What information might we collect about you and for what purposes?
RATP is required to collect different categories of personal data about you, be it directly from you, or indirectly through its information systems, relating in particular to your identification data, professional data (for job applications), location data, payment data or data related to your Navigo smart card.
Some data processed is referred to as sensitive (for example, data relating to health, infringements or social difficulties) and is only processed if the data is necessary with regard to the purpose of certain processing operations.
Your personal data may therefore be processed, with the main aim of ensuring:
- Recruitment management (management of unsolicited applications and those responding to job offers)
- Customer relations management and monitoring and, in particular,
- Contractual relationship management;
- Processing customer requests and complaints as well as mediation requests;
- After-sales service operations management;
- Performing statistical analyses of network usage;
- Measuring the operational quality of the ticketing system;
- Handling of objects lost or found on the network;
- Management of the sending of maRATP Newsletters and its subscribers;
- Management of interactions with users via blogs and social networks;
- Improvement of customer knowledge and new services offers.
- Management and monitoring of security within its facilities and network, namely,
- Access and traffic management on the RATP network for staff members, service providers, visitors, etc.;
- Setting up CCTV protection within the network (RATP spaces and vehicles) for the security of people and property, for purposes governed by the Internal Security Code as well as for railway safety and operational support purposes to ensure user safety and prevent incidents and accidents;
- Management of security alerts on its network;
- Incident prevention and the detection of infringements in the context of interventions by RATP internal security service staff, through the use of mobile cameras;
- Recording calls on station intercoms.
- Monitoring social prevention and solidarity actions
- Monitoring of social prevention actions in collaboration with regional players;
- Monitoring of homeless people on the network and accommodation requests.
- Management and prevention of disputes and infringements: namely,
- Management, follow-up and recovery of infrigement reports ;
- Management of legal and judicial files;
- Management of validation data in the context of technological fare evasion.
- Management of accidents occurring on the network:
- Management of insurance files;
- Management of assistance to victims in the context of accidents occurring on the networks.
- Management of competitions and events organized by RATP
- Management of polls, surveys and public consultations
- Measuring customer satisfaction,
- Collecting opinions from residents/passengers/institutions on the creation/modification of network infrastructure,
- Improving transport service for people with reduced mobility.
- Monitoring the use of RATP websites, blogs and apps
- Management of RATP suppliers
- Management of suppliers and tenderers via the RATP website Purchasing portal,
- Billing management,
- Data processing within the framework of legal due diligence obligations,
- Performance evaluation in the context of certain contracts.
- Management of institutional relationships (regional players)
- Communication with institutional players (Ile de France Mobilités, Union des Transports Publics et ferroviaires, etc.)
- Directory of parliamentary and governmental stakeholders in the defence of RATP's interests
- Management of requests from data subjects to exercise their rights (data protection regulations)
- Trial tests on the network
When trial tests take place on the RATP network, dedicated information regarding them is displayed on the RATP website and/or in the facilities concerned.
Within what legal framework is this data processed?
RATP carries out these different processing operations insofar as some:
- are necessary for the exercise of the public interest mission with which it is invested;
These are essentially processing operations carried out for the purpose of checking tickets; handling objects found on the networks; managing and maintaining infrastructure in operational conditions; managing security on the networks, in particular through CCTV; reporting any event threatening security to the police; social and statistical monitoring of homeless people on the networks.
- are necessary for the fulfillment of a contract;
This essentially means processing carried out for the production, personalization and management of tickets on the various networks; supplier management; call center management; Wi-Fi service management on the RATP network; management of the Mobility as a Service (MaaS) offer in the Île-de-France region in partnership with mobility service providers.
- are necessary for the purposes of its legitimate interest;
This essentially means processing carried out for the purpose of managing and improving customer relations, particularly remotely and through statistical monitoring of the use of mobile applications intended for customers; managing the technological fare evasion detection system; carrying out studies on the fine collection rate; payment for tickets using an electronic payment terminal; controlling revenue; managing the cleaning of passenger areas in stations; managing passenger flows on the RATP network.
