Privacy Policy

TRANSPORT REGIONAL DES ALPES MARITIMES makes every effort to protect your personal data in accordance with applicable European and French regulations.

The purpose of this privacy policy (‘Privacy Policy’) is to inform you about the purposes for which and the conditions under which we process the personal data that we may collect through our various channels, such as our commercial services, our websites www.santa-azur.com, our social networks or our events.

Our Cookie Management Policy, available at www.santa-azur.com, supplements this Privacy Policy to inform you of the purposes and conditions of use of cookies or navigational data that may be deployed on our websites and mobile applications.

Please take the time to read this Privacy Policy so that you have all the information you need to understand how your personal data is used and to exercise freely and fully the rights guaranteed to you by the applicable laws and this Privacy Policy.

1. General provisions

Data controller

The party responsible for processing your personal data is TRANSPORT REGIONAL DES ALPES MARITIMES, except when we are acting on the instructions and exclusively on behalf of our principals. In this case, we will inform you (i) either when we collect your personal data, (ii) or in this Privacy Policy, (iii) or when you wish to take steps with us to protect your personal data.

Terms and Conditions of Use

The Privacy Policy forms an integral part of the General Terms and Conditions of Use of our services and must be read in conjunction with them.

Applicable law and competent administrative authority

The Privacy Policy is governed by the General Regulation on the Protection of Personal Data n°2016/679 (‘RGPD’) and by the French Data Protection Act n° 78-17 of 6 January 1978 as amended (‘Loi Informatique et Libertés’), under the regulatory control of the French personal data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés – www.cnil.fr ).

Links to third party websites

Our site may contain or use links to websites, mobile applications, products or services that are operated by third parties (including advertising sites, our partners or social networks). Please note that the Privacy Policy does not extend to these third parties over whom we have no control and for whom we cannot be held responsible.

We encourage you to review the privacy policies, procedures and practices of these third parties.

Protection of minors

For the purposes of providing TRANSPORT REGIONAL DES ALPES MARITIMES products and services by digital means, we are likely to collect personal data from minors under the age of 16, under the control and with the consent of their legal representatives (parents or guardians). Users of our digital services who inform us that they are under 16 years of age have a discretionary right to have their data deleted (subject to our legal retention obligations described in article 7 ‘Retention periods for data collected’ below), which they may exercise directly or via their legal representative, at any time and without reason, by contacting us at dpo.tps@keolis.com.

2. The personal data we collect

This Privacy Policy applies to personal data that we may collect from or about you (see below), including from the following sources

  • Completion of our subscription or collection forms on paper or electronic media or on the occasion of operations or events organised by TRANSPORT REGIONAL DES ALPES MARITIMES in which you take part;
  • Visit one of our physical outlets and/or purchase one of our services
  • Request for contact or exchanges with our customer relations department;
  • Validation of tickets, access control to our services (urban, interurban, collective or individual transport, medical care, vehicle rental or parking, etc.) or processing of offences and recovery of fines;
  • Use of our services, including our ticketing systems and applications;
  • Browsing our websites www.santa-azur.com
  • Receiving and sending e-mails, text messages and other electronic messages between TRANSPORT REGIONAL DES ALPES MARITIMES and you.

3. Use of data collected and retention periods

We collect and use your personal data for the main purposes described below:

  • To manage the issuing and use of tickets and to combat fraud
  • To manage our customer and prospect files, the provision of our services and the contractual, technical, financial and accounting management of the relationship with our customers and users of our services;
  • Securely process your payment details when you subscribe to a service;
  • To inform you of the latest news about our network and any incidents and disruptions in the provision of our services;
  • To better understand your needs and expectations in order to provide you with adapted services and to measure the use of our services in order to improve our offers
  • Handling your requests, exercising your rights and complaints;
  • Comply with the law, regulations, and legal requests and orders.

4. Data transmission

Your personal data may be communicated by TRANSPORT REGIONAL DES ALPES MARITIMES:

In the Keolis Group

We may share your personal data with certain entities of the Keolis Group, in order to ensure the continuity of our services and our relationship with our customers, prospective customers or users of our website;

Third-party service providers

We may communicate your personal data to trusted third parties, located inside or outside the European Union, to help us operate our services and in particular to ensure the proper functioning of the TRANSPORT REGIONAL DES ALPES MARITIMES websites and mobile applications;

To business partners

We share certain pseudonymous data, which does not contain any element of direct identification, for the purposes described in article 3 ‘Use of your personal data’ above;

To third parties for legal reasons

In the event that we are required to comply with laws and regulations and legal requests and orders or if this is permitted by law (i.e. for the protection and defence of rights, situations that threaten life, health or safety, etc.).

In any event, we always require these recipients to provide sufficient guarantees of confidentiality and security and to take the physical, organisational and technical measures necessary to protect and secure your personal data, in accordance with the legislation in force.

