This Privacy Policy and the General Terms and Conditions of Use govern the way in which the SANEF Group processes the personal data of Motorway Users, Customers and Service Users pursuant to the French Data Protection Act N° 78-17 of 6th January 1978 and the European Regulation on Data Protection 679/2016 of 27th April 2016 (“GDPR”) and any national transposition text (together referred to as the “Applicable Regulations”).

1 - Overview and identity of data processing controller

These internet sites are the property of SANEF SA with €53,090,461.67 capital, whose registered office is situated at 30 Boulevard Gallieni, 92130 Issy les Moulineaux, France (Trade and Company Register: RCS NANTERRE B 632 050 019). Publishing Director is Mr. Arnaud QUEMARD, CEO of SANEF. These websites are hosted on SANEF servers. All the data to which you have access are communicated for information purposes and may not be used for commercial purposes.

Under this Privacy Policy and for the purposes of data processing described below, SANEF is considered as being the data processing controller.

2 - Intellectual property

The Services, Websites and their contents, including and without limitation, all their components whether graphic, visual, audio, photographic or textual content, Website architecture, and the databases forming them (the “SANEF Contents”) are the exclusive property of SANEF or its respective owners. The extraction, reproduction, use and retention of all or part of the SANEF Contents is forbidden without SANEF’s express written consent. As SANEF does not control all the sources of information to which it has access and given the complexity of processing the information, it cannot guarantee the completeness and accuracy of the information featured in the SANEF Contents and/or be held liable for any errors or omissions in the published data. The creation of two hyperlinks www.sanef.com and www.groupe.sanef.com is subject to SANEF’s prior written consent. Under no circumstances whatsoever may SANEF be held liable as a result of information disseminated on websites to which links have been created. These websites respect copyright laws. All authors’ rights are reserved with regard to protected works reproduced and communicated on these websites. Unless expressly authorised, any use of the works other than individual and private reproduction and consultation is forbidden.

3 - Definitions

Within the scope of this Privacy Policy, the words and expressions mentioned below will have the following meaning:

“Customer”: describes any person who has subscribed to the Services offered by SANEF.
“Cookie”: describes the small text files sent by the publisher of the website visited and stored on the hard drive of the connection terminal (computers, smartphones, tablets, etc.), or any similar tracking technology. They especially enable a customer to be identified and recognised when connecting.
“Data”: describes the personal data being processed within the scope of this Privacy Policy.
“Personal Data”: describes personal data as defined in Article 4 (1) of the GDPR.
“Location Data”: describes all the data processed in an electronic communications network indicating the geographic location of a user’s terminal device or a user of an electronic communications service accessible to the public, as detailed in Article 2 (c) of the legislation relating to privacy and electronic communications.
SANEF Group”: describes without any distinction SANEF and/or any legal entity that directly or indirectly controls or will control SANEF, is controlled or will be controlled directly or indirectly by the same entity as the one controlling SANEF or is controlled or will be controlled by SANEF. The notion of control is understood to have the meaning set out in Article L.233-3 of the French Code of Commerce.
“The General Data Protection Regulation” or “GDPA”: describes Regulation (EU) 2016/679 of the European Parliament and Council of 27th April 2016 relating to the protection of individuals with regard to processing of personal data and the free circulation of such data, and revoking Directive 95/46/EC.
“Motorway Network”: describes the motorways under a concession agreement granted to the SANEF Group by the State in order to ensure their operation.
“Services”: describe the discount offers proposed by the SANEF Group and marketed on the Websites, SANEF brand applications and any other website, application, communication and service affiliated to SANEF, including Services provided outside of the internet Websites (agency subscription, toll payment and purchase of tags at terminals), excluding, however, services supplied within the scope of another privacy policy. Certain services require an inscription process.
“Websites”: SANEF’s internet websites respectively accessible at the addresses www.sanef.com and www.groupe.sanef.com or via any address that might be substituted or via any URL redirection, including all the pages and sections comprised in it.
“Sub-contractor”: describes the private individual or legal entity, public authority, department or another body that processes personal data on behalf of and according to the instructions of SANEF, pursuant to Article 4 (8) of the GDPR.
“Processing/Processor”: describes any one of the operations detailed in Article 4 (2) of the GDPR carried out on personal data as part of the performance of this Privacy Policy.
“Motorway User” describes any person who uses the Motorway Network in accordance with:

  • “Operating Regulation for Motorways A1 – A2 – A4 – A26 – A29 – A140 – A314 – A315 – TUR – Service areas on A25 and A31”;
  • “Operating Regulation for Motorways A13 – A14 – A29 – A131 – A132 – A139 – A150 – A151 – A154 – A813”;
  • As well as any person communicating with the traffic control centre.

