Excerpt from our privacy policy, dated June 2018
Les Sybelles
Address: 54 rue des Tenettes
73190 SAINT-BALDOPH
VAT Number: FR63929420552
Email: info@sybelles.ski
Phone: +33 (0)4 79 83 02 55
Furthermore, we guarantee you complete control over your own personal data. That is why, as an online customer, you can access the MY ACCOUNT section of this website and manage your personal data and consent there :
- You can update your personal information,
- You can download a copy of your information.,
- You can manage your consent to subscribe to our newsletter,
- Finally, you can delete your customer profile..
Payment data is processed for the purposes of Directive 2015/2366 (EU) and subsequent amendments to payment services in the European internal market (known as PSD2).
Sybelles.ski (“We”) attaches great importance to respecting your privacy and the confidentiality of your data. This policy is intended to inform you of our practices regarding the collection, use, storage, and sharing of data that you provide to us through the website sybelles.skiperformance.com (“the Website”), in accordance with the General Data Protection Regulation (“GDPR”) and the various laws applicable to the protection of personal data.
The purpose of this policy is to inform you about the categories of personal data we may collect or hold about you, how we use it, who we share it with, how long we keep it, how we protect it, and finally, your rights regarding your personal data.
The purpose of Sybelles.ski is to promote the Sybelles ski area.
AThus, as part of our activities, we process your data on behalf of the operators of the ski resorts in the area, namely SOREMET, SAMSO, and SATVAC, in order to enable you to purchase your ski passes online.
By using the Website, you provide us with information, some of which may identify you and therefore constitutes personal data (the “Data”). This is particularly the case when you subscribe to our newsletter or purchase a package on the Website. This information includes the following data:
- Account data: this is the data you provide when creating your account (i.e., your email address, password, identity, date of birth, address, contact details, etc.) or that you add to your account (i.e., your contacts, supporting documents, etc.).
- Purchase data: this is the data you provide when making purchases (identity and date of birth of the skiers for whom the passes are purchased, proof of discount or free admission, rechargeable card number, saved shopping cart, purchase history, etc.).
- Transaction data: this is the data you provide relating to your payment method. The banking data collected is transmitted to third parties who help to process and fulfill your requests.
- Browsing data: this is the data we collect when you browse the Website (i.e., the date, time of connection, browser type, browser language, your IP address, etc.).
- Data collected via forms: this is the data you provide to us when you subscribe to the newsletter or via the contact, suggestion, or complaint forms.
We use the Data we collect about you to:
| Purpose of processing | Legal basis for processing |
|---|---|
| Create your online account to manage your purchases, contacts, and skiers. | Performance of the sales contract |
| Ski pass sales | Performance of the sales contract |
| Newsletter subscription | Your consent |
| Analysis of your browsing | Your consent |
| Responding to your requests, suggestions, and complaints | Your consent |
We transmit your Account Data, Purchase Data, and Transaction Data to the operators of the resorts for which the passes are purchased :
- SAMSO
- SATVAC
- SOREMET.
We work closely with third-party companies that may have access to your Data. These are our service providers in the areas of :
- Online sales, for the purposes of creating an online account and selling ski passes ;
- Management of questions, suggestions, and complaints, for the purpose of responding to your requests, suggestions, and complaints. ;
- Sending the newsletter for the purpose of sending the newsletter ;
- Online payment for the purpose of selling ski passes ;
- Browsing analysis for the purpose of browsing analysis.
We only provide them with the Data they need to perform the services we entrust to them, and we require that they not use your Data for any other purpose. These third parties will only act in accordance with our instructions and will be contractually bound to ensure the same level of security and confidentiality for your Data as we do, and to comply with applicable regulations on the protection of personal data. These third parties have also all provided us with a GDPR compliance certificate detailing their compliance.
Your data will not be kept beyond the period necessary for the purposes set out in this policy, in accordance with the Regulation and applicable laws. However, your Data may be archived beyond the specified periods for the purposes of research, the detection and prosecution of criminal offenses, for the sole purpose of enabling your Data to be made available to the judicial authorities if necessary. Archiving means that your Data will no longer be accessible online but will be extracted and stored on a separate, secure medium.
| Purpose of processing | Legal basis for processing |
|---|---|
| Create your online account to manage your purchases, contacts, and skiers | Until your account is deleted, plus the duration of the legal requirements |
| Sale of ski passes | Three years after your last contact with us, plus the duration of the legal requirements |
| Newsletter subscription | Three years after your last contact or interaction with us, plus the duration of any legal requirements |
| Analysis of your browsing | Until you withdraw your consent or 13 months from the date the cookies were placed on your device |
| Responding to your requests, suggestions, and complaints | Three years after the closure of your last ticket or three years after your last interaction with us, plus the duration of the legal limitation period. |
In accordance with applicable laws and regulations regarding the protection of personal data, you have a number of rights relating to your Data, namely:
- Right of access and information: you have the right to be informed in a concise, transparent, intelligible, and easily accessible manner about how your Data is processed. You also have the right to obtain (i) confirmation that Data concerning you is being processed and, where applicable, (ii) access to and a copy of that Data.
- Right to rectification: you have the right to obtain the rectification of inaccurate Data concerning you. You also have the right to complete incomplete Data concerning you by providing a supplementary statement. If you exercise this right, we undertake to communicate any rectification to all recipients of your Data.
- Right to erasure: in certain cases, you have the right to have your Data erased. However, this is not an absolute right and we may retain this Data for legal or legitimate reasons.
- Right to restriction of processing: in certain cases, you have the right to obtain restriction of processing of your Data.
- Right to data portability: you have the right to receive the Data you have provided to us, in a structured, commonly used, and machine-readable format, for your personal use or to transmit it to a third party of your choice. This right only applies when the processing of your Data is based on your consent or on a contract and when this processing is carried out by automated means.
- Right to object to processing: you have the right to object at any time to the processing of your Data for processing based on our legitimate interest, a mission of public interest, and for commercial prospecting purposes. This is not an absolute right, and we may refuse your request to object for legal or legitimate reasons.
- The right to withdraw your consent at any time: you may withdraw your consent to the processing of your Data when the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint with a supervisory authority: You have the right to contact your data protection authority to complain about our personal data protection practices.
- The right to give instructions regarding the fate of your data after your death: you have the right to give us instructions regarding the use of your Data after your death.
To exercise these rights, you can contact our Data Protection Officer (DPO) by email at the following address: dpo@sybelles.ski
We may require proof of your identity in order to exercise these rights.
Your data may be transferred to a country outside the European Union.
When we transfer your Data outside the European Union, we always do so securely and in accordance with applicable regulations, particularly those relating to the protection of personal data:
- Either by transferring the Data to a recipient located in a country that has been subject to an adequacy decision by the European Commission certifying that it has an adequate level of protection ;
- Either by implementing or having implemented the European Standard Contractual Clauses that have been approved by the European Commission as ensuring an adequate level of protection for your Data ;
- Either by using all appropriate guarantees referred to in Article 46 of the Regulation.
We care about the security of your personal data and are committed to processing it securely. To this end, we have implemented technical and organizational measures to ensure a level of protection for your Data that is appropriate to its nature and the purpose of the processing we carry out.
In accordance with Article 32 of the GDPR, we have implemented:
- Means to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services ;
- Means to restore data availability and access within an appropriate timeframe in the event of a physical or technical incident. ;
- A procedure for regularly testing, analyzing, and evaluating the effectiveness of technical and organizational measures to ensure the security of processing. ;
- Systematic verification of our subcontractors' practices ;
- Awareness and submission to a confidentiality obligation by all persons with access to Your personal data.