Personal data and cookie policy

When you visit our website, we may collect and process your personal data (hereafter referred to as “Personal Data”).

Your privacy and the protection of your Personal Data are of utmost importance to us.

The aim of this Personal Data Management Policy is to inform you on how we use your Personal Data, in accordance with applicable French and European legislation. Notably, the said legislation includes amended Law no. 78-17 on Information Technologies, Data Files and Individual Liberties (hereafter referred to as the “Information Technologies and Individual Liberties law”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”). These regulations will be collectively referred to as “Applicable Regulations”.

By accessing and/or using our website located at the URL https://ratpgroup.com/, you consent to the collection and processing of your Personal Data under the terms and conditions set out hereafter. If you decline the partial or full processing of any requested Personal Data, some of our online services may not be available to you.

Data Controller identity

With regard to the collection of Personal Data, user information and the effective enforcement of your rights, the Data Controller of your Personal Data is RATP (Régie Autonome des Transports Parisiens), a public industrial and commercial institution with its headquarters at 54 quai de la Rapée, 75599 Paris Cedex 12. RATP is listed in the Paris trade and companies register under registration number 775 663 438, and intra-EU VAT identification number FR 96 775 663 438 (hereafter referred to as “RATP”, “us” or “our”).

Category of data collected

As part of our digital operations, we may collect the following types of Personal Data:

  • Data that you enter, or data resulting from your use of our website, such as when you fill in a contact form;
  • Technical browsing and user interaction data, such as technical data relating to the device used.

Purposes and legal grounds

When you use our online services, your Personal Data is gathered and/or processed for the following purposes:

Legal grounds: legitimate interest

Purposes: management of customer requests

Legal grounds: consent/legitimate interest

Purposes: audience measurement and website protection via trackers and third-party cookies (sharing, videos and so forth)

Personal Data recipients

The Personal Data collected and/or processed when you use our website is intended for use by RATP’s Communications Division, its subcontractors and service providers.

Cookie management

Data relating to connection settings and user devices, notably the identifier of the device used, which is collected or processed when users visit our website, is intended for use by RATP and its subcontractors. Such data is collected or processed to improve the services provided, notably to adapt the display of the website’s content, collect statistics in order to optimise features and settings on our website, remember preferences and settings, provide access to videos, and allow users to share content.

What are cookies?

Cookies are files that may be stored on your device’s hard drive through your Internet browser when you use the website. They are saved when you give your consent, or do not object to them being saved.

Cookies are small text files that your browser may save on your device’s hard disk when you use the website. Once cookies are installed, they make it possible for us to recognise you every time you visit the website, thus allowing you to benefit from all the features on our website.

As cookies are not active files, they cannot host viruses. Find out more at www.allaboutcookies.org. This policy was prepared to explain how we use the cookies and what they do.

How are the website cookies used?

Only the party that issued a cookie can read or edit the information contained in it.

When you log in and use the website, we, our subcontractors and third-party advertisers may, depending on your choices, install various cookies on your device that allow us to recognise your device’s browser while the cookie in question is valid. Cookies are used for the purposes described below, depending on your choices, which you can express and change at any time via the settings of the browser software used when you browse the website.

Cookies issued on the website are used to:

  • Adapt the presentation of the website to the display preferences on your device (language used, display resolution, operating system used, among others) when you use the website, depending on the display and reading hardware and software installed on your device. Cookies are also used to improve the website’s performance and security;
  • Compile statistics, measure visitor traffic, and measure how the website’s various components are used (sections and content visited, path, and others), enabling us to improve the relevance and usability of the website;
  • Adapt the information or promotional content of the website according to your assumed or expressed preferences, or those resulting from your use of the website, and according to the location from which you connected to the website (country, region or city).
  • Enable users to share videos;

As a result, it is your duty to configure your browser and determine which cookies will be issued (see the section “Your cookie preferences” below).

The cookies issued on the website are session cookies (valid only for the time the user is connected to the website) and persistent cookies (of limited duration but valid beyond the duration of a connection).

