“Client”: shall mean, either:
- any person that takes out the services offered by SANEF; or
- any person that drives on the Motorway Network, in keeping with:
- the “rules governing the operation of the A1 – A2 – A4 – A26 – A29 – A140 – A314 – A315 – TUR motorways and the rest stations on the A25 and A31 motorways”;
- the “rules governing the operation of the A13 – A14 – A29 – A131 – A132 – A139 – A150 – A151 – A154 – A813 motorways”.
“Cookie”: shall mean a small text file issued by the publisher of a web site that is visited and stored on the hard disk of the terminal used to connect to the web site (computer, smartphone, tablet or other), or any similar tracking technology. Cookies are used for various purposes, for instance to identify Clients during their connection and to remember them.
“Personal Data”: shall mean personal data as defined in article 4 (1) of the GDPR.
“Location Data”: shall mean any data that is processed in an electronic communication network and that discloses the geographical position of the terminal of a user of an electronic communications service accessible to members of the public, as mentioned in article 2 (c) of the Privacy and Electronic Communications Legislation.
“SANEF Group”: shall mean either:
- SANEF: a French public limited company; share capital: 53,090,461.67 euros; registered with the Nanterre Trade and Companies Register under no. B 632 050 019; registered address: 30 Boulevard Gallieni, 92130 Issy-les-Moulineaux, France; and/or
- SANEF 107.7: a French Joint Stock Company; share capital: 15,245 euros; registered with the Nanterre Trade and Companies Register under no. 393 688 056; registered address: 30 Boulevard Gallieni, 92130 Issy-les-Moulineaux, France; and/or
- SAPN: a French public limited company; share capital: 14,000,000 euros; registered with the Nanterre Trade and Companies Register under no. B 632 054 029; registered address: 30 Boulevard Gallieni, 92130 Issy-les-Moulineaux, France; and/or
- SE BPNL: a French Joint Stock Company with a sole shareholder; share capital: 40,000 euros; registered with the Nanterre Trade and Companies Register under no. B 517 989 554; registered address: 30 Boulevard Gallieni, 92130 Issy-les-Moulineaux, France; and/or
- Bip&Go: a French Joint Stock Company with a sole shareholder; share capital: 1,000 euros; registered with the Nanterre Trade and Companies Register under no. 750 535 288; registered address: 30 Boulevard Gallieni, 92130 Issy-les-Moulineaux, France.
“Privacy and Electronic Communications Legislation”: shall mean European Directive 2002/58/EC of 12 July 2002, as subsequently modified by Directive 2006/24 of 15 March 2006 and Directive 2009/136/EC of 25 November 2009, or any other Directive or Regulation of the European Parliament and the European Council, and any decision or delegated act of the European Commission or of any other body or Committee, that is applicable or implemented in the national laws of a European Member State, and that applies, refers to, incorporates, modifies or replaces any provision of Directive 2002/58/EC.
“General Data Protection Regulation” or “GDPR”: shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Motorway Network”: shall mean the motorway assets covered by the concession granted to the SANEF Group by the State to operate them.
“Sites”: shall mean the web sites of SANEF that are respectively accessible at the www.sanef.com and www.groupe.sanef.com addresses or via any URL that might be substituted to them from time to time or via any redirection URL, including all the pages and sections that they comprise.
“Data Processor”: shall mean a natural or legal person, public authority, department or other body that Processes Personal Data on behalf and in keeping with the instructions of SANEF in accordance with article 4 (8) of the GDPR.
“User”: shall mean any person that uses the services offered by the “Sanef&Vous” or “Battle Cosmique” mobile applications developed by the SANEF Group and available on the “App Store” and “Google Play” for IOS and Android devices respectively, such as pursuant to a registration process.
“Data Protection Violation”: shall mean the security violations mentioned by article 4 (12) of the GDPR.
“Visitor”: shall mean a person who accesses the Sites but is neither a Client or a User.
2. Overview and identity of the Data Controller
The Sites are the property of SANEF, a public limited company; share capital: € 53,090,461.67; registered address: 30 boulevard Gallieni, 92130 Issy les Moulineaux, France; registered with the Nanterre Trade and Companies Register under no. B 632 050 019. The publication manager is Mr. Arnaud QUEMARD, Chief Executive Officer of SANEF. The Sites are hosted on the servers of SANEF. All the data to which you have access via the Sites is disclosed for information purposes only and cannot be used for commercial purposes.
3. Intellectual Property
The Services, the Sites and their content, comprising without limitation all their graphical, visual, audio, photographic and text elements, the architecture of the Sites, and the databases that underpin them (the “SANEF Content”), are the exclusive property of SANEF or of their respective holders. Any extraction, reproduction, use and storage of all or part of the SANEF Content without the express written authorisation of SANEF shall be strictly prohibited. Given that SANEF does not have control over all the sources of the information to which it provides access and in view of the complexity of the Processing of this information, SANEF cannot guarantee that any information forming part of the SANEF Content is accurate and comprehensive and/or disclaims any liability for errors or omissions in the data that is displayed.