These processing operations are necessary for RATP to best perform its missions, and more specifically, to prevent any technological fare evasion, guarantee the security of its premises and its computer systems, and manage and improve the services and information provided to its customers.
- are implemented as part of the fulfillment of a legal obligation;
These processing operations aim to manage requests from data subjects to exercise their rights. They are also processing operations within the framework of compliance with due diligence obligations, and implemented by staff members under oath, in particular for safety and the prevention and detection of violations.
- have been subject to the consent of the data subjects.
You can withdraw your consent for these processing operations at any time, by unsubscribing via the dedicated link in newsletters or, in other cases, by contacting the Data Protection Officer by email at: [email protected]
Who can access this data?
People who can access this data internally include:
- customer services for handling customer requests, and staff members at stations for managing lost/found items;
- the marketing department for the management of the sending of maRATP newsletters;
- the sales or communication departments for the management of competitions; blogs and pages on social networks;
- the recruitment department and the operational staff involved in the recruitment process for the management of applications;
- authorized security service staff for CCTV recordings and the management of security alerts;
- the customer control department for monitoring tickets and collecting fines;
- the legal department for insurance and litigation cases;
- the staff members responsible for application maintenance.
People who can access this data externally include: RATP service providers who are liable to intervene in the context of these processing operations, under instructions from RATP.
RATP takes special care in choosing its external service providers and transfers your personal data only for the following necessary reasons:
- Subcontracting, in order to ensure the optimal functioning of its various sites and applications and to provide you with suitable and high-quality products and services, particularly in terms of customer relations, payment, marketing services or combating fare evasion;
- Provision of services ordered (particularly in terms of transport, etc.).
RATP may transmit images from its CCTV system to the police in accordance with the legal and regulatory provisions in force. In particular, as part of the Paris Prefecture's Video Protection Plan, RATP may be required to make images available to law enforcement agencies in circumstances where there is a risk of an attack on property or people, in accordance with article L.1632-2 of the Transport Code.
Lastly, RATP may transmit personal data in response to legal requests or any other request from third parties duly authorized by law.
Data transfers outside the European Economic Area
RATP is committed to processing your data within the European Economic Area, in which the protection of your data is governed by the GDPR. This requirement is reflected in the choice of its service providers. Nevertheless, in the context of the use of certain tools, personal data may be transferred outside this area. In such cases, transfers may only be made after RATP has taken steps to protect the data, in particular the standard contractual clauses defined by the European Commission to govern such transfers. The data subjects will be informed of these transfers as part of the processing operations concerned.
How long is this data kept for?
RATP makes sure to keep your personal data only for as long as it is strictly necessary for the purposes of its collection.
Thus, being aware of the importance of preserving the anonymity of passengers’ journeys, the personally identifiable traces of journeys (time stamp - place of validation - card number) are only kept for a few hours for the sole purpose of detecting technological fare evasion. Beyond that, the data is anonymized for statistical purposes. Only the daily accumulations of validations made at the entrances and/or exits of our rail networks for the current month and the previous month (without place of validation) are kept for quality monitoring of Navigo smart cards.
CCTV recordings, governed by the provisions of the Internal Security Code, are kept for a period that can vary, depending on the system, from a few hours to seven days, and, in the case of an export in the context of a request for consultation or limitation of the processing, for a maximum of fifteen days. Beyond that, they are automatically deleted.
Data related to the management and recovery of infrigement reports are kept for up to six years depending on the type of infrigement and the follow-up given.
Customer data for processing complaints and requests is kept for three years from the last contact.
The data of job applicants is kept for two years from the last contact to allow RATP to check consistency during this period.
The data of competition participants is kept for three months after the end of the game and the awarding of prizes.
Recordings of communications made from intercoms in stations are kept for one month.
Data processed in the context of monitoring alerts (reporting of anomalies on the network) is kept for a maximum of one year.
Data processed in the context of following up legal cases is kept for the duration of the case plus five years.
How is the data protected?
RATP undertakes to implement technical and organizational measures to guarantee the security and confidentiality of the data it processes, and to choose partners and providers offering such guarantees.
How can data subjects exercise their rights?