Session cookies are active exclusively for the duration of your visit and are deleted once you close your browser. Persistent cookies remain stored on your device’s hard drive after your browser is closed, and until you or your browser clears them after a certain period, or at any time.

Which cookies do we use?

Cookie name: Performance cookies

Description: these cookies ensure the website’s security and performance. They are strictly necessary for the operation of the website and cannot be disabled, as doing so may prevent future access to the website or some services on the website.

Retention duration: 6 months

Cookie name: Video cookies

Description: cookies saved via video sharing services make it possible to watch videos directly on the website.

Retention duration: 6 months

Cookie name: Statistics and audience measurement cookies

Description: all information collected by such cookies is anonymous. Visitor traffic statistics (e.g., number of visits, most frequently visited pages and others) can be obtained through the cookies via Piano Analytics.

Retention duration: 6 months

Your cookie preferences

There are several ways to manage cookies. The choices that you configure may alter your web browsing experience and your access to some services requiring the use of cookies.

You can configure your choices regarding trackers via the consent management platform (CMP) accessible from this link: Cookie management

You can also configure your browser to save cookies on your device, or reject them, either systematically or based on the issuer.

Notably, we use technical cookies that are required for the proper operation of the website. If you reject cookies on your device, or if you delete those that have been stored on it, you may no longer be able to use some features that remain necessary to browse certain areas of the website. If this occurs, we accept no liability for any consequences arising from the downgraded operation of the website, due to our inability to save or look up the required cookies that you have declined or deleted.

Retention duration of your Personal Data

The Data Controller undertakes to refrain from retaining your Personal Data longer than is strictly necessary for the purposes for which it was collected, and in accordance with Applicable Regulations.

The Data Controller undertakes to archive or erase your Personal Data as soon as its purpose and/or determined retention period expires. The maximum durations for all use cases are described in the table below.

Unless you submit a request to erase or stop the processing of your Personal Data prior to the expiry of these durations, said durations will apply when legal requirements no longer justify the retention of your Personal Data.

Processing type: audience measurement, cookie management and other trackers

Associated retention duration: see durations indicated in the previous paragraph

Processing type: management of requests to enforce Personal Data rights

Associated retention duration: 5 years from the response to the request

Processing type: client interaction management

Associated retention duration: 3 years from the last interaction initiated by the user

What are your rights regarding your Personal Data?

In line with the Applicable Regulations, you are entitled to access your Personal Data and, as the case may be, can enforce your right to rectification, objection, restriction and erasure under the conditions set out in the Applicable Regulations.

When your Personal Data is processed with your consent, you can rescind your consent at any time, either through the means that we provide, or by writing to us at the addresses given below.

For any information on how your data is processed, or to enforce your rights, you can contact the RATP Data Protection Officer at the following address:

RATP – Secrétariat et Direction générale Groupe – Délégué à la protection des données – 54, quai de la Râpée – LT73 – 75012 Paris

or by e-mail at: protection-donnees@ratp.fr

If you do not receive a response from RATP or if you do not agree with the way your data has been processed, you may lodge a complaint with the French data protection authority CNIL.

Your data is safe

In compliance with the Applicable Regulations, RATP processes Personal Data under strict security and confidentiality.

More specifically, RATP implements all the technical and organisational measures to guarantee the security and confidentiality of collected and processed Personal Data, notably by preventing it from being distorted, damaged or divulged to unauthorised third parties. RATP does so by providing an appropriate level of security with regard to the processing risks involved and the nature of the Personal Data to protect, and by taking into account the level of technology and cost of implementation.

Our website includes links and external sources. You accept that this Data Protection Policy applies solely to the use of our website and does not in any case extend to information collected and/or processed on external websites or sources, links to which may be found on our website. Accordingly, RATP will not be held liable for the personal data collection or processing practices on such external websites or sources, which are governed by personal data policies specific to each external site or source.

RATP undertakes to transfer data only to third parties located within the European Union or in countries outside the European Union that have been granted an adequacy decision by the European Commission, or as part of performing a contractual arrangement in compliance with regulations.