“Service User” describes any person who has subscribed to a service offered on the mobile app “Sanef&Vous” developed by the SANEF Group and available on App Store and Google Play for iOS and Android devices through an inscription service.
“Personal Data breach”: describes breaches of security such as laid out in Article 4 (12) of the GDPR.
“Visitor”: describes the person who accesses the Websites but is not a Customer or User.

Any modification to the meaning of a definition laid out in this Article 3 resulting from any amendment to the Applicable Regulations will automatically apply commencing the date it enters into effect or the application of such a modification in the national legislation of the European Member State in which SANEF is established or the European Member State in which the data processing is carried out as part of the performance of this Privacy Policy.

4 - Data collected and what it is used for

4.1 - Data gathered via the Websites

4.1.1 - Speculative job applications and responses to job offers

If someone wishes to apply for a job offer posted by the SANEF Group or submit a speculative job application, then they must fill out a form entitled “submission of job application”.
This form contains information relating to the applicant’s given and last name, postal address, telephone number and email address. Information must also be given with regard to education and languages spoken, and a curriculum vitae must be attached.
The personal data thus transmitted is only processed when studying the person’s application with a view to possible recruitment.

4.1.2 - Communication, marketing, survey and information campaigns

Broadly speaking, personal data is used in order to send information, especially by SMS or email to Users and Customers, or to people who have given their consent when required.

Moreover, personal data enables Services to be proposed that suit the needs of each Customer. Indeed, personalization of Services can lead to personal data being provided with regard to family circumstances or lifestyle and the use of toll gates.

4.1.3 - Management of customer relations

When a Customer or User contacts the consumer service through a contact form available on the Websites, this gathers the personal data that is strictly necessary in order to analyse the request and provide a solution for any issues experienced by the Customer or User, or to respond to any questions that they may have.

4.1.4 - Making traffic data available

In accordance with Directive 2010/40/EU concerning the framework for the deployment of Intelligent Transport Systems (“ITS”) in the field of road transport and for interfaces with other modes of transport, the SANEF Group provides an information request form for Visitors who want to know about journey times. The SANEF Group shares road and traffic data with people requesting such information.

4.1.5 - Use of the “Sanef & Vous” App.

The “Sanef & Vous” application developed by the SANEF GROUP enables a User to receive information about traffic conditions on nearby SANEF Group motorways based on the location data from the User’s mobile device, for example a smartphone. Different types of technology are implemented in order to locate the device, such as the IP address and GPS tracking signals.

If the Service User is a regular Motorway User, it is possible to set the application’s parameters to receive live traffic updates and journey times for sections of motorway selected by the Service User.

The Service User is informed of the use of his/her personal data by an opt-in message sent to the mobile device upon connecting, as well as through the general terms and conditions of use of the application.

4.2 - Data gathered when passing through the North and South toll gates on slip road n° 38 at Boulay/Varize on the A4 motorway.  

4.2.1 - When passing through the toll gate

Each time a vehicle goes through the toll gate, the following information is recorded in the toll system in order to apply the corresponding tariff:

  • front and rear number plates
  • vehicle category
  • date and time stamp
  • Subscriber’s toll tag data/RFID for invoicing, if present
  • Context photos
  • Toll gate site number
  • Bank card: EMV compliant bank transaction identification, authorisation number if required.
  • In the event of non-payment of the toll after a period of 10 days, SANEF accesses the vehicle registration system using photographs of the vehicle number plate.

