1. GENERAL PROVISIONS
The entity responsible for processing your personal data is the company Keolis S.A.
TERMS & CONDITIONS OF USE
APPLICABLE LAW AND COMPETENT ADMINISTRATIVE AUTHORITY
LINKS TO THIRD-PARTY SITE
2. THE PERSONAL DATA THAT WE COLLECT
· Your browsing history on the Keolis Open Innovation website;
· Receipt of your information/contact requests addressed to the support on the Platform, via the “Contact” section of the Keolis Open Innovation website;
· Subscription to the newsletter service
· Receipt and answers to your personal data rights requests in accordance with the GDPR.
3. USE OF YOUR PERSONAL DATA AND STORAGE PERIODS
We collect and use your personal data for the main purposes and duration described below:
4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
In accordance with the applicable regulations, we process your data when we have a legal basis for doing so. This may be based on legitimate interest (A), on a legal obligation (B) or on your consent (C).
A) PURPOSES OF PROCESSING BASED ON LEGITIMATE INTEREST
· Management of your requests addressed to the support on the Platform, via the “Contact” section of the Keolis Open Innovation website;
· Transmission of your request for information/question/contact to the subsidiaries concerned when necessary;
B) PURPOSES OF PROCESSING BASED ON LEGAL OBLIGATION
· Management of your requests to exercise your rights (access, rectification, opposition, etc.) pursuant to the GDPR.
C) PURPOSES OF PROCESSING BASED ON YOUR CONSENT
· Managing and mailing the newsletter to subscribers
· The transmission of your requests/questions to the subsidiaries concerned.
5. DATA TRANSMISSION
Keolis S.A may disclose your personal data:
Your personal data is processed by the Innovations and Digital Department to manage your information/question/contact requests. When your requests for information are not related to innovation and digital issues, they may be transmitted for processing to the Group's Communication Department. Your personal data rights requests will be transmitted to the DPO of Keolis SA for processing.
WITHIN THE KEOLIS GROUP
If you have formally given your consent, your contact/information request will be forwarded to the Keolis subsidiary/Partner concerned by your question so that the Keolis subsidiary/Partner can process your question as a separate data controller.
WITH THIRD-PARTY PROVIDERS
We may transfer your personal data to trusted third parties, service providers of Keolis S.A., located within the European Union (“EU”), notably in order to keep our website or our services working correctly for the aforementioned purposes.
WITH BUSINESS PARTNERS
We may share pseudonymous data which do not contain any items of direct identification, for the purposes described in Article 3. “Use of your personal data and storage periods” above, in particular concerning the cookies collected by Business partners who collects and processes the cookies (listed in the Cookies Policy). Business partners are separately controllers or joint controllers for processing.
WITH THIRD PARTIES ON LEGAL GROUNDS
If we were to be compelled to observe laws and regulations and legal requirements and instructions, or if permitted by law (i.e. to protect and uphold rights, a situation posing a threat to life, health or safety, etc.).
In all events, we always require that these recipients provide sufficient privacy and security guarantees and that they take the necessary physical, organisational, and technical measures to protect and safeguard your personal data in accordance with current legislation.
All your data personal data is processed and hosted within the EU. However, data transfers outside the EU may occur. Any transfer of your data outside the EU is carried out with appropriate guarantees that comply with the GDPR, either because the recipient countries benefit from an adequacy decision, or because these transfers are framed by the implementation of Standard Contractual Clauses validated by the European Commission. For more information on the framework of these transfers you can contact us at the contact addresses indicated in article 9.
6. DATA SECURITY
Keolis S.A. safeguards your personal data by implementing the adequate physical, organisational, and technical measures to prevent any unauthorised access, use, disclosure, modification or destruction, in accordance with current legislation.
These measures specifically include:
· Storing data on secure servers in the European Union;
· Limiting access to your data on a “need to know” basis;
· Implementation of organisational measures internally to protect your data.
While Keolis S.A. takes every possible measure to protect your personal data, we cannot guarantee the security of the information transmitted to our website when your terminal or browser is affected by a security breach.
7. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Pursuant to the GDPR and the French Data Protection Act, you are entitled to several rights, including:
ACCESS, MODIFICATION, UPDATING AND DELETION OF YOUR PERSONAL DATA
You may ask to be granted access to your personal data which are held and processed by Keolis S.A.; you may consult them, obtain a printed or electronic copy of them and ask for them to be corrected, updated or deleted.
You may at any time ask that some of your data be no longer processed.
You may request to have your processed data sent to you in an open and machine-readable format, whether it be for your personal use or to transfer them to another controller.
RESTRICTION OF PROCESSING
In certain cases, you may request that the processing of your personal data be restricted.
CLAIMS TO A SUPERVISORY AUTHORITY
Without prejudice to any other legal remedy, you are entitled to lodge a complaint with the supervisory authority of the European Union country in which you reside, work or in which you deem that your rights might have been infringed upon.
You may exercise all of these rights by sending a written request together with a copy of proof of identity to the contacts set out in Article 9 “How to contact us”.
We will try to deal with your request at our earliest opportunity and in accordance with the conditions provided for by the applicable legislation. Notwithstanding, it may occur that due to our binding legal or contractual obligations, we are unable to grant your request.
9. HOW TO CONTACT US
Data Protection Officer
34 avenue Leonard de Vinci
92400 Courbevoie, France.