Northern Alps
Pyrenees
South West
Centre
All our destinations
Why don't you try...

Last update: 29 February 2024

 

The protection of our customers’ personal data is at the heart of our concerns.

This document applies to the data we collect online, on our websites and mobile applications, as well as to data collected offline during events.

We wish to provide you with all the information necessary for your understanding of how your data is used:

  1. Who is responsible for using your data?
  2. With whom is your data shared?
  3. When is your personal data collected?
  4. What data do we collect?
  5. How do we use your data and how long do we retain it?
  6. Are there specific measures for children?
  7. Where is your personal data stored?
  8. How is your data secured?
  9. What are your rights regarding your data?
  10. Any questions? Contact us!

 

  1. Who is responsible for using your data?

When you book and/or access our services, your personal data is processed by:

  • CDA Evolution 2, a company of the Compagnie des Alpes Group, with share capital of €25,364,161, registered with the Paris Trade and Companies Register under number 349 577 908, having its registered office at 50–51 boulevard Haussmann, 75009 Paris,

And,

  • The partners of the EVOLUTION network, each acting independently, for the purposes of processing orders placed on the website https://evolution2.com/ and their execution.

In this policy, “we” refers to these companies, which may act jointly as joint controllers for the processing activities listed below. However, your data is never shared between the partners of the EVOLUTION 2 network.

Although CDA Evolution 2 manages and supervises the IT system used to collect and process your data, only the company with which you have contracted, acting as an independent data controller, is responsible for managing the contractual relationship with you, providing the services ordered, and carrying out marketing and advertising activities relating to its services.

 

  1. With whom is your data shared?
  • Internal recipients within the Network

Your data is processed jointly:

  • By the partner with whom you have contracted for the purposes of ordering your activity,
  • By CDA Evolution 2.

Within these companies, your data is accessible only to a limited number of authorized persons in specific departments (customer service, sales, accounting, IT, etc.), and only when access is necessary for the performance of their duties.

Your data is not shared with other partner companies of the EVOLUTION 2 network, unless you have expressly authorized it.

 

  • External recipients outside the Network

Your data may also be shared with:

  • Technical service providers whose involvement is necessary to carry out the processing activities described below (IT service providers, payment service providers, etc.), solely for processing your order and improving our services, and strictly within the limits of our instructions;
  • Where applicable, national or local authorities, if required by law or as part of an investigation, in accordance with applicable regulations.
  1. When is your personal data collected?

We may collect your personal data on several occasions:

 

  • Online

Via our website or mobile application, to book activities, plan training sessions, receive our newsletters, log in to your account, or use our digital services.

 

  • During your activities / training

When you use our facilities, alone or with your relatives.

 

  • During our interactions with you

When you open or respond to a newsletter or submit a complaint.

 

  1. What data do we collect?

We collect only the data that is strictly necessary for its intended use — nothing more!

Depending on your journey on our websites, we may collect the following information:

  • Information required for booking (last name, first name, email address, date of birth, postal address),
  • Payment information,
  • Phone number,
  • Website navigation data (for more information, please consult our cookie policy): https://evolution2.com/cookies,
  • If necessary and depending on the product purchased, the names and email addresses of your relatives for group or family bookings.
  1. How do we use your data and how long do we retain it?

At the end of the retention periods defined below, we delete your data from our systems or anonymize it so that it can no longer be used to identify you.

 

Processing of personal data : Sale of services

Legal basis : Performance of a contract

Data retention periods :

  For online purchases: 5 years from the date of purchase if the order amount is less than €120, and 10 years if the amount is equal to or greater than €120 (and 5 years for in-store transactions).

  Bank card data is retained by our payment service providers for 13 months after the last debit date for evidentiary purposes in the event of a transaction dispute (15 months for deferred debit cards).

  The card security code is not retained beyond the transaction.

 

 

Processing of personal data : Chatbot

Legal basis : Legitimate interest

Data retention periods : For the duration of the service

 

Processing of personal data : Newsletters / marketing campaigns by email or SMS

Legal basis : Consent, or legitimate interest if you are a customer who has purchased a product via our website, kiosks, or mobile application

Data retention periods : 3 years from your last contact with us (e.g. a request for commercial documentation or a click on a link in our newsletter).

 

Processing of personal data : Complaint handling and after-sales service

Legal basis : Performance of a contract

Data retention periods : 5 years after closure of the complaint.

