Personal Data Protection

 

PRINCIPLES OF PERSONAL DATA PROTECTION

ENGIE Services a.s. company, Id. No.: 26121603, with its registered office at Lhotecká 793/3, Kamýk, Postal Code No. 143 00, Prague 4, entered into the Commercial Register kept by the Municipal Court in Prague under Dossier No. B 6192, represented by: Jan Karsten, the Chairman of the Board of Directors and by Aleš Jech, Member of the Board of Directors,  (hereinafter referred to as „My“), as the administrator of personal data, hereby informs you, as the users of our web sites http://www.engie.cz/, customers, distributors, suppliers, about collecting personal data described below and principles of privacy protection.

There is a number of ways in which you can use our services – you can be our customers, you can look at our web sites or you can address us with your requests for our services. Sometimes, you also send us messages, in which you assess our services and thus provide us with a very valuable feedback on our work. When using our services or when sharing information with us, e.g. by sending us the contact form or by contacting our telephone line, we use the collected information on you in order to improve the quality of our services, to provide you with relevant answers to your requests and to offer you more interesting advertisement on our service.

When you are using our services, it is important for us that the processing of the information about you is absolutely understandable, transparent and that you know all your rights

In these Principles of Privacy Protection (hereinafter referred to as the „Principles“) we explain:

  • What information and in which manner we collect the information;
  • How we use the collected information and on what legal basis we do that;
  • How long we process the collected information;
  • Who has an access to the collected information;
  • What rights you have with respect to the collected information and how to apply them.

We try to describe you everything so that it is as clear and as simple as possible, but if you still do not understand any of the terms, such as personal data, IP address, or cookie, we suggest you that you get acquainted with the glossary of the key terms in Annex A to these Principles in advance.

In case you need to have any part of the text explained, to get advice or discuss further processing of your personal data, you can contact us at any time on our email address gdpr.cz@engie.com.

         1. WHAT INFORMATION WE COLLECT AND IN WHICH MANNER WE COLLECT IT

We collect the following information:

  • Information you communicate to us. It concerns your personal data that you communicate to us when you contact us, ask for support or when you are interested in our services. You usually provide us with these data by filling in and sending a special form that is on our web sites, by filling in the satisfaction questionnaire, in the agreement or order, in the requirements for our support or in your request for being sent a newsletter. It concerns, e.g. the name, surname, signature, email address, telephone number, organization name, work position or web site. If you have asked us for our support, we have got the information on your individual requirements. In order to improve our services and customer support, we also make use of your voice recording of the telephone calls, on which fact we always inform you in advance also at the beginning of the phone call.
  • The information we acquire when you make use of our services. We collect the information about how you use our services - from the visit of our web sites through to the use of our services.
  • Information on your activities on our web sites. By visiting our pages your activities on our web sites are recorded. We use cookie technologies in order to analyse “traffic” on our web sites. When you visit our web, we collect the information on your behaviour on the web, such as the number of the visited pages, length of visit, visited pages, repeated visits, etc. We never connect the information with any of your personal data, such as data which you fill in in the forms on our web site or your IP address. Other information on the use of cookies is stated in Annex B to these Principles.

Our services are not intended to children under the age of 16 years. We do not process personal data about children younger than 16 years. If you have not been 16 yet, please, do not use our web sites without the supervision and approval by your legal representative.

         2. HOW WE MAKE USE OF THE COLLECTED INFORMATION AND ON WHAT LEGAL BASIS

We use the collected information so that we can provide you with our services, maintain them, protect them and then improve them so that we can develop or change our services with respect to your preferences.

We also make use of the collected information, including your personal data, for the protection of us and other users of our services.

When you contact our support, we can keep the recording of the communication so that we are able to help you with the solution of your problems. We can use your email address for sending you the information on our services, such as communication on the changes and improvements prepared

We use the information collected from the cookie files for the improvement of the user environment and general quality of our services. To this effect we make use of third persons, specifically Google Analytics. E.g. if we save the setting of the language, we will be able to display you the services in the language that you prefer. When displaying the modified advertisements, we will not connect the identifier from the cookie files or similar technologies to your personal data.

We use your IP address for the identification of the city/town where you enter our web pages in order to understand the visitors’ behaviour on our web pages.

We use your data in our internal documentation, in which we keep the records on whether your data were deleted, who – within our company – deleted them and when, so that we are able to document our compliance with the legal rules and regulations in the area of personal data protection and simultaneously that we are able to meet other obligations following from other legal rules and regulations.

We process your personal data on the basis of the performance of the mutual agreement or your requirement, on the basis of the performance of our legal obligations or on the basis of our authorized interest. Before using the information for the purpose which is not stated in these Principles of Personal Data Protection, we will always inform you and we will ask you for the approval.

