Privacy policy

The protection of your personal data is important to the Group ENGIE and its business unit “Global Energy Management”.

This Privacy Policy applies to the personal data related to you, as a representative, as an employee, beneficial owner or a shareholder of our clients and/or counterparties, as a representative of our suppliers, or as a visitor of our websites (the “data subject”, “you”, “your”) (the “Personal Data”).

This Privacy Policy explains what we do with your Personal Data in the course of our business activities - provision of energy services, products and solutions - including any relationship or contact in connection with these activities, or when you are visiting our websites.

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR”)), the company acting as data controller for your Personal Data (“we”, “us”, “our”) may be (i) the company of Group Engie with whom you are in contact or with whom you have a contract in place (ii) or the company of Group Engie which is the publisher of the website you use.

The purpose of this Privacy Policy is to inform which of the Personal Data we use, the reasons why we use and share such data, how long we keep it and how you may exercise your rights as to your Personal Data.

Which Personal Data do we use?

Visitors of our websites:

Counterparties/Clients/Suppliers:

We process the following categories of Personal Data:

How do we collect Personal Data?

The Personal Data we process may either be directly provided by you, or by our clients/counterparties/suppliers, or be obtained from the following sources in order to verify or enrich our databases:

Why and on which basis do we use the Personal Data?

We may only process Personal Data if the processing is necessary:

We may use Personal Data among others for the following specific purposes:

We do not make decisions about Data Subjects based exclusively on automated processing that produce legal effects concerning them or similarly significantly affect them.

The provision of some of the Personal Data (e.g. name, address, etc.) is a condition to the conclusion of the contract between our clients/counterparties/suppliers and us.

The possible consequences of not providing your Personal Data could include our inability to meet our obligations under the contract between our clients/counterparties/suppliers and us or a breach by us of one or more obligations under applicable laws (e.g. accounting, tax or financial laws).

Who do we share the Personal Data with?

The Personal Data collected as part of this processing may be shared with ENGIE Group, internal and external service providers, such as our IT solution providers (facilities management, data maintenance, etc.), and with the staff of the companies, branches and subsidiaries working within the Global Energy Management Business Unit, and only for the purposes mentioned above.

We may also share Personal Data with:

In the event of company reorganisations (e.g. mergers or acquisitions), we may transfer your Personal Data to a third party, or an Engie Group company involved in the transaction (for example, a buyer) in accordance with applicable data protection law.

Transfers of Personal Data outside the European Economic Area

We may transfer your Personal Data to countries located outside of the European Economic Area (“EEA”).

In case your Personal Data is transferred to countries located outside of the EEA, we will ensure that appropriate safeguards are taken, such as:

For further information about transfers of Personal Data outside of the EEA, please consult the following link: https://edps.europa.eu/data-protection/data-protection/reference-library/international-transfers_en.

How long do we keep the Personal Data for?

The Personal Data are retained (i) for the period required to achieve the purposes described above, up to the time limits provided for by the applicable regulation; (ii) with regard to storage of the data for use as proof and as a response to requests from the competent authorities, up to the time limits provided for by the applicable regulations, such as the limit of five years for the retention of records of correspondence and communications between us; (iii) with regard to use for our defence in response to claims and/or disputes, for the period provided for by law, and for a reasonable additional period if needed.

What are your rights and how can you exercise them?

In accordance with applicable regulations, you have the following rights:

- To access: you can obtain information relating to the processing of the Personal Data, and a copy of such Personal Data.

- To rectify: where you consider that the Personal Data are inaccurate or incomplete, you can require that such Personal Data be modified accordingly.

- To erase: you can, under certain circumstances, require the deletion of the Personal Data, unless we have a compelling reason to keep it (e.g. a mandatory minimum retention period set forth by applicable law).

- To restrict: you can request the restriction of the processing of the Personal Data.

- To object: you can object to the processing of the Personal Data. Please note that you cannot object to processing that is necessary for the execution of the contract and for the fulfilment of a legal or statutory obligation to which we are subject. You have the absolute right to object to the processing of the Personal Data for direct marketing purposes, which includes profiling related to such direct marketing.

- To withdraw your consent: where you have given your consent for the processing of the Personal Data, you have the right to withdraw your consent at any time.

- To data portability: where legally applicable, you have the right to have the Personal Data you have provided to us be returned to you in a commonly used machine-readable format or, where technically feasible, transferred to a third party.

Security

We implement adequate technical and organisational measures to ensure a level of security of your Personal Data that is appropriate to the risks.

We take appropriate measures to ensure that we report security incidents leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.

How to contact us?

Should you have any questions relating to our use of the Personal Data or should you wish to exercise your rights, please send your request to our Data Privacy Manager and/or our Data Privacy team by email at gem-privacy@engie.com. We will try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by applicable data protection law. Please note that we may need to retain certain of your Personal Data for certain purposes as required or authorised by law. Please also note that, if we have doubts about your identity, we may require you to provide us a proof of your identity to prevent unauthorised access to your Personal Data.

We also inform you that you may lodge a complaint with the competent supervisory authority, the name of which can be found at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

How can you keep up with changes to this Privacy Policy? 

In a world of constant technological changes, we may need to regularly update this Privacy Policy.

We will inform you of any material changes through our usual communication channels.

In the event of a conflict or inconsistency between a provision of this Privacy Policy and a provision of another policy or other document of us relating to the processing of Personal Data, the provision of this Privacy Policy shall prevail.

Privacy Policy valid from May 2018

Find the Privacy Policy French version

Contact us

Our experts can provide you with energy blockchain solutions to meet your needs

Get in touch