Confidentiality Charter

PRIVACY AND DATA PROTECTION POLICY

1. Thello’s Commitment

At Thello, we undertake to protect the personal data you provide to us when you travel on our trains and access our offers and services.

The data will only be used to process your request and book your journey or to provide you with offers and news that match your wishes and needs as closely as possible.

To this end, we have made eight commitments:

• Collect your data for a legitimate purpose for our company and in your interest;
• Constantly inform you of the purpose for collecting your data and of the resources used to collect it;
• Collect just the data needed to process your requests and bookings;
• Collect your data only with your explicit and informed consent;
• Ensure the protection and security of the personal data collected;
• Forward your data only when necessary, and in compliance with legal and security rules;
• Remain accessible, clear and transparent about the data you have entrusted to us;
• Keep your data only for as long as necessary and in accordance with the law.

The information will be stored in our database and will not be communicated to third parties, except when this information is necessary to address your requests and ensure the processing of data required to perform the contract (see point 6 below).

Pursuant to the “Data Protection” Act of 6 January 1978, amended in 2004, www.thello.com is registered with the CNIL, the French Data Protection Agency, under number 156 17 07.

2. Why do we collect your personal data?

Thello collects and stores your data for a specific and transparent goal and purpose.

Indeed, we need your personal data to satisfy your needs and answer your questions regarding:

• The drawing up and performance of your transport contract;
• Management of your bookings and processing of your orders – your data is needed to send your ticket and provide the requested services, manage any unexpected issues and provide after-sales service;
• Proposals for commercial offers (prospecting, loyalty program, promotional events) and personalised communication for each customer, in the following scenarios:
  • If you have ordered Thello products (consent that you are kindly requested to give us when booking online or when buying a ticket);
  • In all cases, you have the option of unsubscribing to our mailing list by clicking on the unsubscribe link mentioned at the bottom of each of our newsletters or email messages;
  • If you have registered for the service offered by Thello.

In this respect, Thello undertakes to maintain contact in a reasonable manner and in your interests.

• Statistical studies;
• Proposals for game contests organised by Thello;
• Managing your rights with respect to your personal data;
• Fight fraud which is as harmful to you as it is to us.

Your consent will be explicitly requested for our commercial offers if you are not making a purchase. You will only receive messages relevant to your purchases and searches, unless you have notified us not to do so. Your data may also enable us to send you notifications regarding satisfaction questionnaires or even game contests or promotions. You may of course decide to refuse to receive these notifications at any time and at no cost.

3. What data for what purpose?

Your personal data is collected in connection with the performance of your transport contract or to ensure compliance with a legal obligation to which Thello may be subject.

We collect your Last name and First name. This data is essential to process your orders and necessary to perform the transport contract. It is mandatory for the Paris to Venice night trains because your ticket is nominative.

You are required to provide your date of birth. We need your age to perform the transport contract, for pricing reasons and also to ensure compliance with our General Terms and Conditions of Sale. This data is also necessary in order to adapt your journey to our offers and to allow you to benefit from the best prices.

We need your email address and/or telephone number to contact you about your booking if necessary (problem related to your order or the product purchased, passenger information) or to provide you with our personalised commercial offers. We collect your payment data in order to complete your booking and comply with our binding contract with you. This data is essential for any order and refund.

If you are travelling with a party of more than one, we may have to collect your data for the same reasons stated above. By providing us with this information, you confirm that you have had the authorisation of the people travelling with you.

If the person is under the age of 15, you have the consent of the legal representative of the latter or their guardian.

We use browsing data to propose commercial offers and for our cookie policy (see point on Cookies below).

4. How do we collect this data?

Your data may be collected:

• When you complete forms on our website, in the Thello shops, via our partners or when you participate in game contests;
• When you explicitly provide your consent;
• When you buy a train ticket.

We always do so by fully informing you of the required data, the optional data is indicated with asterisks on the input forms.

5. How long do we keep your data?

Your personal data is collected for the time strictly necessary for the purpose for which it was collected.

In addition, according to the legal provisions, if there is no contact over a period of three (3) years, your data will be deleted, with the exception of your data essential for the management of legal and regulatory constraints.

6. Does Thello transfer your data?

Only the internal departments of Thello have access to your data within the strict framework of the processing described in this Charter. Thello does not transfer any data to third party companies for any reason other than the following:

• Subcontracting: Thello uses service providers in order to operate its sites and provide you with the services and products offered, particularly for marketing services (satisfaction surveys).
• Partners: to companies whose products are related to those of Thello and sold by Thello.

For all these data transfers, Thello makes sure that it secures its relations with these companies (contracts, audits, security assurance plan).

Thello has a policy of not transferring data outside the European Union.

7. What are your rights?

Under the new General Data Protection Regulation of 27 April 2016, which came into force on 25 May 2018, you have extensive rights regarding the collection of your data.

