Personal datas and cookies

Welcome to the website https://www.remit.totalenergies.com. By connecting to or browsing the website, you agree that you have read, understood and accepted, without limitation or reservation, the Personal data and cookies charter (the “charter”) and our terms and conditions of use. Please note that other terms and conditions and Personal data and cookies charter apply to other TotalEnergies Company websites, and we recommend that you read them carefully.

The charter aims to inform you of the rights and freedoms that you can exercise in respect of our use of your personal data and describes the measures that we take to protect these data.

TOTALENERGIES S.E. is the “data controller” with responsibility for processing the personal data used to manage the website. These processing operations are carried out in accordance with the applicable law.
 

1. Purpose of processing, legal basis, the period of storage and types of data collected

When you visit the website, you may need to provide us with a number of items of personal data, such as your first name and surname, in order to use the services available.

This processing of your data is based on our legitimate interest to provide you answer your request or provide you services.

 

Your personal data will not be processed subsequently in a way that is incompatible with the purposes described above or below the collection forms. Your data are kept for no longer than 2 years.

 

3. Recipients of data

Your personal data may be communicated to one or more of the data controller's departments or to TotalEnergies Company companies and one or more partners, independent distributors or subcontractors.

 

4. Data Transfers

Any transfer of data to a country outside the European Economic Area shall be carried out in accordance with the applicable regulations and in such a way as to protect your data appropriately. 

For the purposes of the services provided on this website, your data (first name, surname, e-mail address) [MR1] may be transferred to other TotalEnergies Company Companies located outside the European Union.

 

For this reason, the TotalEnergies Company has adopted “Binding Corporate Rules” (BCR) governing intra-Company transfers of personal data originating in the European Economic Area.

For data transfers not covered by the BCR, to countries outside the European Economic Area, other measures to ensure adequate protection are taken.

If you would like more information about our BCRs see below. [MR2] For more information about the other measures taken to ensure adequate protection, please write to the contact address specified below.

 

5. Data security and confidentiality

The data controller takes appropriate steps to preserve the security and confidentiality of your personal data, including to prevent them from being distorted, damaged or disclosed to unauthorized third parties.

6. Cookie management

6.1. Principle

A cookie is a file which enables a website to save information relating to your computer’s browsing of the website (page views, number of visits, bounce rate, traffic source, etc.), to make your visits to the website smoother.

You can at any time delete the cookies stored on your computer, object to the storage of new cookies and receive a notification before new cookies are stored by changing your browser settings using the instructions below (“Types of cookies, cookies and statistics, and settings”).

Please note that if you remove a cookie or object to the storage of cookies on your device, you may not be able to use some of the website's services.

 

6.2. Types of cookies, cookies and statistics, and settings.

The cookies that may be stored on your server when you browse the website are cookies which are intended solely to enable or facilitate electronic communication or which are strictly necessary to provide the service you are requesting (language cookies, login cookies, etc.), or statistics cookies or other cookies in accordance with the conditions below.

When cookies require your agreement before they can be saved, we ask you for this agreement via the “find out more” link displayed on the first page of the website that you land on, in which it is made clear that by continuing to browse the website you accept these cookies.

 

6.2.1. Which cookies are stored?[MR3] 

 

• Cookies issued by the data controller

 

Cookie	Description	Duration
Site (has_js)	Contains information on the navigation session and gives the user access to the website	Deleted at the end of the session
Site (cookie_agreed)	Registers the user’s choice regarding cookies	13 months
Drupal.language	Drupal cookie configuration (language redirection)	7 days
Drupal_language_redirection	Drupal cookie configuration	1 year
Drupal.tableDrag.showWeight	Drupal cookie configuration	1 year
authorized_config	Allows knowledge of what services were rejected/accepted by the user	1 year
getaquote	Registers the user’s choice on the Find My Product webform	1 year
cookie-agreed	Cookie created by “Smile” to retain the user’s choice on cookies within the GDPR scope	1 year 1 day

 

• Cookies issued by third parties

Cookie	Description	Duration
__unam	Cookie offered by ShareThis to activate content sharing	9 months
_trossion	Allows displaying of offers adapted to the interests of the user on the internet (doubleclick.net)	1 year et 1 month
_troRUID	Allows displaying of offers adapted to the interests of the user on the internet (doubleclick.net)	6 months
_troSYNC	Allows displaying of offers adapted to the interests of the user on the internet (doubleclick.net)	6 months
utag_main	Used by Tealium	1 an

 

