Schedules : 2pm–8pm Mon. to Fri.
Schedules : 11am - 7pm Sat. & Sun.

Privacy Policy

Return to homepage

Updated on 28/01/2026

This Privacy Policy aims to inform Users of the website www.odycea-devoluy.com about:

  • The way in which their personal data is collected; ;
  • The rights they have regarding their personal data; ;
  • The identity of the person responsible for the processing of the personal data collected and processed; ;
  • The recipients of their personal data; ;
  • The Site's cookie policy.

Article 1. Definitions

CG
Refers to the General Terms and Conditions of the Website.
RECIPIENT
The natural or legal person, public authority, service or any other body which receives communication of personal data, whether a third party or not.
Personal data
Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
File
Any structured set of personal data accessible according to specific criteria, whether that set is centralized, decentralized or distributed functionally or geographically.
LIL
Law known as "Data Processing and Freedoms" No. 78-17 of 6 January 1978.
Privacy Policy
This privacy policy.
Data controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.
GDPR
Regulation (EU) 2016/679 of 27 April 2016, known as the General Data Protection Regulation.
Site
The website www.odycea-devoluy.com is published by O'DYCEA.
Treatment
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
O'DYCEA
Refers to the company SPL BUECH DEVOLUY EXPLOITATION, a joint-stock company with a board of directors registered with the RCS of Gap under SIREN number 832 428 668 and publisher of the Site.
User
Anyone who consults and/or browses the Site.

Article 2. Acceptance of the privacy policy

For their first visit to the Site, the User must read this Privacy Policy and accept it by ticking the box provided for this purpose.

Should the Privacy Policy be modified, the User must review it and check the box provided for this purpose during their first visit after the modified Privacy Policy comes into effect. However, the collection and processing of personal data are carried out in accordance with the Privacy Policy in effect at the time of said collection.

Article 3. Data collected and purposes of processing

The processing activities carried out by O'DYCEA, as data controller, concerning the User's personal data are as follows:

Site Features

  • Newsletter subscription and management of promotional emails
    • Data processed: Email address, subscription date
    • Legal basis: Consent
    • Shelf life: Until the person concerned unsubscribes
  • Requests processed via the contact form
    • Data processed: Name, email address, telephone number, company, other personal data that the User would spontaneously provide in the body of their message
    • Legal basis: Consent
    • Shelf life: Two (2) years from the date the form was sent

Services

  • Purchase of Service(s)
    • Data processed: Username, last name, first name, email address
    • Legal basis: Contract execution
    • Shelf life: Five (5) years from the date of the last purchase

Payments

  • Billing – Bookkeeping
    • Data processed: Identity, billing address, payment method used
    • Legal basis: Legal obligation
    • Shelf life: Retention during the current financial year and for ten (10) years

Fight against fraud

  • Combating payment card fraud
    • Data processed: Bank details, name, surname
    • Legal basis: Legitimate interest
    • Shelf life: Duration required to achieve this objective: five (5) years
  • Prevention and combating of computer fraud
    • Data processed: Usage logs relating to the User's actions on the Site, technical logs recording the activity of the software and hardware components used by the User, IP address
    • Legal basis: Legitimate interest
    • Shelf life:
      • For logs: six (6) months from the last visit to the Site
      • For the IP address: one (1) year from its registration

User Request Management

  • Handling payment-related claims
    • Data processed: Bank details, name, surname, postal address
    • Legal basis: Contract execution
    • Shelf life: Thirteen (13) months from the date of payment or fifteen (15) months if payment is made with a deferred debit card
  • Managing requests to exercise rights over personal data
    • Data processed: Name, surname, gender, email address, telephone number, content of the request, proof of identity if necessary
    • Legal basis: Legal obligation
    • Shelf life:
      • Five (5) years from the date of application
      • Identity document: the time required to verify the person's identity

Cookies

  • Compiling audience statistics (site traffic and usage volume, content identification) and improving the site's ergonomics and performance (adapting the site's presentation to the device used)
    • Data processed: IP address, device used, pages visited, links clicked, visit duration, traffic origin, browser
    • Legal basis: Consent
    • Shelf life: One (1) to fourteen (14) months from the last connection

On the Website, the collection of certain personal data is mandatory for the User to access certain features. This data is marked with asterisks. Other data is optional for accessing the relevant feature.

Article 4. Accommodation

Personal data is hosted by the company HOSTINGER INTERNATIONAL LIMITED, whose registered office is located in the European Union (Cyprus).

Some personal data collected may be transferred to the United States, since some cookies used on the Site are operated by Google LLC, whose headquarters are located in the United States.

The United States was the subject of an adequacy decision adopted by the European Commission on July 10, 2023. Google LLC was recognized as being among the organizations ensuring an adequate level of protection for personal data transferred from the European Union to the United States under the Data Privacy Framework Program.

Article 5. Data Controller

The data controller for the personal data collected and defined in article 3 is O'DYCEA, a joint-stock company with a board of directors registered with the RCS of Gap under SIREN number 832 428 668.