Individuals affected by RATP processing operations have various rights over their personal data, namely:
- A right of access, allowing them to know what information is available to RATP as well as certain information referred to in article 15 of the GDPR;
- A right of rectification, allowing them to ask RATP to correct or complete the information it holds due to its inaccuracy;
- A right of objection, allowing them to object to their information being used by RATP for one or more determined purposes, with the exception of cases where the processing in question is for legitimate and compelling reasons or necessary for the establishment, exercise or defense of legal claims;
- A right to object to an automated individual decision-making allowing them not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them;
- A right to restrict processing, allowing them either to temporarily freeze the use of their information by RATP pending the granting of another of their rights under the GDPR, or to prevent the erasure of their information by RATP with the purpose of establishing, exercising or defending their legal rights;
- A right to erasure, allowing them to ask RATP to delete certain information, under the conditions provided for in article 17 of the GDPR; and,
- A right to data portability, allowing them to recover some of the information available to RATP in a standard and usable format in order to transmit it to another data controller of their choice.
- A right to define post-mortem directives regarding the retention, erasure and disclosure of personal data.
They can exercise these rights at any time by contacting the RATP Data Protection Officer
- by post to the following address: Délégué à la protection des données de la RATP, 54 Quai de la Rapée, LAC LT73, 75599 Paris cedex 12
- by email at the following address: [email protected]
The RATP Data Protection Officer will rule on the request within a maximum period of one month, it being understood that this period may be extended by two months, notably due to the complexity and number of requests.
In the event of a refusal to follow up on the exercise of one of these rights, the data subjects are informed of the reasons for this refusal as well as of the possibility of lodging a complaint with the French Data Protection Authority, the Commission Nationale Informatique et Liberté (CNIL) and seeking legal remedy.
Measuring the audience for advertising displays in RATP areas
In some RATP spaces, a system of audience measurement of advertising furniture is set up via the collection of MAC addresses of cell phones of people passing by, by boxes installed inside these furniture. These measurements are carried out under the responsibility of Métrobus, an advertising agency under contract with RATP, for the purpose of measuring the effectiveness of advertising campaigns, and by means of a counting device that anonymizes the data collected in a very short time (a few seconds) in order to make it impossible to reconstruct individual journeys on the one hand, and on the other hand, to provide the agency with purely statistical data relating to the advertising exposure. For more information on this system or to exercise your right to oppose the collection of MAC addresses: https://www.retency.com/stats/
TRIAL TESTS CURRENTLY IN PROGRESS ON OUR NETWORK
Experimentation of the individual camera system
In accordance with article L. 2251-4-1 of the Transport Code and article 113 of the law no. 2019-1428 of 24 December 2019, we are carrying out a trial consisting of equipping some of our Internal Security Service staff and sworn agents with individual mobile cameras. The conditions of use of these cameras are specified by decree no. 2016-1862 of 23 December 2016 and decree no. 2021-543 of 30 April 2021. The purpose of processing data from the cameras is: (1) to prevent incidents during intervention by RATP internal security service staff; (2) to collect evidence to detect infringements and take action against perpetrators; (3) to train its security staff after anonymization of recorded video sequences. The video sequences are kept for six months after their recording. They are reserved for the use of those responsible for processing them by virtue of their functions and can only be communicated to legally authorized authorities.
Video-patrol experiment on bus line number 170
The experimentation on bus line 170 will last for one year (until November 2022) and will involve a device allowing the RATP Security Department's PC Security to access, in real time or slightly delayed time, the video-protection images of the on-board systems installed on the buses of the line concerned, which are affected by regular security incidents, for the purpose of implementing random "video-patrols", i.e. to carry out random viewing in real time of video-protected buses in order to detect behaviour likely to harm people or property, and to detect security incidents by carrying out "doubt removal" in real time or with a slight delay following a driver alert. The audiovisual data resulting from this processing is kept for 12 hours and is only accessible to authorized personnel of the security department.
For more information about these experiments or to exercise your rights of access, rectification, objection and, if applicable, your rights to data portability, restriction or erasure, you can contact the RATP Data Protection Officer at the following address: [email protected]