In order to respond to the creation of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of individuals with regard to the processing of personal data and the free movement of such data, immediately applicable on 25/05/2018, the Storengy SAS implemented a personal data protection policy based on the Engie Group’s GDPR Policy.
The General Management of Storengy SAS decided to provide an appropriate organisation and means to respond to regulatory requirements and to make the protection of personal data a commercial asset, in connection with the company’s digital strategy.
The policy developed hereinafter may be subject to modification according to the applicable legal and regulatory context.
The policy of Storengy SAS in terms of personal data protection refers to the different applicable national and European regulations, which include, in France:
Personal data collection by Storengy SAS relies on the major principles of personal data protection set out by the GDPR: ·
Storengy undertakes to protect all personal data collected. Personal data correspond with any information regarding an identifiable person (the “Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to this person.
Examples of personal data: name, first name, social security number, IP address, email address, consumption data, photo, driving licence, location, medical file, bank accounts, salary, insurances, fingerprint, cookie, etc. Personal data are not restricted to data regarding private life (e.g.: professional email address or phone number).
Although its clients are mainly legal entities (public collectivities, private companies…), Storengy SAS is directly concerned by the issue of personal data. In practice, the Data Subject may be, for instance:
Personal data processing corresponds to any operation or set of operations regarding such data, using any process (automatic or not), and especially collection, recording, organisation, conservation, adaptation, modification, extraction, consultation, use, transmission…
Data processing in electronic and paper form are both concerned. Data processing is not only visible through an application, file, data base or Excel spreadsheet.
Storengy implements technical and organisational measures adapted to the degree of sensitivity of the personal data in order to ensure their integrity and the confidentiality of data, and to protect data against any malicious intrusion, loss, deterioration or disclosure to unauthorised third parties.
Thus, Storengy undertakes to take the physical, technical and organisational safety measures required to:
Storengy may call upon External Processors for some processing operations. A subcontractor is a legal or natural person who “processes personal data on behalf of the Data Controller” (e.g.: SaaS providers, hosts, communication agencies).
Even if the external processors’ obligations and responsibilities are now profoundly reinforced through the GDPR (such as the obligation to keep a specific register of processing performed on behalf of third parties, obligation to advise and alert,…), Storengy SAS remains fully responsible for the protection of data it has provided to the above-mentioned.
The persons concerned by data processing have rights which enable them to keep control of the data relating to them. They must also be informed about the existence of a processing of their personal data prior to the effective performance of such processing.
The persons concerned have the following rights at any time:
Storengy SAS shall install one or more procedure(s) guaranteeing effective compliance with these rights. Such rights may be exercised by the person concerned by sending a message to firstname.lastname@example.org. If the person concerned is not an employee of the company Storengy, a copy of an identity document must be attached to the request.
On its website https://hub.storengy.com/en/,Storengy SAS processes data with the aim to:
A description of the legal notices associated with such processing is available on the Legal Information page: https://hub.storengy.com/en/legal-notices/legal-notice