Anyone wishing to create links to www.sanef.com or www.groupe.sanef.com must first seek the written consent of SANEF. SANEF hereby disclaims liability for the information that is published on the web sites towards which links have been created on the Sites. The Sites comply with all copyright rules. All the rights of the authors of the protected works that are reproduced and disclosed on the Sites, are reserved. Any use of these works other than for the purposes of individual and private copying and viewing is prohibited, unless authorised beforehand.
4. The data gathered and the purposes of its gathering
4.1.1. Unsolicited applications / responses to a job offer
Should a person wish to apply for a job offer posted by the SANEF Group or to submit an unsolicited job application, they must fill in an application form.
This form must set out the family name, first name, address, telephone number, e-mail address of the applicant. The applicant must also state their level of education, any languages spoken, and upload or enclose a curriculum vitae.
The Personal Data that is thus transmitted shall only be processed for the purposes of assessing the application with a view to an eventual recruitment.
4.1.2. Customer relationship management
Where a Client contacts the customer service department via the contact form available on the Sites, the customer service department gathers only the Personal Data that is strictly necessary in order to be able to assess the issue, find a solution to any incidents encountered by the Client, or answer any questions they may have; this data shall include the Client’s contact details, any relevant financial data, data concerning their vehicle, their Liber-t subscription or the photographs of any damage that they claim to have incurred on the Motorway Network.
As part of its commitment to the fight against the COVID-19, the SANEF Group refunds the toll charges of healthcare professionals mobilized in the fight against the epidemic ("COVID solidarity" offer). Throughout this offer, the Client provides the SANEF Group, via the customer service department or on the Sites, with their contact details, a proof of employment (e.g., business card, certificate of employment), any useful information to identify the Client (e.g., toll receipts, remote toll payment badge number, copy of bank card transaction), as well as their bank details in order to be refunded by bank transfer.
4.1.3. Use of the “Sanef & Vous” application
The “Sanef & Vous” application developed by the SANEF Group enables a User to receive information on the traffic conditions on nearby motorways of the SANEF Group based on the location data of their smartphone. Various technologies are implemented in order to geolocate the terminal, such as its IP address and GPS signals.
Users who are regular Clients can configure the application in order to receive traffic alert notifications and information about journey times, in real time, on the roads of their choosing.
4.1.4. Commercial prospection and newsletters
Unless a Client or a User expressly refuses to be sent marketing material and newsletters, they may receive offers and information from the SANEF Group concerning products and services similar to those already provided by the latter to that Client or User, based on the legitimate interest of the SANEF Group to promote its goods and services to its Clients and Users.
As an exception to the above, the consent of the Client, User or Visitor shall be required:
- Where the Personal Data is gathered using paper or online forms unconnected to the Services or the Sites;
- To send offers and information on behalf of the partners of the SANEF Group.
The Client, User or Visitor may opt at any point in time to no longer receive these communications from the SANEF Group or its partners by using the unsubscribe link featuring in any e-mail from the SANEF Group or from its partners, or by contacting the SANEF Group using the contact details mentioned in article 14.1 of this document.
Any Client’s use of the Motorway Network gives rise to the use of IT and video facilities, and therefore to the gathering and processing of Personal Data:
As part of the management of toll booth transactions and events, the SANEF Group gathers data concerning a Client’s interaction with the toll booths, the means of payment used, the identification of the vehicle (including images of the profile of the vehicle to ascertain its vehicle category), as well as the remote toll payment data. In case of a payment default or payment by cheque, the SANEF Group also processes data concerning the identity of the driver and of the owner of the vehicle.
4.2.2. Recording of conversations
The SANEF Group records conversations with Clients initiated from the emergency calls network and the toll booths as well as the calls made to the Operations Control Room (French acronym: PCE) for the following purposes:
- management of Client requests for assistance,
- management of Client complaints,
- acknowledgement of transactions (as part of the calls initiated from the toll booths),
- improvement of the service quality and training of the employees of the SANEF Group, and
- management of incivilities committed by Clients against the employees of the SANEF Group.
Only the data that is needed to deal with these purposes is gathered. This may involve specifically information concerning the owner of the vehicle, the means of payment used or the identification of the vehicle.
4.2.3. Preventive video surveillance
As part of its management of the CCTV video surveillance and protection facilities on the public highway, the SANEF Group gathers the images of both vehicles and persons, as well as data concerning their transit through the toll booths.
4.2.4. Fraud prevention
As part of its measures to combat fraud at the toll booths, the SANEF Group gathers photographs of the front and rear number plates, the video sequences of the offences and data from the vehicle registration system.
4.2.5. Management and follow-up of breakdowns
As a part of the management and monitoring of breakdown services on the Motorway Network, the SANEF Group has set up a mobile application used by breakdown companies.
In the context of the use of this mobile application, the SANEF Group and the breakdown company concerned collect Data related to the surname, first name, postal address and telephone number of the driver, as well as those relating to the identification of the vehicle (including any photos of the vehicle being repaired) and the breakdown mission (time stamp and location).