4.2.2 - When paying the toll on line

SANEF collects and processes personal data so as to be able to provide Services and best manage its relations with Customers when paying tolls on slip road N° 38 on the A4 motorway.
For this purpose, the Customer must provide the number plate of the vehicle used. The Customer can also provide other information (title, given and last name, email address, telephone number) in order to benefit from the motorway alert Services proposed by SANEF.

4.2.3 - When purchasing a payment tag

SANEF collects and processes personal data so as to be able to provide Services and best manage its relations with Customers.
In order to access SANEF Services, the Customer must create an account by filling in an inscription form. For this purpose, the Customer must provide information relating to their title, given and last name, date of birth, email address, login name, password, telephone number and postal address, means of payment and information relating to the vehicle. The Customer may also be asked to indicate their professional situation.
It should be noted that the password is strictly personal. It is protected by a one-way hash function and cannot, therefore, be divulged or retrieved by SANEF. Nevertheless, the Customer remains responsible for the confidentiality of his/her password and the use of his/her account, and so should not communicate this password to anyone. The Customer is also advised to systematically sign out before closing the browser. Any use of the Services, Website access and navigation, connection or transmission of data made via his/her account with his/her login is presumed to have been made by the Customer and under his/her sole responsibility.
SANEF may not be held liable for the loss of any login information (user name or password) and, in the absence of any duly-notified prior opposition sent in writing to SANEF, for any harmful consequences arising from the use of the account by an unauthorised person. In the event of loss or theft of a login, the Customer will use the procedure set up by SANEF enabling him/her to retrieve the login and/or renew the password.
SANEF does not have any control of the veracity of information conveyed by the Customer when creating an account. Consequently, SANEF may not be held liable for any false declaration or identity theft. The Customer undertakes to provide SANEF with accurate information and to update information as may be necessary over time.

4.2.4 - Improvement of products and services

Personal data also helps SANEF develop and improve its products and Services in order to deliver ever greater performance and to best satisfy its Customers. Therefore, SANEF ensures the quality of both its products and services, and also the constant optimisation of its offering in order to keep innovating and stay competitive.

4.2.5 - Settlement of disputes and tackling unpaid debts

Personal data is also used to settle disputes and tackle unpaid debts by drawing up a Customer blacklist.

4.3 - Automatically-gathered personal data

Some personal data can be automatically gathered, such as data collected through Cookies when the Customer, User and Visitor uses or browses the Websites or when interacting with the SANEF Group. This especially includes data relating to the type of device used by the Customer, User and Visitor when accessing the Websites, the operating system, IP address, type of browser and possible interactions with Website content.

4.4 - Data gathered when using the Motorway Network

Using the Motorway Network gives rise to the use of IT and video technology and, consequently, the collecting and processing of personal data.
The gathered data is recorded by the SANEF Group for:

  • the management of operations, especially including the management of transactions and toll gate events, and providing assistance to Motorway Users;
  • the management of video-protection activities on highways;
  • the calculation of waiting time at toll gates;
  • the fight against toll fraud.

4.5 - Mandatory disclosure

The personal data of Customers, Motorway Users, Service Users and Visitors may be disclosed under the following circumstances, within the limits laid down by the Applicable Regulations:

  • to meet a legal obligation, a court order or any other judicial measure as part of an enquiry into established or suspected illegal activities, in order to prevent such activities or to take countermeasures;
  • in the event of infringement of a contractual obligation by the Customer or User with regard to the SANEF Group;
  • to guarantee the rights, ownership and safety of the SANEF Group;
  • to guarantee the rights and safety of its Customers, Service Users and Motorway Users.

5 - Storage of personal data

Personal data gathered by the SANEF Group is stored and processed in France, where the SANEF Group or its Sub-contractors are situated or have facilities that they manage.

6 - Storage period of personal data

6.1 - Storage period of personal data gathered on the Websites

Personal data gathered within the scope of the “Sanef&Vous” mobile application is kept while the application is being used.

Personal data relating to Customers is kept for 3 years commencing the last interaction with the Customer, and is then archived for 7 years with restricted access.

Personal data relating to potential customers is deleted 1 year at the latest after the last contact made by them or when they have not responded to two successive requests. When a person exercises their right of opposition to sales prospecting, information enabling their right of opposition to be taken into account is kept for a maximum of 3 years commencing the exercising of this right, and exclusively for the management of this right of opposition.

