This Privacy Policy is intended to inform users of this site www.colorbus.fr (hereinafter the “Site”) and the services provided by Colorbüs (hereinafter referred to as “you” or the “users”) of the methods of collection and processing of personal data carried out by Colorbüs.
It also aims to inform users of their rights as well as the exercise of these rights in accordance with the national regulations in force and Regulation 2016/679 of April 27, 2016 relating to the protection of personal data.
The data controller is Color Groüp Experience, a simplified joint-stock company, with a share capital of 100,000 Euros, whose registered office is located at 86 Quai du Port 13002 Marseille and registered in the Marseille Trade and Companies Register under number 449. 047 943 (hereinafter referred to as the “Company”).
The Company operates transport networks and provides road services. You are subject to this Privacy Policy when you subscribe to the services and benefits offered by the Company.
The data collected by the Company as part of the services it offers are as follows:
The Company processes the data of users of this Site in the context of the performance of the services that the Company offers, legitimate interests necessary for the proper functioning of the services as well as under legal obligations.
First of all, it concerns the management of customer relations, the carrying out of satisfaction surveys, the execution of the service offered and the sending of information on the modification or evolution of the services of the Company. The Company also processes certain data for statistical purposes, audience measurement, and sending offers, promotions and news about the Company.
The period during which the Company retains the personal data of users includes the period of the contractual relationship as well as the legal limitation periods.
The Company collects data necessary for the proper functioning of its services and benefits.
The Company may use subcontractors for the performance of its services.
Subcontractors process personal data only for the performance of the services offered by the Company.
The Company contractually imposes on its subcontractors to respect security and confidentiality obligations, to implement the appropriate technical and organizational measures so that the processing carried out meets all the applicable regulations and guarantees the protection user rights.
The Company may be required to transmit the personal data collected to the competent authorities, such as the public authorities, the National Commission for Computing and Liberties (hereinafter referred to as the “CNIL”) or the General Management of Competition, Consumption and the Repression of Fraud.
Users have the right to access personal data relating to them. Users have the right to obtain confirmation that data relating to them is or is not being processed. If users exercise this right, the Company will provide them with a copy of the characteristics of the processing carried out on their personal data (the purposes of the processing, the categories of data concerned, etc.).
The information will be provided either electronically or in hard copy. Users may obtain a copy of the personal data concerning them subject to respect for the rights of others.
Users finding that the personal data concerning them is erroneous or incomplete have the right to request the correction or completeness of this information.
Users have the right to obtain the limitation of the processing of their personal data, in particular when they contest the accuracy of the data, when the processing is unlawful and they wish to obtain the limitation and not the erasure of their data or when the data controller no longer needs the personal data but these are still necessary for the establishment, exercise or defense of a legal right.
Users may object to the processing of their personal data if they have a legitimate reason and in the event that the processing is based on their consent.
Once you exercise your right to object, your personal data will no longer be processed. When the processing is based on a legal obligation, the right of opposition does not apply.
The Company informs you that the modification or deletion will take place as soon as possible.
Users may request the erasure of their personal data in the cases listed in Article 17 of the GDPR: when they are no longer necessary in relation to the purposes for which they were processed or collected, when they must be erased at under a legal obligation, when they have been unlawfully processed or when you withdraw your consent for the intended purpose.
However, the deletion of this data cannot be carried out when the processing is necessary, among other things, for the exercise of the right to freedom of expression and information, for compliance with a legal obligation incumbent on the Company, the establishment, exercise or defense of legal claims.
Users have a right to the portability of the personal data they have transmitted. You will be able to access it in a structured, commonly used, machine-readable format. You can also request that this data be transmitted to another data controller when the technique allows it.
For any request to exercise rights, the Company may ask you to send an official identity document (identity card, passport, driving licence, etc.) in order to verify that you are indeed the person concerned by the personal data making the subject of the request.
The answers to your requests will be communicated to you electronically or on paper.
The Company undertakes to respond to any request as soon as possible and within a maximum period of one month from receipt of your request.
However, this period may be extended by two months when the request made is complex or due to the number of requests received.
If the Company cannot comply with your request, you will be informed within one month of receipt of your request. The reasons for which this refusal is opposed to you will be clearly indicated. You will then have the opportunity to lodge a complaint with the CNIL and to file a judicial appeal.
You are informed that in the event of manifestly unfounded or excessive requests, in particular due to their repetitive nature, the Company may refuse to respond to your requests or require the payment of fees compensating for the administrative costs incurred to respond to your requests.
The Company implements all appropriate security measures to guarantee the protection of personal data collected, and in particular to prevent the destruction, loss, alteration, disclosure or unauthorized access of data.
To this end, security measures such as anonymization or encryption of data will be implemented. Measures ensuring the constant confidentiality, integrity, availability and resilience of processing systems and services will also be taken.
Any breach of security affecting your data and likely to create a high risk for your rights and freedoms will be notified to you as soon as possible.
The servers used by the Company to store your personal data are located in France.
The Company transmits certain personal data to its subcontractors providing the services necessary for the performance of the services. Some sub-processors host personal data on servers located outside the European Union. Therefore, the Company ensures that they are able to guarantee the same level of data protection as that required by the GDPR within the European Union.
When this Privacy Policy is modified, the update will be posted on the Company’s Website or by means of an e-mail indicating the date of the update. We encourage users to review it regularly.
