Offres de fin de saison →
NPY Logo

Privacy Policy

Personal Data Protection Policy of the Compagnie des Pyrénées Group

This personal data protection policy demonstrates the commitments implemented by the Compagnie des Pyrénées Group within the framework of its daily activities for the responsible use of personal data.

Introduction

The Compagnie des Pyrénées Group aims to act with full transparency, explaining the types of personal data it collects, how they are processed, and your rights.

This Personal Data Protection Policy applies to the information that the Group collects during your visit and through your use of the services it offers. It also applies to data transferred by third parties in accordance with regulations.

As the Data Controller, particularly of your personal data, we make every effort to protect your privacy and ensure the security of the personal data you entrust to us. We pay close attention to the processing of your data and the confidentiality of personal information.

All operations on your personal data are carried out in compliance with the applicable regulations, including Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms (amended), and European Regulation No. 2016/679 on Data Protection (General Data Protection Regulation, GDPR).

By using our services, our websites, and points of sale, you declare that you accept the terms of this Personal Data Protection Policy.

If you disagree with any of its terms, you are free to stop using our websites and/or services.

We may freely modify this Personal Data Protection Policy at any time. Therefore, we invite you to refer to it during each visit to our services* to review the latest available version.

*Websites (n-py.com, blog.n-py.com), points of sale (Piau-Engaly, Peyragudes, Grand Tourmalet Barèges-La Mongie, Pic du Midi, Luz-Ardiden, Cauterets-Pont d’Espagne, Gourette, La Pierre Saint Martin, Train de La Rhune), social networks (LinkedIn, Facebook, Twitter, Instagram, Google+, WhatsApp, YouTube, Pinterest), and mobile application (N’PY available on Google Store and AppStore).

How do we collect your personal data?

Your personal data is used to help you book your stay at one of our resorts or tourist sites. For this, we need to know at a minimum your identity (first name, last name), as well as your postal address (for example, to send your ready-to-use ski passes to your home) and other contact methods (phone, email, etc.). Depending on the type of reservation or purchase you make through our services, we may also need to collect other information about you, such as your date of birth (to determine the age category for a ski pass, for example), your photo (necessary for issuing certain ski passes, for example). Your purchase history may also be retained. Finally, during your reservation, information related to your payment methods is collected to allow you to pay for the reserved service, but only in an encrypted and secure form.

Your personal data is also collected when you contact us via our customer service or via our social media accounts.

When you use our mobile application, we may collect your location data, which will be used, for example, to locate you in case of an emergency on the ski slopes.

We may also need to collect your data to open a user account where you can view your reservations, ski days, and related payments, etc.

Why does the N’PY Group collect and use your personal data?

When the Compagnie des Pyrénées Group collects your Personal Data, the collection is carried out in a fair and transparent manner, thanks to the presence of informational notices or reference to this Policy. No collection is performed without the knowledge of the individuals concerned and without their being informed.

The term "Personal Data" refers to any information relating to an identified or identifiable natural person, directly or indirectly, by reference to one or more elements specific to them.

Your personal data may be used in the following situations:

A - Online booking on the website or application:

We use your personal data for any purchase of products and services available on the various websites of the Compagnie des Pyrénées Group. All personal data necessary for the reservation may include: identification data (photos, personal address(es), email address(es), phone, mobile phone), encrypted payment details, purchase history, etc.

B - Commercial and marketing activities:

In order to develop commercial relationships, we use your personal data to send you regular information about products and services (for example, sending personalized and tailored commercial offers via email). In this regard, you can unsubscribe from these marketing communications by email easily and at any time by clicking on the "Unsubscribe" link found in all emails from “L’Équipe N’PY.”

When you participate in other promotional activities (for example, contests organized by the Compagnie des Pyrénées Group or its partners), certain information will be used to properly manage these activities.

We use multi-device tracking to optimize our services and marketing activities. This can be done with or without the use of cookies. If you want to learn more about cookies and similar technologies, please consult our cookies section at the end of this policy.

C - Communication

We may also contact you on other occasions by email, mail, phone, or SMS, depending on the contact details you have provided. We then process the communications you send us for the following reasons:

  • We send you additional information regarding your reservation so that you know, for example, how to contact N’PY customer service if needed or to help you prepare your stay by providing information (such as weather, events, and activities at the resort, etc.).
  • If you have not completed your online reservation, we may contact you to propose completing it and adding new products and services to your reservation. We consider this service useful as it allows you to obtain all components of your ski stay directly on our website.
  • We send you information regarding your usage and updates to personal contact details (you can modify your details, payment information, referrals, etc., at any time via your client area).
  • We may also contact you via our mobile application “N’PY.” Our websites are also optimized for navigation on smartphones and tablets. The “N’PY” mobile application and mobile sites process the personal data you provide in a manner similar to our website.

