Personal data protection

Personal data protection

The object of this notice is to inform customers about the way in which La Compagnie Eiffage du Viaduc de Millau (CEVM) uses and protects Personal Data that is collected, as well as the reasons why this data is processed.
La Compagnie Eiffage du Viaduc de Millau considers privacy protection to be of the utmost importance and is thus committed to processing Personal data in accordance with both the modified IT and freedom act n° 78-17 of 06/01/1978 and with the General Data Protection Regulation (GDPR) n° 2016/679.

Quick links:

  • Processed personal data and associated purposes
  • Legal basis for personal data processing
  • Mandatory or optional nature of data
  • How long processed data is retained
  • Recipients of processed data
  • Security measures applied to personal data
  • Personal data localisation
  • Automated decision making


What is personal data?
Personal data is any information concerning a physical person, who may be identified or identifiable, directly or indirectly, through an identification number or through one or several elements belonging to that person.

How is personal data collected?
Personal data may be collected directly from a client making contact during a request, a complaint or when asking for specific information, etc.
Personal data may also be collected indirectly when travelling on La Compagnie Eiffage du Viaduc de Millau structures through computer and CCTV-related technical equipment.

Who is responsible for processing?
La Compagnie Eiffage du Viaduc de Millau is legally responsible for processing this data:

  • Compagnie Eiffage du Viaduc de Millau PLC, listed on the Millau Trade and Companies Register under the number 562 105 460, whose head office is located at the toll-gate at Saint Germain BP 60457.

Personal data protection
La Compagnie Eiffage du Viaduc de Millau collects and processes Personal data that is absolutely essential for providing customers with personalised, quality services.

Processed personal Data and associated purposes

Subscribing to an electronic toll collection system, customer’s online management of account and badge

The motorway operating company AREA implements the treatments above, as the responsible of the treatment, in the context of a service contract, on behalf of the Compagnie Eiffage du Viaduc de Millau.

To learn more about the management of your personal data by the provider AREA, please see the privacy policy : link

Toll collection

Personal Data processed for calculating toll price according to vehicle category:

  • Data concerning passing through toll > toll-gate time and date stamp, vehicle category, price of transaction.
  • Data concerning subscribers > identity, subscriber number, information held on payment cards or badges issued by distributors (number, validity end-date and, for certain types of subscription: date and place of birth, vehicle registration number).
  • Data required for customer assistance at toll-gate payment point (following customer request or technical alert) > videos from CCTV

Billing management

Processing of personal Data concerning payment methods: distributors identification, bar-code number, validity end-date.

Customer relationship management

CEVM collects and processes personal Data each time contact is made with the customer. The personal Data collected is required for providing the customer with a reply that is adapted to each request, complaint or question.
The Data processed is as follows: customer identity, telephone number, postal address, e-mail, reason for request.

Toll non-payment fines

Customers’ personal Data is processed in compliance with the CNIL (French National Information Science and Liberties Commission) ruling n° 2012-324 of 20th September 2012. Categories of personal Data processed:

  • Footage from CCTV cameras installed on toll lanes.
  • Data collected in the event of a non-payment dispute:
    - Data concerning the offence: date, time, lane, toll-gate, toll-gate worker, toll amount, class.
    - Data concerning the vehicle driver and owner: surname, first name, address.
    - Data concerning the vehicle: brand, type, registration number, country.
  • Data for consulting the French Vehicle Registration System (SIV): registration number, brand, model, vehicle colour type, toll-gate, lane, date and time of offence, ID number of fine-issuing official.
  • Data from SIV: surname or business name, first name, usual name or married name, SIREN (Company Register) number, address, ensuring that the name on the registration certificate is the owner of the vehicle, vehicle features for ruling out false registration plates or stolen registration plates (brand, model, colour).

Management of guided tours (tourist site)

CEVM’s communication, tourism and promotion department collects the following personal Data:

  • Upon registration for guided tours of the structure at the Millau Viaduct visitors‘ area: identity, postal address, e-mail address, telephone number.
  • Quality questionnaire sent to the customer: e-mail address.
  • For reservations by e-mail : identity, e-mail adress, phone number
  • For reservations with the online booking app : identity, mailing adress, e-mail adress, phone number

Recordings of conversations

The Security Headquarters conversations are recorded: network of emergency telephones, intercoms (toll lanes, entrances to operations building), direct telephone contact, for the following purposes:
- Management of Customer requests for assistance;
- Management of Customer complaints;
- Transaction observations (concerning calls made from toll-gates).
The Data that is necessary for managing the following purposes is collected: conversation contents and time and date stamps.