Data relating to means of payment is deleted as soon as the transaction is completed. In the event of payment by bank card, the data is kept in intermediary archives for a maximum period of 13 to 15 months commencing the actual transaction for the purposes of providing proof should the transaction be contested. This data may be kept longer subject to obtaining the User’s explicit consent, which is given by ticking a box and which may be withdrawn at any time.

Data collected when passing through the North and South tollgates on slip road n° 38 at Boulay/Varize on the A4 motorway is kept for one month to log the vehicle’s passage through the toll. This data is kept for one year if the toll charge has not been paid. The data is then archived for 6 years with restricted access.

6.2 - Storage period of personal data gathered when using the Motorway Network

Data is kept for:

  • 3 years for the management of transactions and toll gate events, except for photographs of vehicles, which are kept for 6 months in order to respond to Motorway Users’ claims;
  • 1 month to provide assistance to Motorway Users;
  • 15 days for the management of video-protection activities on highways;
  • 1 hour to calculate waiting time at toll gates;
  • 3 years for the fight against toll fraud except for video images, which are kept for a maximum of 30 days, and photographs, which are kept for the time required to investigate a case and within the statutory limitation period for offences (1 year).

7 - Recipients of personal data

Except for processing by ABERTIS or the Sub-contractors called upon by the SANEF Group to provide Websites and Services to accomplish the purposes of data processing described in Article 4, personal data is only accessible to in-house marketing, customer relations, audit and other departments in the SANEF Group within the limit of authorization attributed respectively to each of the employees.

8 - Sharing personal data with authorised third parties

Personal data may also be passed on to relevant public authorities in the event of ascertainment of an infringement, to judicial representatives, to ministerial officers and debt collection agencies.

9 - Sub-contractors

The SANEF Group calls upon Sub-contractors to perform certain services such as dispatching emails and mailshots. The Sub-contractors and their staff are bound by obligations of confidentiality and security when processing the personal data of Customers, Service Users and Motorway Users. The Sub-contractors have also undertaken to implement the technical, organizational and structural measures necessary to prevent any personal data breach, especially:

  • the destruction, impairment, modification or loss of personal data accidentally or without authorisation from the SANEF Group,
  • the disclosure of or access to personal data with regard to third parties accidentally or without authorisation from the SANEF Group, and/or
  • any processing of data, in any form and on any grounds whatsoever, that would be illegal, unauthorized by the SANEF Group or not provided for in the contract. Security measures implemented by Sub-contractors are in compliance with the Applicable Regulations.

10 - Use of Cookies and similar technologies

Website Customers, Users and Visitors are informed through an information banner that Cookies may be automatically downloaded to their browser when they visit the Websites. By continuing to navigate, the Customer, User and Visitor accepts the use of Cookies for the purposes described below.

10.1 - Strictly Necessary Cookies

Strictly Necessary Cookies ensure the correct functioning of the Websites when the Customer, User or Visitor navigates through them. These Cookies particularly enable the Customer’s and User’s actions to be taken into account when connecting to an identification service (Session ID) or to operate a media player (audio or video) corresponding to the content requested by the Customer, User or Visitor (Flash Cookies). They also contribute to the security of the service requested by the Customer, User or Visitor.

10.2 - Performance Cookies

These performance cookies enable the SANEF Group to improve Website ergonomics by analysing the route taken by Visitors. The results of these analyses are processed anonymously and used solely for statistical purposes.

10.3 - Functional Cookies

These Cookies remember previous browsing of the Websites by the Customer and User during a session and also memorize their preferences so as to provide the Service, improve their browsing experience and personalise Website functions. For example, they are used to remember language preferences. It should be noted that these Cookies cannot track the movements of the Customer, User or Visitors on other websites.

10.4 - Advertising Cookies

Advertising Cookies provide information about the Customer’s and User’s navigation habits and so enable browsing experiences to be personalised through offers adapted to expectations. These Cookies are useful for SANEF when measuring the performance of advertising media while at the same time providing the Customer and User with targeted advertisements.

