personal data are stored exclusively on servers located within the territory of the European Union.
Although hosted in the European Union, this data may be accessed from third countries when we use technical service providers (e.g., AWS, Microsoft, Google) established abroad (namely: United States, Israel). Access from these countries is considered a data transfer but is necessary for the proper functioning and maintenance of the IT tools they provide. These providers have genuine expertise that justifies their involvement.
We do everything possible with these providers to ensure your data are protected in accordance with European regulations. These providers act only under our instructions. A contract is systematically concluded with them, and personal data transfers are governed by the signing of reinforced contractual clauses specifically provided for this purpose (Standard Contractual Clauses—SCCs—issued by the European Commission) whenever the laws of the country concerned do not offer a level of protection equivalent to the GDPR (countries not deemed “adequate”). Where necessary, additional technical or legal measures are implemented.
8. How is your data secured?
The security of your personal data is a central concern for the companies of the Compagnie des Alpes group, which pool their resources to ensure an appropriate, state-of-the-art level of security.
To preserve the confidentiality and security of your personal data—and, in particular, to protect them against unlawful or accidental destruction, accidental loss or alteration, and unauthorized disclosure or access—the Compagnie des Alpes Group adopts appropriate technical and organizational measures and requires the same level of diligence from its processors. These measures are adapted to the sensitivity of the data processed and the level of risk.
The Group has implemented procedures to detect, analyze and monitor security incidents and any suspected personal data breaches, and to block access to data at any time. Named access-rights management procedures have also been established to ensure that data access is as restricted as possible.
9. What are your rights over your data?
You have several rights over your personal data in our possession:
Right to object: You no longer wish to receive our marketing communications, object to a decision related to your profiling, or withdraw consent.
Right to rectification: Moving house? New email address? Let us know by keeping your data up to date.
Right of access: You can request, in an intelligible format, a copy of all personal data concerning you that we hold.
Right to erasure: You wish to delete your entire customer account and erase all personal data we hold. We will comply with your request except for accounting and tax records relating to your transactions, as well as those required to constitute our evidence files (in case of potential legal claims), which we are obliged to retain.
Right to restriction: You are in a contentious situation and wish to prevent your data from being erased; your data will then be kept without being used.
Right to data portability: You wish to retrieve part of your data. You are then free to store it elsewhere or to transmit it easily from one system to another for reuse for other purposes.
You will find all our contact details below to exercise these rights.
10. Any questions? Contact us!
Have a question? Want to stop receiving our newsletters? Delete your account?
We have appointed a Data Protection Officer responsible for answering all your questions and ensuring the protection of your personal data.
To contact them, please use the dedicated form; your request will be processed within a maximum of one month. For mobile apps, remember that you can change your permissions at any time in your phone’s settings for each of your apps.
You can also reach them:
By post: 140 Avenue de Chasseforêt / 73710 PRALOGNAN LA VANOISE
Or
By email: contact@skipass-pralognan.com
In case of serious doubt about your identity, and if no other option is possible, you may be asked to provide proof of identity in order to execute your request—solely to ensure we are acting for the right person.
If, despite our efforts, you consider our response incomplete, you may contact the CNIL https://www.cnil.fr/en.