Where applicable, SANEF Group and the breakdown company concerned collect Data relating to the particularities of the persons on board (elderly persons, children or persons with reduced mobility) in order to adapt the interventions.
4.3.1. At the toll booths
For each vehicle that goes through the toll booths, the following information is recorded by the toll system, in order to manage toll booth transactions and events and combat fraud and payment defaults:
- front and rear number plates;
- vehicle category;
- time stamp and location;
- data from any remote toll payment / RFID badges of subscribers for billing purposes;
- contextual photographs;
- in case of payment of the toll charge online or at the toll booths: the bank card data (EMV compliant bank transaction identifier, authorisation code if required, etc.);
- in case of a failure to pay the toll charge: a sworn agent of SANEF will access the relevant file of the vehicle registration system (French acronym: “SIV”) using the photographs of the number plates in order to send a payment request notification.
4.3.2. Upon payment of the toll charge at the toll booth
The Client may settle the toll charge online or at the toll booth, and to that end must input the number plate of the vehicle used. The Client may also input information concerning their title, family name, first name, e-mail address, telephone number to benefit from the alert Services proposed by SANEF.
Clients who have expressly consented to the alert Services offered by SANEF, shall receive on D+1 following their passage through the abovementioned junction of the motorway a notification (notifying them about their passage, the payment deadline of 10 days and the payment options on offer) and a payment reminder notification on D+8.
In order to ascertain the identity of a Client wishing to benefit from the alert Services, SANEF shall be entitled to request a copy of the vehicle log book, which shall be erased once the identity of the driver shall have been checked.
4.3.3. At the time of purchase of a payment label
In order to access SANEF’s Services, except in case of subscription to the anonymous Prepaid Pass as mentioned in the “General terms of sale and of use of the Subscriber’s Pass and Prepaid Pass”, the Client must create an account by filling in a registration form. To that end, the Client must disclose their title, first name, family name, date of birth, e-mail address, an identifier, a password, their telephone number and postal address, their chosen terms of payment, as well as information about their vehicle. The Client may also be asked to state what their employment status.
It should be pointed out that the Client’s password is strictly personal. It is protected by means of a one-way hash function and cannot therefore be disclosed or even read by SANEF. Given that the Client is fully responsible for the confidentiality of their password and the use of their account, they are advised not to disclose their password to anyone and to systematically disconnect their session before closing their browser. Any use of the Services, or access to and browsing through the Sites, connection or data transmission effected via the Client’s account using their identifiers shall be presumed to have been made by the Client and under their sole responsibility.
SANEF hereby disclaims any liability for the loss of one or more identifiers (user name or password), and in the absence of a timely written notification made in due form to SANEF by the Client, for the detrimental consequences of the use of the Client’s account by any unauthorised person.
In case of loss or theft of an identifier, the Client should follow the procedure laid down by SANEF in order to retrieve their identifiers and/or reset their password.
SANEF has no power to check the veracity of the information disclosed by the Client upon creation of an account. SANEF therefore disclaims any liability for false declarations or identity theft. The Client undertakes to provide accurate information to SANEF and to update it where need be.
4.3.4. Improvement of the products and services
The Personal Data shall be processed by the SANEF Group to develop and to enhance its goods and services in order to continuously improve its performances and customer satisfaction.
4.4. Personal Data gathered automatically
Some Personal Data may be gathered automatically, for instance data collected using Cookies when a Client, User or Visitor uses or views the Sites or when they interact with the SANEF Group. This data may include information about the type of terminal used by the Client, User or Visitor to access the Sites, its operating system, its IP address, the type of browser used and any interactions with the content of the Sites.
As part of the trials of a reliable system for detecting car-pooling that is suited to motorway conditions, systems designed to detect the number of occupants in vehicles have been installed and are being operated by FARECO (a French Joint Stock Company; share capital: 1,288,000.00 euros; registered with the Nanterre Trade and Companies Register under no. 409 684 859; registered address: 250 avenue des Grésillons, 92600 Asnières-sur-Seine, France) at sites in Montesson (A14 motorway) and Survilliers (A1 motorway).
To that end, FARECO, in its capacity as the data controller, may gather and process the following data: two or three photographs of the passenger compartment of the Clients’ vehicles in order to enable the number of passengers to be counted.
The above mentioned photographs do not show the number plates of the vehicles.
The “Battle Cosmique” application developed by the SANEF Group is a digital card game inspired by the classic “War” card game.
Users may access this application by creating an account or by playing anonymously, i.e. without filling in an account creation form. Should a User wish to create an account, they must input their family name and first name, a user ID and an e-mail address. The information that is thus gathered will enable each game to be saved and logged and the Users to be ranked on the roster of the “Battle Cosmique” application.
In the course of playing the game using this application, the Users can, if they so wish, unlock a number of bonus features (“premium” card or “boussole [compass]” card) by authorising the application to access the geolocation of their mobile terminal (smartphone or tablet) when it is being used on the network of the SANEF Group. A number of technologies will then be used to locate the User’s mobile terminal, such as by way of the IP address or GPS signals.
