Politique de protection des données personnelles

Information on the Protection of Personal Data

Last updated: 13/08/25

Protecting our customers' personal data is one of our core concerns.

This document applies to data that we collect online, on our websites and mobile applications, but also to data that we collect offline in our parks, shops or at events.

It is our wish to provide you with all necessary information for a good understanding of how your data are used:

Who is responsible for the use of your data?
With whom are your data shared?
When are your personal data collected?
What data do we collect?
How do we use your data and for how long do we keep them?
Are there any specific measures for children?
Where are your personal data stored?
How are your data secured?
What are your rights relative to your data?
Any questions? Contact us!

1. Who is responsible for the use of your data?

When you book and/or access our services, your personal data are both processed by:

Compagnie des Alpes, parent company of the Compagnie des Alpes Group, with capital of €25,266,567.50, registered with the Paris TCR 349 577 908, having its registered office at 50-51 boulevard Haussmann 75009 Paris,

And,

By Grévin SA Public limited company with a share capital of 200,000 Swiss francs Registered office: Route de Fenil 2, 1804 Corsier-sur-Vevey, Switzerland UID number: CHE-100.468.361 Federal number: CH-660.0.618.000-4

Tel.: +41 (0)21 903 01 20 or +41 (0)842 422 422 (CHF 0.08 incl. VAT per minute from a landline) Email: contact@chaplinsworld.com

In this policy the word "we", refers to these two companies, which may act together as joint controllers for the processing operations indicated below.

While Compagnie des Alpes is in charge of the management and supervision of the IT system used to collect and process your data, it is nevertheless solely up to By Grevin SA, as an autonomous data controller, to manage the contractual relationship with you, to provide you with the ordered services, and to carry out marketing and advertising operations on its services and brands.

2. With whom are your data shared?

Compagnie des Alpes Group internal recipients:

Your data are processed jointly by By Grevin SA and Compagnie des Alpes, the parent company of the Compagnie des Alpes Group.

Within these two companies, your data are only accessible to a limited number of people, within specific departments (customer service, sales, accounting, IT, etc.), only if access to the data is necessary for the needs of their functions.

However, your data will not be shared with other companies of the Compagnie des Alpes Group unless you have given your explicit consent or if you are a business customer (e.g. tour operator, distributor, B2B customers).

For our business customers, unless you object to this processing, your data may be shared with other companies in the Compagnie des Alpes group that operate leisure parks, so that you can receive our offers for any products that may interest you. The list of companies involved is the following:

Chaplin’s World - By Grévin (Reg. Genève CH-660-0618000-4)
Family Park - M. Müller Gesellschaft m.b.H. (FN 126549 b)
France Miniature (RCS Versailles 348 677 196)
Futuroscope (RCS Poitiers 444 030 902)
Grévin et Compagnie – Parc Astérix (RCS Compiègne 334 240 033)
Musée Grévin (RCS Paris 552 067 811)
Walibi Belgium and Bellewaerde Park - Belpark (Reg. Waver 0439 050 308)
Walibi Holland - Harderwijk Hellendoorn Holding (KvK 34161632)
Walibi Rhones Alpes - Avenir Land (RCS Vienne 311 285 068)

Compagnie des Alpes Group external recipients:

Your data may also be shared with recipients outside of the Compagnie des Alpes Group:

With all of our technical service providers whose intervention is necessary in order to carry out the processing operations indicated below (IT service providers, payment service providers, etc.), for the purposes of processing your order and improving our services and exclusively within the limits of our instructions ;
With social networks, only if you choose to create your customer account via the quick "social login" procedure.

If you choose this option, you will be able to use your Facebook, Apple or Google account to register on our site, without having to re-enter your details. By using this feature, you agree to share with us certain information about you from your social network.

The data sent to us by the social network include your surname, first name and e-mail address. These data are necessary for the creation of your customer account. We do not share information with social networks about your activities and orders on this site and our mobile application, however these networks will have information relating to connections to your account. Before using the “Social Login”, we invite you to read the privacy protection policies of the social networks to find out how they use your data.

- Where appropriate, with national or local authorities, if required by law or as part of an investigation and in accordance with regulations.

Business Partners

As part of certain communications, we may offer you the option to receive offers or news from our partners, without your personal data being shared with them.

Your explicit consent (opt-in) only authorizes us to send you, on our behalf, communications relating to these partners.

The list of the partners concerned can be found below. It includes entities belonging to the Compagnie des Alpes group, to which our establishment is affiliated.

This list may change over time. You may withdraw your consent at any time, in accordance with the procedures set out in this policy.

