In order to respond to the creation of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of individuals with regard to the processing of personal data and the free movement of such data, immediately applicable on 25/05/2018, the Storengy SAS implemented a personal data protection policy based on the Engie Group’s GDPR Policy.
The General Management of Storengy SAS decided to provide an appropriate organisation and means to respond to regulatory requirements and to make the protection of personal data a commercial asset, in connection with the company’s digital strategy.
The policy developed hereinafter may be subject to modification according to the applicable legal and regulatory context.
1. Frame Of Reference
The policy of Storengy SAS in terms of personal data protection refers to the different applicable national and European regulations, which include, in France:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of individuals with regard to the processing of personal data and the free movement of such data (commonly called “General Data Protection Regulation”, referred to hereinafter as “the GDPR”), applicable as of 25/05/2018.
- French law no. 78-17 of 6 January 1978 on Data Files, Data Processing and Individual Liberties (“Loi Informatique & Libertés”).
Personal data collection by Storengy SAS relies on the major principles of personal data protection set out by the GDPR: ·
- Lawful, loyal and transparent processing of data.
- Determined, explicit and legitimate purposes.
- Adequate and relevant data which are limited regarding the purposes (minimisation principle).
- Accurate, up-to-date data.
- Limited duration of storage for defined purposes, after which the data must be deleted or rendered anonymous.
- Processing guaranteeing an appropriate level of safety.
3. Data Concerned
Storengy undertakes to protect all personal data collected. Personal data correspond with any information regarding an identifiable person (the “Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to this person.
Examples of personal data: name, first name, social security number, IP address, email address, consumption data, photo, driving licence, location, medical file, bank accounts, salary, insurances, fingerprint, cookie, etc. Personal data are not restricted to data regarding private life (e.g.: professional email address or phone number).
Although its clients are mainly legal entities (public collectivities, private companies…), Storengy SAS is directly concerned by the issue of personal data. In practice, the Data Subject may be, for instance:
- A collaborator of the entity or any assimilated person (employee, temporary worker, trainee, candidate).
- A representative or official of one of its clients or prospects, service providers, suppliers or subcontractors, or of any other stakeholder of the company.
- A visitor of the website https://hub.storengy.com/en/.
4. Data Processing
Personal data processing corresponds to any operation or set of operations regarding such data, using any process (automatic or not), and especially collection, recording, organisation, conservation, adaptation, modification, extraction, consultation, use, transmission…
Data processing in electronic and paper form are both concerned. Data processing is not only visible through an application, file, data base or Excel spreadsheet.
5. Safety Of Personal Data
Storengy implements technical and organisational measures adapted to the degree of sensitivity of the personal data in order to ensure their integrity and the confidentiality of data, and to protect data against any malicious intrusion, loss, deterioration or disclosure to unauthorised third parties.
Thus, Storengy undertakes to take the physical, technical and organisational safety measures required to:
- Protect its activities.
- Preserve the safety of its members’, partners’, web users’, suppliers’ and providers’ personal data.
- Avoid any unauthorised access, modification, deformation, disclosure, or destruction of personal data in its possession.
6. External Processors
Storengy may call upon External Processors for some processing operations. A subcontractor is a legal or natural person who “processes personal data on behalf of the Data Controller” (e.g.: SaaS providers, hosts, communication agencies).
Even if the external processors’ obligations and responsibilities are now profoundly reinforced through the GDPR (such as the obligation to keep a specific register of processing performed on behalf of third parties, obligation to advise and alert,…), Storengy SAS remains fully responsible for the protection of data it has provided to the above-mentioned.
- The choice of an external processor who shall process personal data must take account of the guarantees offered in terms of personal data protection.
- Each contract must contain a clause about the external processor's obligations in this matter.
7. Rights Of The Persons Concerned
The persons concerned by data processing have rights which enable them to keep control of the data relating to them. They must also be informed about the existence of a processing of their personal data prior to the effective performance of such processing.
The persons concerned have the following rights at any time:
- Portability (if applicable)
Storengy SAS shall install one or more procedure(s) guaranteeing effective compliance with these rights. Such rights may be exercised by the person concerned by sending a message to email@example.com. If the person concerned is not an employee of the company Storengy, a copy of an identity document must be attached to the request.
DATA PROCESSING PERFORMED WITHIN THE FRAMEWORK OF THE WEBSITE HUB.Storengy.com
On its website https://hub.storengy.com/en/,Storengy SAS processes data with the aim to:
- Optimise the browsing experience on its site https://hub.storengy.com/en/.
- Establish a contact form.
A description of the legal notices associated with such processing is available on the Legal Information page: https://hub.storengy.com/en/legal-notices/legal-notice