TotalEnergies

Privacy

Personal Data Protection & Cookie Policy Charter

Welcome to the website https://www.total.com (the “website”). By connecting to or browsing the website, you agree that you have read, understood and accepted, without limitation or reservation, the personal data and cookies management policy (the “policy”) and our terms and conditions of use. Please note that other terms and conditions and personal data protection policies apply to other TotalEnergies Group websites, and we recommend that you read them carefully.

The policy aims to inform you of the rights and freedoms that you can exercise in respect of our use of your personal data and describes the measures that we take to protect these data.

TotalEnergies S.A is the “data controller” with responsibility for processing the personal data used to manage the website. These processing operations are carried out in accordance with the applicable law.

1. PURPOSE OF PROCESSING, LEGAL BASIS, THE PERIOD OF STORAGE AND TYPES OF DATA COLLECTED

When you visit the website, you may need to provide us with a number of items of personal data, such as your first name and surname, in order to use the services available.

The data controller processes your personal data for the purposes of providing the services and for its legitimate interest.

In particular, we may collect some items of your personal data for the purposes of external communication in order to answer your requests for information.

In our online forms, the mandatory fields are marked with an asterisk. If you do not provide answers to the mandatory questions, we will not be able to provide you with the service(s) requested.

Your personal data will not be processed subsequently in a way that is incompatible with the purposes described above or below the collection forms. Your data are kept for no longer than necessary for processing.

2. RECIPIENTS OF DATA

Your personal data may be communicated to one or more of the data controller’s departments or to TotalEnergies Group companies and one or more partners, independent distributors or subcontractors for the purposes of analysis and surveys.

If you leave a comment intended to be posted online, we may be required to publish some of your personal data on the website. Given the characteristics of the internet, namely the unrestricted capture of published data and the fact that it is difficult, or even impossible, to control how third parties can use these data, we hereby inform you that you can object to this publication by contacting us as explained in article 5 below.

Any transfer of data to a country outside the European Economic Area shall be carried out in accordance with the applicable regulations and in such a way as to protect your data appropriately. 

For the purposes of the services provided on this website, your data may be transferred to recipients located outside the European Union.

For this reason, the TotalEnergies Group has adopted “Binding Corporate Rules” (BCR) governing intra-Group transfers of personal data originating in the European Economic Area. 

For data transfers not covered by the BCR, to countries outside the European Economic Area, other guarantees are provided. 

You can request a copy by contacting us as explained in article 5 below.

3. DATA SECURITY AND CONFIDENTIALITY

The data controller takes appropriate steps to preserve the security and confidentiality of your personal data, including to prevent them from being distorted, damaged or disclosed to unauthorised third parties.

4. COOKIE MANAGEMENT

4.1 Principle

A cookie is a file which enables a website to save information relating to your computer’s browsing of the website (e.g. number of visits, number of pages viewed, etc.), to make your visits to the website smoother.

You can at any time delete the cookies stored on your computer, object to the storage of new cookies and receive a notification before new cookies are stored by changing your browser settings using the instructions below (“Types of cookies, cookies and statistics, and settings”). 

Please note that if you remove a cookie or object to the storage of cookies on your device, you may not be able to use some of the website’s services. 

4.2 Types of cookies, cookies and statistics and settings

The cookies that may be stored on your server when you browse the website are cookies which are intended solely to enable or facilitate electronic communication or which are strictly necessary to provide the service you are requesting (language cookies, login cookies, etc.), or statistics cookies or other cookies in accordance with the conditions below.
 
When cookies require your agreement before they can be saved, we ask you for this agreement via the “find out more” link displayed on the first page of the website that you land on, in which it is made clear that by continuing to browse the website you accept these cookies. 

