Personal Data Protection Policy

feria.sncf.com Website Data Protection and Cookies Policy

A. General Provisions

SNCF Voyageurs implements processing relating to the management of the commercial relations of “BtoB” and SNCF authorised travel agencies through a dedicated web portal (feria.sncf.com) which allows authorised agents and managers of SNCF agencies to create an account and to access several services and a range of information (online sales, training, news, promotional information, advantages, cards, etc.).

The purposes of this processing are as follows:

1. Provide companies with information about rail service offers and other ancillary offers to facilitate their employees’ business travel

2. Email a communication campaign relating to SNCF Voyageurs’ promotional offers as well as information relating to rail news.

3. Implement financial reporting and monitoring of training

The lawfulness of this processing, within the meaning of Article 6 of Regulation No. 2016/679 (“GDPR”), is based on:

- The performance of the Approval agreement between travel and hotel operators and SNCF Voyageurs SA for purposes 1 and 3.

- The consent of the end user registered on the website for purpose 2.

The recipients of personal data are as follows:

SNCF Voyageurs internal recipients

  • Customer managers, DEA (Business and Travel Agencies Department) tools managers, SNCF Voyageurs transferring personal data with FERIA)
  • “Preference” Programme (Programme by which users may receive rewards according to some prize competitions - Use of data on the Preference site without re-entering the users’ credentials).

External recipients

  • SNCF-APPROVED AGENCIES
  • JOUVE (Creation, maintenance and hosting of the FERIA solution).
  • 360 Learning (Training tool for SNCF-approved travel agencies in accordance with these general terms and conditions of use)

Personal data is retained for the following periods:

  • If an agency closes: erasure of all personal data relating to that agency 12 months after this agency’s closure date.
  • If an account is inactive: deletion of inactive users (24 months after the last login date).
  • Agency suspension (in accordance with the information stated in the General Terms and Conditions of use): users are no longer allowed to log in but their account is not deleted unless the inactivity period has expired.

The personal data collected is the last name, first name and the business email address for the categories of persons included in this processing within the meaning of the GDPR, i.e. persons creating a FERIA account. The data collected is therefore mandatory to access the various services offered. In this context, login data is also collected (login and password).

Finally, you can exercise your “Computing and Freedoms” rights by writing by filling out this form or by postal mail to the following address: SNCF Voyageurs - Equipe Protection des Données - 2 place de La Défense (CNIT 1) - BP 440 - 92 053 La Défense Cedex. You also have the right to give instructions applicable to the retention, erasure and communication of your personal data after your death through the above-mentioned contact addresses. In the event of a complaint, you can contact the Data Protection Officer. You also have the right to lodge a complaint with a supervisory authority (CNIL).

B. Cookie Management:

A cookie is a text file that a website – when visited by a user – requests your browser to store on your device in order to store information about you, such as your language preferences or login information. We configure these cookies and call them first-party cookies. We also use third-party cookies – which are cookies from a different domain to the website you visit – for our advertising and marketing efforts.

You can unsubscribe from each category of cookies (except strictly necessary cookies) by clicking on the “Cookie Management” button, always accessible on the bottom right of the website page for this purpose.

  • Strictly necessary cookies: Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Google Analytics cookies: Statistical cookies help website owners understand how visitors interact with websites by collecting and communicating information anonymously.
  • Marketing cookies: Marketing cookies are used to track visitors through websites. The aim is to display advertisements that are relevant and interesting to the individual user and therefore they are more valuable to third party publishers and advertisers.

Cookie list :

SSESSI[ID_SESSION] : They are used to store information about the current session in order to facilitate the user’s browsing experience on the website. (duration : 1 year - Necessary - FERIA)

tarteaucitron : It stores user preferences for cookies (duration : 1 year - Necessary - FERIA)

_ga : Records a unique identifier used to generate statistical data about how the visitor uses the website. (duration : 13 months - Analytics - Google)

_gid : Records a unique identifier used to generate statistical data about how the visitor uses the website. (duration : 1 day - Analytics - Google)

_gat : Used by Google Analytics to significantly reduce the rate of requests in order to optimise the user’s browsing experience. (duration : 1 day - Analytics - Google)

Category and third party company covered

__Secure-APISID, APISID, __Secure-3PSID, __Secure-3PAPISID, HSID, SIDCC, SAPISID : This cookie is used by Google to customise advertisements (duration : 2 day - Marketing - Youtube)

__Secure-SSID, __Secure-HSID, SSID : This cookie is used by Google to customise advertisements (duration : 7 months - Marketing - Youtube)

search_click_position, __ssid, gads, feature_notice_qqq, _fbp, _gcl_au, __gca, player, _ga, continuous_play_v3, _derived_epik, vuid : These cookies are used to track the user’s preferences. (duration : 2 years - Marketing - Vimeo)

YSC : Records a unique ID to keep statistics on the YouTube videos viewed by the user. (duration : session - Marketing - Youtube)

_gac_<property-id> : Contains information about the user’s behaviour. (duration : 90 days - Marketing - Google)

AMP_TOKEN : Contains a token that allows Google to retrieve a user from one service to another. (duration : 1 year- Marketing - Google)

APISID, NID, SID, 1P_JAR, SIDCC : These cookies are used by Google to customise the user’s advertising. (duration : 1 year - Marketing - Google)

HSID, SSID, APISID, SAPISID : These cookies allow Google to collect user information for videos hosted on YouTube. (duration : 1 year - Marketing - Google)

SEARCH_SAMESITE : This cookie is used to prevent the browser from sending this cookie with inter-site requests. (duration : 1 week - Marketing - Google)

__Secure-3PAPISID, __Secure-3PSID, __Secure-APISID : Create a web profile for users to customise their advertisements. (duration : 1 month - Marketing - Google)

player, vuid, _abexps, auto_load_stats, clips, has_logged_in, has_seen_upgrade, site_settings, stats_end_date, stats_start_date, vimeo, vimeo_player, optimizelyBuckets, optimizelyEndUserId, optimizelySegments : Used by Vimeo to check whether users have chosen certain features or preferences (duration : session - Marketing - Vimeo) 

PREF: These cookies allow YouTube to retrieve usage information for videos hosted on YouTube: (duration : 8 months - Marketing - Youtube)

LOGIN_INFO, CONSENT : These cookies allow YouTube to retrieve usage information for videos hosted on YouTube (duration : 2 years - Marketing - Youtube)

s_gl : These cookies allow YouTube to retrieve usage information for videos hosted on YouTube. (duration : session - Marketing - Youtube)

VISITOR_INFO1_LIVE : These cookies allow YouTube to retrieve usage information for videos hosted on YouTube pages with integrated YouTube videos. (duration : 6 months - Marketing - Youtube)