LYRIA SAS ensures that regulations relating to the protection of personal data are adhered to and is committed to a rigorous approach to ethics, in particular with regard to respecting privacy.
In the context of its activities, LYRIA SAS collects and processes personal data relating to its customers, employees and partners, such as its suppliers and providers.
As an organisation that is concerned with promoting innovation while building a relationship of lasting trust based on the sharing of the values of corporate social responsibility and respect for the person, LYRIA SAS has put in place the technical and organisational means required to protect the personal data it processes. It regularly re-examines and adapts these measures to guarantee a high degree of data protection.
The object of this policy is to present the commitment of LYRIA SAS regarding the protection of personal data.
1. Loyal and transparent collection
When necessary, LYRIA SAS informs its customers, employees and partners of processing in which they are involved via the most suitable means, to ensure the transparency of data collection.
The primary objective for the collection of personal data is the optimum management of various relationships that LYRIA SAS maintains with its customers, employees and partners.
2. Lawful and balanced data processing
When LYRIA SAS has to process data, it does so for specific reasons: all processing of data implemented by LYRIA SAS corresponds to a lawful, defined and explicit purpose.
LYRIA SAS only retains data in a form that enables it to identify the person concerned for the period required with regard to the purposes for which it is being processed.
3. Precise and minimised processing of data
For each of the processes implemented, LYRIA SAS is committed to collecting and using only data that is adequate and relevant, limited to what is necessary with regard to the purposes for which it is being processed.
4. Ensuring the security of data
LYRIA SAS places particular importance on the security of personal data.
Appropriate technical and organisational measures are implemented to ensure data are processed in a way that guarantees their protection against accidental loss, destruction or damage that could jeopardise their confidentiality or integrity.
When designing, selecting or using the different tools that enable the processing of personal data, LYRIA SAS ensures that it provides an optimum level of protection for the data processed, among its own teams and if necessary, the publisher of such tools.
LYRIA SAS therefore implements measures that adhere to the principles of protection from conception and the protection of processed data by default. For this reason, when this proves to be possible and/or necessary, LYRIA SAS resorts to data pseudonymisation or encryption techniques.
When it consults a supplier, LYRIA SAS submits personal data to them only after having obligated them to adhere to its own principles with regard to security.
LYRIA SAS conducts audits of its own services and may verify those of its providers in order to confirm that the rules have been applied with regard to the security of data.
5. Controlled data access
LYRIA SAS applies strict clearance policies ensuring that the data it processes may only be consulted by the persons authorised to access it.
When LYRIA SAS is required to transfer its data outside the European Union, to one of its suppliers for example, it only does so within the framework of specific contractual stipulations that conform to the regulatory demands, in order to guarantee an optimum level of data protection.
6. Respecting the rights of the person
LYRIA SAS is particularly concerned with the rights of the persons involved when it implements the processing of their data:
- the right to information;
- the right to access;
- the right to correction;
- the right to deletion (“the right to be forgotten”);
- the right to restriction of processing;
- the right to portability;
- the right to object;
- the right to define the directives relating to the retention, deletion and communication of personal data after death.
7. Cookie management
What is a cookie?
Cookies are small files created when you visit a website.
What is the purpose of them? At tgv-lyria.com, they retain your information and enable you to be identified, your travel to be managed online, and statistical information regarding usage of the site to be collected.
What are the types of cookies used at tgv-lyria.com?
When you use the tgv-lyria.com site, cookies are saved on your computer, your mobile or your tablet, and these are used for navigation, optimisation and the personalisation of services offered to you. The tgv-lyria.com website does not collect specific information on users.
• Essential cookies
Cookies required for your navigation and the correct working of the site, which enable free and fluid navigation on the platform. Their deactivation may prevent or hinder the normal functioning of tgv-lyria.com.
• Performance cookies
These are cookies that specialise in collecting information. They serve to better understand your usage behaviour for the purposes of analysis, improvement and optimisation of the performance of tgv-lyria.com. The information collected by these cookies is not of a personal nature.
• Third-party cookies
Third-party cookies are those saved by third-party companies and hosted by the interface. In the case of tgv-lyria.com, they may be data retrieved by the group partners. They are used for marketing and presentation purposes, as well as targeted and personalised advertising.
tgv-lyria.com does not have any control over information collected by third parties, they represent their own brand.
How do you block cookies?
You may activate this choice using the “Manage services” button located at the top of the page.
8. Easier means of contact
LYRIA SAS responds to requests to exercise rights by the persons concerned with regard to all aspects of processing, and while adhering to the conditions and deadlines set out in the applicable regulations.
Requests to exercise rights by the person concerned are carried out electronically or by post to the contact specifically indicated in the data protection information, the general terms and conditions of use for the apps and websites, data collection forms, etc.
The person concerned must clearly indicate their surname(s) and first name(s), attach a copy of their ID, and indicate the address to which they wish to have the response sent.
LYRIA SAS informs each person concerned who wishes to exercise their rights in the event that it is not possible to pursue their request.
9. Equipping sworn officers with individual mobile cameras
As part of the French-Swiss pairing of our sworn train managers on TGV Lyria routes, the measures listed below apply to SNCF agents on board our trains:
On a trial basis and in accordance with Article 113 of Law No. 2019-1428 on Mobility Orientation and its implementing decree, SNCF Voyageurs (9 rue Jean-Philippe Rameau 93633 la Plaine Saint Denis cedex) has equipped some of its sworn officers with individual mobile cameras (officers in accordance with Article L.2241-1 4 ° of the transport code).
This processing of camera data is based on the legitimate interest in ensuring the safety of people. The main purpose is to prevent incidents during operations and, in the event of violations, to establish criminal offenses or to collect evidence with a view to possible prosecution of the perpetrators.
The recording does not take place continuously, but only in the case of verbally or physically aggressive customers, dangerous situations or at the request of the person concerned.
The recorded persons are informed verbally about the start of the recording. This notification can be postponed if there is immediate danger to life or limb and will be given as soon as circumstances allow.
As part of this processing, SNCF Voyageurs processes audio-visual data (images and sounds) from mobile cameras and the connection data to images of their officers.
Audio-visual data is retained for 30 days from the time it is recorded, and image connection data is deleted after three years. These data are only accessible to authorized SNCF Voyageurs employees, its subcontractor SNCF and the technical service provider.
The persons affected by the processing of personal data have the right, in accordance with the regulations, to ask the data controller for access to their personal data, to correct or delete them, and to set guidelines on the fate of their data after death.
To exercise your rights, please contact the following address, stating your personal details:
SNCF Direction Sécurité Voyageurs
Campus Acrobates (Bât Cap Lendit)
1-7 place aux étoiles
93212 La Plaine St Denis Cedex
Or by email to firstname.lastname@example.org
You have the right to lodge a complaint with the CNIL or the French data control authority (www.cnil.fr).
SNCF Voyageurs has appointed a data protection officer who you can contact at the following addresses:
- by post: SNCF Voyageurs, Direction juridique et de la conformité, département Données Personnelles, DPO, 9 rue Jean-Philippe Rameau 93633 la Plaine Saint Denis cedex
- by email: email@example.com