Moreover, the Users can register for the newsletter of the SANEF Group by keying in their e-mail address into the https://battlecosmique.com/ web page. The newsletter carries the latest news of the SANEF Group and information about the latest functionality of the “Battle Cosmique” game.
4.7. Data gathered when using the Sanefpass application
The SANEF Group has set up an application, called “Sanefpass”, which can be downloaded to smartphones (Andoid and iOS) and which allows Customers with light vehicles or motorcycles to pay tolls with their smartphone, using Bluetooth, on the A13 and A14 freeways.
In order to access the Sanefpass application, the Customer must create an account by completing a registration form. To this end, the Customer must provide information relating to the surname, first name, e-mail address, as well as the payment method associated with the account. For all purposes, SANEG Group also collects technical log information (type of phone, brand, model, OS and application version).
The Data collected by the SANEF Group at the time of toll collection are those indicated in Article 4.2.1. “4.2.1 Management of toll booth transactions and events”.
For all intents and purposes, the terms and conditions of use of this service are set out in the Sanefpass application.
4.8. Data collected as part of the experimentation of a vehicle classification system at the toll booth.
As part of the trial of a reliable system for classifying vehicles at toll booths, a classification and counting analysis system is installed and operated by TEB (a simple joint stock company with capital of € 1, 120, 400, whose registered office is located at RD 974 – 21190 Corpeau) at the Senlis toll booth, exit 8 Bonsecours.
In this capacity, TEB, as the Data controller, collects and processes the video streams from the cameras associated with the classification, the Time-Stamp Data and the Classification Data.
4.9. Pass-Amiens subscription
The Company and the Amiens Métropole Urban Community have set up an offer enabling Customers domicilied in one of the communes of the Amiens Métropole Urban Community to benefit from a reimbursement scheme corresponding to 70 % of the first twelve (12) journeys already discounted by the SANEF Group under the “Fréquence +” offer (hereinafter the “Pass-Amiens Offer”).
In the context of the Pass-Amiens Offer, the purposes of the Data Processing are limited to the establishment and transmission to the Communauté d’Agglomération d’Amiens Métropole:
- Of the electronic toll customer numbers of Customers of eligibility for the Pass-Amiens Offer;
- The amount of the subsidy concerned for each of the said Customers; for the sole purpose of the Communauté d’Agglomération d’Amiens Métropole to send the corresponding subsidy to the Customers.
The other Personal Data Processing carried out in the context of the Pass-Amiens offer is the responsibility of the Communauté d’amiens Métropole, namely: https://demarches.amiens.fr/aide-rocade-a16/
To process the personal data of Clients wishing to benefit from a subsidy from the subscription form;
- Verify and control the eligibility conditions of the above-mentioned Customers;
- Provide the Company with the customer number of the above-mentioned Customers so that the Company can identify the trips that fall within the scope of the subsidy;
- Paying the subsidy;
- To process claims and, more generally, to manage the customer relationship with the Customers in connection with the Grant.
The terms and conditions of said processing (purposes, retention period, management of requests for access rights, list of subcontractors, etc.) are determined by the Communauté d'Agglomérations d'Amiens Métropole under its sole responsibility in accordance with the regulations in force.
Requests for access rights arising from the above processing will be processed by the Communauté d'Agglomérations d'Amiens Métropole.
4.10. Mandatory disclosure
The Personal Data of the Clients, Users or Visitors may be disclosed in the following cases, within the limits set by the Applicable Regulations:
- to comply with a legal obligation, an order or any other legal measure as part of an investigation into proven or suspected illegal activities, to prevent such activities or to take measures against them;
- in the event of a Client’s violation of a contractual obligation towards the SANEF Group;
- to protect the rights, the property and the security of the SANEF Group;
- to protect the rights and the security of its Clients et Users.
5. Storage of Personal Data
The Personal Data may be processed by the companies of the SANEF Group and their service providers, inside or outside the European Economic Area, under safeguards that are compatible with the European rules in such matters and in keeping with the standards laid down by the GDPR.
6. Duration of the retentien of the Personal Data
6.1 Duration of the retention of Personal Data gathered on the Sites
6.1.1 As part of an unsolicited job application or an application sent in response to a job offer
The Personal Data of an applicant is kept for a period of 1 year following the last contact with the applicant, unless the latter opposes this. The data shall be erased immediately upon request of the applicant, within a maximum timescale of one (1) month following the request.
6.1.2 As part of the SANEF Group’s customer relationship management
The Personal Data of a Client is kept for a period of 3 years following the last interaction with the Client, and is then archived for 7 years with restricted access.
Data concerning the methods of payment is erased once the transaction has completed. In case of payment by bank card, the data is kept in an intermediate archive for purposes of evidence should the transaction be challenged, for a timescale of 13 to 15 months following the transaction involved. This data may be kept for longer, as a regular method of payment, should the Client consent to this expressly. This consent is gathered using a tick box and can be withdrawn at any point in time.