When you provide us with your personal data, we are required to inform you about these rights in a simple manner and free of charge, namely:

• The right to be informed of:
  • the purpose of the data collection,
  • the recipient of the data and any transfer thereof,
  • the length of time your data is stored.
• A right of access to your data;
• Rectification of incorrect data;
• Erasure of some of your information;
• Limitations on the use of your personal data;
• Dispute about how your information is processed;
• Portability, in other words the ability to “move” your data to another data controller;
• The right to object to the use of your data.

However, the exercise of these rights may be limited on legitimate or legal grounds.

8. How do you exercise your rights?

Access, correction, erasure and portability rights:

In accordance with European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, you have at any time, the right to access, communicate, rectify, restrict, move and delete any personal information about you, and you may exercise this right via the available online contact form here or you can send your requests to Thello’s customer service department by mail to the following address: Thello Service Clients B.P No. 10308 75563 Paris Cedex 12 – France.

Right to object:

You also have the right to object to the commercial communications referred to in each email or message sent to you.

You can exercise your right to object in the following ways:

• For commercial offers: by clicking on the unsubscribe link indicated in the messages sent to you;
• For your personal data: by sending your request to Thello’s Personal Data Protection Officer via the online contact form available here;
• For all other requests by writing to Thello’s customer service department at the following address: Thello Service Clients B.P No. 10308 75563 Paris Cedex 12 – France.

For all these requests, and for security purposes, you may be asked to identify yourself and provide Thello with a copy of your identity document.

In the event of dispute:

If you are not satisfied with a response to one of these rights, or in the event of a dispute regarding the use made of your data, you may forward your requests to:

• The Personal Data Protection Officer of Thello via the online contact form available here
• To CNIL (https://www.cnil.fr/en/home)

COOKIES

The thello.com website uses cookies to make online purchases possible and to optimise the website.

The information collected on thello.com is treated in accordance with Thello’s privacy policy. When a web user browses the thello.com site, they allow Thello by default to store cookies in their browser. If internet users do not want the thello.com site to store cookies in their browser, they can disable cookies by modifying their browser settings or options. However, some pages of thello.com might not work properly then. In addition, there are many online sources of information on cookies and web beacons. We therefore urge those concerned with the use that may be made of cookies and web beacons to find out more about them before deciding whether or not to accept cookies from the sites that they visit.

1. What is a cookie?

Cookies are small data files sent by a website and stored in the internet user’s browser. They make it possible to temporarily save information about visits and visitors to the website. Thus, each time the Internet user visits the same website, the data from their previous visit is collected. Cookies do not generate or transmit viruses.

Certain cookies are essential for the use of the website and help make a website usable by activating basic functions such as page browsing and access to the secure areas of the website (the website cannot function without these cookies). The retention period for data collected via these cookies may not exceed thirteen (13) months. Cookies strictly necessary for providing a service expressly requested by the user are exempt from prior receipt of the user’s consent.

2. What types of cookies are used on our website?

The thello.com website uses cookies to optimise the use of the website by:

• displaying browsing parameters relevant to the user;
• retrieving the user’s preferences (country, language, etc.);
• resolving bugs or allowing rapid retrieval of useful information.

thello.com also uses cookies, “Web Beacons” and “Clear GIFs” for analytical and marketing purposes. Thello compiles anonymous information about the use of the website that it shares with one or more external audience analysis companies in order to compile statistics. In this context, some of the pages that are visited on the website contain electronic images in the code of the web page called “pixel tag” (also “GIF invisible” or “Web beacon”) which work in the same way as cookies. Web beacons are used to analyse traffic from one page to another in order to optimise Internet traffic flows. External advertising providers of the website may also use beacon websites to identify internet users during their visits to the site and how they discovered it.

Other audience measurement cookies, known as statistics, help website owners, by collecting and sharing information anonymously, to understand how visitors interact with websites.

For these cookies, it is then necessary to obtain your consent before collecting data. You can object to the reuse of your data for commercial purposes at any time. Security measures must be taken to prevent this data from being damaged, distorted or accessed by unauthorized third parties.

3. How do I disable cookies?

Most web browsers accept cookies by default.
However, they can be configured to refuse them or to warn you when cookies are sent. It is important to note that certain features of the website may not work properly if the browser used does not accept cookies.

The Web browser help section tells you how to refuse new cookies, get a notification message notifying you of their receipt or disable them. Note: each browser has a different configuration.

To facilitate your approach, here are the links to the sections Browser Help most commonly used:

• Internet Explorer™ 
• Safari™ 
• Chrome™
• Firefox™ 
• Opera™

For more information on how cookies work and targeted advertising, please go to  youronlinechoices.eu and allaboutcookies.org.