Privacy Policy Keolis S.A.

The company Keolis S.A. (“Keolis S.A.”, “We”, “our”, “us”) makes every effort to protect your personal data, in compliance with applicable European and French legislation. This privacy policy (the “Privacy Policy”) aims to inform you as to the purposes and conditions in which we process personal data that we may collect through our various channels, and in particular: the Keolis S.A. website [https://www.keolis.com], our social media accounts, the Successfactor career platform (“Career Platform”) [https://careers.keolis.com/]  or any event that we may organise. Our Cookie Policy, which can be consulted at https://www.keolis.com/en/cookies-management, comes in addition to this Privacy Policy and provides information on the purposes and conditions of use of cookies or web browsing data that Keolis S.A. may deploy. We invite you to take a moment to read this Privacy Policy so as to have all the information you need to understand how your personal data is used and so as to allow you to freely and fully exercise the rights granted to you by law and by this Privacy Policy.

Controller

The entity responsible for processing your personal data is the company Keolis S.A. 

Terms & Conditions of Use

The Privacy Policy is an integral part of the Terms and Conditions of Use of our Keolis website and should be read in conjunction with them (these can be consulted by following these links: https://www.keolis.com/en/legal-notices.

Applicable law and competent administrative authority

The Privacy Policy is governed by the General Data Protection Regulation n°2016/679 (“GDPR”) and by the French Data Protection Act no.78-17 of 6 January 1978 subsequently amended, under the regulatory supervision of the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés – www.cnil.fr).

Links to third-party site

Our website may contain or use links to websites, mobile apps, products or services operated by third parties (in particular sites of advertisers, partners of Keolis S.A. or social media sites). We remind you that the Privacy Policy does not apply to these third parties over which Keolis S.A. has no control and for which we cannot be held liable. We recommend that you consult the privacy policies, procedures and practices of these third parties.

The Privacy Policy applies to the personal data that we may collect from you or about you (see below) from the following sources:

• Your browsing history on the Keolis S.A. website (in particular when using a functionality, completing a registration form or survey, consulting resources available on the website);

• The exchange of e-mails, text messages or any other electronic messages between Keolis S.A. and you;

• Receipt and management of your application on the Career Platform, accessible via the “Join us” tab, as well as by email and creation of a CV database;

• Receipt of your information/contact requests sent to support on the Career Platform, as well as by email;

• Receipt of your information/contact requests sent via the “Contact” section of the Keolis S.A. website (application, press, sponsorship and partnership, suppliers and transport services), as well as by email;

• Receipt of supplier/prospect information in the context of the management of pre-contractual and contractual relations;

• Recording of video surveillance images from the cameras at Keolis S.A. premises in order to ensure the safety of goods and people;

• Receipt and answers to your requests for rights in accordance with the GDPR.

We collect and use your personal data for the main purposes described below. We keep your personal data only for as long as necessary to fulfil the different purposes, except where the law permits or requires us to keep it longer.

These maximum durations apply unless you request the deletion or cessation of use of your data before the expiry of the latter for a reason compatible with any legal obligation which may be imposed on Keolis S.A. 

In accordance with the applicable regulations, we process your data when we have a legal basis for doing so. This may be for the performance of a contract (a), legitimate interest (b), a legal obligation (c) or your consent (d).

Purposes of processing based on contractual (or pre-contractual) performance

• Management of your recruitment;

• Management of pre-contractual and contractual relations with our suppliers.

• Management of your user account on the Career Platform;

Purposes of processing based on legitimate interest

• Management of your requests sent on the Keolis S.A. website or by email;

• Building up of our CV database in order to contact you if we have opportunities;

• Transmission of your application to the subsidiary concerned;

• Management of Keolis S.A. Communication;

• Management of commercial prospecting aimed at professionals, however it is possible to oppose this by contacting us at the address indicated in article 9 of this Privacy Policy;

• Recording of video surveillance images from the cameras at Keolis S.A. premises in order to ensure the safety of goods and people;

• Management of pre-litigation and litigation, the gathering of evidence.

Purposes of processing based on legal obligation

• Management of your requests to exercise your rights (access, rectification, opposition, etc.) pursuant to the GDPR.

Purposes of processing based on your consent

• Cookies management, with the exception of strictly necessary cookies: to find out more about your data collected in this context, we invite you to consult our cookie policy.

