Personal Data Policy
Rail Route Europe, having its registered offices at 194 Rue Victor Rimmel, 57240 Knutange. (hereinafter the "Company" or "We"), acting as data controller, kindly requests that you take note of the terms and conditions of processing (i.e. collection, use and sharing) of your personal data, through this website (hereinafter the "Website") and the use of associated services such as the online quote request (hereinafter the "Services"), in accordance with the applicable laws and regulations on the protection of personal data, in particular:
(i) Act No. 78-17 of 6 January 1978 relating to information technology, files and freedoms and Law No. 2018-493 of 20 June 2018 relating to Information Technologies, Data Files and Civil Liberties protection; (ii) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter the "GDPR"), which came into force on 25 May 2018; and (iii) any other normative act, decree, regulation or provision that would be enacted by a competent national or European personal data protection authority - hereinafter collectively referred to as the "Applicable Regulations". The Company is a company of MONNOYEUR, a French Group whose holding company is located at 117, rue Charles Michels - 93200 Saint-Denis France.
1. What is the scope of this Policy?
The Company is the controller of personal data (i.e., any information relating to an identified or identifiable individual, referred to as a "Data Subject") about you that is processed through the Website and in the use of the Services, as set out in this Privacy Policy ("Personal Data Policy").
This Privacy Policy, as well as the Cookie Policy available here, applies to all users, including those who use the Website and the Services without being registered or subscribed to a specific service (hereinafter collectively the "Users").
2. What types of personal data do we collect?
The Company collects (1) data that you have voluntarily shared with the Company and (2) navigational data related to your access and use of the Website and Services. In particular, the Company collects the following information:
- Data you voluntarily share with the Company: the Company may collect your personal data (e.g., first name, last name, email, address, telephone number, etc.) when you submit a request via an online form on the Website or when you use our Services.
- Browsing Data: when you access and use the Website or Services, the Company may collect information about those visits. For example, in order to establish your connection to the Website or Services, our servers receive and record information about your computer, device, and browser, which may include, but is not limited to, IP address, browser type, and other computer software or hardware information. If you access the Website or Services from a mobile phone or other device, the Company may collect the device's unique identifier, geolocation data, and other identifying information about that device. Information may also be collected via cookies and other tracking technologies (such as browser cookies, retargeting, audience measurement, web beacons, and Adobe Flash technologies etc.). These technologies may also be used to collect and store information about your use of the Website or the Services, such as the pages you have visited, the online content you have viewed, the Internet searches you have performed and the advertisements you have seen. For more information please see our Cookie Policy here.
- Third Party Services: The Services may be associated with websites operated by third party companies not affiliated with the Group, and may include advertising, online content, and functionalities, games, newsletters, competitions or sweepstakes, or applications developed by third party companies. The Company is not responsible for the personal data privacy practices of such third party companies. Once you leave the Services and/or the Website or click on an advertisement, it is your responsibility to check the applicable privacy policy for that other service.
3. For what purposes do we collect your personal data?
We process data to:
a. Enable you to use the Website and the Services;
b. Evaluate and improve our Services and related functionality;
c. Improve your experience of using the Website and Services;
d. Provide you with customer support and respond to your enquiries;
e. Meet the Company's interests; in some cases, the Company may disclose your personal data, including when the Company believes in good faith that such data processing is necessary to:
(i) protect, exercise, or defend the rights, privacy, safety, or property of the Company or those of its employees, agents, and contractors (including the performance of our contracts and terms and conditions of use); (ii) protect the safety, privacy, and security of users of the Website, the Services, or the public; (iii) protect against fraud or for risk management purposes;
f. Comply with legal obligations (including obligations relating to the provision of the Services and consumer information), or to respond to requests from public and governmental authorities;
g. Perform a contract for the supply of goods and/or services;
h. Subject to your consent, carry out commercial prospecting operations and share your personal data with our trusted business partners, including other entities of MONNOYEUR, in order to enable them to send you commercial messages.
4. On what legal basis do we process your data?
- The processing purposes set out in section 3(a) to section 3(e) and section 3(g) of this Privacy Policy are in principle based on the legitimate interest of the Controller for the purposes of operating the Site, responding to Users' requests and providing the Services.
