Privacy policy

Your personal data is that which allow us to know, advise and assist you, and sometimes even surprise you for your birthday, for example. It includes data from your journeys or your Navigo card, from which we draw statistics and figures that allow us to improve your daily experience.  

When you use our services, we may collect and process your personal data (hereinafter “Personal Data”).

We are highly committed to respecting your privacy and protecting your Personal Data.

The purpose of this Privacy Policy is to inform you of the use we make of your Personal Data, in compliance with applicable French and European legislation, in particular Law no. 2018-493 of 20 June 2018 relating to the protection of personal data (hereinafter “Personal Data Protection Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter the “GDPR”) (hereinafter collectively the “Applicable Regulations”).

By accessing and/or using our services via our RATP mobile applications (hereinafter, the “Applications”) or our websites, you agree that your Personal Data will be collected and processed under the conditions and methods set out below. If you do not provide the requested Personal Data, you may not be able to access all of the services we offer.

Identity of Data Controllers

Regarding the collection of Personal Data, user information and the effective implementation of your rights, the Data Controller is RATP (Régie Autonome des Transports Parisiens), an industrial and commercial public undertaking, located at 54, quai de la Rapée, 75599 Paris Cedex 12, registered in the Paris Trade and Companies Register under number 775 663 438, intra-community VAT No. FR 96 775 663 438 (hereinafter “RATP”, “we”, “us”, “our”).

Data collected

In particular, we may be required to collect the following Personal Data:

  • The data that you enter or that results from your use of the Application or our websites, such as, for example, when you enter requests for itineraries and maps;
  • Technical navigation and user interaction data, such as technical data relating to the terminal used;
  • Where applicable, geolocation data, when you have given your consent to activate the geolocation function, or according to the settings made (see “Geolocation” section below).

Purposes and legal basis for processing

Your Personal Data is collected and/or processed when you use our services to achieve the following purposes:

Legal basis

Purpose

Contract between you and RATP (T&Cs)

- Making the Application or our websites available to you, ensuring their proper functioning, in particular to provide you with the information you need and process your requests, getting you to your destination faster, facilitating your mobility

- Facilitating your navigation on these media

RATP’s legitimate interest in improving our services

Improving our services and our Application media as well as our websites, in particular to optimize or offer new functionalities or to offer you simplified automatic data entry

RATP’s legitimate interest 

to offer you services and offers that match your preferences and interests

Adapting and optimizing the display of content to the user’s parameters or preferences, proven, assumed or inferred desires or interests, which may result from your use of our services and media, from the information you have entered or from your navigation and your interactions with the Application or our websites, offering you personalized searches, alerts according to your journeys

to inform you of RATP offers and news

 

Informing you of RATP offers and news, unless you object

Your consent to receive offers and news from RATP’s partners

Informing you of offers and news from RATP’s partners with your consent.

Your consent to activate the geolocation function

Optimizing the Application thanks to the geolocation function, allowing you, when you accept or choose its activation, to be guided when searching for itineraries or maps on the RATP network and outside this network, and to receive messages during the Application session.

Disabling the geolocation function in the Application blocks: services linked to geolocation (such as searching for itineraries and maps), as well as the display of geotargeted messages.

Your consent to receive personalized traffic alerts

 

 

 

 

Providing you with a personalized traffic alert service, if you have given your consent.

The data collected when you activate an alert is subject to computer processing in order to transmit the necessary information to you and is therefore stored in our database. Enabling or disabling your alerts does not delete your data. However, in accordance with the provisions of the law, you can access your data and subscription methods at any time to view, modify and delete them.

Recipients of your Personal Data

The Personal Data collected and/or processed when you use our digital services is intended for: (i) RATP entities, (ii) approved and authorized RATP personnel who, by virtue of their functions, need to be aware of it for processing purposes, (iii) RATP subcontractors and service providers, and, where applicable (iv) RATP’s partners.

Geolocation

The use of the geolocation functionality of the Application requires the express prior consent of the user to be geolocated. For this, the user must activate, if desired, the geolocation function directly in the settings of their mobile terminal and accept that the Application can use it. This functionality can be deactivated or activated at any time and at no cost.

Geolocation data is only used when providing the service. RATP does not keep track of it in its databases. By accepting the GPS geolocation function on the mobile phone and in the Application, the user can:

 . be guided when searching for itineraries or maps on the RATP network and outside this network;

 . receive commercial messages during the Application session.

The mobile phone then calculates the position itself.

Disabling geolocation by the Application and/or geolocation on the mobile terminal blocks:

 . the services offered by the Application that are linked to it, in particular when searching for itineraries and the map,

 . the display of geotargeted messages.

Keyword targeting

Our services may use keyword targeting, in particular when searching for itineraries and maps, to display or send contextualized editorial content.

Whether or not the user has agreed to be geolocated, they can also see or receive messages adapted to the itineraries and maps searched for and entered on their mobile terminal or via our websites.

