Welcome to the website fondation.totalenergies.com/en (hereinafter referred to as the “website”). By connecting to or browsing the website, you agree that you have read, understood and accepted, without limitation or reservation, this Personal data and cookies charter (hereinafter the “charter”) and our terms and conditions of use. Please note that other terms and conditions and personal data and cookies charter apply to other TotalEnergies company websites, and we recommend that you read them carefully.
The charter aims to inform you of the rights and freedoms that you can exercise in respect of our use of your personal data and describes the measures that we take to protect these data.
TotalEnergies S.E. is the “data controller” with responsibility for processing the personal data used to manage the website.
1. Purpose of processing, legal basis and the period of storage
When you visit the website, you may need to provide us with a number of items of personal data, such as your first name and surname, in order to use the services available, in particular to answer your requests for information.
This processing on your data is based on our legitimate interest to provide you services.
In our online forms, the mandatory fields are marked with an asterisk. If you do not provide answers to the mandatory questions, we will not be able to provide you with the service(s) requested.
Your personal data will not be processed subsequently in a way that is incompatible with the purposes described above or below the collection forms. Your data are kept until the complete processing of your request, then they may be archived for five (5) years.
2. Recipients of data
Your personal data may be communicated to TotalEnergies companies and to suppliers and subcontractors acting on behalf of TotalEnergies S.E., in particular Acquia Cloud Site Factory the website hosting, ARMATIS-LC the company responsible for providing you with the services requested and Saleforces the data hosting.
3. Data transfers
Any transfer of data to a country outside the European Economic Area shall be carried out in accordance with the applicable regulations and in such a way as to protect your data appropriately.
For this reason, the TotalEnergies company has adopted “Binding Corporate Rules” (BCR) governing intra-Group transfers of personal data originating in the European Economic Area. If you would like more information about our BCRs please click here.
4. Data security and confidentiality
The data controller takes appropriate steps to preserve the security and confidentiality of your personal data, including to prevent them from being distorted, damaged or disclosed to unauthorised third parties.
5. Cookie management
5.1 Principle
A cookie is a file which enables a website to save information relating to your computer’s browsing of the website (e.g. number of visits, number of pages viewed, etc.), to make your visits to the website smoother.
You can at any time delete the cookies stored on your computer, object to the storage of new cookies and receive a notification before new cookies are stored by changing your browser settings using the instructions below (5.2 Types of cookies, cookies and statistics, and settings).
Please note that if you remove a cookie or object to the storage of cookies on your device, you may not be able to use some of the website's services.
5.2 Types of cookies, cookies and statistics, and settings
The cookies that may be stored on your server when you browse the website are cookies which are intended solely to enable or facilitate electronic communication or which are strictly necessary to provide the service you are requesting (language cookies, login cookies, etc.), or statistics cookies or other cookies in accordance with the conditions below.
When cookies require your agreement before they can be saved, we ask you for this agreement via the button called “Personalize” displayed on the first page of the website that you land on, in which it is made clear that by continuing to browse the website you accept these cookies.
5.2.1 Which cookies are stored?
-
Cookies issued by the data controller, added on the site domain
Cookie |
Description |
Category |
Period |
---|---|---|---|
has_js |
Detection of Javascript, used by Drupal |
Mandatory |
Session |
cookie_agreed, |
Choices of GDPR related consent, used by Drupal |
Mandatory |
13 months |
Drupal.language, |
Choice of language of the site, used by Drupal |
Mandatory |
up to 1 year |
Drupal.tableDrag.showWeight |
Browser version to adapt the display of pages, used by Drupal |
Mandatory |
1 year |
form-xx webform-123 |
Detection if form has already been submitted by the user, used by Drupal. |
Mandatory |
1 year |
_cfduid |
Performance optimization, used by the CDN CloudFlare. |
Mandatory |
Session |
-
Cookies STATISTICS
Cookie |
Description |
Description |
Period |
---|---|---|---|
atidvisitor, |
Traffic analysis, used by AT Internet. |
Statistics |
up to 1 year and 1 day |
dtCookie, dtLatC, |
Measure of the site performance, used by Dynatrace. |
Statistics |
1 minute |
idrxvr |
Used by Xiti to analyze traffic. |
Statistics |
1 an |
-
Cookies TARGETING/ADVERTISING
Cookie |
Description |
Category |
Duration |
---|---|---|---|
_trossion, |
