Privacy policy TGV Lyria

LYRIA SAS ensures that regulations relating to the protection of personal data are adhered to and is committed to a rigorous approach to ethics, in particular with regard to respecting privacy.

In the context of its activities, LYRIA SAS collects and processes personal data relating to its customers, employees and partners, such as its suppliers and providers.

As an organisation that is concerned with promoting innovation while building a relationship of lasting trust based on the sharing of the values of corporate social responsibility and respect for the person, LYRIA SAS has put in place the technical and organisational means required to protect the personal data it processes. It regularly re-examines and adapts these measures to guarantee a high degree of data protection.

The object of this policy is to present the commitment of LYRIA SAS regarding the protection of personal data.

1.    Loyal and transparent collection

When necessary, LYRIA SAS informs its customers, employees and partners of processing in which they are involved via the most suitable means, to ensure the transparency of data collection.

The primary objective for the collection of personal data is the optimum management of various relationships that LYRIA SAS maintains with its customers, employees and partners.

2. Lawful and balanced data processing

When LYRIA SAS has to process data, it does so for specific reasons: all processing of data implemented by LYRIA SAS corresponds to a lawful, defined and explicit purpose.

LYRIA SAS only retains data in a form that enables it to identify the person concerned for the period required with regard to the purposes for which it is being processed.

3. Precise and minimised processing of data

For each of the processes implemented, LYRIA SAS is committed to collecting and using only data that is adequate and relevant, limited to what is necessary with regard to the purposes for which it is being processed.

4. Ensuring the security of data

LYRIA SAS places particular importance on the security of personal data.

Appropriate technical and organisational measures are implemented to ensure data are processed in a way that guarantees their protection against accidental loss, destruction or damage that could jeopardise their confidentiality or integrity.

When designing, selecting or using the different tools that enable the processing of personal data, LYRIA SAS ensures that it provides an optimum level of protection for the data processed, among its own teams and if necessary, the publisher of such tools.

LYRIA SAS therefore implements measures that adhere to the principles of protection from conception and the protection of processed data by default. For this reason, when this proves to be possible and/or necessary, LYRIA SAS resorts to data pseudonymisation or encryption techniques.

When it consults a supplier, LYRIA SAS submits personal data to them only after having obligated them to adhere to its own principles with regard to security.

LYRIA SAS conducts audits of its own services and may verify those of its providers in order to confirm that the rules have been applied with regard to the security of data.

5. Controlled data access

LYRIA SAS applies strict clearance policies ensuring that the data it processes may only be consulted by the persons authorised to access it.

When LYRIA SAS is required to transfer its data outside the European Union, to one of its suppliers for example, it only does so within the framework of specific contractual stipulations that conform to the regulatory demands, in order to guarantee an optimum level of data protection.

6. Respecting the rights of the person

LYRIA SAS is particularly concerned with the rights of the persons involved when it implements the processing of their data:

  • the right to information;
  • the right to access;
  • the right to correction;
  • the right to deletion (“the right to be forgotten”);
  • the right to restriction of processing;
  • the right to portability;
  • the right to object;
  • the right to define the directives relating to the retention, deletion and communication of personal data after death.

7. Easier means of contact

LYRIA SAS responds to requests to exercise rights by the persons concerned with regard to all aspects of processing, and while adhering to the conditions and deadlines set out in the applicable regulations.

Requests to exercise rights by the person concerned are carried out electronically or by post to the contact specifically indicated in the data protection information, the general terms and conditions of use for the apps and websites, data collection forms, etc.

The person concerned must clearly indicate their surname(s) and first name(s), attach a copy of their ID, and indicate the address to which they wish to have the response sent.

LYRIA SAS informs each person concerned who wishes to exercise their rights in the event that it is not possible to pursue their request.