This privacy policy explains how Keolis SA as Data Controller stores and uses the information you provide on the Keolis Open Innovation website (« the Website » or « the Platform »), in accordance with the French Act of Parliament no. 78-17 dated 6 January 1978 on information technology, data files and civil liberties, amended, and with the Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (“GDPR”).
The company Keolis S.A. (“Keolis S.A.”, “We”, “our”, “us”) makes every effort to protect your personal data, in compliance with applicable European and French legislation. This privacy policy (the “Privacy Policy”) aims to inform you as to the purposes and conditions in which we process personal data that we may collect on the Platform.
Our Cookie Policy, which can be consulted on our website, comes in addition to this Privacy Policy and provides information on the purposes and conditions of use of cookies or web browsing data that Keolis S.A. may deploy. We invite you to take a moment to read this Privacy Policy so as to have all the information you need to understand how your personal data is used and so as to allow you to freely and fully exercise the rights granted to you by law and by this Privacy Policy.
1. GENERAL PROVISIONS
DATA CONTROLLER
The entity responsible for processing your personal data is the company Keolis S.A.
TERMS & CONDITIONS OF USE
The Privacy Policy is an integral part of the Terms and Conditions of Use of our Website and should be read in conjunction with them.
The Terms of Use of our Website can be consulted at the following address: https://innovation.keolis.com/en/legal-notices-and-terms-of-use.
APPLICABLE LAW AND COMPETENT ADMINISTRATIVE AUTHORITY
The Privacy Policy is governed by the General Data Protection Regulation n°2016/679 (“GDPR ”) and by the French Data Protection Act no.78-17 of 6 January 1978 subsequently amended, under the regulatory supervision of the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés – www.cnil.fr).
LINKS TO THIRD-PARTY SITE
Our website may contain or use links to websites, mobile apps, products or services operated by third parties (in particular sites of advertisers, partners of Keolis S.A. or social media sites). We remind you that the Privacy Policy does not apply to these third parties over which Keolis S.A. has no control and for which we cannot be held liable. We recommend that you consult the privacy policies, procedures and practices of these third parties.
2. THE PERSONAL DATA THAT WE COLLECT
The Privacy Policy applies to the personal data that we may collect from you or about you (see below) from the following sources:
· Your browsing history on the Keolis Open Innovation website;
· Receipt of your information/contact requests addressed to the support on the Platform, via the “Contact” section of the Keolis Open Innovation website;
· Subscription to the newsletter service
· Receipt and answers to your personal data rights requests in accordance with the GDPR.
3. USE OF YOUR PERSONAL DATA AND STORAGE PERIODS
We collect and use your personal data for the main purposes and duration described below:
Purposes | Collected data | Storage period |
|
|
|
|
|
|
|
|
|
|
|
|
4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
In accordance with the applicable regulations, we process your data when we have a legal basis for doing so. This may be based on legitimate interest (A), on a legal obligation (B) or on your consent (C).
A) PURPOSES OF PROCESSING BASED ON LEGITIMATE INTEREST
· Management of your requests addressed to the support on the Platform, via the “Contact” section of the Keolis Open Innovation website;
· Transmission of your request for information/question/contact to the subsidiaries concerned when necessary;
· Management of commercial prospecting aimed at professionals, however it is possible to oppose this by contacting us at the address indicated in article 9 of this Privacy Policy;
B) PURPOSES OF PROCESSING BASED ON LEGAL OBLIGATION
· Management of your requests to exercise your rights (access, rectification, opposition, etc.) pursuant to the GDPR.
C) PURPOSES OF PROCESSING BASED ON YOUR CONSENT
· Cookies management, except for strictly necessary cookies: to find out more about your data collected in this context, we invite you to consult our cookie policy.
· Managing and mailing the newsletter to subscribers
· The transmission of your requests/questions to the subsidiaries concerned.
5. DATA TRANSMISSION
Keolis S.A may disclose your personal data:
IN-HOUSE
Your personal data is processed by the Innovations and Digital Department to manage your information/question/contact requests. When your requests for information are not related to innovation and digital issues, they may be transmitted for processing to the Group's Communication Department. Your personal data rights requests will be transmitted to the DPO of Keolis SA for processing.
