Skip to main content

Data management

What is our data management policy?

What is our data management policy?

What data do we collect?

SNCF Connect scrupulously observes the principle of minimisation, i.e. collecting only the data strictly necessary for the purposes defined below:

  • Identification data (surname, first name, date of birth, e-mail address, commercial or loyalty card numbers, travel reference): this data is essential for any order, registration for a customer account or for the security of SNCF Connect sites and transactions, and concerns the purchaser and the passengers concerned;
  • Travel document - passport (type, number, expiry date, country of issue): this information is essential for certain international journeys and is requested by the transport operator for the purposes of border crossing checks;
  • Payment details (bank card number, order amount, holiday voucher number and expiry date, etc.): this data is essential for all orders or refunds. You can also save your bank details in your customer account to make future purchases easier;
  • Data relating to your searches and your order (product purchased, destination, date, cards and/or subscription used, etc.): this data is essential for providing the service ordered and after-sales service;
  • Where applicable, generic data related to the presence of a disability (collection of "disabled passenger" and "wheelchair user" status): this data is essential for adapting our offer to disabled people and making it accessible to all (offering comfort and assistance, adapting fares, appropriate seat placement, etc.);
  • Data relating to your habits and interests (favourite destinations, choice of additional services, etc.): this data is useful for proposing personalised offers;
  • Contact details (telephone number, e-mail address, postal address): this data is used to contact you if necessary (problems relating to the service, your order or the product purchased) and concerns the purchaser and/or passengers concerned;
  • Technical data (browser version, operating system, terminal model, IP address, e-mail deliverability, etc.): this data is necessary for the optimal display and operation of SNCF Connect sites and applications;
  • Geolocation: the SNCF Connect mobile application includes a geolocation function that can only be activated with your consent.

When the SNCF Connect application is active, this data enables us to:

  • Offer you personalised services and offers (nearest station/next departure from a nearby station, route planning)

When you have consented to continuous geolocation (when the application is active or inactive), this data also allows us:

  • To conduct mobility studies. We may share anonymised studies with SNCF or with partners.
  • Or to offer you a proactive exchange of your tickets in the event of a delay on your part estimated by SNCF Connect (based on the calculation of the distance from your geolocation to the station and the departure time).

You can configure your geolocation settings at any time from the "Account" tab and then "Consent management" on your phone for the services you wish to activate or deactivate.

Browsing data (searches, number of visits, date of last visit, etc.): see “Manage your cookies” tab.

How do we collect it?

Data is collected from various sources:

  • You:
    • When you fill in forms on SNCF Connect sites and applications, including those deported to other environments (websites, applications, social networks), for yourself or for passengers accompanying you, and for whom you guarantee that you have obtained consent for this collection;
    • When you browse SNCF Connect services, the website or the mobile application (pages consulted, duration of page consultation, and other information collected thanks to cookies and trackers);
    • When you consult an e-mail sent by SNCF Connect;
    • When you talk to the SNCF Connect BOT or our advisers;
    • When you specifically give your consent (geolocation, for example).

When information is collected via input forms, you are informed which data is required and which is optional by means of asterisks in the input forms.

If SNCF Connect services are used by persons under the age of fifteen, they must obtain the consent of their parents or legal guardians.

  • Technical information
    • Supplied by your telephone operator: your IP address and its macroscopic location;
    • Provided by the terminal: the operating system, the browser used and the various technical identifiers;
    • Provided by cookies and trackers: see the "Manage your cookies" tab.

 

How long is the data kept?

Data is only kept for the time strictly necessary:

  • For the processing of orders;
  • For compliance with legal and regulatory constraints, particularly in terms of the management of disputes;
  • For the smooth operation of SNCF Connect services (particularly the customer account);
  • For a personalised service offer.

The general data retention policy for SNCF Connect services is as follows:

  • Identification data: Three years from the last date of visit to the site or connection to the customer service;
  • Order information: Three years from the order date;
  • Bank details:
    • Either a maximum of 13 months for after-sales management (refunds);
    • Or for the duration of the bank card's validity, if you register on the customer account.
  • Prospect data: One year after the date of last activity on SNCF Connect services or last newsletter opening;
  • Connection logs: One year from each connection;
  • Cookies: A maximum of 13 months from the time they are deposited on your computer or terminal;
  • Geolocation data:
    • For a personalised transport offer and for route planning and guidance: data is only collected and used during the session in which the service is used and is deleted when the SNCF Connect application is closed.
    • For proactive exchange: data is not kept.
    • For mobility studies: data is heavily pseudonymised and kept for one year.

Some of this data may be archived in order to establish proof of a right or contract or when required by legal or regulatory obligations. Access to archived data will be strictly reserved for the departments concerned. This data may only be archived for as long as is necessary to fulfil these legal or regulatory obligations or for a period not exceeding the statutory limitation period under common law.

What measures are taken to ensure its security?

SNCF Connect is particularly vigilant with regard to the security of your data, and therefore devotes significant human and technical resources to ensuring its protection. A strict security policy is in place to define the processes, working methods and technical protection rules to be implemented. Here are just a few examples of the security measures implemented:

  • Automated protection systems against cyber attacks are active;
  • SNCF Connect service IT codes are subject to security-oriented code reviews;
  • Automatic tools periodically carry out security tests on the websites;
  • Website security is audited by companies with expertise in the field;
  • Access to customers' personal data is subject to strict access controls;
  • Cyber security experts can be called in at any time to deal with security incidents.