Data concerning the reimbursement offers regarding the national health emergency ("COVID Solidarity") mentioned in article 4.1.2 is kept for a period of 5 years in accordance with the duration of the legal period of limitation. The copy of the proof of employment is erased once the verification in favor of the offer is carried out.
6.1.3 As part of the sending of marketing material and newsletter
The Personal Data of prospective clients is erased no more than 3 years following the last contact with them or should they have failed to respond to two successive attempts to contact them.
When a person exercises their right to oppose the use of their data for marketing purpose, the information used to take into consideration their right of opposition is kept for up to 3 years following the exercising of this right, solely for the management of this right of opposition.
6.2 Period of retention of the Personal Data gathered upon use of the Motorway Network
The data is kept:
- In the case of the data processed in accordance with section 4.2.1: for the remainder of the current year + 4 more years, save for the photographs of the vehicles that are kept for just 6 months ;
- In the case of the data processed in accordance with section 4.2.2: for 1 month. When it comes to the management of incivilities, the data is kept for as long as is necessary for the investigation of the case to the extent of up to the duration of the legal period of limitation;
- In the case of the data processed in accordance with section 4.2.3: for 15 days;
- In the case of the data processed in accordance with section 4.2.4: for up to 3 years, with the exception of the video footage that is only kept for up to 30 days and the photographs that are only kept for the time needed to investigate the case, to the extent of up to the legal period of limitation for such offences (1 year).
- In the case of the data processed in accordance with section 4.2.5: for up to 5 years in order to process customer complaints and disputes.
6.3 Period of retention of Personal Data gathered when Clients interact with the North and South toll stations of junction 38 at Boulay/Varize on the A4 motorway
The data concerning the number plates is kept for 1 month after the payment of the toll charge and for up to 1 year in case of a failure to pay.
The other data gathered upon passing through the junction is kept for 5 years for the purpose of dealing with client complaints.
6.4 Period of retention of the data gathered as part of trialling of a system used to detect car pooling
As part of the processing of data in connection with the trials mentioned in article 4.5, FARECO:
- only keeps the data for a timescale that is necessary to fine-tune its detection system;
- regularly erases, anonymises or pseudonymises the data in strict compliance with the Applicable Regulations;
- only retains data for the sole purposes of these trials.
For the avoidance of doubt, please note that the SANEF Group does not have access to this Data nor is it able to dictate the terms of retention of this data.
6.5.1 Battle Cosmique application
The Personal Data gathered for the purposes of the “Battle Cosmique” mobile application is kept throughout a User’s use of the application and for up to 2 years after their last use of the game.
6.5.2 Sanef&Vous application
The Personal Data gathered for the purposes of the “Sanef&Vous” mobile application is kept throughout a User’s use of the application.
6.5.3 Sanefpass application
Data related to the use of the Sanefpass application are kept:
- 3 years starting from the last interaction initiated by the Customer recorded in the Sanefpass application, for the purpose of managing the commercial relationship, then the file of each Customer is archived for a period of 7 years before final deletion, for the purpose of keeping records, unless a dispute arises during this period;
- Technical log data is kept for 6 months from the date of collection;
- Assistance data is kept for 3 years from the time of customer contact;
- Data relating to the validity of the means of payment are kept as long as the means of payment has not been modified by the Customer and the account has not been terminated.
6.6. Retention period for Data collected as part of the experiment of a vehicle classification system at the toll booth
As part of its Processing under the experiment referred to in Article 4.8, TEB:
- Retains the Data up to 30 days;
- Delete, anonymize or pseudonymize the Data after this period in strict compliance with the Applicable Regulations;
- Processes the Data for the sole purpose of the said experimentation.
For all intents and purposes, is it specified that the SANEF Group does not have access to the Data nor is it in position to define the terms and conditions for the retention of the Data.
7. Recipients of the Personal Data
The Personal Data is transmitted to the departments of the SANEF Group (such as the operations department, the marketing department, the customer service department, the debt recovery department, the audit department, etc.), subject to the accreditations of the employees involved, as well as to the SANEF Group’s parent company (Abertis) and its Data Processors, to the extent only of what is necessary for the provision of the Services and the Sites.
As an exception to the above, FARECO is the only recipient of the data gathered as part of the trialling of the system used to detect car-pooling, as defined in article 4.5., and is contractually bound by obligations to preserve the confidentiality and security of this data. For the avoidance of doubt, the SANEF Group is not a recipient of this data.
7.2 Management and follow-up of breakdowns
The breakdown service companies are recipients of the Data collected in the context of the management and monitoring of breakdown services as defined in article 4.2.5 “Management and monitoring of breakdown services” for the purposes that are specific to them, such as invoicing, monitoring of their interventions and service quality indicators.
7.3 Vehicle classification system at tolls
As an exception to the foregoing, TEB is the sole recipient of the Data collected in connection with the carpool detection system experiment as defined in Article 4.8 and is contractually bound by obligations of confidentiality and security of such Data. For all practical purposes, it is specified that the SANEF Group is not the recipient of the said Data.
8. Disclosure of Personal Data to authorised third parties
The Personal Data may be transmitted to the relevant authorities should an infringement be witnessed, and to the court officers, bailiffs and bodies in charge of debt recovery.