10.5 - Geolocation Cookies

Geolocation Cookies enable the exact location of the Customer’s and User’s device to be identified in real time, thus allowing navigation on an interactive map.
The data gathered in this way is only kept for the time spent using the interactive map on the Websites or via the “Sanef & Vous” application.

It should be noted that simply consulting the interactive map does not require the use of geolocation cookies and so they can be blocked by the Customer, User and Visitor.

10.6 - List of Cookies on the Websites

Serverid

To improve connection performance

Type of Cookie

Cookie source

cookie-agreed

This cookie makes it possible to collect the consent of the Internet users to use the features of the site and the deposit of cookies. Functional Cookie Sanef

__utm
__ga
__gid
__gtm_cookie_loading

These Cookies record navigation information for analysis in Google Analytics

Performance Cookies

 Google Analytics

test_cookie pref
gtm_cookie_consent
IDE

These Cookies are transmitted to Google Doubleclick for the purposes of analysing advertising performance

Advertising Cookies

 Google Doubleclick

__utma
__utmb
__utmc
__utmt
__utmz

These cookies are necessary for the operation and monitoring of Deezer on the page Sanef 107.7 Functional and performance Cookies Deezer

sc_anonymous_id

These cookies are necessary for the operation and monitoring of Soundcloud on the page Sanef 107.7 Functional and performance Cookies Soundcloud

vuid

These cookies are needed to run and track Vimeo videos on the site Functional and performance Cookie Vimeo

GPS
PREF
VISITOR_INFO1_LIVE
YSC

These cookies are needed to run and track Youtube videos on the site Functional and performance Cookies Youtube

dpr

This cookie is required for sharing content on the social network Facebook from the site Functional and performance Cookie Facebook

Pursuant to the Applicable Regulations and recommendations issued by the French data protection regulatory body, La Commission Nationale Informatique et Libertés (“CNIL”), the SANEF Group has set a maximum duration of validity for Cookies of 13 months commencing the last interaction of the Customer, User or Visitor with this Cookie. When this period of validity expires, the SANEF Group must once again obtain the Customer’s, User’s or Visitor’s consent to use Cookies.

10.7 - Deleting Cookies

The Customer, User or Visitor understands that Cookies improve the navigation experience on the Websites and are essential to access certain secure spaces. By deciding to block all the Cookies through the internet browser, the Customer, User or Visitor may only be able to visit the public sections of the Websites and will no longer be able to access his/her account.

However, it is possible to oppose statistical Cookies and Cookies optimizing advertising content by using the appropriate browser parameters for Cookies, the private browser mode or the browser’s “Do Not Track” configuration.
Opposing Advertising Cookies will not prevent the dissemination of advertisements. They will continue to be randomly posted, without taking into account the proven or deduced centres of interest expressed by the Customer, User or Visitor.

Depending on the browser, the Customer, User or Visitor has the following options:
Accept or reject Cookies from any source or from a specific source, or to configure the settings for a message to be displayed requesting the consent of the Customer, User or Visitor every time that a Cookie is placed on the Terminal.

If the Customer, User or Visitor wishes to delete or block the Cookies, then he/she may do so by clicking on Cookie Parameters and then changing the browser settings or by consulting the on-line support provided by the publisher of their browser (Internet Explorer, Mozilla, Chrome, etc.).

For Microsoft Internet Explorer:
Tool - Internet Options – Privacy
Set the parameters accordingly

For Chrome:
Parameters (accessible from the “Tool” icon in the top right-hand corner of the browser)
Display advanced parameters
Privacy – Content parameters
Set the parameters accordingly

For Firefox:
Tool - Options – Privacy tab
Set the parameters accordingly

To better understand and control Cookies from any source and not just those on the Websites, the Customer, User or Visitor can consult the ‘Youronlinechoices’ website by clicking on www.youronlinechoices.com/fr/, published by the Interactive Advertising Bureau France (IAB), to find companies listed on this platform and offering the possibility of refusing or accepting Cookies used by them in order to customise advertising posted on the Terminal according to your navigation information. www.youronlinechoices.com/be-fr/controler-ses-cookies

11 - Security

Customers, Service Users and Motorway Users are informed that the SANEF Group takes all technical and organisational measures that are necessary and reasonable to ensure the security of personal data and so protect such data from any non-authorised access, tampering, disclosure, misuse or loss.