With your consent, we may send you push notifications on the mobile application containing information about weather, your payment information, etc.
You can grant us access to your geolocation data or contact details so that we can provide the requested services.

D - Customer Service:

We provide a customer service to handle all complaints and questions, technical assistance by email, online chat service, WhatsApp, phone, mail, etc. For this purpose, we share your data, such as information related to your reservation or usage, with our internal teams.

We may also collect customer requests and/or complaints via social networks used by the Compagnie des Pyrénées Group (mainly Messenger, Instagram private messaging, Twitter private messaging).

All these data-sharing measures allow us to respond as accurately as possible to your questions and requests in order to provide you with high-quality service.

E - Improving our services:

We also use personal data for analysis purposes to improve the functioning of our services.

  • When you use our services, we may send you a satisfaction questionnaire.
  • When you have stayed at one of the resorts that are members of the Compagnie des Pyrénées Group, we may send you a satisfaction survey. We may also invite you to leave a comment about your experience.
  • When you connect to the websites of the Compagnie des Pyrénées Group, we may retain connection data and location data for analysis purposes.
  • When you use our services, we may retain your data for analysis and statistical purposes. For these analysis purposes, we strive to use only pseudonymized data.
  • When you are invited to participate, please review the information provided to understand which personal data is collected and how it is used. Our goal is to optimize our services as much as possible so that they best meet your needs.
F - Recruitment

As part of recruitment on behalf of the Compagnie des Pyrénées Group, we will use your personal data. All personal data necessary to build your recruitment file may include: identification data (photos, personal address(es), email address(es), phone, mobile phone), banking details, etc.

How are your data shared with third parties by the Compagnie des Pyrénées Group?

When you use the services of the Compagnie des Pyrénées Group, you interact with various third parties: ski resorts to use the pass you purchased on n-py.com, service providers (accommodations, ski equipment rentals, etc.) that you booked on n-py.com, and so on.

We want to reassure you that this data is neither sold nor rented to third parties. It is simply shared to organize your stay and finalize your bookings.

In what cases does the N'PY Group share your personal data with third parties?
  • Marketplace provider n-py.com: We collect your personal data to transmit it to the service provider (accommodation, equipment rental, ski lessons, activities, ski passes, transport tickets, insurer, etc.). This data is essential to finalize your booking and/or provide you with access to the service you subscribed to.
  • Commercial partners: The Compagnie des Pyrénées Group may work with various commercial partners (works councils, tour operators, etc.). If you book through them, they collect your personal data to allow us to manage your booking.
  • Third-party service providers: Your personal data may be transmitted to providers who process data on behalf of the Compagnie des Pyrénées Group. This is, for example, the case for suppliers of email routing solutions, bulk postal mailing, or secure payment solution providers. These providers are bound by confidentiality clauses and are not authorized to use your personal data for purposes other than those contractually specified.
  • Competent authorities: We may be required to communicate certain personal data to law enforcement and/or emergency services insofar as this is required by law or strictly necessary for the prevention, detection, or prosecution of criminal acts or fraud, or in the case of a legal obligation.

In all cases, the personal data collected is strictly necessary for the purpose pursued by the collection. The Compagnie des Pyrénées Group seeks to minimize the data collected, keep it accurate and up to date, and facilitate the rights of the individuals concerned.

Third-party companies have limited access to your information within the scope of performing these tasks on behalf of the Compagnie des Pyrénées Group and have a contractual obligation to protect them and use them only for the purposes for which they were disclosed and in accordance with this Personal Data Protection Policy.

The Compagnie des Pyrénées Group does not transmit personal data outside the European Union.

What are the security and retention procedures implemented by the Compagnie des Pyrénées Group regarding the protection of your personal data?

An Information Systems Protection Policy (PSSI) is implemented, adapted to the nature of the data processed and the company's activities.

Appropriate physical, logical, and organizational security measures are provided to ensure the confidentiality of the data, in particular to prevent unauthorized access.

The Compagnie des Pyrénées Group also requires any subcontractor to provide appropriate guarantees to ensure the security and confidentiality of personal data.

The Compagnie des Pyrénées Group has implemented protective measures to ensure the confidentiality, security, and integrity of the personal data concerning you.

Only authorized personnel are allowed to access your personal data, and only within the scope of their work.

How long is your personal data kept?

