Privacy policy

RATP Développement, hereinafter referred to as “RATP Dev” or “we”, respects your privacy and is committed to protecting your personal data. We strive to process your personal data in a proper, lawful, and transparent manner.

This privacy policy, hereinafter referred to as the “Policy”, is intended to inform you about how we collect and use your personal data, their possible transfer to third parties, as well as the rights and options available to you to control the use of your personal information.

We may update the privacy policy at any time, for example in connection with changes to our services or applicable legislation. It is therefore important to read this privacy policy regularly.

The latest version of the privacy policy prevails over previous versions.


1. What is personal data?


Personal data refers to any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier or to one or more specific elements unique to them.

Examples of personal data include: name, surname, photo, voice, video, age, telephone number, IP address, geolocation, cookies, etc.


2. Who is the data controller?


According to the regulations applicable to the protection of personal data, the processing of personal data is carried out by RATP Développement, a limited company with a Management Board and Supervisory Board, with a share capital of 53 246 742 €, having its head office at 9, rue Brahms 75012 Paris – France, and registered with RCS Paris (trade register) under n°389 795 006.


3. Why and what personal data does RATP Dev collect?


The processing of personal data carried out in this context is intended to provide access to and use of the RATP Dev website, more specifically:

- Manage user accounts

- Distribute news feeds

- Distribute newsletters

- Allow you to access various services

- Process certain data for statistical and archiving purposes

For this purpose, we collect the following personal data:

- Contact data: name, surname, email address, company

- Browsing data: searches, number of visits, date of last visit, etc.


The processing of personal data carried out to achieve these purposes is based on our legitimate interest, which is to provide information relating to the activity and operation of RATP Dev.

RATP Dev processes the data of users of this site in the context of the performance of the services offered by RATP Dev, legitimate interests necessary for the proper functioning of the services, as well as legal obligations.

This includes, in particular, the management of subscriptions to email alerts, customer relationship management, satisfaction surveys, the performance of the service offered, and the sending of information on changes or developments in RATP Dev’s services. RATP Dev also processes certain data for statistical and archiving purposes.


4. How long do we store your personal data?


The period during which RATP Dev retains your personal data covers the duration of the contractual relationship as well as the statutory limitation periods.


5. Who has access to your personal data and to whom it is disclosed?


RATP Dev collects the data necessary for the proper functioning of its services and operations. Any RATP Dev employee authorized to access personal data signs a confidentiality agreement.

RATP Dev may use subcontractors to carry out its services. Subcontractors process personal data solely for the performance of the services provided by RATP Dev.

RATP Dev contractually requires its subcontractors to comply with security and confidentiality obligations and to implement appropriate technical and organizational measures so that the processing carried out complies fully with applicable regulations and ensures the protection of users’ rights.

RATP Dev may also be required to disclose personal data collected to competent authorities, such as public authorities, the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés, hereinafter “CNIL”), or the General Direction for Competition of Consumer and the Prevention of Fraud.


6. Where is your personal data stored?


The servers used by RATP Dev to store your personal data are located in France.

RATP Dev transfers certain personal data to its subcontractors providing services necessary for the performance of its operations. Some subcontractors host personal data on servers located outside the European Union. In such cases, RATP Dev ensures that they are able to guarantee the same level of data protection as that required by the GDPR within the European Union.


7. Security of your personal data


We implement all appropriate security measures to ensure the protection of the personal data collected, and to prevent the destruction, loss, alteration, disclosure, or unauthorized access to the data.

To this end, security measures such as data anonymization or encryption will be applied. Measures ensuring confidentiality, integrity, constant availability, and resilience of processing systems and services will also be taken.

Any security breach affecting your data and likely to rise a high risk to your rights and freedoms will be notified to you as soon as possible.


8. What are your rights and how can you exercise them?


1. Right of access


Users have the right to access the personal data concerning them. They have the right to obtain confirmation as to whether their data is being processed. If users exercise this right, RATP Dev will provide them with a copy of the characteristics of the processing carried out on their personal data (the purposes of the processing, the categories of data concerned, etc.).

The information will be provided either electronically or in paper format. Users may obtain a copy of their personal data, subject to the rights of others.


2. Right to rectification


Users who find that their personal data is inaccurate or incomplete have the right to request that such information be corrected or completed.


3. Right to limit processing


Users have the right to obtain restriction of the processing of their personal data, particularly when they contest the accuracy of the data, when the processing is unlawful and they wish to obtain restriction rather than erasure of their data, or when the data controller no longer needs the personal data but the data is still required for the establishment, exercise, or defense of legal claims.


4. Right to object to processing


Users may object to the processing of their personal data if they have a legitimate reason and where the processing is based on their consent.

Once you exercise your right to object, your personal data will no longer be processed. Where the processing is based on a legal obligation, the right to object does not apply.

RATP Dev informs you that modification or deletion will take place as soon as possible.


5. Right to erasure


Users may request the erasure of their personal data in the cases listed in Article 17 of the GDPR: when the data is no longer necessary for the purposes for which it was processed or collected, when it must be erased to comply with a legal obligation, when it has been unlawfully processed, or when you withdraw your consent for the intended purpose.

However, erasure of such data cannot be carried out when processing is necessary, among other things, for the exercise of the right to freedom of expression and information, compliance with a legal obligation incumbent on RATP Dev, or the establishment, exercise, or defense of legal claims.


6. Right to data portability


Users have the right to data portability for the personal data they have provided. You may access it in a structured, commonly used, and machine-readable format. You may also request that such data be transmitted to another data controller where technically feasible.


9. How can you exercise your rights?


To exercise your rights, you may contact RATP Dev Data Protection Officer (DPO): - By email at: [email protected]

- By post at: RATP DEVELOPPEMENT - Data Protection Officer, 9 rue Brahms, 75012 Paris You also have the right to lodge a complaint with the CNIL by visiting its website (https://www.cnil.fr/fr/plaintes) or by post at the following address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

For any request to exercise your rights, RATP Dev may ask you to provide an official identity document (identity card, passport, driver’s license, etc.) in order to verify that you are indeed the person concerned by the personal data subject to the request.

Responses to your requests will be communicated either electronically or in paper format. RATP Dev undertakes to respond to any request as soon as possible and within a maximum period of one month from receipt of your request. However, this period may be extended by two months if the request is complex or due to the number of requests received.

If RATP Dev is unable to comply with your request, you will be informed within one month of receipt of your request. The reasons for refusal will be clearly indicated. You will then have the option of lodging a complaint with the CNIL and seeking judicial remedy.

You are informed that in the case of manifestly unfounded or excessive requests, particularly due to their repetitive nature, RATP Dev may refuse to comply with your requests or require the payment of fees to cover the administrative costs incurred in responding to your requests.


10. Modification of the Privacy Policy


When this Privacy Policy is amended, the update will be published on the RATP Dev website or via an email specifying the date of the update. We encourage users to consult it regularly.