9. Data Processors
The SANEF Group uses the services of Data Processors to provide Services and to run the Sites. The Data Processors and their personnel are bound by confidentiality and security obligations in respect of their Processing of Personal Data. The Data Processors have also undertaken to take the requisite technical, organisational and structural measures to avoid any Data Protection Violation, such as:
- destruction, damage, alteration or loss of the Personal Data, whether accidentally or without the authorisation of the SANEF Group,
- disclosure of the Personal Data to or access to the Personal Data by third parties, whether accidentally or without the authorisation of the SANEF Group, and/or
- any processing of the data, whatever the form or grounds thereof, that is illegal, unauthorised by the SANEF Group or not covered by the contract.
10. Relations with the SANEF Group's Partners
10.1 Data processing relations to the obligation to evaluate partners
The SANEF Group implements data processing relating to its established, potential or future partners (hereinafter the "Partners") to meet its compliance obligations, in particular those originating in the fight against terrorism, money laundering and the law no. 2016-1961 of 9 December 2016 relating to transparency, the fight against corruption and the modernisation of economic life known as “Loi Sapin 2”.
As part of its obligation to evaluate Partners, SANEF Group processes or subcontracts to its partners Personal Data:
- identity, functions and contact details of persons directly (persons of the governing bodies, directors, beneficiaries) or indirectly (through their presence in the same capital group) attached of the Partners;
- where applicable, the identity, functions and contact details of persons connected with the persons referred to in section i. above
- if applicable, the identity, functions and contact details of persons with the same name as the persons referred to in sections i., ii. and iii. above
- if applicable, sanctions imposed on the persons referred to in sections i., ii. and iii. above
- where applicable, information, such as press clippings, relating to the persons or sanctions referred to above.
The Personal Data collected is necessary to meet the obligation of evaluating the partners and is analyzed, processed and transmitted to the relevant departments of the SANEF Group that need to know it in order to carry out their mission. The Personal Data is kept for a period of 5 years from the end of the contractual relationship with the third party investigated or from the time of the evaluation if the partner is not selected.
10.2 Data processing relating to contractual relations with partners
The SANEF Group uses Personal Data to manage contractual relations with its partners. In this respect, Personal Data is collected relating to the identity and contact details of employees designated by the partner as signatories to the contract or in charge of its execution (e.g. technical or commercial contact).
The Personal Data collected is essential for the execution of the above-mentioned contract and will be processed and transmitted to the relevant departments of the SANEF Group that need to know about it in order to carry out their mission. The Personal Data collected may be transferred to SANEF Group companies, their subcontractors or service providers for the purpose of performing the contract. Data retention periods are determined in accordance with applicable legal provisions.
10.3 Methods of exercising rights
The Clients, Users and Visitors to the Sites are informed via an information banner that Cookies may be installed automatically on their browser software during their browsing of the Sites. By continuing to browse the Sites, the Client, User or Visitor tacitly accepts the use of these Cookies for the purposes described below.
As an exception to the above, audience measurement Cookies that only gather anonymous statistics are kept for a maximum duration of 25 months.
11.1 Operation Cookies
These Cookies are required for the proper operation of the Sites when the Client, the User or the Visitor is browsing through them. They enable for instance the actions of a Client or a User to be tied to an identification service (SessionID) where need be.
Operation Cookies keep track of the Client’s or User’s browsing of the Sites during a given session and store their preferences that are required for the provision of the Service in order to improve their experience on the Sites and personalise their functionalities. They are used for instance to store the language spoken by the Client or User. Please note that these cookies cannot trace the browsing patterns of Clients, Users or Visitors on other sites.
|currpage||Keeps track of the current page||sanef.com||Session|
|ppsearchDB#ppSearchEngine||Needed for the internal search engine||sanef.com||Persistent|
|rc::a||This Cookie is used to distinguish between people and robots. This benefits the web site as it enables valid statistics to be compiled regarding the use of the site.||google.com||Persistent|
|rc::c||This Cookie is used to distinguish between people and robots||google.com||Session|
11.2 Marketing Cookies
Marketing Cookies enable the SANEF Group to improve the ergonomics of the Sites by analysing the browsing history of Visitors. The results of these analyses are processed anonymously solely for statistical purposes.
These Cookies also provide a means of ascertaining the browsing habits of Clients and Users and to personalise their experience by showing them offers that are targeted to their interests and expectations. These Cookies are used by the SANEF Group to measure the performance of its advertising systems while offering the Client or User targeted advertising.
