Skip to main content

INFORMATION ON THE PROTECTION OF PERSONAL DATA

Last update : [06/25/2024]

We take the protection of our customers' personal data very seriously.

This document applies to the data we collect online, on our websites and mobile applications, but also to the data we collect offline in our leisure parks, shops or at events. 

We would like to provide you with all the information you need to understand how we use your data:

1. Who is responsible for the use of your data?
2. With whom is your data shared?
3. When is your personal data collected?
4. What data do we collect?
5. How do we use your data and how long do we keep it?
6. Are there any specific measures for children?
7. Where is your personal data stored?
8. How is your data secured?
9. What rights do you have over your data?
10. Do you have a question? Contact us!

1. Who is responsible for using your data?

When you book and/or access our services, your personal data is processed by :

- La Compagnie des Alpes, the parent company of the Compagnie des Alpes Group, with capital of €25,266,567.50, registered with the Paris Trade and Companies Register 349 577 908, having its registered office at 50-51 boulevard Haussmann 75009 Paris, 

And,

- Avenir Land, an affiliated company of the Compagnie des Alpes group and operator of the Walibi Rhône-Alpes leisure park, with capital of €914,694.10, registered with the RCS Vienne B 311 285 068, having its registered office at 1380 route de la Corneille 38630, Les Avenières-Veyrins-Thuellin, France.

In the present policy, the term "we" refers to these two companies, which may act together as joint data controllers for the processing operations referred to below. 

While Compagnie des Alpes is responsible for managing and supervising the IT system used to collect and process your data, it is the sole responsibility of Avenir Land, as an independent data controller, to manage the contractual relationship with you, to provide you with the services you have ordered, and to carry out marketing and advertising operations for its services and brands.

2. With whom is your data shared?

Recipients internal to the Compagnie des Alpes Group:

Your data is processed jointly by Avenir Land and Compagnie des Alpes, the parent company of the Compagnie des Alpes Group.

Within these two companies, your data is only accessible to a limited number of people in specific departments (customer services, sales, IT, etc.), only if access to the data is necessary for the purposes of their duties. 

On the other hand, your data is not shared with other companies in the Compagnie des Alpes group, unless you have expressly authorised it or you are a professional customer (e.g. tour operator, distributor, CSE, etc.).

For our professional customers, and unless you object to this processing, your data may be shared with other companies in the Compagnie des Alpes group operating leisure parks, to enable you to receive our offers on all products likely to be of interest to you. The list of companies concerned is as follows

- Chaplin's World - By Grévin (Reg. Genève CH-660-0618000-4)
- Family Park - M. Müller Gesellschaft m.b.H. (FN 126549 b)
- France Miniature (RCS Versailles 348 677 196)
- Futuroscope (RCS Poitiers 444 030 902)
- Grévin et Compagnie - Parc Astérix (RCS Compiègne 334 240 033)
- Musée Grévin (RCS Paris 552 067 811)
- Walibi Belgium and Bellewaerde - Belpark (Reg. Ypres 0439 050 308)
- Walibi Holland - Harderwijk Hellendoorn Holding (KvK 34161632) 

Recipients outside the Compagnie des Alpes Group:

Your data may also be shared with recipients outside the Compagnie des Alpes Group:

- To all our technical service providers whose intervention is necessary to carry out the processing mentioned below (IT service providers, payment service providers, printers, etc.), for the purpose of processing your order and improving our services and exclusively within the limits of our instructions;

- To social networks, only if you choose to create your customer account via the quick "social login" procedure. If you choose this option, you will be able to use your Facebook, Apple or Google account to register on our site, without having to re-enter your personal information. By using this function, you consent to us sharing certain information about you from your social network. 

The data sent to us by the social network is your surname, first name and email address. This data is required to create your customer account. We do not communicate information to the social networks about your activities and orders on this site, however these networks will have information relating to connections to your account. We invite you, before using the "Social Login", to read the privacy protection policies of the social networks in order to inform yourself about their use of your data.

- Where applicable, to national or local authorities, if required by law or as part of an investigation and in accordance with regulations.

3. When is your personal data collected?

We may collect your personal data on various occasions:

Online : 

On our website or mobile application, to receive our newsletters, log in to your account, place orders or take advantage of our digital services. 

In our leisure parks:

When you are enjoying our facilities, alone or with your loved ones: taking photographs, accessibility for people with disabilities, access to reduced rates, browsing the public wifi, hiring equipment, video surveillance. 