Your personal data is retained for a limited period that does not exceed the duration necessary for the processing purposes and applicable laws, namely:

  • 12 months for personal data relating to recruitment processes (CVs, cover letters, etc.)
  • 3 years for data relating to:
    • Online booking on the website and the app
    • Sales and marketing activities
    • Communication
    • Customer service
    • Improving our services
  • 3 months for data following a request to exercise rights.

How is minors' data managed?

Minors under the age of 16 must be accompanied by a parent or legal guardian to use the services of the Compagnie des Pyrénées Group, particularly those related to online booking of stays. The Compagnie des Pyrénées Group can therefore only collect and use personal data of minors under 16 if it is provided by the parent or legal guardian with their consent.

Who is responsible for processing personal data collected via the services of the Compagnie des Pyrénées Group?

To safeguard privacy and the protection of your personal data, the Compagnie des Pyrénées Group has appointed a Data Protection Officer (DPO). This person was registered with the competent authority (CNIL) on May 15, 2018.

Specialized in personal data protection, responsible for ensuring privacy and the proper application of personal data protection rules, the Data Protection Officer is also the main contact for the National Commission for Information Technology and Liberties (CNIL) and for any individuals concerned by the collection or processing of personal data.

To contact the DPO, write to: N’PY – Data Protection Officer – 3 bis avenue Jean Prat – 65100 Lourdes – FRANCE
Or by email at: dpo@n-py.com

What are your rights regarding personal data?

All necessary measures to ensure the effectiveness of individuals’ rights over their personal data are implemented.

Clear and complete information on data processing is provided, easily accessible and understandable by everyone.

To exercise your rights, the user must send an email to the Data Protection Officer of the Compagnie des Pyrénées Group, accompanied by a photocopy of an identity document with their signature to ensure data confidentiality, at the following address: N’PY – Data Protection Officer – 3 bis avenue Jean Prat – 65100 Lourdes – FRANCE, or by email at: dpo@n-py.com.

The Compagnie des Pyrénées Group will respond within one month from the receipt of the request, and if necessary, this period may be extended by two months, depending on the complexity and number of requests. The user will then be informed of this extension and the reasons for the delay within one month from the receipt of the request.

The rights related to personal data are as follows:

  • You can exercise your right of access, to know the personal data concerning you, including their nature, origin, and the purposes for which they are used.
  • If your personal data held by the Compagnie des Pyrénées Group is inaccurate, you can request that it be updated or completed.
  • You can request a copy of the personal data that the Compagnie des Pyrénées Group holds about you.
  • You can request the deletion of personal data held by the Compagnie des Pyrénées Group in accordance with applicable laws.
  • You can request the portability of your data as of May 25, 2018.
  • If processing is based on consent and performed using automated processes, you have the right to receive the data in a structured format, in clear language, machine-readable, and interoperable, and to transmit it to another data controller without the Compagnie des Pyrénées Group obstructing it.
  • You have the right to obtain the limitation of processing when you contest the accuracy of the data, when the processing is unlawful, or when you need it for the establishment, exercise, or defense of your rights in court.
  • Additionally, you may indicate at any time that you do not wish, in the event of death, for your personal data to be communicated to a third party.

We rely on you to ensure that your personal data is complete, accurate, and up to date. Please inform us promptly of any changes or inaccuracies in your personal data by contacting us.

Any response will be sent to you within a maximum period of one (1) month from the date of receipt of your request. You may, at any time, file a complaint with the competent supervisory authority (in France, the CNIL: www.cnil.fr).

How do we update this Personal Data Protection Policy?

This policy, accessible to everyone on the websites of the Compagnie des Pyrénées Group, is updated regularly to take into account legislative and regulatory changes and any changes in the organization of the company, the offers, products, and services provided.

When visiting our websites, information related to your navigation may be recorded in “Cookies” files installed on your device (computer, tablet, smartphone, etc.), subject to the choices you have made regarding cookies, which you can modify at any time.

The information below helps you better understand how cookies work and how current tools are used so you can configure them.

A cookie is a small file, usually made up of letters and numbers, downloaded to your computer when you access certain websites or services. Cookies are then sent back to the website or service from which they originated during each subsequent visit.

Cookies have several purposes, notably allowing you to navigate efficiently between web pages, remember your preferences, and generally improve your experience on a website. They can also help make the ads you see more relevant to you based on your interests.

A cookie does not contain or collect information. However, when read by a server in conjunction with a web browser, it allows the website to provide a more user-friendly service by remembering, for example, previous purchases or account identifiers.