For example, the SANEF Group has set up a secure system of access to personal data protected by an authentication process, and also protection through encryption using the HTTPS protocol when personal data is transmitted by internet.

12 - Newsletters, marketing correspondence

The Customer or User can oppose the sending of newsletters and marketing messages connected to Services offered by the SANEF Group.
Subject to their consent, the Customer or User may receive newsletters and marketing messages from the SANEF Group’s partners.
Any person other than Customers and Users, including Visitors, may receive newsletters and marketing messages subject to their consent being obtained.

The Customer, User or any other person, including a Visitor, may choose at any time to no longer receive newsletters and marketing messages from the SANEF Group or its partners by simply clicking on “Unsubscribe” in any email sent by the SANEF Group, or by contacting the SANEF Group at the address given in Article 14.1.

13 - Updating our Privacy Policy

This Privacy Policy may be modified, especially in the light of any legislative and regulatory reforms. The Customer or User can directly consult any updates directly on the Websites or may be informed by email, if necessary.

14 - Rights of access, rectification and deletion of your personal data

14.1 - Contact information to exercise your rights

Pursuant to the Applicable Regulations, processing personal data carried out by these Websites has been subject to required internal documentation. The SANEF Group has appointed a Data Protection Officer (the “DPO”). The Customer, Service User, Motorway User or Visitor may exercise his/her rights of access, rectification and opposition, as well as his/her right of deletion, under the terms and conditions of the Applicable Regulations, by contacting the Data Protection Officer at the SANEF Group, 30 boulevard Gallieni, 92130 Issy-les-Moulineaux, France, or by sending an email to the following address: donneespersonnelles@sanef.com.

Any request or question regarding the processing of personal data can also be sent to the DPO at the above postal or email address.

If the right of opposition is exercised, the SANEF Group will stop processing the person’s data, unless there are legitimate and compelling reasons not to do so, or to ensure the ascertainment, exercise or defence of its rights before the courts, in accordance with the Applicable Regulations. If needs be, the SANEF Group will inform the Customer, Service User, Motorway User or Visitor of the reasons for which the rights they wish to exercise cannot be satisfied, or can be only partially satisfied.

The right to delete personal data is subject to any requirements proven by the SANEF Group with regards to retaining this personal data, especially in relation to its legal obligations.

The Customer also has a right of portability with regard to some personal data enabling him/her to request a computerised copy in legible and usable form of his/her data processed by the SANEF Group within the scope of their contractual relationship for the provision of products or service, which excludes:

  • data that the SANEF Group may have produced for its own purposes, or enabling it to meet its legal obligations, especially its accounting, corporate and fiscal responsibilities;
  • information relating to records of subscriptions, amounts paid or payable, and all the information that the SANEF Group may have generated within the scope of its legitimate interests pursued with regards to best understanding the centres of interest of its Customers, Users, Visitors or potential customers.

The Customer or User can also specify instructions on how to deal with his/her personal data after death. 

14.2 - Procedure for exercising rights

In order to access his/her personal data, the Customer, Service User, Motorway User or Visitor must provide proof of his/her identity to the DPO at the abovementioned postal or email address (Article 14.1 herein), pursuant to the Applicable Regulations.
The Customer, Service User or Motorway User can grant a power of attorney to the person of his/her choice with authorisation to exercise his/her right of access. This authorised representative must not only present a letter detailing the subject of this power of attorney, namely the exercising of the right of access, but also both his/her identity and the identity of the principal.

For example, the requesting party can obtain information regarding the source of his/her data and ask for a copy.

The DPO will then have a period of one month in which to respond to the request. However, this deadline may be extended by two months if there are numerous, complicated requests. In the event of any extension, the requesting party will be informed within a period of one month following receipt of the request.

14.3 - Refusal to respond to a request

The DPO is not obliged to respond to requests for exercising rights if:

  • the requests are clearly unreasonable, particularly with regard to their number, and their repetitive or systematic nature;
  • the data has not been kept, in which case access is not possible.