Glossary

Has the same meaning as Consent

Processing that consists in using a set of techniques in such a way as to make it practically impossible to identify the individual by any means whatsoever and in an irreversible manner.

The legal basis for processing is the basis that authorizes an organization to process personal data. It can also be referred to as the "legal basis" or "legal basis" for processing.

These are the types of information collected about a data subject.

Examples: identity, family, economic or financial situation, banking data, connection data, location data, etc.

A method of protecting documents or data by making them unreadable by anyone who does not have access to a decryption key.

Processing involving the collection of personal data directly from data subjects (e.g. forms, online purchases, contract subscriptions, etc.) or when collected via devices or technologies for observing people's activity (e.g. video surveillance, Internet browsing analysis, geolocation, wifi, other sensors, etc.).

Processing that does not involve direct collection from data subjects (e.g. data retrieved from other Processors, data brokers, open-access sources or other data subjects).

Any free, specific, informed and unambiguous expression of will by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her may be processed.
be processed.

A text file deposited on your computer when you visit a website or mobile application, for example when you view an online advertisement. The purpose of a cookie is to collect information about your browsing habits on sites/applications or to provide you with personalized services. On your computer, cookies are managed by your Internet browser.

The CNIL is France's personal data regulator, helping professionals to achieve compliance and individuals to control their personal data and exercise their rights. The CNIL can also monitor organizations and, in the event of non-compliance, can decide to issue formal notices or impose sanctions.

The DPO is the person in charge of steering RGPD compliance within the company that has appointed him or her. The DPO is the CNIL's privileged contact.

Natural or legal person, public authority, department or any other organization that receives personal data, whether or not it is a third party.

Any individual may define directives, either general (entrusted to a trusted digital third party and concerning all data processed by any data controller) or specific (entrusted directly to a specific data controller and concerning data processing carried out by the said controller), relating to the retention, erasure
and communication of personal data after your death. This is a right granted by French, not European, legislation.

Any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation (RGPD), such as a name, an identification number, location data, an online identifier, or one or more elements specific to his or her physical, physiological, genetic, psychic, economic,
cultural or social identity.

The period of time determined by the data controller during which data may be kept in order to meet the purpose of the processing. At the end of this period, personal
personal data is deleted or made anonymous.

Main purpose for which personal data is used, e.g. to sell a travel service, inform passengers of delays, enable them to connect to the wifi network on board the train, send them a satisfaction survey, etc. This purpose must be specific, explicit and legitimate, i.e. it must be consistent with the purpose of the service; the data may not be further processed in a way that is incompatible with this initial purpose.

Has the same meaning as Data.

Refers to Law no. 78-17 of January 6, 1978, known as the "Informatique et Libertés" law, which specifies the different regimes applicable depending on the nature of the processing concerned: processing covered by the RGPD, "police-justice" processing, processing concerning national defense or State security, etc. It also includes common provisions applicable to all processing. The purpose of the LIL is not to reproduce in their entirety the provisions of the General Data Protection Regulation (RGPD), although it does expressly refer to them in certain cases. In particular, it includes provisions relating to the "national flexibilities" authorized by the RGPD that the legislator has chosen to exercise, as well as measures transposing
of the "Police-Justice" directive into French law.

Mention of the use of personal data, which must appear on an appropriate communication medium.

Has the same meaning as Mention d'information.

Has the same meaning as Finalité.

Refers to all types of hardware and software used by SNCF Voyageurs to enable access to and use of its Services, and which make it possible to process the personal data of the persons concerned.
persons concerned.

The person whose personal data is processed, e.g. a customer, a prospect, a user of the wifi network in a railway station, a visitor to the website, etc.

Information document drawn up by SNCF Voyageurs to enable its customers and partners to better understand the key concepts of data protection regulations, to find information on the processing that concerns them and the means of exercising their rights, as well as to find out about the commitments made by SNCF Voyageurs to protect their data.

Processing of personal data in such a way that the data can no longer be attributed to an identified individual without further information. In practice, this processing remains reversible.

Any legal entity that determines the purposes and means of processing (in this case SNCF Voyageurs).

Refers to the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC.

Refers to the Services made available to passengers by SNCF Voyageurs. The Services include in particular the transport service, complementary services to transport (luggage, assistance, etc.) as well as functionalities accessible from SNCF Voyageurs digital areas such as access to the wifi network on board the train or in certain stations.

Designates the www.sncfvoyageurs.com/fr website

Natural or legal person, public authority, department or other body that processes personal data on behalf of and on the documented instructions of the controller.

Any operation or set of operations, whether or not carried out using automated processes, applied to personal data or sets of data (e.g. consultation, recording, deletion of data).

Reuse of personal data for a purpose other than that for which it was originally collected.

Moving or copying personal data from one storage location to another. This is often referred to as transferring data outside the European Union (EU) or the European Economic Area (EEA).

Any security incident, whether malicious or not and whether intentional or unintentional, that compromises the integrity, confidentiality or availability of personal data.