Display offers on the internet personalized to the user points of interest, used by doubleclick.net a Google service. |
Targeting/Advertising |
up to 1 year and 1 month |
utag_main |
Used by Tealium |
Targeting/Advertising |
Noms variés |
Noms variés |
Added by Tealium tag management system. |
Targeting/Advertising |
Variable duration |
-
Cookies SOCIAL NETWORKS
Cookie |
Description |
Category |
Duration |
---|---|---|---|
1P_JAR, APISID, HSID, LOGIN_INFO, CONSENT, NID, PREF, SAPISID, SID, SSID, SIDCC, VISITOR_INFO1_LIVE, YSC, ANID |
Added by Youtube or Google to save how a Youtube video is used. In case a user is connected to his Google account, these data are associated with him. |
Social Network |
up to 2 years |
brainsonic |
Added by Damdy to save how a video is used. |
Social Network |
Session |
Statistics cookies are used to measure the number of visits, the number of pages viewed, users’ activity on the website and how often they return. The statistics tool used generates a cookie with a unique identifier, which is stored for no longer than. Your IP address is also collected in order to determine the town/city from which you are accessing the website. This is immediately anonymised after use so that you cannot be identified as a natural person. The statistical data on website visits are collected by the provider AT Internet and subsequently transferred to the data controller in an aggregated and anonymised form in a web interface to which it alone has access. The data collected are not transferred to third parties or used for other purposes. You can block those cookies by using the “opt out” proceeding above http://www.xiti.com/en/optout.aspx.
5.2.2 How do you delete cookies, receive notification of their storage or change your browser settings?
-
How do you delete cookies already stored on your computer?
-
-
On your workstation:
-
On the C:\ drive select the Windows folder;
-
Open the “Temporary Internet Files” folder;
-
Select all files (CTRL A);
-
Choose the “delete” option.
-
-
How do you change browser settings to reject or be informed of the storage of coookies?
-
In the Internet Explorer 5 (Microsoft) browser: Select “Tools”, and then “Internet Options”. Click on the “Security” tab, then “Custom level” and scroll down to the “cookies” section. Next to “Allow cookies that are stored on your computer” select “Ask” to be notified or “Disable” to decline all cookies;
-
In the Internet Explorer 6, 7 or 8 (Microsoft) browser: Select “Tools”, “Internet Options”, “Privacy”, then the level you wish to apply;
-
In the Firefox browser: Click on “Tools” and select “Options”. In the “Privacy and security” tab, untick the box “Accept cookies from websites”;
-
In the Chrome (Google) browser: Click “Customize and control Google Chrome” and select “Settings”. Under “Privacy and security”, click on “Content settings” and enable “Block third-party cookies” ;
-
In the Safari browser: Select “Preferences” then “Privacy” and select one of the following options regarding “Cookies and website data”: “Always block”, “Allow from current website only”, “Allow from websites I visit”.
6. Your rights/Contact
In accordance with current regulations, you have the right to access, rectify, delete and object to the use of your personal data. You can ask for your personal data to be sent to you and you have the right to give instructions for the use of your personal data after your death. You can also ask for restriction of the data processing or of data portability. Finally, you can lodge a complaint with the authority responsible for compliance with personal data protection obligations.
You can exercise your rights and ask us about the processing of your personal data via the contact form or by contacting the Communication Department to the following address: 2, place Jean Millier - La Défense 6 - 92078 Paris La Défense Cedex – France.
1. Introduction
The TotalEnergies company (or "TotalEnergies") promotes a culture and practices protecting personal data(1), in accordance with the applicable laws. To this end, TotalEnergies has implemented binding corporate rules ("BCRs").
This document summarizes the data protection principles that apply under our BCRs and the rights granted by them.
2. Purpose
Our BCRs are a set of internal binding rules, which are applicable to all of the TotalEnergies subsidiaries that have adopted them. They have been approved by the European data protection authorities.
They allow TotalEnergies subsidiaries to transfer personal data originating from the European economic area ("EEA")(2) to TotalEnergies subsidiaries located outside of the EEA in compliance with the applicable law.
3. Implementation scope
Our BCRs apply to all EEA-originating personal data processed by TotalEnergies subsidiaries including data relating to former and current employees, job applicants, clients and prospective clients, suppliers and sub-contractors and the staff of third companies acting on behalf of the Company subsidiaries as well as shareholders (hereafter "data subjects").
4. Protection principles
The following principles set out in our BCRs must be respected:
Lawfulness
Any processing(3) operation carried out within the Company has a legal basis, provided by the applicable law.