• The transmission of your requests/questions to the subsidiary concerned.

Keolis S.A may disclose your personal data:

In-House

To the departments authorised by Keolis and needing to know in the context of the aforementioned purposes, including the departments of Communication and Marketing, Purchasing, General Resources, Human Resources, Accounting, Legal, etc.

Within the Keolis Group

We may share your personal data with certain entities with the Keolis Group, or partners; in order to maintain continuity of our services or of our relations with our customers, sales prospects or website users.

• If you have formally given your consent, your contact/information request will be forwarded to the Keolis subsidiary/Partner concerned by your question.

• In order to enable your applications to be processed within the Group and when you respond to a job offer from a Keolis subsidiary, your application data is sent to this Keolis subsidiary as a separate data controller for review and processing of your application. Your data is then processed in accordance with the privacy policy of the Keolis subsidiary concerned, which you can consult by contacting it directly.

With third-party providers

We may transfer your personal data to trusted third parties located within the European Union (“EU”), notably in order to keep our website or our services working correctly for the aforementioned purposes.

 Your personal data processed as part of the management of your application may also be communicated to service providers (managers of the Career Platform), as well as to external organisations if it is used by Keolis S.A. as part of recruitment processes (recruitment agencies).

With business partners

We may share pseudonymous data which do not contain any items of direct identification, for the purposes described in Article 3. “Use of your personal data and storage periods” above, in particular concerning the cookies collected by Business partners who collects and processes the cookies (listed in the Cookies Policy). Business partners are separately controllers or joint controllers for processing.

With third parties on legal gorunds

If we were to be compelled to observe laws and regulations and legal requirements and instructions, or if permitted by law (i.e. to protect and uphold rights, a situation posing a threat to life, health or safety, etc.).

***
In all events, we always require that these recipients provide sufficient privacy and security guarantees and that they take the necessary physical, organisational and technical measures to protect and safeguard your personal data in accordance with current legislation. All your data personal data is processed and hosted within the EU. However, data transfers outside the EU may occur. Any transfer of your data outside the EU is carried out with appropriate guarantees that comply with the GDPR, either because the recipient countries benefit from an adequacy decision, or because these transfers are framed by the implementation of Standard Contractual Clauses validated by the European Commission. For more information on the framework of these transfers you can contact us at the contact addresses indicated in article 9. How to contact us.

Keolis S.A. safeguards your personal data by implementing the adequate physical, organisational and technical measures to prevent any unauthorised access, use, disclosure, modification or destruction, in accordance with current legislation.

These measures specifically include:  

• Storing data on secure servers in the European Union;

• Limiting access to your data on a “need to know” basis;

• Implementation of organisational measures internally to protect your data.

While Keolis S.A. takes every possible measure to protect your personal data, we cannot guarantee the security of the information transmitted to our website when your terminal or browser is affected by a security breach.

Pursuant to the GDPR and the French Data Protection Act, you are entitled to several rights, including:

Access, modification, updating and deletion of your personal data

You may ask to be granted access to your personal data which are held and processed by Keolis S.A.; you may consult them, obtain a printed or electronic copy of them and ask for them to be corrected, updated or deleted.

Objection

You may at any time ask that some of your data be no longer processed.

Portability

You may request to have your processed data sent to you in an open and machine-readable format, whether it be for your personal use or to transfer them to another controller.

Restriction of processing

In certain cases, you may request that the processing of your personal data be restricted.

Claims to a Supervisory Authority

Without prejudice to any other legal remedy, you are entitled to lodge a complaint with the supervisory authority of the European Union country in which you reside, work or in which you deem that your rights might have been infringed upon.

***

You may exercise all of these rights by sending a written request together with a copy of proof of identity to the contacts set out in Article 9. How to contact us. We will try to deal with your request at our earliest opportunity and in accordance with the conditions provided for by the applicable legislation. Notwithstanding, it may occur that due to our binding legal or contractual obligations, we are unable to grant your request.

Keolis S.A. reserves the right to make changes to the Privacy Policy.
We invite you to regularly consult this page to learn of any changes and stay up to date on the measures we take to protect your personal data.

To exercise your rights or for any queries relating to the Privacy Policy, please contact our Data Protection officer by clicking here or by post at:

Keolis SA

Data Protection Officer

34 Avenue Léonard De Vinci,

92400 Courbevoie, France.

This Privacy Policy was last updated on 03/08/2021