DATA PROTECTION POLICY

N'PY GROUP PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy reflects the N'PY Group's (SAEM N'PY, N'PY RESA, SKYLODGE) commitments regarding its daily activities for responsible handling of personal data.

Introduction

The N'PY Group wishes to act in total transparency by explaining what types of personal data it collects, how it is processed and what your rights are.

This Personal Data Protection Policy applies to the information collected by the Group when you visit our website and use the services provided. It also applies to data transferred by third-parties in accordance with the regulations.

As Data Processor, especially for your personal data, we do all that we can to protect your privacy and ensure the security of the personal data that you entrust to us. We pay special attention to how your data is processed and the confidentiality of your personal information.

All operations involving your personal data are carried out in compliance with the regulations in effect, namely the amended French Act No. 78-17 of 6 January 1978 on information technology, data files and civil liberties and the EU General Data Protection Regulation 2016/679 (GDPR).

By using our services and websites and by visiting our points of sale, you accept the terms of this Personal Data Protection Policy.

If you do not accept any of these terms, you are free to no longer use our websites and/or services.

This Personal Data Protection Policy is subject to change at any moment. We therefore suggest that you consult it each time you visit our services* in order to take note of the latest version, which is permanently available.

*Websites (n-py.com, skylodge.fr, blog.n-py.com), points of sale (Piau-Engaly, Peyragudes, Grand Tourmalet Barèges-La Mongie, Pic du Midi, Luz-Ardiden, Cauterets- Pont d’Espagne, Gourette, La Pierre Saint Martin, Train de La Rhune), social networks (LinkedIn, Facebook, Twitter, Instagram, Google+, WhatsApp, YouTube, Pinterest) and the mobile application (N'PY available in the Google Store and the AppStore).

How do we collect your personal information?

Your personal data is used to help you book your stay at one of our resorts or tourist sites. In order to do this, we need to know at least your identity (last name, first name), but also your postal address (to send, for example, your ready-to-use ski passes) and other contact details (telephone number, e-mail address, etc.). Depending on the type of booking or purchase that you make using our services, we may also need to gather other information such as your date of birth (to determine, for example, the age bracket for the ski pass being bought) and a personal photo (needed to print certain ski passes, for example). Your purchase history may also be saved. Finally, when making your booking, information related to your payment method is gathered to enable you to pay for the service being booked, but only in encrypted and secure form.

Your personal details are also collected when you contact us through our Customer Service department or our social networks pages.

When you're using our mobile application, we may store your location data so that we can find you if a problem arises on the ski slopes.

Finally, we may need to store your data to open a user account through which you can check your bookings, your ski days and any relevant payment transactions, etc.

Why does the N'PY Group collect and use your personal data?

When the N'PY Group collects your Personal Data, this is done both fairly and transparently thanks to the presence of references to our Terms and Conditions or to this Policy.  We collect no data without first informing the persons involved. 

The term "Personal Data" means any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to one or more specific identifiers.

Your personal data may be used in the following situations:

A - Booking online via the website or the application

We use your personal data for all products and services purchased via the N'PY Group's various websites. This personal data required for booking may include: identification details (photos, personal address(es), email address(es), telephone or mobile numbers), encrypted payment details, purchase history, etc.

B - Sales and marketing activities

In order to develop business relations, we use your personal data to regularly send you information related to our products and services (personal sales offers sent by e-mail, for example). You can easily unsubscribe to these marketing e-mails at any time by clicking on the "Unsubscribe" link found in all e-mails from "The N'PY Team".

When taking part in other promotional activities (for example, competitions organised by the N'PY Group or its partners), certain information will be used to effectively manage these activities.

We use multi-device tracking to optimise our services and marketing activities. This can be done with or without the use of cookies. To find out more about cookies and other similar technology, see the section on cookies at the end of this Policy document.

C - Communication

We may also contact you at other times by e-mail, telephone or text message, depending on the contact details that you provide us with. We then process the messages you send us, for the following reasons:

  • We send you other information related to your booking so that you know, for example, how to contact N'PY's customer service department if necessary or to help you prepare for your stay by sending you information (regarding the weather, events and entertainment at the resort, etc.).
  • If you have not completed your booking online, we may contact you to suggest you do so and add new products and services to your booking. We consider this service useful as it enables you to obtain all the details of your ski trip directly from our website (www.nb-py.com).
  • We send you information related to your purchases and updates to your personal details (you can modify your details, payment details, sponsorships, etc. at any time via your online customer profile).