4.2.1 Which cookies are stored?

• Data Controller cookies

Cookie Description How to optout ? Persistence
Site (has_js) Contains information about the browser session and allows visitors to log into the website See article 4.2.2 Removed when the browser is closed
Site (cookie_agreed) Remembers a visitor’s choice regarding cookies See article 4.2.2 13 months 

• Third parties cookies

Cookie editor Description How to optout ? Persistence
Score Card Research Beacon Allows Share this to see how many visitors come to the site
 click on the “Opt Out” button for advertising cookies or see article 4.2.2
 
 
 2 years
ShareThis Allows sharing on Miscellaneous Social platforms
 click on the “Opt Out” button for advertising cookies or see article 4.2.2
 
__unam (9 months)
__stdlxmap (7 days)
__stgmap (7 days)
__stid (24hours)
__uset (24hours)
STPC (24hours)
 
METRIXLAB
 Allows and records the opening of the satisfaction form about the site Please contact privacy@MetrixLab.com or see article 4.2.2 7 months
FASTFONT Allows to improve the display of contents See article 4.2.2 Removed when the browser is closed
TWITTER Records ID’s for sharing on twitter Through your profile, go to your Security Settings page and uncheck the box under the promoted content section or see article 4.2.2 18 months
FACEBOOK Records ID’s for sharing on facebook
 
scroll down to the “Choice” heading, click the last “click here” link in the paragraph, and fill in your information or  see article 4.2.2
 
 2 years 

• Statistics cookies

Cookie editor Description How to optout ? Persistence
AT INTERNET
idrxvr  
tmst
Allows to see how many visitors come to the site and how often
 
 http://www.xiti.com/en/optout.aspx or see article 4.2.2 7 months

Statistics cookies are used to measure the number of visits, the number of pages viewed, users’ activity on the website and how often they return. The statistics tool used generates a cookie with a unique identifier, which is stored for no longer than. Your IP address is also collected in order to determine the town/city from which you are accessing the website. This is immediately anonymised after use so that you cannot be identified as a natural person. The statistical data on website visits are collected by the providers AT Internet and Google Analytics and subsequently transferred to the data controller in an aggregated and anonymised form in a web interface to which it alone has access. The data collected are not transferred to third parties or used for other purposes. You can block those cookies by using the “opt out” proceeding above http://www.xiti.com/en/optout.aspx and https://support.google.com/analytics/answer/181881?hl=en.

4.2.2. How do you delete cookies, receive notification of their storage or change your browser settings?

• How do you delete cookies already stored on your computer?

  • On your workstation;
  • On the C:\ drive select the Windows folder;
  • Open the “temporary internet Files” folder;
  • Select all the files (CTRL A); 
  • Choose the “delete” option; 

• How do you change browser settings to reject or be informed of the storage of cookies?

  • In the Internet Explorer 5 (Microsoft) browser: Select “Tools”, and then “Internet Options”. Click on the “Security” tab, then “Custom level” and scroll down to the “cookies” section. Next to “Allow cookies that are stored on your computer” select “Ask” to be notified or “Disable” to decline all cookies; 
  • In the Internet Explorer 6, 7 or 8 (Microsoft) browser: Select “Tools”, “Internet Options”, “Privacy”, then the level you wish to apply; 
  • In the Firefox browser: Click on “Tools” and select “Options”. In the “Privacy and security” tab, untick the box “Accept cookies from websites”; 
  • In the Chrome (Google) browser: Click “Customize and control Google Chrome” and select “Settings”. Under “Privacy and security”, click on “Content settings” and enable “Block third-party cookies”.

5. YOUR RIGHTS / CONTACT

In accordance with current regulations, you have the right to access, correct, delete and object to the use of your personal data. You also have a right to prior consent to marketing and to object to it under the applicable regulations. You can ask for your personal data to be sent to you and you have the right to give instructions for the use of your personal data after your death.  You can also ask for restriction of the data and/or make a claim to the CNIL (the French data protection agency). Please use the contact form (https://www.total.com/en/formulaire-de-contact) to make your request or send it to the following address

TOTAL S.A.
Communication Department
2 Place Jean Millier – La Défense 6
92400 COURBEVOIE, France

TotalEnergies’s Binding Corporate Rules

1. INTRODUCTION

The TotalEnergies Group (or “TotalEnergies”) promotes a culture and practices protecting personal data(1), in accordance with the applicable laws. To this end, TotalEnergies has implemented binding corporate rules (“BCRs”).

This document summarizes the data protection principles that apply under our BCRs and the rights granted by them. 

2. PURPOSE

Our BCRs are a set of internal binding rules, which are applicable to all of the TotalEnergies subsidiaries that have adopted them. They have been approved by the European data protection authorities.