• Statistics cookies

Cookie	Description	Duration
xtant	Cookie used by AT Internet (Analytics) containing a technical value linked to the identified visitors management. Used by XITI.	6 months
xtat	Cookie used by AT Internet (Analytics) containing a textual ID linked to the identified visitor. Used by XITI.	6 months
xtvrn	Cookie used by AT Internet (Analytics) containing a technical value linked to the identified visitors management. Used by XITI.	6 months
atuserid	Cookie used by AT Internet (Analytics) to identify the website visitors in first-party cookie (PS : this cookie is not calling a domain name different from the website). Used by XITI.	1 year 1 day
dtCookie	Cookie used by Dynatrace (Analytics) containing the session ID (performance tracking)	1 minute
dtLatC	Cookie used by Dynatrace (Analytics) containing the session ID (performance tracking)	1 minute
dtPC	Cookie used by Dynatrace (Analytics) to identify the ideal location to measure performance (performance tracking)	1 minute
dtSa	Cookie used by Dynatrace (Analytics) like intermediate stocking to follow the user’s actions  (performance tracking)	1 minute
rxVisitor	Cookie used by Dynatrace (Analytics) to identify the visitor (performance tracking)	1 minute
rxvt	Cookie used by Dynatrace (Analytics) to identify the end of the user’s session (performance tracking)	1 minute
atidvisitor	Cookie used by AT Internet (Analytics) to collect the numsites (unique site IDs) seen by the visitor and to stock the visitor ID. Used by XITI.	6 months
dtCookie	Cookie used by Dynatrace (Analytics) containing the session ID (performance tracking)	1 minute
dtLatC	Cookie used by Dynatrace (Analytics) to measure the server latency (performance tracking )	1 minute

 

Statistics cookies are used to measure the number of visits, the number of pages viewed, users’ activity on the website and how often they return. The used statistics tool, AT Internet generates a cookie with a unique identifier, which is stored for no longer than 13 months. Your IP address is also collected in order to determine the town/city from which you are accessing the website. Your IP address is immediately anonymized after use so that you cannot be identified as a natural person. The statistical data on website visits are collected by the provider AT Internet and subsequently transferred to the data controller in an aggregated and anonymized form in a web interface to which it alone has access. The data collected are not transferred to third parties or used for other purposes. You can block these cookies at any time by opting out as described above by clicking the link http://www.xiti.com/en/optout.aspx     [MR4] 

6.2.2. How do you delete cookies, receive notification of their storage or change your browser settings?

 

• How do you delete cookies already stored on your computer?
  • On your workstation:
  • On the C:\ drive select the Windows folder;
  • Open the “Temporary Internet Files” folder;
  • Select all files (CTRL A);
  • Choose the “delete” option.

 

• How do you change browser settings to reject or be informed of the storage of cookies?

• In the Internet Explorer 5 (Microsoft) browser: Select “Tools”, and then “Internet Options”. Click on the “Security” tab, then “Custom level” and scroll down to the “cookies” section. Next to “Allow cookies that are stored on your computer” select “Ask” to be notified or “Disable” to decline all cookies;
• In the Internet Explorer 6, 7 or 8 (Microsoft) browser: Select “Tools”, “Internet Options”, “Privacy”, then the level you wish to apply;
• In the Firefox browser: Click on “Tools” and select “Options”. In the “Privacy and security” tab, untick the box “Accept cookies from websites”;
• In the Chrome (Google) browser: Click “Customize and control Google Chrome” and select “Settings”. Under “Privacy and security”, click on “Content settings” and enable “Block third-party cookies” ;
• In the Safari browser: Select “Preferences” then “Privacy” and select one of the following options regarding “Cookies and website data”: “Always block”, “Allow from current website only”, “Allow from websites I visit”.

 

 

7. Your rights /Contact

In accordance with current regulations, you have the right to access, rectify, delete and object to the use of your personal data.

You can ask for your personal data to be sent to you and you have the right to give instructions for the use of your personal data after your death.  You can also ask for restriction of the data processing, or of data portability.

You can exercise your rights and ask us about the processing of your personal data by contacting:

 

TotalEnergies Raffinage Chimie
2 place Jean Millier
92400 Courbevoie

 

Finally, you can lodge a complaint with the authority responsible for compliance with personal data protection obligations.

 

 

 

SUMMARIZED VERSION

OF TOTALENERGIES’S BINDING CORPORATE RULES

 

1. Introduction

 

The TotalEnergies Company (or “TotalEnergies”) promotes a culture and practices regarding the protection of personal data[1], in accordance with the applicable laws. To this end, TotalEnergies has implemented Binding Corporate Rules (“BCRs”).

 

This document summarizes the data protection principles that apply under our BCRs and the rights granted by them.

 

2. Purpose

 

Our BCRs are a set of internal binding rules, which are applicable to all of the TotalEnergies subsidiaries that have adopted them. They have been approved by the European data protection authorities.

 

They allow TotalEnergies subsidiaries to transfer personal data originating from the European economic area (“EEA”)[2] to TotalEnergies subsidiaries located outside of the EEA in compliance with the applicable law.

 

3. Implementation scope

 

Our BCRs apply to all EEA-originating personal data processed by TotalEnergies subsidiaries including data relating to former and current employees, job applicants, clients and prospective clients, suppliers and sub-contractors and the staff of third companies acting on behalf of the Company subsidiaries as well as shareholders (hereafter “data subjects”).