Personal data must only be processed for legitimate and lawful purposes. The data must not be further processed in a way which is incompatible with those purposes.
Relevance
Personal data must be accurate and proportionate, in terms of quality and quantity, in relation to the purpose of the processing.
Transparency
Personal data must be obtained lawfully and loyally. Data subjects must be informed about the characteristics of the processing of their personal data and about their rights, unless this proves impossible or would involve disproportionate efforts.
Security
Personal data must be protected by appropriate security measures to limit the risks of unauthorized access, destruction, alteration or loss.
When calling upon the services of a third party to process personal data, TotalEnergies subsidiary makes sure that the latter offers sufficient guarantees as regards the security and confidentiality of data.
Retention
Personal data must be retained only for a reasonable and not excessive period of time with regard to the purpose of the processing.
When the retention period expires, the data is destroyed, anonymized or archived.
International transfers(4) of personal data
TotalEnergies does not transfer personal data originating from a country of the EEA directly to a TotalEnergies subsidiary located in a third country which does not provide an adequate level of protection, unless such subsidiary has formally subscribed to the BCRs or uses another legal instrument recognized by the European Commission.
TotalEnergies does not transfer personal data originating from the EEA directly to a company not belonging to the Company located in a country which does not provide an adequate level of data protection (data controller or processor) without a legal basis under applicable law and instruments providing for sufficient safeguards, such as the standard contractual clauses.
Similarly, where a data importer further transfers personal data originating from the EEA to a company not belonging to the Company (data controller or processor) located in a country which does not provide an adequate level of data protection, the data importer shall enter into an agreement with this company whereby it commits to observe the principles of BCRs.
5. Data subject rights
Under our BCRs, data subjects whose personal data are processed have the following rights:
Right of access to the data
Right to rectify, erase and lock data
Right to object to the processing
Right to limit the processing
[A comprehensive list of the rights granted by the BCRs is detailed in APPENDIX 1 hereafter].
Data subjects may exercise these rights by submitting a request using the contact details provided in the legal notice concerning the processing of their data. TotalEnergies subsidiaries undertake to give replies within a reasonable timeframe about queries concerning the processing outside the EEA.
Moreover, if data subjects believe that a TotalEnergies subsidiary has failed to observe our BCRs, they have the right to lodge a complaint by sending:
An e-mail to : [email protected]
or
A letter to TotalEnergies – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX.
Data subjects will be informed about the status of their complaint and of any further steps.
The internal complaint procedure is described in APPENDIX 2 hereafter.
The fact that data subjects may file a complaint with TotalEnergies does not affect their rights to lodge a complaint with the competent EEA data protection authorities or to bring an action before the courts of the EEA country where the TotalEnergies subsidiary responsible for exporting the personal data is established.
6. Changes to TotalEnergies' rules
If necessary, our BCRs may be completed or updated.
7. More information
A copy of the comprehensive version of BCRs and a list of TotalEnergies subsidiaries can be obtained by sending an e-mail at: [email protected]
(1) Personal data means any information enabling the direct or indirect identification of a natural person.
(2) EEA means Member States of the European Union plus Iceland, Liechtenstein and Norway.
(3) Processing means any operation which is performed upon personal data, whether or not by automatic means (e.g.: collection, recording, storage, destruction…).
(4) Transfer means all virtual and physical exchanges of EEA-originating personal data from one country to another.
APPENDIX 1 - THIRD PARTY BENEFICIARY RIGHTS
TotalEnergies’ BCRs grant rights to Data Subjects to enforce the Rules as third-party beneficiaries, as detailed in the various chapters of these BCRs.