Futuroscope (Société du Parc du Futuroscope)
Parc Astérix (Grévin et Compagnie)
Walibi Rhône-Alpes (Avenir Land)
Walibi Holland
Walibi Belgium & Aqualibi Belgium (Belpark)
Bellewaerde park et Bellewaerde Aquapark (Belpark)
Grévin Paris (Musée Grévin)
France Miniature
FamilyPark
Belantis (Event Park)
Urban soccer
Urban Padel
MMV
Travelski (Travel Factory)
Yoonly (Djay)
Mountain Collection (Mountain Collection Immobilier)
Evolution 2 (CDA Evolution 2)
ADS Domaine de Montagne Les Arcs / Peisey-Vallandry (ADS)
Domaine de La Plagne (Société d'Aménagement de la Plagne)
Tignes Domaine Skiable (Société des Téléphériques de la Grande Motte)
Val d'Isère Téléphérique (Société des Téléphériques de Val d'Isère)
Domaine Skiable des Menuires - Saint Martin (Société des Téléphériques de la Vallée des Belleville)
Méribel Alpina
Serre Chevalier Vallée (SCV Domaine Skiable)
Domaine Grand Massif (GMDS) - Flaine, Morillon, Samoëns, Sixt-Fer-à Cheval
Pralognan Domaine de Montagne

3. When are your personal data collected?

We may collect your personal data on different occasions:

Online :

On our website or mobile application, receive our newsletters, log in to your account, place orders or use digital services.

Within our leisure parks:

While enjoying our facilities, alone or with friends and family: photography, disabled access, access to discounted rates, public wifi, equipment rental, video surveillance.

During our interactions with you:

When you open or reply to a newsletter, take part in a satisfaction survey or participate in a contest. When you call customer services with a complaint or a request.

Via our Partners:

When you access our services through an intermediary (e.g. travel agencies, partner distributors).

4. What data do we collect?

We only collect the data that are strictly necessary for their use, and no more!

Depending on your visit to our park or websites, we may collect the following information:

- Information required to create your customer account (surname, first name, e-mail address, date of birth)
- Payment information
- Address
- Telephone number
- Birthdate
- Photographs
- Browsing data on our website and mobile application (on this subject, see our information on cookies!)
Geolocation (for services on our mobile app only)
If necessary, and depending on the product you purchase, the names and e-mail addresses of your family and friends for the annual pass
supporting documents for access to discounted rates or priority access, the conditions of which are set out in detail on our website. You will be asked to present original supporting documents at our ticket offices.

5. How do we use your data and for how long do we keep them?

At the end of the retention periods defined below, we delete your data from our systems or make it anonymous so that it can no longer be used to identify you.

Processing Operations	Legal Basis	Data retention periods
Customer Account	Fulfilment of the contract	For as long as your customer account is active, and up to 2 years after the last connection to your account.
Order processing	Fulfilment of the contract	For 5 years from the date of purchase ( for 10 years if the online order exceeds 120€) For online orders : The data linked to your bank card are retained for 13 months by our payment service providers after the last debit date for proof purposes in the event that the transaction is disputed (15 months in the case of deferred debit payment cards). The cryptogram is not retained after the transaction.
Satisfaction surveys	Legitimate interest	Time required to achieve the survey objective, then anonymized.
Contests	Execution of the contest	6 months from the end of the contest
Sending newsletters / prospecting campaigns by e-mail or sms If you have accepted cookies, you can also receive email reminders if you have not completed a purchase.	Consent, or legitimate interest if you are a customer who has purchased a product on our website or our mobile application	3 years for potential customers and 5 years for customers, from the date of your last contact with us (e.g. a request for commercial documentation, a click on a hyperlink in our newsletter).
Complaint handling and after-sales service	Fulfilment of the contract	5 years after the claim has been closed
Preparation of statistics	Legitimate interest	Time required to achieve the objective of the statistics, then anonymized.
Copy of supporting documents for reduced and special rates	Legitimate interest (fight against fraud)	24h after the collect
Customisation of navigation/profiling	Consent	12 months
Use of the public WiFi that we make available to you	Legal obligation	1 year (retention of technical connection data)
Photos taken for the production of the annual pass	Fulfilment of the contract	1 year after the annual pass expires (if the pass is renewed, the photo can be kept and used again)
Pictures taken of visitors on attractions	Fulfilment of the contract	Only the day of the visit, when selling the photo: 6 months from the date the photo was taken
Photos taken in the photo booths	Consent	6 months from the date the photo was taken
Hire of pushchairs and wheelchairs	Fulfilment of the contract	The day of the visit only. For wheelchairs if reserved in advance : until the end of your visit
Attribution of Easy Pass to visitors with disabilities	Fulfilment of the contract	The day of the visit only.
Rental of storage lockers	Fulfilment of the contract	The day of the visit only.
Management of found and lost property	Fulfilment of the contract	1 year after declaration of loss of your property
Video surveillance	Legitimate interest	1 month after recording the images
Geolocation (only for mobile application )	Consent	For the duration of the use of the mobile application (data is only stored on the visitor's device)
First aid for visitors	Protecting a person's vital interests	Personal injury: until the end of a 10-year period from the date of injury. For property damage: for 5 years.
Exercising your GDPR rights	Legal obligations	10 years from the closing of the request. When proof of identity has been required, it will be deleted as soon as verification has been completed.
Litigation management	Legitimate interest	Until all appeal options have been exhausted
Application management	Legitimate interest	2 years after data collection for non-withheld applications
Cybersecurity – vulnerability reports	Legitimate interest	6 years after receipt of a vulnerability notification

Focus on profiling to customise our content :

We may customise the display of content on our website, send you newsletters or push notifications to your mobile phone tailored to your interests.

