Skip to main content

No disruption to the network.

Privacy Policy


This Privacy Policy is intended to inform users (hereinafter referred to as "you") of this website and of the Services provided by RD TPM (hereinafter referred to as the "COMPANY") of the terms and conditions for the collection and processing of personal data by the COMPANY.

It also aims to inform users of their rights as well as the exercise of these rights in accordance with the national regulations in force and Regulation 2016/679 of April 27, 2016 on the protection of personal data.

 The data controller is RD TPM (hereinafter referred to as the "COMPANY"), a simplified joint stock company with a capital of 2.400.000 €, whose registered office is located at Dépôt de Brunet - Rue Octave Virgily - 83100 Toulon Trade and Companies Register under number 949 156 400.

The COMPANY has appointed a data protection officer ("DPO") whom you can contact at the following email address: or by post at the following postal address: 54 quai de la Râpée, 75012 Paris.

  1. Who is affected by this privacy policy

The COMPANY operates a transport network and offers rail and road services. This Privacy Policy applies to you when you subscribe to services offered by the COMPANY.

  1. Type of data collected 

The data collected by the COMPANY within the framework of the services it offers are the following: identification data (name and surname, date and place of birth, nationality); contact data (postal address and email address, telephone number); geolocation data and browsing data (searches, number of visits, date of the last visit, etc.).

  1. Purpose of data processing

The COMPANY processes your data for the purpose of performing the services we offer you, based on legitimate interests necessary for the proper functioning of the services as well as to comply with legal obligations.

These include managing subscriptions and email alerts, managing customer relations, conducting satisfaction surveys, performing the proposed service and sending information on the modification or evolution of our services. The COMPANY also processes certain data for statistical and archival purposes.

Where applicable, personal data is processed in particular in order to manage your user account, to send newsletters or to send traffic information in real time to your terminal.

  1. Duration of retention

The period over which the COMPANY retains your personal data includes the period of the contractual relationship as well as statutory limitation periods.

It is specified that ticketing data are retained for a maximum of 48 hours.

  1. Recipients of personal data


    1. The COMPANY

The COMPANY collects data necessary for the proper functioning of its services. Any employee of the COMPANY authorized to have access to the data signs a confidentiality agreement.

    1. Subcontractors

The COMPANY may use subcontractors to perform its services.
Subcontractors carry out data processing solely for the performance of the services offered by the COMPANY.

The COMPANY contractually requires its subcontractors to comply with security and confidentiality obligations and to implement appropriate technical and organizational measures so that the processing carried out complies with all applicable regulations and guarantees the protection of your rights.

    1. Competent authorities

The COMPANY may be required to transmit the personal data collected to the competent authorities, such as the public authorities, the Commission Nationale de l'Informatique et des Libertés (CNIL) or the Direction Générale de la Concurrence, de la Consommation et de la Répression des Fraudes (DGCCRF). 

  1. Users' rights over personal data


    1. Right of access

You have the right to access your personal data. You have the right to obtain confirmation as to whether or not your data is being processed. If you exercise this right, the COMPANY will provide you with a copy of the characteristics of the processing carried out on your data (the purposes of the processing, the categories of data concerned, etc.).

This information will be provided to you either electronically or on paper. You may obtain a copy of your personal data subject to respect for the rights of others.

    1. Right of rectification

If you find that your data is incorrect or incomplete, you have the right to request the correction or completion of this information. 

    1. Right to restrict processing

You have the right to obtain the restriction of the processing of your data, in particular if you dispute the accuracy of the data, if the processing is unlawful and you wish to have your data restricted and not erased, or if the data controller no longer needs the data but they are still necessary for the establishment, exercise or defense of a legal claim.  

    1. Right to object to processing

You may object to your data being processed if you have a legitimate reason and if the processing is based on your consent.

Once you exercise your right to object, your data will no longer be processed. When the processing is based on a legal obligation, the right to object is not applicable.

We inform you that the modification or deletion will be implemented as soon as possible.

    1. Right to be forgotten

You may request the deletion of your data in the cases listed in Article 17 of the GDPR: when it is no longer necessary for the purposes for which it was processed or collected, when your data must be deleted under a legal obligation, when it has been unlawfully processed or when you withdraw your consent for the purpose in question.

However, such data may not be deleted when the processing is necessary, among other things, for the exercise of the right to freedom of expression and information, for compliance with a legal obligation incumbent on the COMPANY, for the establishment, exercise or defense of legal claims.

    1. Right to data portability

You have a right to the portability of the data you have transmitted. You will be able to access them in a structured, commonly used, machine-readable format. You may also request that this data be passed on to another controller where technically feasible.

  1. Exercise of rights

You may exercise your rights by contacting the DPO designated by the COMPANY at the following email address: or by mail at the following postal address: 54 quai de la Râpée, 75012 Paris.

For any request to exercise your rights, the COMPANY may ask you to provide an official identity document (identity card, passport, driver's license, etc.) in order to verify that you are the person concerned by the data that is the subject of the request.

Responses to your requests will be sent to you electronically or on paper.

The COMPANY undertakes to respond to any request as soon as possible and within a maximum of one month from receipt of your request. However, this deadline may be extended by two months when the request is complex or because of the number of requests received. 

If the COMPANY cannot comply with your request, you will be informed within one month of receipt of your request. The reasons for the refusal will be clearly stated. You will then have the possibility of lodging a complaint with the CNIL and of taking legal action.

You are informed that in the event of manifestly unfounded or excessive requests, in particular because of their repetitive nature, the COMPANY may refuse to follow up on your requests or require payment of fees to compensate for the administrative costs incurred in responding to your requests.

  1. Security of personal data

The COMPANY implements all appropriate security measures to ensure the protection of the data collected, and in particular to prevent the destruction, loss, alteration, disclosure or unauthorized access of the Data.

To this end, security measures such as anonymization or encryption of data will be implemented. Measures to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services will also be taken.

You will be notified as soon as possible of any security breach affecting your data that may pose a high risk to your rights and freedoms.

  1. Storage of personal data

The servers used by the COMPANY to store your personal data are located in France.

The COMPANY transmits certain personal data to its subcontractors providing services necessary for the performance of the services. Some subcontractors host personal data on servers located outside the European Union. Therefore, the COMPANY ensures that they are able to guarantee the same level of data protection as required under the GDPR within the European Union.

  1. Changes to the Privacy Policy

When this Privacy Policy changes, the update will be posted on the COMPANY's website website or by means of an email indicating the date of the update. We invite you to consult it regularly.






Back to top