Skip to main content

Transfer of data

Is my data transferred to third parties?

Is my data transferred to third parties?

General context

SNCF Connect's policy is very clear on this subject: we do not transfer any data to third-party companies for any reason other than one of the following:

  • Provision of the services ordered: in order to be able to provide you with the transport or ancillary services offered, data is transmitted to the companies concerned, i.e.:
    • Transport operators: SNCF and its subsidiaries, any other rail transport operator, bus transport operator or associated service (Junior et Cie, for example) offering its products on SNCF Connect sites and applications;
    • Partners: Insurance (Allianz), car hire (Avis), holiday vouchers (ANCV) and any other related products sold on SNCF Connect sites and applications, either directly or under a white/grey label.
  • Subcontracting: SNCF Connect uses service providers to operate its sites and applications and provide you with the services and products offered, in particular:
    • Its main IT subcontractor is SNCF Connect & Tech Services, a sister company of SNCF Connect and a 100% subsidiary of SNCF. In fact, most customer data is internalised and does not leave the SNCF group;
    • For customer relations: call centres, communication tools;
    • For payment: suppliers of partners offering products on SNCF Connect services;
    • For marketing services: Marketing follow-up, sending of newsletters;
    • To combat fraud: specialist service provider (ACI Worldwide).

SNCF cross-functional services: SNCF Connect offers the SNCF "Mon Identifiant SNCF" authentication feature to access the customer account. This enables customers to benefit from common identifiers giving access to most SNCF and partner digital areas, whose general conditions of use and confidentiality are accessible at the following address:  https://monidentifiant.sncf/tos/EN_cgu.html

Advertising tailored to your use: certain data relating to your use of SNCF Connect, your account (optional), or the bookings you have made, may, subject to your prior consent:

  • Be sent to third parties contributing to the management of advertising banners or advertising campaigns relating to SNCF Connect offers and services, which may be disseminated in certain connected environments (in particular Google Chrome, Safari, Firefox, Microsoft Edge, Facebook, X, Linkedin, Instagram, Pinterest, Tiktok, Youtube, Snapchat). In this case, this data is encrypted and pseudonymised before being passed on to these third parties in the context of SNCF Connect campaigns;

For all of these data processing operations likely to be carried out in conjunction with third parties, we take great care to ensure that our relations with these companies are secure: contracts, audits, security assurance plan, purpose limitation, etc.

Specific case for transfers outside the EU

Our policy is not to transfer data outside the European Union, except in the following cases:

  • Fraud prevention: ACI Worldwide, SNCF Connect subcontractor, uses data in the United States;
  • Advertising analysis and identification of advertising fraud: Integral Ad Science (IAS) uses data in the United States. This list is regularly updated.

For all data transfers outside the European Union, we undertake to exercise particular vigilance and to ensure that they are carried out in a context of maximum security (in particular through organisational, technical (e.g. data encryption) and legal security measures (e.g. Data Privacy Framework certification as provided for in the European Commission's adequacy decision of 10 July 2023; signature of the European Commission's standard contractual clauses).