We only perform this customisation based on the information we have collected directly from you during your purchases (and only this information), and based on your browsing behaviour on our website or our mobile application, once you have accepted cookies.

This information also allows us to better tailor our advertising campaigns on third-party sites (e.g. social networks) to your areas of interest.

The data used for this profiling is based on:

A history of up to 5 years of your customer account details;
A browsing history of up to 12 months on our website and/or mobile application.

6. Are there any specific measures for children ?

Although the family dimension of our activities is at the heart of our concerns, we do not process any data specifically relating to children.

When our services are being used by persons under the age of 13, we recommend that they be accompanied by an adult. The consent of parents or legal guardians may be obtained when their personal data are collected, if necessary.

7. Where are your data stored ?

All your personal data is stored exclusively on servers in the European Union or in countries offering an "adequate" level of protection (e.g. the United Kingdom, Switzerland).

Although hosted in the European Union, this data may be accessible from third countries when we use technical service providers (e.g. AWS, Adobe, Microsoft, Google) located abroad (e.g. United Kingdom, United States, Israel). Access from these countries is considered data transfer but is necessary for the proper operation and maintenance of the IT tools they provide. These service providers have real expertise that justifies their involvement.

We make every effort with these service providers to ensure that your data are protected in accordance with European regulations. These service providers only act within the framework of our instructions. Contracts are systematically signed with the latter, and transfers of personal data are governed by enhanced contractual clauses specifically designed for this purpose (standard contractual clauses - SCCs - published by the European Commission) where the laws of the country in question do not offer protection equivalent to the GDPR (so-called “adequate” countries). If necessary, additional technical or legal measures are put in place.

8. How are your data secured ?

The security of your personal data is a central concern for the companies in the Compagnie des Alpes group, which pool their resources to ensure that you benefit from an appropriate level of security that is up to date with the state of the art.

In order to preserve the confidentiality and security of your personal data, and notably to protect them against unlawful or accidental destruction, accidental loss or alteration, or unauthorised disclosure or access, the Compagnie des Alpes Group takes appropriate technical and organisational measures, and imposes the same level of requirements on its subcontractors. These measures are adapted according to the sensitivity of the data processed and the risk level.

The Compagnie Group has put in place procedures to detect, analyse, and monitor security incidents and any suspected breach of your personal data, and to be able to block access to the data at any time. Procedures for managing personal authorisations have also been put in place to ensure that access to data is as restricted as possible.

Despite our efforts, vulnerabilities may still be present in our systems. If you think that you have detected a vulnerability, please contact us using this form , while respecting the principles described there.

9. What are your rights over your data ?

You have a number of rights in relation to your personal data held by us:

The right to object: You no longer wish to receive our commercial communications, object to a decision related to your profiling, or withdraw consent
The right to rectify your data: change of home or e-mail address? Let us know by keeping your details up to date!!
The right to access your data: you may request a copy of all your personal data held by us, in an understandable format.
The right to erase your data: You wish to delete your entire customer account and erase all of your personal data in our possession. We will comply with your request, with the exception of accounting and tax records relating to your transactions, as well as those required for the creation of our evidence files (in the event of any legal proceedings), which must be retained.
The right to freeze the use of your data: if you are faced with a litigious situation and wish to prevent the deletion of your data, your data will be retained without being used.
The right to take your data: You wish to recover some of your data. You are then free to store them elsewhere or to transfer them easily from one system to another, so that they can be reused for other purposes.

You will find all of our contact details below for the exercise of these rights.

10. Any questions? Contact us!

Want to delete your account and data?

Please fill out the data deletion form.

Want to stop receiving our newsletters?
Please use the unsubscribe link at the bottom of the email.

Still have a question?

We have appointed a Data Protection Officer responsible for answering all your questions and ensuring the protection of your personal data.

We invite you to contact us. Yyour request will be processed within a maximum of one month. For mobile applications, please remember that you can modify your permissions at any time in your phone’s settings for each app.

You can also reach them at:

- By post to the following address: Chaplin’s World, Route de Fenil 2, 1804 Corsier-sur-Vevey, Suisse

- By e-mail to the following address: contact@chaplinsworld.com

If there are serious doubts about your identity, and if it cannot be done otherwise, you may be asked to provide proof of identity for the processing of your request, simply to ensure that we are dealing with the right person.

Personal Data