They allow TotalEnergies subsidiaries to transfer personal data originating from the European economic area (“EEA”)(2) to TotalEnergies subsidiaries located outside of the EEA in compliance with the applicable law.

3. IMPLEMENTATION SCOPE

Our BCRs apply to all EEA-originating personal data processed by TotalEnergies subsidiaries including data relating to former and current employees, job applicants, clients and prospective clients, suppliers and sub-contractors and the staff of third companies acting on behalf of the Group subsidiaries as well as shareholders (hereafter “data subjects”). 

4. PROTECTION PRINCIPLES

The following principles set out in our BCRs must be respected:  

  • Lawfulness

Any processing(3) operation carried out within the Group has a legal basis, provided by the applicable law.

Personal data must only be processed for legitimate and lawful purposes. The data must not be further processed in a way which is incompatible with those purposes.

  • Relevance

Personal data must be accurate and proportionate, in terms of quality and quantity, in relation to the purpose of the processing.

  • Transparency

Personal data must be obtained lawfully and loyally. Data subjects must be informed about the characteristics of the processing of their personal data and about their rights, unless this proves impossible or would involve disproportionate efforts.

  • Security

Personal data must be protected by appropriate security measures to limit the risks of unauthorized access, destruction, alteration or loss. 

When calling upon the services of a third party to process personal data, TotalEnergies subsidiary makes sure that the latter offers sufficient guarantees as regards the security and confidentiality of data. 

  • Retention

Personal data must be retained only for a reasonable and not excessive period of time with regard to the purpose of the processing. 

When the retention period expires, the data is destroyed, anonymized or archived.

  • International transfers(4) of personal data

TotalEnergies does not transfer personal data originating from a country of the EEA directly to a TotalEnergies subsidiary located in a third country which does not provide an adequate level of protection, unless such subsidiary has formally subscribed to the BCRs or uses another legal instrument recognized by the European Commission. 

TotalEnergies does not transfer personal data originating from the EEA directly to a company not belonging to the Group located in a country which does not provide an adequate level of data protection (data controller or processor) without a legal basis under applicable law and instruments providing for sufficient safeguards, such as the standard contractual clauses. 

Similarly, where a data importer further transfers personal data originating from the EEA to a company not belonging to the Group (data controller or processor) located in a country which does not provide an adequate level of data protection, the data importer shall enter into an agreement with this company whereby it commits to observe the principles of BCRs.

5. DATA SUBJECT RIGHTS

Under our BCRs, data subjects whose personal data are processed have the following rights: 

  • Right of access to the data
  • Right to rectify, erase and lock data
  • Right to object to the processing
  • Right to limit the processing

[A comprehensive list of the rights granted by the BCRs is detailed in APPENDIX 1 hereafter].

Data subjects may exercise these rights by submitting a request using the contact details provided in the legal notice concerning the processing of their data. TotalEnergies subsidiaries undertake to give replies within a reasonable timeframe about queries concerning the processing outside the EEA.

Moreover, if data subjects believe that a TotalEnergies subsidiary has failed to observe our BCRs, they have the right to lodge a complaint by sending: 

or

  • A letter to TOTAL – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX.

Data subjects will be informed about the status of their complaint and of any further steps.

The internal complaint procedure is described in APPENDIX 2 hereafter.

The fact that data subjects may file a complaint with TotalEnergies does not affect their rights to lodge a complaint with the competent EEA data protection authorities or to bring an action before the courts of the EEA country where the TotalEnergies subsidiary responsible for exporting the personal data is established. 

6. CHANGES TO TOTAL’S RULES

If necessary, our BCRs may be completed or updated.

7. MORE INFORMATION

A copy of the comprehensive version of BCRs and a list of TotalEnergies subsidiaries can be obtained by sending an e-mail at: data-protection@total.com

(1) Personal data means any information enabling the direct or indirect identification of a natural person.
(2) EEA means Member States of the European Union plus Iceland, Liechtenstein and Norway.
(3) Processing means any operation which is performed upon personal data, whether or not by automatic means (e.g.: collection, recording, storage, destruction…).
(4) Transfer means all virtual and physical exchanges of EEA-originating personal data from one country to another.