We may also contact you via our "N'PY" mobile application. Our websites are also optimised for browsing on smartphones and tablets. The "N'PY" mobile application and mobile sites process the personal data that you give us in a similar way to our website - www.n-py.com.

  • With your permission, we may send you push notifications via the mobile application containing weather information, your payment details, etc.
  • You can also grant us permission to access your geolocalisation data or your contact details so that we can provide the services requested.

D - Customer Service

We provide Customer Service in order to manage all complaints, questions, technical support by e-mail, online chat service, WhatsApp, telephone, post, etc. In order to do this, we share your information, such as details regarding your booking or purchases, with our in-house teams.

We may also collect customer requests and/or complaints using social networks used by the N'PY Group (mainly Messenger, Instagram and Twitter direct messages).

All these ways of sharing data enable us to respond as precisely as possible to your queries and requests so as to provide you with a high-quality service.

E - Improving our services

We also use personal data for analysis to improve our services.

  • When you use our services, we may send you a satisfaction questionnaire.
  • When staying at one of the N'PY Group's resorts we may send you a satisfaction questionnaire. We may also invite you to leave a comment about your experience.
  • When you log onto the N'PY Group's websites we may store your login information and location data for analysis.
  • When you are using our services, we may collect your personal information for analysis and statistics purposes. For this analysis, we try to only use data in the form of pseudonyms.

When you are invited to take part, please check the information provided so as to better understand what personal data is collected and how it is used. Our aim is to optimise our services as much as possible in order to best meet your needs.

F - Recruitment

We will use your personal data if you apply for employment with the N'PY Group. This personal data required to complete your recruitment file may include: identification details (photos, personal address(es), email address(es), telephone or mobile number), bank details, etc.

How does the N'PY Group share your personal data with third parties?

When using N'PY Group services, you are in contact with various third parties: the resorts where you will be using the ski pass purchased on n-py.com, service providers (accommodation, ski equipment rental, etc.) that you booked on n-py.com, etc.

We can assure you that this data is neither sold nor rented to third parties. It is simply shared in order to organise your stay and complete your bookings.

When does the N'PY share your personal data with third parties?

  • Marketplace service provider on n-py.com: we collect your personal data in order to pass it onto the service provider (accommodation, equipment rental, ski lessons, ski passes, transport tickets, insurance, etc.). This data is essential to complete your booking and/or give you access to the service for which you have signed up.
  • Business partners: the N'PY Group may work with various partner organisations (employee representative committee, tour operators, etc.). If you are booking through one of these partner organisations, they may collect your personal data so that we can manage your booking.
  • Third-party service providers: your personal data may be passed onto service providers who process it on behalf of the N'PY Group. This is the case, for example, for e-mail routing solutions, mass mailing or secure payment solutions providers. These providers are bound by confidentiality clauses and are not authorised to use your personal data for any other reason than those specified contractually.
  • Competent authorities: we may send some of your personal data to law enforcement agencies and/or the emergency services as far as this is required by law or strictly necessary to prevent, detect or prosecute criminal or fraudulent activity, or when legally obliged.

In any case, the personal data collected are those strictly necessary for the collection's intended objective. The N'PY Group strives to minimise the data collected and ensure that they are accurate and up-to-date while respecting the rights of the persons concerned. 

The aforementioned third-party companies have limited access to your information when carrying out tasks on behalf of the N'PY Group and are under contractual obligation to protect it and only use it for the reasons for which it has been provided in accordance with this Personal Data Protection Policy.

The N'PY Group does not pass on personal data outside the European Union.

What are the security and storage procedures used by the N'PY Group regarding the protection of your personal data?

An appropriate Information Systems Security Policy (ISSP) concerning the nature of the data being processed and the company's activities has been implemented.

Physical, logical and organisational security measures are in place to guarantee data privacy and especially to prevent all unauthorised access. 

The N'PY Group also requires that all subcontractors implement the relevant measures to ensure the security and privacy of personal data.

The N'PY Group has set up protective measures to ensure the privacy, security and integrity of your personal data.

Only authorised members of staff have access to your personal data and only for work-related reasons.

How long is your personal data stored?

Your personal data is stored for a limited time which does not exceed the duration required to achieve the processing objectives and by the applicable legislation :

  • 12 months for the personal data related to recruitment processus (resume, cover letter…)
  • 3 years for the personal data related to :

- Booking online via the website or the application
- Sales and marketing activities
- Communication
- Customer Service
- Improving our services

  • 3 months for the personal data related to a request to exercise your right. 