 

4. Protection principles

 

The following principles set out in our BCRs must be respected, among which: 

 

• Lawfulness

 

Any processing[3] operation carried out has a legal basis, provided by the applicable law.

 

Personal data must only be processed for lawful, determined and legitimate purposes. The data must not be further processed in a way which is incompatible with those purposes.

 

• Relevance

 

Personal data must be accurate and proportionate, in terms of quality and quantity, in relation to the purpose of the processing.

 

• Transparency

 

Personal data must be obtained lawfully and loyally. Data subjects must be informed about the characteristics of the processing of their personal data and about their rights, unless this proves impossible or would involve disproportionate efforts.

 

• Security

 

Personal data must be protected by appropriate security measures to limit the risks of unauthorized access, destruction, alteration or loss.

 

To do so, a set of internal norms apply, allowing to ensure the security and the confidentiality of personal data:

• The usage Charter for the IT and communication resources, that requires to act in accordance with the regulation and with the confidentiality rules;
• The Information Systems Security policy, that defines the governance mode of the security of information systems;
• The Information Systems Security Reference System, that enumerates, through 19 detailed themes, the different requirements of the Company in terms of security of information systems;
• The Information Protection policy, that presents the requirements relative to the protection of confidentiality, integrity and of the availability of the information held and exchanged within the Company.

When calling upon the services of a third party to process personal data, TotalEnergies subsidiary makes sure that the latter offers sufficient guarantees as regards the security and confidentiality of data.

 

• Retention

 

Personal data must be retained only for a reasonable and not excessive period of time with regard to the purpose of the processing.

 

When the retention period expires, the data is destroyed, anonymized or archived.

 

• International transfers[4] of personal data

 

TotalEnergies does not transfer personal data originating from a country of the EEA directly to a TotalEnergies subsidiary located in a third country which does not provide an adequate level of protection, unless such subsidiary has formally subscribed to the BCRs or uses another legal instrument recognized by the European Commission.

 

TotalEnergies does not transfer personal data originating from the EEA directly to a company not belonging to the Company located in a country which does not provide an adequate level of data protection (data controller or processor) without a legal basis under applicable law and instruments providing for sufficient safeguards, such as the standard contractual clauses.

 

Similarly, where a data importer further transfers personal data originating from the EEA to a company not belonging to the Company (data controller or processor) located in a country which does not provide an adequate level of data protection, the data importer shall enter into an agreement with this company whereby it commits to observe the principles of BCRs.

 

5. Data subject rights

 

Under our BCRs, data subjects whose personal data are processed have the following rights:

 

• Right of access to the data

 

• Right to rectify, erase and lock data

 

• Right to object to the processing

 

• Right to limit the processing

 

[A comprehensive list of the rights granted by the BCRs is detailed in APPENDIX 1 hereafter].

 

Data subjects may exercise these rights by submitting a request using the contact details provided in the legal notice concerning the processing of their data. TotalEnergies subsidiaries undertake to give replies within the legal deadline about queries concerning the processing outside the EEA.

 

Moreover, if data subjects believe that a TotalEnergies subsidiary has failed to observe the BCRs, they have the right to lodge a complaint by sending:

 

• An e-mail to: [email protected]

 

or

 

• A letter to TOTALENERGIES – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX.

 

Data subjects will be informed about the status of their complaint and of any further steps.

 

The internal complaint procedure is described in APPENDIX 2 hereafter.

 

The fact that data subjects may file a complaint with TotalEnergies does not affect their rights to lodge a complaint with the competent EEA data protection authorities or to bring an action before the courts of the EEA country where the TotalEnergies subsidiary responsible for exporting the personal data is established.

 

6. Governance

 

An internal « personal data Protection network » is in charge of monitoring and controlling the implementation of the BCRs within the Company. It is composed of:

• A Corporate Data Privacy Lead who monitors and follows compliance actions at the Company level;
• Branch Data Privacy Leads who lead and coordinate compliance actions at the Branch level;
• Data Privacy Liaisons who lead and coordinate compliance actions at the affiliate level.

 

7. Internal control and audit

 

To ensure the proper application of our BCRs, some internal control and audit mechanisms have been implemented.

 

An annual internal control plan is defined by the personal data Protection network to assess the level of compliance of the Company’s processing regarding our BCRs. A reporting is also set up to report regularly on the actions plans that have been drawn up after evaluations.

 

Furthermore, the Company Internal Audit Direction also integrates the control of the personal data protection pattern into its periodic audit plan.

 

8. Changes to TotalEnergies’s rules

 

If necessary, our BCRs may be completed or updated.

 

9. More information

 

A copy of the comprehensive version of our BCRs as well as a list of TotalEnergies subsidiaries that adopted them can be obtained by sending an e-mail at: [email protected]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

---

---