Any transfers of data outside the European Union are governed by mechanisms approved by the European Commission or the competent authorities.

5. Data security

TRANSPORT REGIONAL DES ALPES MARITIMES secures your personal data by implementing appropriate physical, organisational and technical measures to prevent any unauthorised access, use, disclosure, modification or destruction, in accordance with the regulations in force.

These measures include

  • Storage on secure servers within the European Union;
  • The security of your data, in particular via pseudonymisation procedures, encryption of transmitted data and the implementation of means to guarantee the confidentiality, integrity and availability of your data;
  • Limited access to your data on a “need to know” basis;

Although TRANSPORT REGIONAL DES ALPES MARITIMES takes all possible measures to protect your personal data, we cannot guarantee the security of information transmitted on our websites or on one of our mobile applications when a security flaw affects your terminal or browser.

6. Your rights regarding your personal data

Under the RGPD and the Data Protection Act, you have various rights, including

Access, modification, updating and deletion of your personal data

You may request access to your personal data held and processed by TRANSPORT REGIONAL DES ALPES MARITIMES, consult it, obtain a paper or electronic copy and request that it be corrected, updated or deleted.

Opposition

You may, at any time, request that some of your data no longer be processed.

Portability

You may request that your data undergoing processing be communicated to you in an open, machine-readable format, whether for your personal use or for transfer to another data controller.

Limitation of treatment

In certain cases, you may request that the processing of your data be restricted.

Complaint to a Supervisory Authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with the supervisory authority of the country of the European Union in which you reside, work or in which you consider that a violation of your rights has occurred.

You can exercise all these rights by sending us a written request, together with a copy of your identity document, to the contacts mentioned in article 9 ‘Contact us’.

We will endeavour to respond to your requests as quickly as possible and in accordance with the applicable regulations. However, in some cases, we may not be able to respond favourably in order to meet our legal or contractual obligations.

7. Retention periods for data collected

We retain your personal data only for as long as is necessary to fulfil the various purposes set out in section 3 “Use of your personal data” above, except where we are permitted or required by law to retain it for longer.

The table below summarises the various maximum retention periods applicable or imposed on TRANSPORT REGIONAL DES ALPES MARITIMES depending on the purposes for which your personal data may be processed. These maximum periods apply unless you request the deletion or cessation of use of your data before expiry for a reason compatible with any legal obligation that may be imposed on TRANSPORT REGIONAL DES ALPES MARITIMES.

Finality

Retention periods

Customer management, prospecting, promotional and loyalty operations, sending offers

3 years from the end of the commercial relationship or the last contact initiated by the customer or prospect.

Management, issue and use of transport tickets (management of customer relations, distribution of transport media and tickets, management of sales channels and management of ticket validations).

Data relating to the customer relationship is kept for the duration of the contractual relationship and 2 years after the end of it for customers and prospects. Data relating to complaints in the context of post-payment (information necessary for invoicing, including validation data, with the exception of the place) are kept for 4 months from the date of the events. Data relating to unpaid bills are removed from the stop list as soon as they are cleared. In the absence of regularisation, the data are kept for a maximum of 2 years. Validation data may be retained for a maximum of 48 hours and for the sole purpose of combating technological fraud.
Photo In digital format for the life of the card, unless the cardholder objects

Responding to your requests for information

Time needed to process your request

Responses to satisfaction surveys

Anonymisation after the survey has been carried out

Management and archiving of purchases and services, guarantees, debt collection

10 years from the last event, except for data concerning means of payment, which are processed by TRANSPORT REGIONAL DES ALPES MARITIMES’ payment service providers only for the duration of the statute of limitations for payment transactions.
Claims management 5 years from the closure of the claim

Follow-up on tickets issued and the corresponding fines

Issuing regularisation forms.

Handling of reminders and complaints following an infringement report

The offenders’ data are deleted as soon as the fine is paid.

In the absence of payment, this data is kept for a maximum of 12 months (for the purposes of detecting habitual offences) and for up to two years for archiving purposes.

Audience measurement and personalisation of websites, mobile applications and cookie management

See the retention periods in the cookies policy.

Management of requests for rights (access, rectification, deletion of data, etc.)

– management of requests to object to or limit processing

– management of data portability requests

5 years from receipt of request

8. Modification of the Privacy Policy

TRANSPORT REGIONAL DES ALPES MARITIMES may modify the Confidentiality Policy from time to time.

We encourage you to check this page regularly for changes and to stay informed about the measures we take to protect your personal data.

9. Contact us

To exercise your rights or if you have any questions regarding the Privacy Policy, please contact us at the following e-mail address: dpo.tps@keolis.com or at the following postal address: ZI Pan de Peille 06340 DRAP.

If you have any questions about the processing of your personal data, you can also contact our Data Protection Officer at dpo.tps@keolis.com.

The Privacy Policy was updated on 29.01.2025