How is children's data managed?

Children under the age of 16 must be accompanied by their parent or legal guardian to be able to use the N'PY Group's services, especially those used for online bookings. The N'PY Group can therefore only collect and use personal data of children under 16 if they are provided by a parent or legal guardian with their permission.

Who is responsible for processing personal data collected via the N'PY Group's services?

In order to protect your privacy and personal data, the N'PY Group has appointed a Personal Data Protection Officer (DPO). This DPO was declared to the competent authority (CNIL) on the 15th May 2018.

As a specialist in personal data protection in charge of monitoring the protection of privacy and compliance with personal data protection rules, the Data Protection Officer is also the preferred point of contact at the French National Commission for Information Technology and Civil Liberties (CNIL) and all persons concerned with personal data collection or processing.

To contact the DPO, please write to : N'PY - Data Protection Officer - 3 bis avenue Jean Prat - 65100 Lourdes - FRANCE

Or e-mail : dpo@n-py.com

What are your rights regarding personal data?

All necessary means are implemented to guarantee that individuals' rights regarding their personal data are respected.

Clear and comprehensive information related to data processing is available, easily accessible and understandable by all.  

To exercise their rights, users must write to the N'PY Group's Data Protection Officer, including a photocopy of an identity document bearing their signature so as to guarantee data privacy, at the following address: N'PY - Data Protection Officer - 3 bis avenue Jean Prat 65100 - Lourdes - FRANCE or by e-mail to dpo@n-py.com.

The N'PY Group will reply within one month of receipt of the request and, if necessary, this period may be extended to two months depending on the complexity and number of requests. In such cases, users will be informed of this extension and the reasons for it within one month of receipt of the request.

Your rights in terms of personal data are as follows :

  • You can exercise your right to access your personal data, its nature, its origin and how it is used.
  • If your personal data in the N'PY Group's possession is incorrect, you can request that this information be updated or completed.
  • You can request a copy of your personal data stored by the N'PY Group.
  • You can request that your personal data in the N'PY Group's possession be deleted, in accordance with the applicable legislation.
  • From the 25th May 2018 onwards, you can request the portability of your personal data.
  • As data processing is based on consent and is carried out using automated processes, you have the right to receive data in a structured format and in clear, machine-readable and interoperable language, and to pass it on to another data processor with no objection from the N'PY Group.
  • You have the right to obtain processing restrictions when disputing the accuracy of data, when processing is unlawful or when you need it to establish, exercise or defend your legal rights.
  • Furthermore, you can inform us at any time if you do not wish your personal data to be passed on to a third party in the event of your death.

We count on you to ensure that your personal data is complete, correct and up-to-date. Please let us know as quickly as possible if any of your personal data needs to be modified or corrected.

All replies will be sent to you within a maximum of one (1) month from the date of receipt of your request. You can, at any time, file a complaint with the competent inspection authority (in France, CNIL: www.cnil.fr ).

How do we update this Personal Data Protection Policy?

This policy, which is accessible to all on the N'PY Group's websites, is regularly updated so that legislative and regulatory changes, as well as any changes to the company's organisation and to the offers, products and services provided, can be taken into account.

Cookies policy

Information related to your browsing of our websites may be saved in "Cookies" files installed on your device (computer, tablet, smartphone, etc.), according to the settings chosen regarding cookies. These can be changed at any time.

The information below will help you to better understand how cookies work and how to adjust their settings using the current tools available.

What is a cookie?

A cookie is a small file, usually consisting of letters and numbers, which is downloaded onto your computer when you access certain websites and online services. They are then sent back to the website or service in question each time you visit it.

Cookies have several uses, namely allowing you to efficiently navigate between web pages, remembering your preferences and generally improving your website browsing experience. They can also play a part in making the advertisements you see more relevant in terms of your interests.

A cookie does not contain and does not collect information. However, when it is read by a server together with a web browser, it allows the website to provide a more user-friendly service by remembering, for instance, previous purchases or account login information.

Cookies are stored in your browser's memory and each one generally contains:

•    the name of the server from which the cookie was sent,

•    how long the cookie has existed,

•    a value - usually a randomly generated unique number.

The web server sending the cookie uses this number to recognise you when you return to the site or when you navigate between pages. Only the server that sent the cookie can read and therefore use this cookie.