WITHIN THE KEOLIS GROUP
If you have formally given your consent, your contact/information request will be forwarded to the Keolis subsidiary/Partner concerned by your question so that the Keolis subsidiary/Partner can process your question as a separate data controller.
WITH THIRD-PARTY PROVIDERS
We may transfer your personal data to trusted third parties, service providers of Keolis S.A., located within the European Union (“EU”), notably in order to keep our website or our services working correctly for the aforementioned purposes.
WITH BUSINESS PARTNERS
We may share pseudonymous data which do not contain any items of direct identification, for the purposes described in Article 3. “Use of your personal data and storage periods” above, in particular concerning the cookies collected by Business partners who collects and processes the cookies (listed in the Cookies Policy). Business partners are separately controllers or joint controllers for processing.
WITH THIRD PARTIES ON LEGAL GROUNDS
If we were to be compelled to observe laws and regulations and legal requirements and instructions, or if permitted by law (i.e. to protect and uphold rights, a situation posing a threat to life, health or safety, etc.).
***
In all events, we always require that these recipients provide sufficient privacy and security guarantees and that they take the necessary physical, organisational, and technical measures to protect and safeguard your personal data in accordance with current legislation.
All your data personal data is processed and hosted within the EU. However, data transfers outside the EU may occur. Any transfer of your data outside the EU is carried out with appropriate guarantees that comply with the GDPR, either because the recipient countries benefit from an adequacy decision, or because these transfers are framed by the implementation of Standard Contractual Clauses validated by the European Commission. For more information on the framework of these transfers you can contact us at the contact addresses indicated in article 9.
6. DATA SECURITY
Keolis S.A. safeguards your personal data by implementing the adequate physical, organisational, and technical measures to prevent any unauthorised access, use, disclosure, modification or destruction, in accordance with current legislation.
These measures specifically include:
· Storing data on secure servers in the European Union;
· Limiting access to your data on a “need to know” basis;
· Implementation of organisational measures internally to protect your data.
While Keolis S.A. takes every possible measure to protect your personal data, we cannot guarantee the security of the information transmitted to our website when your terminal or browser is affected by a security breach.
7. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Pursuant to the GDPR and the French Data Protection Act, you are entitled to several rights, including:
ACCESS, MODIFICATION, UPDATING AND DELETION OF YOUR PERSONAL DATA
You may ask to be granted access to your personal data which are held and processed by Keolis S.A.; you may consult them, obtain a printed or electronic copy of them and ask for them to be corrected, updated or deleted.
OBJECTION
You may at any time ask that some of your data be no longer processed.
PORTABILITY
You may request to have your processed data sent to you in an open and machine-readable format, whether it be for your personal use or to transfer them to another controller.
RESTRICTION OF PROCESSING
In certain cases, you may request that the processing of your personal data be restricted.
CLAIMS TO A SUPERVISORY AUTHORITY
Without prejudice to any other legal remedy, you are entitled to lodge a complaint with the supervisory authority of the European Union country in which you reside, work or in which you deem that your rights might have been infringed upon.
***
You may exercise all of these rights by sending a written request together with a copy of proof of identity to the contacts set out in Article 9 “How to contact us”.
We will try to deal with your request at our earliest opportunity and in accordance with the conditions provided for by the applicable legislation. Notwithstanding, it may occur that due to our binding legal or contractual obligations, we are unable to grant your request.
8. CHANGES TO THE PRIVACY POLICY
Keolis S.A. reserves the right to make changes to the Privacy Policy of the Keolis Open Innovation website. We invite you to regularly consult this page to learn of any changes and stay up to date on the measures we take to protect your personal data.
For more information on the processing of personal data by Keolis S.A., please consult the global Keolis S.A. Privacy Policy available at the following address: https://www.keolis.com/en.
9. HOW TO CONTACT US
To exercise your rights or for any queries relating to the Privacy Policy, please contact our Data Protection officer following this link or by post at:
Keolis SA
Data Protection Officer
34 avenue Leonard de Vinci
92400 Courbevoie, France.
This Privacy Policy was last updated on 24/10/2022