When we interact with you:

When you open or reply to a newsletter, take part in a satisfaction survey or a competition. When you contact customer service to make a complaint.

Via our Partners:

When you access our services via an intermediary (e.g. travel agencies, partner distributors).

4. What data do we collect?

We only collect the data that is strictly necessary for their use, no more!

Depending on your visit to our park or our websites, we may collect the following information:

- The information needed to create your customer account (title, surname, first name, e-mail address)
- Payment information
- Postal details
- Telephone number
- Date of birth
- Video surveillance
- Photographs
- Browsing data (on this subject, see our information on cookies!)
- Geolocation (mobile application only)
- If necessary, and depending on the product subscribed to, the names and email addresses of your relatives for groups and families
- Supporting documents for reduced fares or priority access, the conditions of which are detailed on our website. You will be asked to present original supporting documents at our ticket offices in the resort. A copy of this document may be made, solely for the purposes of combating fraud.

5. How do we use your data and how long do we keep it?

At the end of the retention periods defined below, we delete your data from our systems or make it anonymous so that it can no longer be used to identify you.

Processing

Legal Basis

Data retention periods

Customer account

Performance of the contract

For as long as your customer account is active, and up to 2 years after the last connection to your account.

Processing of orders and reservations

Performance of the contract

For online purchases: for five years from the date of purchase if the order value is less than €120, for ten years if the order value is €120 or more (and for 5 years for cash transactions).

The data linked to your bank card is kept for 13 months by our payment service providers after the last debit date for proof purposes in the event that the transaction is disputed (15 months in the case of deferred debit payment cards).

The cryptogram is not kept after the transaction.

Satisfaction surveys

Legitimate interest

Length of time required to achieve the objective of the survey, then anonymised.

Competitions

Execution of the game

6  months from the end of the game.

Sending of newsletters/prospecting campaigns by e-mail or SMS.

 

If you have also accepted cookies, you may also receive basket reminders by e-mail if you have not completed a purchase.

Consent or legitimate interest if you are a professional customer or if you have purchased a product on our website or mobile application

3 years for prospects, and 5 years for customers, from your last contact with us (e.g. a request for commercial documentation, a click on a hypertext link contained in our newsletter). 

 

Processing of complaints and after-sales service

Performance of the contract

5 years after completion of the processing of the complaint.

Establishment of statistics

Legitimate interest

Duration necessary to achieve the objective of the statistics, then anonymisation.

Copy of supporting documents for reduced and special fares

Legitimate interest (fight against fraud)

24 hours after collection.

Personalisation of browsing/profiling

Consent

12 months

Taking of photographs for the publication of annual passes

Performance of the Contract

6 months after expiry of the annual pass (in the event of renewal of the pass, the photograph may be kept and reused)

Photographs taken on the attractions

Performance of the contract

The day of the visit only, and if the photograph is purchased: 2 months from the date of purchase.

Hire management (pushchair, wheelchair) 

Performance of the contract

The day of the visit.

Allocation of Accessibility Passes to people with disabilities

Performance of the contract

The day of the visit.

Management of lockers

Performance of the contract

The day of the visit.

 

 

Management of lost property items

 

 

Performance of the contract

Items containing personal data (identity documents, telephone, etc.) are kept for two months and then handed over to the relevant authorities. Declarations of loss and return are kept for 1 year.

Video surveillance

Legitimate interest

7 days following the recording of images.

Geolocation (on the mobile application)

Consent

For the duration of the use of the mobile application (data storage is only available on the visitor's terminal).

Queue cuts at attractions - queue generation and tracking

Performance of the contract

The time required to perform the service.

Transfer of image rights

Performance of the contract

5 years after the end of the term of the assignment.

Assistance given to visitors

Safeguarding the vital interests of the person

Personal injury: until the end of a period of 10 years from the date of the injury.

In the event of damage to property: for 5 years.

 


Exercising your rights RGPD

 

Legal obligations

10 years from the closure of the request. Where proof of identity has been required, it is deleted as soon as the verification has been carried out.

GDispute management

Legitimate interest

Until all avenues of appeal have been exhausted.

Applications

Legitimate interest

2 years following collection of data for unsuccessful applications.

Cybersecurity - Vulnerability reporting

Legitimate interest

6 years from receipt of the vulnerability report.

Focus on profiling for the purposes of personalising our content:

We are able to personalise the display of content on our website, send you newsletters or push notifications to your mobile phone that are tailored to your needs. 

