Politique de confidentialité

Prony resources process personal data, which are those that can identify or allow a natural person identifiable.

The company collects personal data to carry out regular activities with users of Prony resources’s services. The list of collected data typically includes: identification data, contact data, financial data, navigation data (cookies, IP address), health data, biometric data and other data that may be needed to perform these services. The list of collected data may vary according to the relationship with the data subject.

More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.

Personal data are collected for the performance of services, such as:

• Passenger Train Services;
• Newsroom;
• Aerovale;
• Visiting Prony resources;
• Ethics and Conduct Office;
• Access to Prony resources’s sites;
• On-site help centers;
• Assistance to communities.

In addition to the performance of services, the company collects personal data from its employees, suppliers and contracted parties. The processing of such personal data is regulated through specific documents.

The collection and processing of personal data within Prony resources are carried out to legitimate, explicit and specific purposes. Most of the personal information is provided directly by the data subjects, for one of the following reasons:

• Get in touch when offering our services;
• Browsing our websites and applications safely;
• To better target the content of our sites;
• To be able to perform our services, receive and make payments and aid; or
• For carrying out regular activities with users of Prony resources’s services.

More information on the purposes and legal basis for collecting and processing personal data can be found in the specific terms of each service, available on their respective platforms.

The company stores the evidence of opt-in (express) consent, when such consent is considered, by the applicable personal data protection laws, indispensable for the data processing activity. Likewise, if consent is revoked, evidence of such revocation will also be stored.

Sharing with third-parties:

Prony resources may share personal data with its subsidiaries and suppliers, if necessary, for the provision of our services. For this sharing, rights and duties of the parties are established, aiming to prevent the use of personal data in a different way from that established by the company and / or that violate the applicable data protection laws. It is also required that everyone involved process personal data in a secure and confidential manner, and keep it only for a specified period. These obligations remain even after the end of the relationship between the parties.

In some circumstances, Prony resources may be legally required to share personal data in order to respond to inquiries or investigations.

International data transfer:

Prony resources may share personal data with its subsidiaries or with contracted companies with headquarters outside the national territory, subject to local legal requirements. The company shall only carry out a transfer to countries or international organizations that ensures an adequate level of protection related to the transferred personal data or that guarantees the compliance with the principles, rights and data protection regime of the applicable personal data protection laws.

It is possible to use one of the following safeguards: (i) contractual clauses approved by the supervisory authorities, according to the applicable personal data protection laws; or (ii) binding corporate rules.

Data subjects have the following rights related to its personal data, to the extent that such rights are recognized by applicable laws:

• Processing confirmation: confirmation as to whether or not Personal Data concerning the relevant data subject are being processed;
• Access to data: access to data collected by Prony resources, except for cases of trade secret protection and industry;
• Data rectification: request to correct incomplete, outdated or erroneous information;
• Anonymization and suspension: anonymization and suspension of personal data considered unnecessary, excessive or processed in non-compliance with the provisions of the applicable legislation. Anonymization will take place considering the use of reasonable and available technical means when processing data;
• Portability: portability of personal data to another product supplier or service provider upon express request. Prony resources and its subsidiaries reserve the right to deny portability in case of personal data that could compromise their commercial and industrial secrets.
• Information on data sharing: information to the data subject about personal data that is shared with public and private entities;
• Consent Revocation: revocation of the consent given, at any time, upon the express request of the data subject. The revocation procedure will always free and facilitated.
• Elimination: personal data will be eliminated at the end of its purpose or if the data subject expresses its intent to revoke its consent to carry out that processing. Subject to local legal requirements, Prony resources may keep personal data if: (i) it is legally obliged to keep them, (ii) for compliance with laws and / or regulations that so determine; (iii) needs the data to establish, exercise or defend legal claims; and (iii) need to maintain control of the data for public health reasons.

It is possible to exercise these rights by contacting us using the form found at the bottom of this page.

Personal data is protected against unauthorized access, illegal processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is processed electronically or on paper.

The company has appropriate technical and organizational measures to protect personal data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.

In the event of deletion of personal data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted personal data cannot be recovered.

All personal data collected will be processed and preserved as long as necessary for the fulfillment of the purposes described in the section “What is the purpose of collection and processing of personal data?”.

The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of personal data in our databases, under the same security and protection mechanisms.