Article 6. Data Recipients

The recipients of the personal data processed are:

  • O'DYCEA, publisher of the Site; ;
  • The Site's hosting provider; ;
  • O'DYCEA's service providers such as its accountant, chartered accountant, auditor, and lawyers; ;
  • Its webmaster; ;
  • Its service provider in charge of subscription and sending the newsletter; ;
  • Their banking provider for the payment processing; ;
  • The company Google LLC; ;
  • The company Vivaticket, located in the European Union (France) and operating the Tickeasy platform; ;
  • The company Planity, located in the European Union (France).

In any event, the User is informed that no personal data concerning them is communicated to commercial companies, advertising agencies, or generally any company operating in the advertising sector. No personal data is shared or communicated without the User's consent, except to the recipients listed above.

The User is informed that O'DYCEA may be required to disclose their personal data to the judicial authorities or to the supervisory authority, which is the CNIL.

Article 7. Data Security and Confidentiality

In accordance with its security obligation, O'DYCEA undertakes to ensure the confidentiality and security of personal data in accordance with the requirements of Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms (known as "LIL"), and Regulation (EU) 2016/679 of 27 April 2016 (known as "GDPR").

Article 8. User Rights

Article 8.1. Right of access (Article 15 of the GDPR)

The User has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed. If the data are being processed, the User has the right to access this data and the following information:

  • The purposes of the processing; ;
  • The categories of personal data concerned; ;
  • The recipients or categories of recipients to whom the data have been or will be communicated; ;
  • If possible, the envisaged period for which the data will be kept, or, where this is not possible, the criteria used to determine this period; ;
  • The existence of the right to request rectification or erasure of data, or a restriction of processing or the right to object to processing; ;
  • The right to lodge a complaint with the CNIL as the supervisory authority; ;
  • When personal data is not collected directly from the User, any information available at the source; ;
  • The existence of automated decision-making, including profiling and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User.

A copy of the data being processed will be provided to the User.

The User may be required to pay reasonable fees based on administrative costs for any additional copies requested.

If the User requests a copy of the data by digital means, it will be provided to him in a commonly used digital format unless he requests otherwise.

Finally, the right to obtain a copy of personal data must not infringe on the rights and freedoms of others.

Article 8.2. Right to rectification (Article 16 of the GDPR)

The User has the right to request the correction of any inaccurate personal data as soon as possible. They also have the right to have incomplete personal data concerning them completed, including by providing a supplementary statement.

Article 8.3. Right to erasure (Article 17 of the GDPR)

The User has the right to have their personal data erased as soon as possible when one of the following grounds applies:

  • Personal data is no longer necessary for the purposes for which it was collected or otherwise processed; ;
  • He withdraws his consent on which the processing is based and there is no other legal basis for the processing in question. The withdrawal of consent is effective for the future; ;
  • He exercises his right to object and there is no overriding legitimate ground for the processing; ;
  • The personal data has been processed unlawfully; ;
  • Personal data must be erased to comply with a legal obligation.

The User is informed that the right to erasure may not apply if the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims.

Article 8.4. Right to restriction of processing (Article 18 of the GDPR)

The User has the right to request the restriction of the processing of their personal data when one of the following applies:

  • Verification of data following a dispute on his part regarding the accuracy of his personal data; ;
  • The processing is unlawful and the User objects to the erasure of his or her personal data and demands the limitation of its use; ;
  • O'DYCEA no longer needs the User's personal data for processing, but the data is necessary for the establishment, exercise or defense of legal claims; ;
  • The User has objected to the processing, and O'DYCEA is verifying whether the legitimate grounds pursued by O'DYCEA prevail over the legitimate grounds of the User.

Article 8.5. Right to data portability (Article 20 of the GDPR)

The User has the right to receive their personal data in a structured, commonly used and machine-readable format when:

  • The processing is based on consent or on a contract; ;
  • And the processing is carried out using automated processes.

The personal data concerned is that provided/entered by the User.

As part of exercising this right, the User has the right to have their personal data transmitted directly to another data controller where technically feasible.

The right to data portability must not infringe on the rights and freedoms of third parties.

Article 8.6. Right to object (Article 21 of the GDPR)

In accordance with the right to object, the User has the right to object at any time, for reasons relating to his or her particular situation, to the processing of personal data based on the legitimate interests of O'DYCEA.

Personal data will no longer be processed unless it is demonstrated that there are legitimate and compelling grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

Article 8.7. Fate of personal data after death

In accordance with the law, the User has the option to define their directives regarding the retention, erasure and communication of their personal data in the event of death.

He can communicate his instructions to O'DYCEA or register them with a certified digital trusted third party. He can therefore designate the person of his choice to be responsible for carrying out his instructions. Failing that, it will be his heirs.

O'DYCEA will naturally comply with the guidelines and undertakes to destroy personal data after its communication to the designated person, where applicable, except in the event that O'DYCEA must still retain this personal data due to a legal obligation or for evidentiary purposes.