Cookies are stored in your browser’s memory and each of them generally contains:

  • The name of the server from which the cookie was sent;
  • The cookie’s lifespan;
  • A value – usually a unique number generated randomly.

The web server that sends the cookie uses this number to recognize you when you return to the site or navigate from page to page. Only the server that sent the cookie can read and therefore use this cookie.

There are two types of cookies, called “session” and “persistent”:

  • Session cookies allow websites to link your actions during a browsing session. They can be used for various purposes, notably to remember what you have placed in your “cart” while browsing a site. They can also be used for security purposes when accessing online payment systems or to facilitate email usage. These “session” cookies disappear at the end of your browsing session and are therefore not stored for a longer period.
  • Persistent cookies are stored on your computer between browsing sessions and allow your preferences or actions on a site (or, in some cases, across different websites) to be remembered. “Persistent” cookies can be used for various purposes, including remembering your preferences and choices when using a site or for targeted advertising.

Cookies can also be classified according to the following categories:

  • First-party cookies, which come from the website you are visiting, or
  • Third-party cookies, which come from a different website than the one you are visiting.
What is a web beacon?

Many websites, including N’PY websites, use web beacons. Web beacons are pieces of code placed on web pages that can be used, among other things, to count users who visit that web page or to place a cookie on the browser of the user viewing that page. Additional information about web beacons is available at: www.allaboutcookies.org

Many websites also use Flash cookies, which operate similarly to browsing cookies. The N’PY website may use Flash cookies.

How are cookies used?

Cookies have different purposes. They are used, for example, to identify you as a unique user of a website or an application. The information collected includes: IP address, device identifier, pages visited, type of browser used, information about the time and day of navigation, referring site addresses, as well as the features you have used.

There are three main categories of cookies:

  • Technical cookies: These are used to operate the website or application on which they are placed. They will be used, for example, for displaying pop-ups that may appear on the site or application (to inform you of weather conditions or access, for example). These cookies are essential for the proper functioning of our website and application.
  • Functional cookies: These allow you to remember your preferences and make the use of our website and application smoother. They, for example, allow you to keep track of product choices made through “I reserve my stay” to facilitate navigation. They also enable third-party applications to function. This could be the case, for example, for setting up a chat service on the website.
  • Analytical cookies: These are used for statistical purposes to understand how our websites and applications are used to continuously improve them and offer you the best service. They also allow us to measure interactions you may have with advertisements, emails we send you, etc.
How can I control these cookies?

You can control cookies through your browser settings. You can control Flash cookies via the Macromedia Flash application on your computer, or by visiting the Adobe Flash Player website, which allows you to identify, modify, and delete Flash cookies.

The use of cookies, web beacons, or similar technologies by any third-party websites providing advertising content is subject to their own cookie privacy policies.

If you have consented to the placement of cookies on your browser via the banner displayed on the homepage of the N’PY website or services, please note that this consent can be withdrawn at any time.

You can disable cookies [containing the name “n-py”] by following the instructions below:

  • If you are using Internet Explorer: Go to the page www.n-py.com, then press F12 to open the developer tools. Click on the "Network" tab, then on the icon with a red cross on a cookie. Hovering over this icon, the text "Clear cookies" will appear, click on this icon, and the cookies for this domain will be deleted.
  • If you are using Firefox: At the top right, click on the icon to open the menu, then click on the “Options” tab. Select “Privacy & Security” and click on “Remove individual cookies.” In the search bar, locate and select the cookie(s) containing the name “n-py” and click on "Remove Selected Cookies."
  • If you are using Safari: In your browser, click on Safari in the menu bar and select “Preferences.” Select the “Privacy” tab and click on “Manage Website Data.” In the search bar, search for cookies containing the name “n-py” and click “Remove.” After deleting the cookies, click “Done.”
  • If you are using Google Chrome: Click on the "More" icon. Then click on the "Settings" tab. At the bottom of the page, click on “Advanced Settings.” In the “Privacy and Security” section, click on the “Content Settings” tab, then “Cookies.” Click on “See all cookies and site data,” and in the search bar “Search cookies,” locate the files containing the name “n-py” and delete them by clicking the trash icon on the right.
  • If you are using Microsoft Edge: It will not be possible to delete cookies specific to a particular website. However, you can delete all cookies. To do this, click on the "More" icon, then “Settings.” Next, under “Clear browsing data,” select “Choose what to clear.” Check the box “Cookies and saved website data” and then click “Clear.”

You can manage cookies using your browser controls. For more information on how you can delete and control cookies stored on your computer, please visit: https://www.allaboutcookies.org/manage-cookies/index.html.

Last updated: 12/12/2025