Legal basis for personal Data processing

La Compagnie Eiffage du Viaduc de Millau is authorised to process the following personal Data, in particular as part of:

  • Fulfilling the electronic toll payment contract, in all its aspects
  • Its legitimate interest and for the execution of a public service mission for determination,toll collection, billing management, customer relationship, management of voice recordings and non-payment tickets   
  • Legitimate interest in registration for services provided: registration for guided tours, sending the quality questionnaire, customer relationship, managing lists of exceptions concerning the electronic toll collection subscribers.

Mandatory or optional nature of personal Data

Some of the personal Data, mentioned in the forms, is mandatory. Should the subscriber not wish to communicate this Data, CEVM is unable to grant access to the services provided.

How long processed Data is retained

In accordance with the principles defined in the regulation, CEVM retains personal Data only for the amount of time required  for reaching the objective intended upon collection.
The following conservation periods are therefore respected:

  • Subscription to an electronic toll collection system: 5 years after the final closure of the subscription contract, in compliance with the regulation concerning legal prescriptions.
  • Toll collection: Data concerning journeys : 5 years or 10 years in the event of a tax receipt having been delivered.
  • Invoice management: 10 years in accordance with regulations.
  • Customer relationship management: Data from non-subscribed customers is retained for 2 years starting from the most recent request.
  • Fines for non-payment of toll: the video recordings are conserved for a maximum of 30 days. The other Data (including the photographs from the video recordings) is conserved for the amount of time deemed necessary for the case to be examined, within the limits of legal prescription with regards to fines, i.e. one year.
  • Management of guided tours (Tourist Site):
    Reservation by e-mail: the Data is deleted as soon as the visit is finished.
  • Reservation with the online booking app : the identity data, e-mail adress, phone number are preserved during 30 days. Bank details are preserved during 10 years, in accordance with regulations.
  • Management of the «Groups» customer database: the Data is conserved for 2 years starting from the latest request.
    Management of the quality questionnaire: the Data is deleted as soon as the questionnaire has been sent
  • Conversation recordings: The conversation recordings are conserved for 30 days.

Recipients of processed Data:

  • Subscription to an electronic toll collection system: the personal Data is accessible to the authorised internal services of la Compagnie Eiffage du Viaduc de Millau. The AREA company is the recipient (in its capacity of personal data administrator) of the Data as part of a service provision contract that respects the personal Data protection regulations are recipients of the Data
  • Collecting toll : The data is accessible to intern and authorised services of CEVM, and to those of the sub-contractors in the context of contracts compliant with regulations of the personal data protection.
  • Invoice management: depending on the Data categories, the Data is accessible to the banks, accreditors, senders of the subscriptions for the electronic toll collection system, and other motorway concessionary companies
  • Customer relationship management: the personal Data is processed by the authorised internal services. In the event of reimbursement for processing a request, the Data is transferred to the banks.
  • Fines for non-payment of toll: the recipients of the personal Data concerning fines for non-payment of fines are:
    - Duly authorised CEVM staff
    - Duly authorised SIV administrators
    - The Public Ministry Officer in the event of non-payment
  • Management of guided tours (Tourist Site):
  • E-mail reservations : the personal data are processed by the authorised internal services.
  • Reservations with the online booking app : the personal data are processed by the authorised internal services and by our subcontractors recipients of the data, as part of the contracts respecting the regulations for the protection of personal data.
  • Conversation recordings: the authorised internal services of CEVM and the Préfet.

Security measures applied to personal Data

The personal Data is subject to all the technical and organisation measures required for ensuring its confidentiality and security from any breach of data, destruction, loss, alteration, disclosure, reproduction or from any unauthorised access.
CEVM subcontractors are subject to the same confidentiality and security obligations within the framework of contracts that respect personal Data protection regulations.

Personal Data localisation

The Data is not sent outside the European Union.

Automated decision making

Processing of the data is not subject to automated decision making.

The rights of individuals whose personal Data is processed

In accordance with regulations, all individuals concerned are entitled to the following rights:
the right to access, rectification, deletion, to legitimately opposing, to the limiting and portability of personal data.
All of these rights may be exercised by contacting the data protection delegate at La Compagnie Eiffage du Viaduc de Millau by electronic way with this form or by regular mail at the following address: DPD CEVM - Péage de Saint-Germain - BP 60457 - 12104 Millau Cedex.

Any individual concerned by processing of their personal Data and who, having contacted the processing manager, considers that their rights are not respected, may file a complaint with the CNIL (French National Information Science and Liberties Commission).