Article 9. Exercising User Rights

Article 9.1. Procedures for exercising rights

For all requests concerning personal data processed by O'DYCEA, the User can send their requests to the following addresses:

  • By mail:
    • O'DYCEA
    • SPL BUECH DEVOLUY EXPLOITATION Company
    • SAINT ETIENNE EN DEVOLUY, DEVOLUY TOWN HALL – LE PRE
    • 05250 DEVOLUY, FRANCE
  • By email: contact@odycea-devoluy.com

O'DYCEA may request a copy of the User's identity document if there is any doubt about their identity.

Article 9.2. Response Time

O'DYCEA has one (1) month to respond to the User from the date of receipt of their request. This period may be extended by two (2) months depending on the complexity and number of requests. O'DYCEA will inform the person concerned within one (1) month of receiving the request.

In the event of exercising his right to deletion or his right to erasure, the User is informed that O'DYCEA may retain his personal data in the form of an archive before deleting the data.

The User also has the right to lodge a complaint with the CNIL, the supervisory authority (www.cnil.fr).

Article 10. Social Networks and Platforms

Users can access the Instagram®, Facebook®, and TikTok® platforms via the corresponding icons on the Site. Clicking on these icons redirects them to external websites.

O'DYCEA does not collect or process any personal data of the User through these platforms during this redirection. These icons are simply links providing access to O'DYCEA accounts on the platforms in question.

The use of cookies by these partner platforms is subject to their own privacy policies. O'DYCEA has no control over this use.

Article 11. Cookies

Article 11.1. Definition of a cookie

A cookie is a small text file placed and stored on your device (computer, tablet, phone, etc.). It allows information to be recorded or read from your device when you browse a website.

Some cookies require the User's consent to be installed, and others only require information.

Third-party cookies may be installed on the Site.

Some cookies are strictly necessary. They are exempt from consent.

Other cookies are functional. These are cookies that are not essential, but which facilitate the use of the Site. These are digital accessibility cookies that allow the Site to be adapted to the User's specific display needs. They are also exempt from requiring consent.

Article 11.2. Third-party cookies

Cookies are issued and used by O'DYCEA's partners or third-party companies for purposes determined by them. They are installed on the Site during the User's browsing.

These third-party cookies are Google Analytics® cookies (_ga ; _gid), provided by Google LLC.

These cookies are used to measure the site's audience (number of visits, pages viewed, visit time) and to understand users' browsing behavior in order to improve the site's ergonomics and performance.

No cookies used on the Site are used for advertising or individual profiling purposes.

The cookie banner allows the User to accept, refuse or configure these cookies.

Article 11.3. First-party cookies

Cookies pressidium_cookie_consent are issued and operated directly by O'DYCEA during the User's browsing of the Site.

These are purely functional and technical cookies, designed to remember users' choices regarding the acceptance or rejection of cookies. The aim is to avoid displaying the consent banner on each subsequent visit, while ensuring compliance with the GDPR.

These cookies are exempt from User consent.

Article 11.4. Cookie Management

Managing cookies on the Site

Upon the first visit to the Site, a cookie banner appears, allowing the User to:

  • Either accept everything; ;
  • Either to refuse everything; ;
  • You can choose your preferences and manage cookies.

Regarding cookies for which consent is required, the User is informed that they can change their choices whenever they wish.

Managing the cookies offered by your browser software

The User has the option to configure their browser software in order to:

  • To accept all cookies; ;
  • To refuse all cookies; ;
  • To refuse certain cookies depending on the issuers.

Acceptance of all cookies

If the User has accepted the storage of cookies on each device in their browser settings, the cookies embedded in the pages and content they have viewed may be temporarily stored – for no more than thirteen (13) months – in a dedicated space on their device. They will only be readable by their issuer.

Refusing all or some cookies

If the User withdraws their consent, they are informed that a cookie will be installed to disable the placement of other cookies on their device.

The ways to make your choices depending on your browser

To configure their browser software, the User should refer to their browser's help menu:

  • Firefox™: https://support.mozilla.org/fr/kb/desactiver-cookies-tiers
  • Chrome™: https://support.google.com/chrome/answer/95647?co=GENIE.PlatformDesktop&hl=fr
  • Edge™: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
  • Safari™: https://support.apple.com/fr-fr/HT201265

Your smartphone configuration

To learn about the cookie management policy on their smartphone, the User can consult the following pages:

  • Android: https://support.google.com/chrome/topic/3434352
  • iOS: https://support.apple.com/fr-fr/HT201265

The User is informed that depending on the settings he/she chooses, he/she may no longer be able to use the Site's functionalities.

Our experiences

Balneotherapy

SPA

Care

Family and children's area

Prices

Opening Hours & Practical Information

Ticket Office

Book with a discount

Diary

Gift vouchers

Contact

FAQ / Health measures

Facebook icon Instagram icon