Effective Date [2021, March, 19th]
[EDF Renewables], whose registered office is located at 100, esplanade du Général de Gaulle 92932 Paris la Défense Cedex (hereinafter the "Company" or "We"), acting as independent data controller, entity of the EDF RE Group (hereinafter the “Group”) would like to inform you about the methods of processing (i.e. collection, use and sharing) of your personal data, through this website (hereinafter the "Website") and the use of associated services (hereinafter "Services"), in accordance with applicable laws and regulations on the protection of personal data, in particular: (i) Law No 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and Law No 2018-493 of 20 June 2018 on the protection of personal data; (ii) Regulation (EU) 2016/679 dated April 27, 2016 (hereinafter "GDPR"), which came into force on May 25, 2018; and (iii) any other normative act, decree, regulation or provision that would be enacted by a competent national or European supervisory authority (hereinafter collectively referred to as the "Applicable Data Protection Regulations").
- What is the scope of this policy?
- What types of personal data do we collect?
The Company collects (1) registration data; (2) data that you have voluntarily shared with the Company; (3) navigational data related to access and use of the Website and Services; and (4) other miscellaneous information. In particular, the Company collects the following information:
- Registration Data: collected through the registration form.
- Personal Data that you voluntarily share with the Company: the Company may collect your personal data (e.g. first name, last name, email, address, telephone number, etc.) when you submit a request via an online form on the Website or when you use our Services;
We do not collect :
- Special Categories of Personal Data: We ask you not to disclose or communicate to us data considered as Special Categories of Personal Data or assimilated by the CNIL (including social security number, offence data, ethnic origin, political opinions, religions and beliefs, health data or trade union membership) through our Website, Services or by any other means.
Associated Services. The Services may be associated with websites published by third party companies not affiliated with the Group, and may include advertisements, offer online content, and provide features, games, newsletters, contests or lottery, or applications developed by third party companies. The Company is not responsible for the privacy practices of such third party companies. Once you leave the Services or click on an advertisement, it is your responsibility to check the applicable Personal Data protection policy for that other service.
- For what purposes do we collect your personal data?
We process your personal data:
- To enable you to use the Website and Services;
- To evaluate and improve our Services and the functionality of the Services;
- To improve your experience using the Website and Services;
- Provide you with customer support and respond to your inquiries;
- To comply with legal obligations (including obligations related to the provision of the Services), or to respond to requests from public and governmental authorities;
- To serve the interests of the Company; in certain cases, the Company may disclose your personal data, including when the Company believes in good faith that such processing is necessary to : (i) protect, exercise, or defend the rights, privacy, safety, security, or property of the Company or its employees, agents and contractors (including the performance of our contracts and terms and conditions of use); (ii) protect the safety, privacy and security of Users or the public; (iii) protect against fraud or for risk management purposes;
- Subject to your prior consent, if necessary, to carry out commercial prospecting operations with you, in accordance with your personal preferences and choices;
- Subject to your consent, to share your personal data with our trusted business partners, including other Group entities, to enable them to send you messages of a commercial nature.
5. On what legal basis do we process your personal data?
- How long are your personal data retained?
The Company retains your personal data for as long as it is necessary for the fulfillment of the purposes described in section 4 above.
Your personal data are kept:
- For the time strictly necessary for the Use of the Website, the Services, or for the needs of the Company, and for a maximum of 3 years from the date of collection in the absence of a contract with the Company;
- In case of conclusion of a contract or an order, within the framework of the Services or otherwise, during the entire period of the contractual relationship, then kept in intermediate archives for a period corresponding to the possible warranty period to which is added the applicable legal prescription period (5 years in most cases);
- For a period of 25 months from the installation/creation of cookies.
- How do we process your personal data?
The personal data are processed both manually and electronically and is protected by appropriate security measures. In this respect, although the Company uses appropriate administrative, technical and organizational measures to protect personal data against theft, loss, unauthorized use, disclosure or modification, it cannot guarantee that it will be able to protect itself against all existing IT risks.
- Who has access to your personal data?
- Other entities of the Group, as the case may be;
- Third party service providers, subcontractors (i.e. IT service providers, service providers related to the Services - for illustrative purposes, and without this list being exhaustive, experts, consultants and lawyers, companies involved in potential mergers, demergers or other transformations);
- Competent national authorities: in order to comply with the law in force;
- Trusted business partners: subject to your consent. The fields of activity to which these third parties may belong are, in particular, the following: (i) energy, (ii) [industry]; etc.
- Are your personal data transmitted abroad?
Your personal data may be transferred to other EDF RE’s entities and service providers acting on its behalf that are located within the European Union.
We make transfers of personal data to service providers acting on our behalf to non-EEA countries.
- Minors under 15 years of age
The Website does not address or offer Services to individuals under the age of 15, and the Company does not knowingly collect personal data from individuals under the age of 15 or minors in general.
- What are the applicable security measures?
The Company implements all appropriate technical and organizational security measures to ensure a level of personal data security appropriate to the risk, and in particular, to protect data against accidental or unlawful destruction, loss, damage, disclosure or unauthorized access.
The same level of protection is contractually imposed by the Company on all its subcontractors. Any employee of the Company who, in the course of his or her duties, may have access to your personal data undertakes to hold it in a strictly confidential manner.
- What are your rights with regard to personal data?
In accordance with the Applicable Data Protection Regulations, depending on the situation, you have a right to request access, rectification, erasure and the portability of your personal data and to request the limitation or object to the processing of your personal data as well as to withdraw your consent at any time. You have the possibility to give us instructions concerning the use and disclosure of your personal data (retention, erasure, third party transfer, etc.) after your death. You may exercise these rights by writing to the following e-mail address: email@example.com.
However, you are informed that your objection may, in practice and depending on the case, affect or make it impossible to take into account your request for information, registration or use of the Services offered on the Website.
You also have a right to lodge a complaint against a supervisory authority such as the Commission Nationale de l’Informatique et des Libertés, “CNIL”, in the event of a breach of the Applicable Data Protection Regulations.
- Modifications and updates
- Data Protection Officer
EDF RE has appointed a Data Protection Officer ("DPO") whom you may contact for any questions relating to the processing of your personal data and to exercise your rights.
Name of the DPO: Nicolas Vanoudendycke
DPO contact information: firstname.lastname@example.org