Keolis S.A may disclose your personal data:
In-House
To the departments authorised by Keolis and needing to know in the context of the aforementioned purposes, including the departments of Communication and Marketing, Purchasing, General Resources, Human Resources, Accounting, Legal, etc.
Within the Keolis Group
We may share your personal data with certain entities with the Keolis Group, or partners; in order to maintain continuity of our services or of our relations with our customers, sales prospects or website users.
If you have formally given your consent, your contact/information request will be forwarded to the Keolis subsidiary/Partner concerned by your question.
In order to enable your applications to be processed within the Group and when you respond to a job offer from a Keolis subsidiary, your application data is sent to this Keolis subsidiary as a separate data controller for review and processing of your application. Your data is then processed in accordance with the privacy policy of the Keolis subsidiary concerned, which you can consult by contacting it directly.
With third-party providers
We may share your personal data with trusted third parties, service providers of Keolis S.A., located within the European Union (hereinafter the “EU”), in particular to ensure the proper functioning of our website or our services in connection with the purposes mentioned above.
Your personal data processed in the context of managing your application may also be disclosed to service providers (career platform operators), as well as to external organizations where these are engaged by Keolis S.A. as part of recruitment processes (recruitment agencies).
As part of the processing of whistleblowing reports, data may be transferred to service providers (lawyers, investigators, etc.) who may be required to intervene during the investigation. In this context, only the data strictly necessary for the performance of their respective tasks will be transmitted to them.
With business partners
We may share pseudonymous data which do not contain any items of direct identification, for the purposes described in Article 3. “Use of your personal data and storage periods” above, in particular concerning the cookies collected by Business partners who collects and processes the cookies (listed in the Cookies Policy). Business partners are separately controllers or joint controllers for processing.
With third parties on legal gorunds
If we were to be compelled to observe laws and regulations and legal requirements and instructions, or if permitted by law (i.e. to protect and uphold rights, a situation posing a threat to life, health or safety, etc.).
***
In any event, we always require such recipients to provide sufficient confidentiality and security safeguards and to take the necessary physical, organizational, and technical measures to protect and secure your personal data, in accordance with the applicable legislation.
Hosting and transfer of data outside the European Union
All of your data is processed and hosted within the EU. However, data transfers outside the EU may occur. Any transfer of your data outside the EU is carried out with appropriate safeguards in compliance with the applicable regulations, either because the recipient countries benefit from an adequacy decision, or because such transfers are governed by the implementation of Standard Contractual Clauses approved by the European Commission, or by adequacy decisions (such as the Data Privacy Framework for transfers to the United States). For more information on the safeguards governing such transfers, you may contact us at the addresses indicated in Article 9.