Data relating to the terminal and connection to the Application

The data relating to the connection parameters and to the user’s terminal, collected or processed when they use the Application or our websites, in particular the identifier of the terminal used, is intended for RATP, its subcontractors and partners, located in and outside the European Union, in order to allow the design, production, use, delivery, management and improvement of the services offered, in particular to adapt the display of the content of the Application and the promotional offers to the parameters of the user’s terminal, activate the personalization of the content on the Application and our websites, collect statistics to optimize the functionality of our services and media, memorize preferences and parameters, and send notifications. 

What are your rights regarding your Personal Data?

In accordance with the Applicable Regulations, subject to an express request and proving your identity to RATP, you benefit from a right of access to your Personal Data and, if applicable, a right of rectification, a right to object, as well as a right to erasure, under the conditions of the Applicable Regulations.

In the event of exercising the right to object, RATP will cease the processing of Personal Data, except in case of legitimate and imperative reason(s) for the processing, or to ensure the recognition, exercise or defense of its legal rights, in accordance with the Applicable Regulations.

You can also, subject to the conditions of the Applicable Regulations, request restriction of the processing of your Personal Data.

When the processing of your Personal Data is based on your consent, you can withdraw your consent at any time, either by the means that we make available to you, or by writing to us using the contact details given below.

You also have the right to recover your Personal Data in a structured, commonly used and machine-readable format, in order to transmit it to another Data Controller, if applicable.

You have the option of providing RATP with instructions concerning your Personal Data in the event of your death.

If applicable, RATP will inform you of the reasons why the rights you wish to exercise cannot be satisfied in whole or in part.

In order to exercise the rights mentioned in this Article, you can contact RATP using the contact details indicated below, attaching a copy of an identity document to your request.

Connection methods

Two methods are available for connection to RATP digital services

Without Identification: in this mode, your preferences are only stored locally in the Application or in cookies associated with our websites. Only the non-identifying data necessary to guarantee the design, production, use, delivery, management and improvement of our services is transmitted to RATP. If you choose access Without Identification, you will not be able to find your preferences and favorites across different media, or in the event of a change of mobile terminal.

MaRATP access: If you decide to connect by authenticating using your MaRATP access, the data collected relating to the use of the service will be associated with your Subscriber account in order to be able to personalize your access to RATP digital services, making them more relevant and allowing you to find your preferences and favorites whatever medium you use, the Application or RATP websites.

Retention time of your Personal Data

The Data Controller undertakes not to keep your Personal Data beyond the time strictly necessary for the purposes of use for which it was collected, and in accordance with the Applicable Regulations.

The Data Controller undertakes to archive or delete your Personal Data as soon as the purpose and/or the defined retention period expires. In all cases, the maximum retention times are those described in the table below.

These maximum periods apply, unless you request the deletion or cessation of the processing of your Personal Data before the expiration of these periods, if their retention is no longer justified by legal requirements.

Category

Retention time

Audience measurement, cookie management and other trackers

See cookie management page

Invitations and promotional operations, sending of offers and news

3 years from the end of the relationship with the user or from the last interaction initiated by the user

Preferences for the use of services and favorites

3 years from the end of the relationship with the user (MaRATP access) or deletion by the user on their terminal (Without Identification)

Token associated with the phone for the Push Notification function

Token issued and managed by APPLE/GOOGLE depending on the platform. Erased 30 days after uninstalling the mobile application

Management of requests to exercise rights and questions on Personal Data

5 years from the response given to the request

Management of interactions with customer services

3 years from the last interaction initiated by the user

Responses to satisfaction surveys

3 years from the last interaction initiated by the user

Your data is safe

In accordance with the Applicable Regulations, RATP processes Personal Data in complete security and confidentiality.

In particular, RATP implements all technical and organizational measures to guarantee the security and confidentiality of Personal Data collected and processed, and in particular to prevent it from being distorted, damaged or communicated to unauthorized third parties, by ensuring a security level adapted to the risks linked to the processing and the nature of the Personal Data to be protected, having regard to the technological level and cost of implementation.

RATP cannot however guarantee the confidentiality or the deletion of Personal Data made public by the user in the public parts of the Application or our websites.

The Application or our websites may include links to external websites or sources. You acknowledge that the T&Cs only apply to the use of the Application or our websites, and in no way cover the information collected and/or processed on external websites or sources for which a link may appear on the Application or our websites. Consequently, RATP cannot be held responsible for the practices of these websites or external sources with regard to the collection and processing of personal data, which are governed, where applicable, by the personal data policies specific to each of these external websites or sources.

Data Protection Officer - Contact

For any request concerning the processing of your Personal Data, whatever the purpose of processing, you can address your request or your complaint to the RATP Data Protection Officer by contacting them at the following address:

RATP – SDG/DGMR/CIL – Tour de Lyon – 185, rue de Bercy – LT73 – 75012 Paris

or the email address: [email protected]

RATP will endeavor to find a satisfactory solution, to ensure compliance with the Applicable Regulations.

In the absence of a response from RATP or if the dispute persists, you have the possibility of lodging a complaint with the French data protection authority, CNIL, or the supervisory authority of the Member State of the European Union in which you habitually reside.