More specifically, they may enforce the following principles according to the terms and conditions set out in these BCRs:
That any processing operation carried out within the Company must have a legal basis as provided for by Applicable Law;
That TotalEnergies must collect and process Personal Data for legitimate, specified and explicit purposes and must not further process any Personal Data in a way incompatible with the purpose for which they were collected;
That TotalEnergies must process Personal Data that are relevant and not excessive in relation to the purposes for which they are collected, and that these Data must be accurate and, where necessary, kept up to date;
That Data Subjects must be provided with easy and permanent access to the information relating to their rights under these BCRs;
That Data Subjects whose Personal Data originate from the EEA must have a right of access, of rectification and of objection to the processing of their Personal Data in accordance with Applicable Law;
That Data Subjects whose Personal Data originate from the EEA must not be subject to a decision that produces legal effects concerning them or significantly affects them and that is based solely on automated processing of Personal Data intended to evaluate certain personal aspects relating to them, unless that decision:
Is taken in the course of the entering into or performance of a contract, provided the request for the entering into or the performance of the contract, lodged by the Data Subject, has been satisfied or that there are suitable measures to safeguard his/her legitimate interests, such as arrangements allowing him/her to express his/her point of view; or
Is authorized by Applicable Law, which also lays down measures to safeguard the Data Subject’s legitimate interests;
That TotalEnergies must implement appropriate measures to guarantee the security and confidentiality of the Personal Data, having regard to the state of art and the cost of their implementation;
That TotalEnergies must conclude a written processing agreement with any service provider used to process Personal Data, specifying that the service provider shall act only under TotalEnergies’ instructions and shall implement appropriate security and confidentiality measures;
That TotalEnergies must not transfer Personal Data from a Member State of the EEA or originating from the EEA to a company not belonging to the Company and located in a Third Country which does not provide an adequate level of data protection (either an External Data Controller or Processor) without a legal basis under Applicable Law and instruments providing for sufficient safeguards;
That a TotalEnergies Subsidiary must immediately inform the Data exporter if this TotalEnergies Subsidiary deems that the legislation applicable in its jurisdiction is likely to prevent it from fulfilling its obligations pursuant to TotalEnergies’ BCRs, and have a detrimental effect on the guarantees offered by these BCRs, unless where prohibited by a law enforcement authority, in particular as a result of a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
That any Data Subject may lodge a complaint with TotalEnergies through the internal complaint mechanism in accordance with the terms set out in the Chapter "Complaint handling";
That any TotalEnergies Subsidiaries that have subscribed to the BCRs must cooperate with the competent supervisory authorities, follow their recommendations regarding the international Transfers of Data in the event of a complaint or of a particular request from such authorities and accept to be audited by the supervisory authority of their country of establishment;
That any Data Subject may lodge a complaint with the National Supervisory Authorities or bring an action before the court of the EEA Member State where the Data exporter is established in order to enforce the above principles, and, where appropriate, to receive compensation for the damage suffered as a result of a breach of TotalEnergies’ BCRs. If, in the course of a transfer of Personal Data outside the EEA, the Data importer fails to observe TotalEnergies' BCRs, the Data exporter will defend any claim, establish that the Data importer has not violated the BCRs, and pay compensation to the Data Subject for the damage suffered as a result of that violation.
APPENDIX 2 - INTERNAL COMPLAINT HANDLING PROCEDURE
If a Data Subject believes that a TotalEnergies Subsidiary has not complied with TotalEnergies' BCRs, he/she may file a complaint in accordance with the complaint procedure set forth in the relevant privacy policy or contract or pursuant to the procedure described below.
1. How to make a complaint
Data Subjects may file a complaint by sending:
An e-mail to: [email protected]
or
A letter to TotalEnergies – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX.
The complaint should clearly provide as much detail as possible about the issue raised, including:
The country and the TotalEnergies Subsidiary concerned, the Data Subject’s understanding of the violation of the BCRs, the redress requested;
The Data Subject’s full name and contact details as well as a copy of his/her identity card or any other identifying document;
Any previous correspondence on this specific issue.
2. TotalEnergies' response
Within three months of TotalEnergies receiving a complaint, the appropriate Branch Data Privacy Lead ("BDPL") shall inform the Data Subject in writing of the admissibility of the complaint; and if the latter is admissible, of the corrective actions that TotalEnergies has taken or will take in response. The appropriate BDPL shall ensure that, if necessary, appropriate corrective actions are taken to achieve compliance with TotalEnergies’ BCRs if necessary.
The appropriate BDPL shall send a copy of the complaint and any written reply to the Corporate Data Privacy Lead ("CDPL").
3. Recourse process
If the Data Subject is not satisfied with the response from the appropriate BDPL (e.g., the complaint has been rejected), he/she may refer to the CDPL by sending an e-mail or letter as indicated above. The CDPL will review the complaint and reach a decision within three months of the data the request was received. Following this period, the CDPL will inform the Data Subject whether the initial response has been upheld or communicate a new response.
The fact that Data Subjects may file a complaint with TotalEnergies does not affect their right to lodge a complaint with the competent National Supervisory Authority or bring an action before the court of the EEA Member State where the Data exporter is established.