 

Processing of personal data : Navigation personalization / profiling

Legal basis : Consent

Data retention periods : 13 months

 

Processing of personal data : Organization of selection tests for training courses

Legal basis : Performance of a contract

Data retention periods : Time required to validate the selection tests

 

Processing of personal data : Management of training registrations

Legal basis : Performance of a contract

Data retention periods : 3 years from the end of the training.

 

Processing of personal data : Exercise of GDPR rights

Legal basis : Legal obligations

Data retention periods : 10 years from closure of the request. Where identity verification was required, the supporting document is deleted once verification is completed.

 

Processing of personal data : Dispute management

Legal basis : Legitimate interest

Data retention periods : Until all legal remedies have been exhausted.

 

Processing of personal data : Job applications

Legal basis : Legitimate interest

Data retention periods : 2 years after data collection for unsuccessful applications.

 

  1. Are there specific measures for children?

Although the family dimension of our activities is central to our concerns, we do not carry out any data processing activities specifically targeting children.

If our services are used by a person under the age of 15, we recommend that they be accompanied by an adult. Where necessary, the consent of parents or legal guardians may be collected at the time personal data is gathered.

 

  1. Where is your data stored?

All your personal data is stored exclusively on servers located within the European Union.

Although hosted within the EU, this data may be accessible from third countries when we use technical service providers (e.g. AWS, Microsoft, Google) established abroad (namely the United States and Israel). Access from these countries is considered a data transfer, but is necessary for the proper operation and maintenance of the IT tools they provide.

We make every effort with these service providers to ensure that your data is protected in accordance with European regulations. They act solely on our instructions. A contract is systematically concluded with them, and personal data transfers are governed by strengthened contractual clauses specifically designed for this purpose (Standard Contractual Clauses – SCCs – issued by the European Commission) whenever the laws of the country concerned do not offer protection equivalent to the GDPR. Where applicable, additional technical or legal measures are implemented.

 

  1. How is your data secured?

The security of your personal data is a core concern of the companies within the Compagnie des Alpes Group, which pool their resources to ensure an appropriate and up-to-date level of security.

To preserve the confidentiality and security of your personal data, and in particular to protect it against unlawful or accidental destruction, loss, alteration, unauthorized disclosure or access, the Compagnie des Alpes Group implements appropriate technical and organizational measures and requires the same level of security from its subcontractors. These measures are adapted according to the sensitivity of the data processed and the level of risk.

The Group has implemented procedures to detect, analyze and monitor security incidents and any suspected personal data breaches, and to block access to data at any time. Named authorization management procedures have also been put in place to ensure that access to data is as restricted as possible.

 

  1. What are your rights regarding your data?

You have several rights regarding your personal data held by us:

  • Right to object: You may object to receiving our marketing communications, to decisions related to profiling, or withdraw your consent.
  • Right to rectification: Have you moved or changed your email address? Let us know so we can keep your data up to date!
  • Right of access: You may request a copy of all personal data concerning you in a clear and understandable format.
  • Right to erasure: You may request deletion of your customer account and all associated personal data, except for accounting and tax records and data required to establish proof in the event of litigation, which must be retained by law.
  • Right to restriction of processing: In the event of a dispute, you may request that your data be retained without being used.
  • Right to data portability: You may request to retrieve some of your data so that you can store it elsewhere or transmit it to another system for reuse.

All contact details for exercising these rights are provided below.

 

  1. Any questions? Contact us!

Do you have a question? Would you like to stop receiving our newsletters or delete your account?

We have appointed a Data Protection Officer responsible for answering all your questions and ensuring the protection of your personal data.

To contact them, please use the dedicated form — your request will be processed within a maximum of one month. For mobile applications, remember that you can modify your permissions at any time via your phone settings for each application.

 

You may also contact us:

  • By post :
    CDA EVOLUTION 2 – Personal Data Department
    137 rue François Guise
    73000 Chambéry – France

 

  • By email :
    privacy-evolution2@compagniesdesalpes.fr

 

In case of serious doubt regarding your identity, and if no other solution is possible, you may be asked to provide proof of identity solely to ensure that we are responding to the correct person.

If, despite our efforts, you consider our response to be incomplete, you may contact the French Data Protection Authority (CNIL): https://www.cnil.fr/fr