Processing your request submitted through our [contact, e-shop, etc.] forms as well as sending you our newsletter requires us to collect and use data about you. Following the entry into force of the General Data Protection Regulation (GDPR), please find below the details of how we process your data and the means available to you to exercise your rights under this regulation.

What data do we collect?
This website may collect personal data from you; in accordance with the data minimisation principle, we only collect data specifically required for the purpose for which it is processed.

The following categories of data may be collected during your registration, according to your use of our services or applications.
- Identification data (title, surname, first name, email address, password)
- Contact data (email address, mobile phone number)
- Data on use (web pages visited)
- Connection data (your PC's IP address, connection and use logs)
- Financial data, if you use our [Online Store] services (payment means and history)
- Location data
- Data required to register for certain services (date of birth, driver's licence, vehicle model and licence plate, type of disability)
- Bank details.

What do we use the data for?
The personal data collected is mainly processed to:
- allow access to the proposed mobility services;
- allow and improve the use of the application and navigation on the website;
- enable and track billing and payment of mobile services consumed;
- track real-time consumption of mobility services;
- communicate with the User and respond to any requests;
- send the User information about [Service Name] [and Partner Services] if they have consented to this;
- send messages and notifications to the User regarding their use of [Service Name] according to the settings selected (e.g. alert if monthly consumption target is exceeded).
In the alternative, the User's data is also collected to:

- ensure compliance with the applicable legislation and respond to an order from the public authorities, particularly to fight against fraud and, more generally, against any activity punishable under criminal law;
- compile statistics on the use of the application or the website;
- prevent and fight against computer fraud;
- conduct optional satisfaction surveys on [Service Name] [and Partner Services] (these surveys are conducted anonymously or anonymised at short notice);

DPO (Data protection officer) does not sell, assign, or share any personal data to third parties.
In the event that DPO is required, in order to comply with an administrative, legal, or judicial decision, to provide information relating to any stored and processed personal data it might hold to an authorised third party within the meaning of the French Data Protection Act of 6 January 1978 it will, prior to any such provision, inform the persons concerned.

Retention period 

We only keep your data for as long as necessary to complete the purposes mentioned above or to meet our legal obligations. When you close your customer account, your data is systematically anonymised after expiry of the legal time necessary to meet our obligations (billing and claims management).
We delete data on use after three years of existence (searches, trips, etc.). Your account is anonymised if you’re not active during two years : you receive a first email in which we alert you that you could be anonymised if you don’t want to stay in our databases, and a second one to remind you your choice to close your account.

Recipients
Personal data is processed by STAS exclusively for the purposes described above as well as by Cityway, IT solution provider, for maintenance purposes and operating purposes, as appropriate. These service providers are located within the European Economic Area. In the case where non-EU data transfers are required, standard contractual provisions will be entered into with the service provider concerned to ensure an adequate level of protection of the User's personal data.

How secure is your data?
We have defined technical and organisational measures to protect your data appropriately according to its nature, extent of processing, and accessibility. For example, data may be encrypted, access rights may be managed, and flows secured.
Ensuring the security and protection of your data is a priority for all our employees and our service providers.

What are your rights?
You can access data about you or request its deletion.
You also have the right to oppose use of, correct, limit use, and transfer your data.
To exercise these rights or for any question regarding how your data is processed send us an email, complete the form directly on our website here https://www.reseau-stas.fr/en/contact-us/14/Contact , or send us a letter to the following address:

Délégué à la Protection des données - Transdev
3 allées de Grenelle
CS 20098 – 92442 Issy-les-Moulineaux
Ou par courriel à l’adresse : dataprivacy@transdev.com 

N.B. networks may pass these requests on to Transdev's DPO.
Please attach a copy of a valid ID to your request.
You will receive a reply within one month of receipt of the request.
If you feel, after contacting us, that your rights and freedoms are not respected or that the system does not comply with data protection rules, you may file a complaint with the French Data Protection Authority (www.cnil.fr).
Links to other websites
We may provide links to websites that are not operated by DPO. If you visit one of these websites, please read their policies, including their personal data protection policy.

Qui est responsable de cette utilisation ?

[Nom du Service – Adresse – contact]

Quelles informations sont collectées ?

Civilité, nom, prénom, adresse email

Qui utilisent ces informations et à quoi vont-elles nous servir ?

Seuls les collaborateurs de [Nom du Service / Nom du Sous-traitant => Cityway?] ont accès à vos informations. Elles nous permettent de vous envoyer la newsletter. Elles ne sont pas utilisées pour autre chose.

Avons-nous le droit d’utiliser ces informations ?

Le fait que vous vous inscriviez vaut consentement à l’utilisation de ces informations pour l’envoi. Vous pouvez vous désinscrire à tout moment.

Où sont stockées vos informations et combien de temps sont-elles conservées ?

Sur des serveurs dans des pays de l’Union Européenne et cela durant un mois. Nous nous engageons à mettre en œuvre les mesures de protection appropriées. Elles sont ensuite effacées. Elles ne sont pas transmises à une autre organisation.

Quels sont vos droits ?

Vous pouvez accéder aux informations vous concernant ou demander leur effacement.
Vous disposez également d'un droit d'opposition, d'un droit de rectification et d'un droit à la limitation de l’utilisation de vos données.
Pour exercer ces droits ou pour toute question sur le traitement de vos informations dans ce dispositif, vous pouvez nous contacter par voie électronique [mail], ou par voie postale [Service / Adresse]. Nous vous remercions de joindre la copie d’une pièce d’identité lors de votre demande.
Si vous estimez, après nous avoir contactés, que vos droits Informatique et Libertés ne sont pas respectées ou que le dispositif n’est pas conforme aux règles de protection des données, vous pouvez adresser une réclamation à la CNIL. »