Protection of personal data

Effective 01/01/2024

Welcome > Protection of personal data

Introduction

EDF Renewables, whose head office is located at 100, esplanade du Général de Gaulle 92932 Paris la Défense Cedex (hereinafter “Company” or “We”), acting as an independent Data Controller, entity of the EDF RE Group (hereinafter -after “Group”), kindly ask you to read the terms of processing (i.e. collection, use and sharing) of your personal data, through this website ( hereinafter “Site”) and the use of associated services (hereinafter “Services”), in accordance with the laws and regulations applicable to the protection of personal data, in particular: (i) Law No. 78- 17 of January 6, 1978 relating to computing, files and freedoms and Law No. 2018-493 of June 20, 2018 relating to the protection of personal data; (ii) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation, hereinafter “GDPR”), which entered into force on May 25, 2018; and (iii) any other normative act, decree, regulation or provision which would be issued by a competent national or European personal data protection authority – hereinafter collectively referred to as “Regulation applicable to the protection of personal data” .

Scope of this policy

The Company is the controller of personal data (i.e. any information linked to an identified or identifiable person, called a “Data Subject”) concerning you, processed through the Site and for the use of the Services, in the conditions set out in this Personal Data Protection Policy (“Personal Data Policy”).

This Personal Data Policy, as well as the Cookies Policy, available here concern all users, including those who use the Site and the Services without being registered or subscribing to a specific service (hereinafter collectively “Users”).

What types of personal data do we collect?

The Company collects (1) registration data; (2) data that you voluntarily shared with the Company; (3) navigation data related to access and use of the Site and Services and (4) other miscellaneous information. In particular, the Company collects the following information:

  • Registration data : collected via the registration form.
  • Data you voluntarily share with the Company : the Company may collect your personal data (e.g. first name, last name, email, address, telephone number, etc.) when you submit a request via the online form on the Site.
  • Navigation data : When you access and use the Site or Services, the Company may collect information regarding those visits. For example, in order to establish your connection to the Site or Services, our servers receive and record information about your computer, device, and browser, which may include IP address, browser type, and other information. other information relating to computer software or hardware. If you access the Site or Services from a mobile phone or other device, the Company may collect the unique device identifier, geolocation data, and other identification data about that device . Information may also be collected via cookies and other tracking technologies (such as navigation cookies, retargeting cookies, audience measurement, web beacons, and Adobe Flash technologies, etc.). These technologies may also be used to collect and store information about your use of the Site or Services, such as the pages you have visited, the online content you have viewed, the internet searches you have carried out. and the advertisements you saw. For more information, please visit our Cookies policy. here.

We do not collect:

  • Financial data from a secure payment service provider: In some cases, the Company may use an unaffiliated payment service to enable you to purchase a product or make payments. Where applicable, the processing of the information you provide will be governed solely by the personal data protection policy of the payment service provider, and not by this Personal Data Policy.
  • Special categories of Personal Data : we ask you not to disclose or communicate to us any data considered as Special Categories of Personal Data or assimilated by the CNIL (in particular social security number, offense data, ethnic origin, political opinions, religions and beliefs, health data or union affiliation) through our Site, our Services or by any other means.

Associated services. The Services may be associated with websites published by third-party companies not affiliated with the Group, and may in particular include advertisements, offer online content, and offer features, games, newsletters, competitions or lotteries, or promotions. applications developed by third-party companies. The Company declines all responsibility regarding the Personal Data protection practices implemented by these third-party companies. Once you leave the Services or click on an advertisement, it is your responsibility to check the privacy policy applicable for that other service.

For what purposes do we collect your personal data?

We process data for:
a) Allow you to use the Site and the Services;
b) Evaluate and improve our Services and the corresponding functionalities;
c) Improve your experience using the Site and Services;
d) Provide you with customer support and respond to your inquiries;
e) Comply with legal obligations (including obligations relating to the provision of Services), or respond to requests from public and governmental authorities;
f) Meet the interests of the Company; in certain cases, the Company may in particular disclose your personal data, in particular when the Company considers in good faith that such data processing is necessary to: (i) protect, exercise, or defend rights, life privacy, security, property of the Company or that of its employees, agents and service providers (including the execution of our contracts and our general conditions of use); (ii) protect the safety, privacy and security of users of the Site, Services or the public; (iii) protect against fraud or for risk management purposes;
g) Subject to your prior consent, if necessary, to carry out commercial prospecting operations with you, in accordance with your personal preferences and choices;
h) Subject to your consent, to share personal data about you with our trusted business partners, including other Group entities, to enable them to send you messages of a commercial nature.