|__utma||Gathers data on the number of times that a user visits the web site as well as the dates of the first and the most recent visit. Used by Google Analytics.||google-analytics.com||2 years|
|__utmb||Records a time stamp of the precise moment when the user accesses the web site. Used by Google Analytics to calculate the duration of a visit to a web site.||google-analytics.com||1 day|
|__utmc||Records a time stamp of the precise moment when the user leaves the web site. Used by Google Analytics to calculate the duration of a visit to a web site.||google-analytics.com||Session|
|__utmt||Used to slow down the speed at which requests are sent to the server.||google-analytics.com||1 day|
|__utmz||Gathers data on the origin of the user, i.e. the search engine, the link clicked and the search criterion used. Used by Google Analytics.||google-analytics.com||6 months|
|_ga||Records a unique identifier used to generate statistical data on the way in which a visitor uses the web site.||sanef.com||2 years|
|_gat||Used by Google Analytics to radically reduce the rate of requests||sanef.com||1 day|
|_gid||Records a unique identifier used to generate statistical data on the way in which a visitor uses the web site.||sanef.com||1 day|
|_hjAbsoluteSessionInProgress||This cookie is used to count how many times a site was visited by unique visitors. This is done by allocating a random identifier to each visitor. Thus, a visitor cannot be counted twice.||sanef.com||1 day|
|_hjid||Defines a unique session identifier. This enables the web site to obtain data on the behaviour of the visitors for statistical purposes.||sanef.com||Persistent|
|_hjIncludedInPageviewSample||Determines whether the browsing pattern of the user must be recorded in a given space earmarked for statistics.||sanef.com||Persistent|
|_hjTLDTest||Detects the SEO referencing of the current web site. This service forms part of a third-party statistics and analysis service.||sanef.com||Session|
|_hjTLDTest||Detects the SEO referencing of the current web site. This service forms part of a third-party statistics and analysis service.||sanef.com||Session|
|collect||Used to send data to Google Analytics on the environment and the behaviour of the visitor. Tracks the Internet user through various marketing devices and channels.||google-analytics.com||Session|
|NID||Records an identifier that identifies a recurrent user’s device. This identifier is used for targeted advertising.||google.com||6 months|
11.3 Multimedia Cookies
Multimedia Cookies provide a means of operating a media device to play audio or video content requested by a Client, a User or a Visitor on the Sites.
|dzr_uniq_id||Provides a unique identifier to users of Deezer||deezer.com||179 days|
|persist:cache:0||This Cookie is needed for the operation of Deezer’s cache||deezer.com||Persistent|
|plyr||Needed for the implementation of video content on the site.||sanef.com||Persistent|
|sid||Stores the configuration of the user’s parameters through the page requests.||deezer.com||Session|
|vuid||Gathers data on the user’s visits to the web site, such as the pages that were viewed.||vimeo.com||2 years|
|WIDGET::local::assignments||Used by the SoundCloud audio platform to implement, measure and improve their content / integrated services on the web site - the data gathering also covers the interaction of the visitors with the content / integrated service. This can be used for statistical or marketing purposes.||soundcloud.com||Persistent|
11.4 Social network Cookies
Social network Cookies are used to share the content of the SANEF Group on the social networks (Facebook, Instagram, LinkedIn, Twitter).
|__atuvc||Updates the meter that tracks the social network sharing functionalities of a web site.||AddThis||2 years|
|__atuvs||Ensures that the updated meter reading is displayed to the user if a page is shared with the AddThis content sharing service.||AddThis||1 day|
|_at.cww||Used by the AddThis content sharing platform||AddThis||Persistent|
|_at.hist.#||Used by the AddThis content sharing platform to store the log of uses of the user’s AddThis sharing widget||AddThis||Persistent|
|at-rand||Used by the AddThis content sharing platform||AddThis||Persistent|
11.5 Locator Cookies
Locator Cookies are used to determine the precise position of the terminal of the Client or of the User in order in real time to enable navigation on the interactive map.
The data that is gathered is only kept for the time that is needed to use the interactive map on the Sites or via the “Sanef & Vous” application.
Please note that the mere viewing of the interactive map does not require the use of locator cookies that can therefore be blocked by a Client, User or Visitor.
11.6 Eliminating Cookies
Clients, Users and Visitors should be aware of the fact that Cookies are designed to improve their browsing experience on the Sites and are vital to access certain secure spaces. Thus, should they decide to block all Cookies via their web browser, the Client, User or Visitor shall only be able to access the public sections of the Sites and shall no longer be able to access their account.
However, it is still possible to oppose the insertion of statistical Cookies or of Cookies designed to optimise the advertising content that is generated by configuring the appropriate parameters of the browser, namely Cookies, private browsing or the “Do Not Track” (“DNT”) functionality of the browser.
A user’s decision to oppose the insertion of advertising Cookies will not prevent the displaying of advertisements. These will continue to be displayed randomly, without taking into consideration the proven or inferred interests of the Clients, Users or Visitors.
Depending on the browser used, a Client, User or Visitor has the following options: to accept or to reject Cookies of any origin or from a specific provider, or to request that a message be displayed requesting the Client, User or Visitor to consent each time that a Cookie is inserted into their terminal.
If a Client, User or Visitor wishes to eliminate or block any Cookies, they may do so by clicking on Cookies settings, by changing the parameters of their browser or by accessing the online help facility of the publisher of their browser (Internet Explorer, Mozilla, Chrome, etc.).