We carry out this personalisation solely on the basis of information that we have collected directly from you when you make a purchase (and only this information), and your browsing data on our website or our mobile application, once you have accepted cookies.

This information also enables us to better target our advertising campaigns on third-party sites (e.g. social networks) so that they correspond more closely to your centres of interest.

The data used for this profiling is based on :

- A maximum of 5 years for your customer account data;

- A maximum period of 12 months for browsing data on our website and/or mobile application.

6. Are there any specific measures for children?

Although the family dimension of our activities is at the heart of our concerns, we do not process data specifically for children.

If a person under the age of 15 uses our services, we recommend that they are accompanied by an adult. The consent of parents or legal guardians may be obtained at the time the data is collected, if necessary.

7. Where is your data stored?

All your personal data is stored exclusively on servers located in the European Union or in countries offering an "adequate" level of protection (e.g. the United Kingdom, Switzerland).

Although hosted in the European Union, this data may be accessible from third countries when we use technical service providers (e.g. AWS, Adobe, Microsoft, Google), which are established abroad (i.e. United Kingdom, United States, Israel). Accesses from these countries are considered as data transfers, but are necessary for the proper operation and maintenance of the IT tools they offer. These service providers have real expertise, which justifies their involvement.

We make every effort with these service providers to ensure that your data is protected in accordance with European regulations. These service providers only act in accordance with our instructions. A contract is systematically concluded with these service providers and transfers of personal data are governed by the signing of reinforced contractual clauses specifically provided for this purpose (standard contractual clauses - SCC - published by the European Commission) when the laws of the country concerned do not offer protection equivalent to the RGPD (so-called "adequate" countries). Where necessary, additional technical or legal measures are put in place.

8. How is your data secured?

The security of your personal data is a central concern of the companies in the Compagnie des Alpes group, which pool their resources to ensure that you have an appropriate level of security that is up to date with the state of the art.

In order to preserve the confidentiality and security of your personal data, and in particular to protect it against unlawful or accidental destruction, accidental loss or alteration, or unauthorised disclosure or access, the Compagnie des Alpes Group takes appropriate technical and organisational measures, and imposes the same level of requirements on its subcontractors. These measures are adapted according to the sensitivity of the data processed and the level of risk.

The Compagnie des Alpes Group has set up procedures to detect, analyse and monitor security incidents and any suspected breach of your personal data, and to be able to block access to the data at any time.  Procedures for managing personal authorisations have also been put in place to ensure that access to data is as restricted as possible.

Despite our best efforts, vulnerabilities may still exist in our systems. If you think you have detected a vulnerability, we invite you to contact us via this  form (vulnerability disclosure page), respecting the principles described there.

9. What rights do you have over your data?

You have a number of rights in relation to your personal data in our possession:

- The right to object: You no longer wish to receive our commercial communications, object to a decision linked to your profiling, or withdraw consent.
- The right to rectify your data: if you move? change your email address? let us know by keeping your data up to date!
- The right to access your data: you can request a copy of all the personal data we hold about you, in a format you can understand.
- The right to delete your data: You wish to delete your entire customer account and erase all your personal data in our possession. We will comply with your request, with the exception of accounting and tax records relating to your transactions, as well as those required for the constitution of our evidence files (in the event of possible legal action), which must be kept.
- The right to freeze the use of your data: if you are faced with a contentious situation and wish to prevent the deletion of your data, your data will be kept without being used.
- The right to take your data with you: You wish to recover part of your data. You are then free to store it elsewhere or to transfer it easily from one system to another, with a view to re-using it for other purposes.

You will find all our contact details below for exercising these rights.

10. Have a question? Contact us!

Do you have a question? Want to stop receiving our newsletters? Delete your account?

We have appointed a Data Protection Officer to answer all your questions and ensure the protection of your personal data.

To contact him or her, click here!


We invite you to fill in the form provided for this purpose, and your request will be processed within a maximum of one month. For mobile applications, don't forget that you can change your authorisations at any time from the settings on your phone, for each of your applications.

You can also contact us

- By post to the following address Avenir Land, Service Protection des données personnelles (Data Privacy), 1380 route de la corneille - 38 630 Les Avenières-Veyrins-Thuellin ; 

Or

- By e-mail to the following address : privacy@walibi.com

If there are serious doubts about your identity, and if it cannot be done otherwise, you may be asked to provide proof of identity in order to process your request, simply to ensure that we are dealing with the right person. 

If, despite our efforts, you feel that our response is incomplete, you can contact the CNIL https://www.cnil.fr/fr