On what legal basis do we process your data?

  • The processing purposes presented in section 4(a) to section 4(f) of this Personal Data Policy are based on the legitimate interest of the Data Controller for the purposes of operating the Site, responding to User requests and to provide the Services. With regard to certain cookies that may be used, processing is based on the consent of the Data Subjects;
  • The processing purpose presented in section 4(e) of this Personal Data Policy is based on the applicable legal and regulatory obligations;
  • The processing purpose presented in section 4(f) of this Personal Data Policy is based on the legitimate interest of the Company or applicable legal and regulatory obligations;
  • The processing purposes presented in sections 4(g) and 4(h) of this Personal Data Policy are carried out on the basis of your consent when required.

How long will your data be retained?

The Company retains your personal data for as long as necessary to fulfill the purposes pursued, as described in section 4 above.

Data concerning you is kept:

  • For the duration strictly necessary for the Use of the Site, the Services, or for the needs of the Company, and at most for a period of 5 years from their collection in the absence of conclusion of a contract with the 'Business ;
  • In the event of the conclusion of a contract or order, within the framework of the Services or otherwise, for the entire period of the contractual relationship, then kept in intermediate archives for a period corresponding to the possible warranty period to which is added the applicable legal limitation period (5 years);
  • For a period of 25 months from their implementation/creation regarding cookies.

How do we process your data?

The data is processed both manually and electronically and is protected by appropriate security measures. In this regard, although the Company uses appropriate administrative, technical and organizational measures to protect personal data against theft, loss, unauthorized use, disclosure or modification, it cannot guarantee that it will be even protect against all existing IT risks.

Who has access to your data?

As part of the processing purposes presented in section 4 of this Personal Data Policy, your data is communicated internally within EDF Renewables where applicable within the EDF RE Group, to customer service, to the marketing/commerce department and in the communications department. The Company may also communicate your personal data to the following recipients:

  • Other Group entities, as applicable;
  • Third party service providers, subcontractors (i.e. IT service providers, service providers related to the Services – for illustrative purposes, and without this list being exhaustive, experts, consultants and lawyers, companies involved in potential mergers, splits or other transformations);
  • Competent national authorities: in order to comply with applicable law;
  • Trusted business partners: subject to your consent. The fields of activity to which these third parties may belong are the following: (i) energy, (ii) [industry]; etc.

Are your personal data transmitted abroad?

Your personal data may be transferred to other EDF RE Entities and to service providers acting on its behalf which are located in France and/or within the European Union.

We will not transfer personal data to non-EEA countries.

Minors under 15 years old

The Website does not address or offer Services to individuals under the age of 15, and the Company does not knowingly collect personal data from individuals under the age of 15.

Security measures

EDF Renouvelables implements all appropriate technical and organizational security measures to ensure a level of security of personal data appropriate to the risk, and in particular, to protect data against accidental or illegal destruction, loss, damage, unauthorized disclosure or access.

The same level of protection is contractually imposed by EDF Renewables on all its Subcontractors. Any employee of EDF Renewables who, in the course of their duties, may have access to your personal data undertakes to keep them strictly confidential.

What are your rights regarding personal data?

In accordance with the applicable regulations on the protection of personal data, you have a right of access, rectification, erasure, limitation, portability and objection to the processing of your data as well as to withdraw your consent at any time. You also have the possibility of sending us your instructions in order to organize the fate of the data concerning you (conservation, deletion, communication to a third party, etc.) in the event of death. You can exercise these rights by writing to the following email address: privacy@edf-en.com.

However, your objection may, in practice and depending on the case, have an impact or make it impossible to take into account your request for information, registration or use of the Services offered on the Site.

You also have the right to appeal to a national supervisory authority such as the Commission Nationale de l'Informatique et des Libertés in the event of a violation of the regulations applicable to the protection of personal data and in particular European Regulation no. °2016-679 General Data Protection (GDPR) in force since May 25, 2018.

Changes and updates

The Personal Data Policy will be effective from the effective date indicated in the introduction. The Company reserves the right to modify or supplement this document, particularly in the event of changes to the applicable regulations regarding the protection of personal data.

Any modification to this Personal Data Policy will be notified to you by the Company before it comes into force and will in any case be available in its modified version once published on our Site.

Contact details of the data protection officer

EDF RE has appointed a Data Protection Officer (DPO) who you can contact for any questions relating to the processing of your personal data as well as to exercise your rights.

DPO contact details: privacy@edf-en.com