For Microsoft Internet Explorer:
Tools – Internet Options – Privacy
Then configure according to your preferences
For Microsoft Edge:
Options (accessible through the “Tools” icon at the top right-hand-side)
Display Cookies and web site authorisations
Then configure according to your preferences
Options (accessible through the “Tools” icon at the top right-hand-side)
Display advanced parameters
Privacy - content settings
Then configure according to your preferences
Tools – Options – “Privacy” tab
Then configure according to your preferences
For more information about Cookies of any origin, i.e. not only those of the Sites, Clients, Users and Visitors are advised to access the Youronlinechoices website, available at www.youronlinechoices.com/fr/, published by Interactive Advertising Bureau France (IAB), in order to be made aware of the enterprises that are registered with this platform and that offer the possibility to reject or accept the Cookies used by these enterprises to adapt the browsing data and the advertisements likely to be displayed on one’s terminal: www.youronlinechoices.com/be-fr/controler-ses-cookies.
The Clients and Users are hereby informed that the SANEF Group takes the requisite reasonable technical and organisational measures to ensure the security of their Personal Data and to protect it against any unauthorised access, alteration, disclosure, misuse or loss.
For instance, the SANEF Group has implemented a system to control access to the Personal Data that is secured by authentication processes and uses the HTTPS protocol to encrypt any Personal Data that is sent over the Internet.
14. Right of access, modification, erasure of Personal Data
14.1 Contact person for exercising your rights
In accordance with the Applicable Regulations, the SANEF Group has appointed a data protection officer (the “DPO”). Clients, Users or Visitors may exercise their rights of access, modification and opposition, as well as their right to be forgotten and their right to the portability of their data, in keeping with the terms of the Applicable Regulations, by writing to the DPO of the SANEF Group at 30 boulevard Gallieni, 92130 Issy-les-Moulineaux, or at the following e-mail address: firstname.lastname@example.org.
They can also send any request or question about the Processing of their Personal Data to that contact address.
Should a Client or User exercise their right of opposition, the SANEF Group shall stop Processing their Personal Data, save in case of legitimate and overriding ground(s), or to ensure the acknowledgement, exercising or defence of its rights in court, in accordance with the Applicable Regulations. Where applicable, the SANEF Group shall inform the Client, the User or the Visitor of the grounds on which the rights that they are exercising cannot be wholly or partly honoured.
The right to be forgotten, i.e. to request the erasure of one’s Personal Data, shall apply subject to any requirements to retain this Personal Data that the SANEF Group may invoke, such as the requirement to meet its legal obligations.
Clients also have a right to request the portability of some of their Personal Data, by requesting an electronic copy in a legible and readily-processable form of their data that is Processed by the SANEF Group as part of their contractual relationship with the SANEF Group for the provision of goods or services, excluding:
- data that the SANEF Group may have produced for its own purposes or that enables it to meet its legal obligations, such as its accounting, labour or taxation obligations;
- information concerning the logs of subscriptions taken out, moneys paid or due, as well as all the information that the SANEF Group may have generated as part of its legitimate interests regarding the interests of its Clients, Users, Visitors or prospective clients.
The Client or the User may also issue instructions concerning the fate of their Personal Data after their death.
Should a Client or User consider, after contacting the SANEF Group, that their data protection rights were not complied with, they may complain to France’s CNIL [data protection watchdog].
Contact person for exercising your rights as part of the trialling of a system for detecting car-pooling as defined in article 4.5.
As part of trials of the system for detecting car-pooling, as defined in article 4.5, the Clients involved may, if need be, send requests invoking their right of access, rectification, opposition, limitation, portability and erasure of their data, under the terms of the Applicable Regulations, to the DPO of FARECO at the following e-mail addresses: email@example.com and firstname.lastname@example.org.
Contact person for exercising your rights in the context of the experimentation of a classification detection system as defined in Article 4.8.
As part of the experimentation of the vehicle classification detection system at toll booths as defined in Article 4.8, the Customers concerned may, if necessary, send their requests for access, rectification, opposition, limitation, portability and deletion of their Data, under the conditions of the Application Regulations, to FARECO’s DPO at the following e-mail addresses: email@example.com and firstname.lastname@example.org.
14.2 Procedure to be followed to exercise the data protection rights
In order to access their personal data, the Client, User or Visitor must provide proof of their identity to the DPO upon writing to the abovementioned contact details, in accordance with the Applicable Regulations.
The Client or the User may grant a power of attorney to a person of their choosing to exercise their right to access their personal data. The representative must then present a letter stating the purpose of the mandate, to wit the exercising of the right of access, the identity of the principal and their own identity.
For instance, the person issuing the request may seek information about the origin of their Personal Data and may request a copy of this data.
The DPO shall then have a timescale of one month to respond to the request. However, this timescale may be extended by two months depending on the complexity and number of requests. In case of such an extension, the requesting party shall be informed within one month following receipt of the request.
14.3 In case of refusal to respond
The DPO has no obligation to respond to the requests of data subjects to exercise their rights if:
- they are clearly wrongful, on account of their number, their repetitive or systematic nature;
- their Personal Data is not being kept: in that case, it is not possible to access it.