There are two types of cookies - "session" and "permanent":

•    "Session" cookies enable websites to create a link between your actions during a browsing session. They can be used for various reasons, namely to remember what you put in your "basket" when browsing a website. They can also be used for security reasons when using online payment systems or to make e-mailing easier.

These "session" cookies disappear when your browser closes and are therefore not stored for a longer period of time.

•    "Permanent" cookies are stored on your computer between browsing sessions and allow your preferences or actions on a website (or in some cases on several different websites) to be conserved. "Permanent" cookies can be used for various reasons, namely to remember your preferences and choices when browsing a website or for targeted advertising.

Cookies can also be classed into the following categories - "internal cookies", which come from the website you are browsing, or "third-party cookies", which come from a different website to the one you are browsing.

What is a web beacon?

Many websites, including the N'PY sites – www.n-py.com – use web beacons. Web beacons are pieces of code placed on websites that can be used, among other things, to count the number of visitors to the website in question or to place a cookie on the browser of the user consulting the page. Further information on web beacons is available on the following website:  www.allaboutcookies.org/ fr/

Many websites also use Flash cookies, which work similarly to browser cookies. The N'PY website – www.n-py.com – sometimes uses Flash cookies.

How are cookies used?

Cookies are used for different reasons. They are used, for example, to identify you as a unique user on a website or application. The information collected includes: IP address, device ID, pages viewed, the type of browser used, information regarding the date and time of browsing, website addresses and the features you have used.

There are 3 main categories of cookies :

Technical cookies : these are used to make the website or application on which they are placed work. They are used, for example, to display pop-ups that can appear on the site or application (so as to inform you of the weather conditions or how to reach the resort, for example). These cookies are essential in order for our website and application to work properly.

Functional cookies : these enable your preferences to be memorised and our website and application to be used more smoothly. They enable, for example, products chosen using "Book my stay" to be memorised and therefore make browsing easier. They also enable third-party applications to work. This may be the case, for example, for setting up a chat service on the website.

Analytical cookies : these are used to gather statistics showing how our websites and applications are being used so that we can constantly improve them and offer you the best service possible. They also enable us to monitor the interactions that you may have with ads, e-mails that you send us, etc.

How can I control these cookies?

You can control cookies by adjusting your browser settings. You can control Flash cookies by using your computer's Macromedia Flash application, or by going to the Adobe Flash Player website, which tells you how to identify, modify and delete Flash cookies.

The use of cookies, web beacons or similar technology by all third-party websites supplying advertising content is subject to their own privacy policies regarding cookies.

If you have agreed to cookies on your browser via the banner displayed on the homepage of the website or the N'PY services, we remind you that this consent can be retracted at any time.

You can deactivate cookies [containing the name "n-py"] by following the instructions below:

  • If you are using Internet Explorer: Go to "http://www.n-py.com/", then press the F12 key to open the developer tools. Click on the "Networks" tab then on the icon with a red cross on a cookie. By hovering the mouse over this icon, the text "Clear cookies" will appear, click on the icon and the cookies for this domain name will be deleted.
  • If you are using Firefox: On the top right-hand side of the page, click on the "Open menu" icon, then click on the "Options" tab. Select "Privacy and Security" and click on "Remove individual cookies". In the search bar, find and select the cookie(s) containing the name "n-py" and click on "Remove selected cookies".
  • If you are using Safari: in your browser, click on Safari in the menu bar and select "Preferences". Select the "Privacy" tab and click on "Manage website data". In the search bar, search for cookies containing the name "n-py" and click on "Remove". After deleting the cookies, click on "Finish".
  • If you are using Google Chrome: Click on the "More Settings" icon. Then, click on the "Settings" tab. At the bottom of the page, click on "Show advanced settings". In the "Privacy and security" section, click on the "Content settings" tab then on "Cookies". Click on "All cookies and site data", and in the "Search cookies" search bar, search for files containing the name "n-py" and delete them by clicking on the rubbish bin on the right.
  • If you are using Microsoft Edge: you cannot delete cookies that are specific to one website. However, you can delete all cookies. To do this, click on the "More" icon, then "Settings". Then, in "Clear browsing data", select "Choose what to clear". Tick the box "Cookies and saved website data" then click on "Clear".

You can manage cookies by using the browser controls. For more information on how to delete and control cookies stored on your computer, please go to http://www.allaboutcookies.org/manage-cookies/index.html

Date of last update: 30/05/2018