As an exception: if you log in to a personal account/customer area of the Website, as part of a service contract with the Company, the processing of the data of this personal account is based on the contract between you and the Company. - The purpose of processing set out in section 3(f) of this Personal Data Privacy Policy is based on compliance with applicable legal and regulatory obligations;
- The purposes of processing set out in section 3(h) of this Personal Data Privacy Policy are carried out on the basis of your consent where required.
5. How long do we keep your data?
The Company retains your personal data for as long as is needed for the purposes described in section 3 above. Your data is kept:
- For the duration strictly necessary for the use of the Website, the Services, or for the needs of the Company, and for a maximum of 3 years from the date of collection if no contract is drawn up with the Company;
- In the event of a contract or an order going through, as part of the Services or otherwise, for the entire term of the contractual relationship, and then kept in intermediate archives for a period corresponding to the period of the guarantee, if any, to which is added the applicable legal prescription period (5 years in most cases);
- In the event of the Company fulfilling a legal obligation, your data is processed for the time necessary to fulfil this obligation and as provided for by law;
- In the context of commercial prospecting operations, for 3 years from your last contact with the Company;
- Until the withdrawal of your consent, in the event that the processing is based on your prior consent;
- For a period of 25 months from their implantation/creation in the case of cookies.
6. How do we process your data?
Data is processed both manually and electronically and is protected by appropriate security measures. In this respect, although the Company uses appropriate administrative, technical and organisational measures to protect personal data against theft, loss, unauthorised use, disclosure or modification, it cannot guarantee that it is able to protect itself against all existing IT risks.
7. Who has access to your data?
For the processing purposes set out in section 3 of this Personal Data Privacy Policy, your data is communicated internally within the Company, to the customer service, marketing/commerce and communication departments. The Company may also communicate your personal data to the following recipients:
- Third party service providers, subcontractors (i.e. IT service providers, service providers related to the Services - by way of illustration, and without this list being exhaustive, experts, consultants and lawyers, companies involved in potential mergers, divisions or other transformations);
- Competent national authorities: in order to comply with the applicable law and with any administrative or judicial authority that may request it or that may need access to it regarding a possible inspection or dispute.
- Trusted business partners: subject to your consent.
8. Is your personal data transferred abroad?
Your personal data may be transferred to other entities of MONNOYEUR and to service providers acting on their behalf which are located in France and/or within the European Union. We will not transfer personal data to non-EEA countries.
9. Minors under the age of 15
The Website is not directed at and does not offer Services to individuals under the age of 15, and the Company does not knowingly collect personal data from individuals under the age of 15 or from minors generally
10. Security measures
The Company implements all appropriate technical and organisational security measures to ensure a level of personal data security appropriate to the risk, and in particular to protect data against accidental or unlawful destruction, loss, damage, disclosure or unauthorised access.
The same level of protection is imposed by the Company on all its subcontractors by contract.
Any employee of the Company who, in the course of his or her duties, may have access to your personal data undertakes to hold it in strict confidence.
11. What are your rights in relation to personal data?
In accordance with the Applicable Regulations, you have, depending on the situation, the right to access, correct, delete, limit, portability and object to the processing of your data as well as the right to withdraw your consent at any time. You also have the right to send us your instructions in order to organise what happens to your data (conservation, deletion, communication to a third party, etc.) in the event of decease. You can exercise these rights by writing to the following e-mail address: dpo@monnoyeur.com. However, your objection may, in practice and depending on the case, have an impact or make it impossible to take into account your request for information, registration or use of the Services offered on the Site. You also have the right to appeal to a supervisory authority such as the Commission Nationale de l'Informatique et des Libertés (CNIL) in the event of a breach of the regulations applicable to the protection of personal data and, in particular, of the European General Data Protection Regulation No. 2016-679 (GDPR), which has been in force since 25 May 2018.
12. Changes and updates
We regularly update our Personal Data Policy and will post any updates on the Website.
This Privacy Policy was last updated on 26 February 2021.
13. Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) whom you may contact if you have any questions about the processing of your personal data and to exercise your rights. To contact the DPO write to: dpo@monnoyeur.com