At any time you can refuse processing of your personal data for the purpose of sending you business communications and it will not affect our other mutual relationships. Sending us an email with the relevant request to gdpr.cz@engie.com is sufficient.

Your personal data will not be used for the purpose of any automated decision making, including profiling.

         3. HOW LONG WE PROCESS THE COLLECTED INFORMATION

Your personal data are always used only for a period of time necessary for the fulfilment of the purpose for which they have been collected – e.g. for a period of time of the business partnership, until you have not refused being sent our marketing communications or as long as we are solving your requirements for the support.

         4. WHO HAS ACCESS TO THE INFORMATION

We care for the personal data protection and we never sell the database of personal data. We only pass the personal data to third persons for the above stated purposes and only to a necessary extent.

Your Personal Data will be processed for us in order to increase the quality of our services and assure some activities by processors, who provide us with server, web, cloud or IT services, externa legal services, external auditing services; other processors are stated here.

With respect to the changes of persons of the providers of some services, it is not possible to state all these processors of Personal Data name by name. You can find the current list of specific recipients of the personal data here.

We only process your personal data in the territory of the European Union. If you are interested in the information about where your specific information is located, you can contact us at any time on email address: gdpr.cz@engie.com and we will jointly solve your requirement.

If we pass your personal data to third persons, we always do so on the basis of an adequate agreement concluded with such persons, so that we are able to control how the third persons deal with your personal data.

         5. HOW WE SECURE THE PERSONAL DATA

We are aware of the fact that securing personal data in such a way that they cannot be misused is our crucial obligation with respect to you. That is why we try to effectively apply the best possible security measures in order to prevent the misuse or another unauthorized encroachment of your personal data. In order to secure your personal data, we have adopted the following measures: 

  • Principle based on risk. In regular intervals we perform the review of the risks of information security relating to your personal data. That is why we have also hired specialized people who perform supervision and who work in the management of the company.
  • Organizational security. We put emphasize on the assurance that your personal data are secured against the risks of a human factor, namely:
      • We have adopted and maintain the guidelines for and documents of internal security;
      • We regularly assure trainings of the employees and other workers on the rules of work with personal data and risks of information security;
      • On the basis of agreements we stipulate the responsibility of the employees, external collaborators, contractors and other third persons having an access to your personal data;
      • We have adopted and we have maintain the standardized processes concerning the work with your personal data.
  • Technical measures. We have implemented important technical measures in order to assure security of your personal data, namely:
      • Antivirus solutions for the protection against malware;
      • Solutions for network security, combining firewalls, configuration of network elements and other technologies
      • Back-upping of important infrastructure and data. 
  • Physical security. In order to protect the personal data in writing and physical protection of IT equipment:
      • We control the access to your personal data;
      • We secured the premises and data warehouses of the personal data.

            6. WHAT RIGHTS YOU HAVE GOT WITH RESPECT TO THE COLLECTED INFORMATION AND HOW TO APPLY THEM

With respect to the processing of your personal data performed by us we have the following rights:

a)      right to the access to the personal data;

b)      right to the correction;

c)      right to the deletion („right to be forgotten “);

d)      right to the limitation of the personal data processing;

e)      right to the transferability of the data;

f)       right to raise the objection against processing;  

g)      right to file a complaint concerning the processing of the personal data.

Your rights are explained below, so that you are able to get a clearer idea of their contents. You can apply all your rights so that you write us to our email address: gdpr.cz@engie.com. You can file your complaint with the supervisory authority, which is the Office for the Personal Data Protection (www.uoou.cz).

Right to access means that you can ask us, at any time, for the confirmation whether the personal data relating to you are being processed or not, and if yes, then you have the right to the access these data and information about for what purposes, to what extent and to whom they are made available, how long we are going to process them, whether you have the right to the correction, deletion, limitation of their processing or you have the right to raise an objection against where we have acquired the personal data and whether exclusively automated decision making occurs on the basis of the processing of your personal data, including potential profiling.

Right to correction means that you can ask us, at any time, for the correction or completion of your personal data, if they are inaccurate or incomplete.

Right to deletion means that we must delete your personal data if (i) they are not necessary for the purposes for which they have been collected or processed in another way, (ii) the processing is illegal, (iii) you raise the objections against the processing and there are no prevailing authorized reasons for processing, or (iv) it is imposed on us based on the legal obligation (v) you withdraw your potential consent with processing of the personal data, if you have granted it to us.

Right to the limitation of processing means that until we solve any of the disputable issues concerning processing of your personal data, we must limit processing of your personal data.

Right to transferability means that you have got the right to acquire your personal data concerning you and processed in an automated way and on the basis of the consent or agreement in a structured, commonly used and machine-readable format, and the right to have these personal data transferred directly to another administrator

The right to raise an objection means that you can raise an objection against the processing of your personal data, which we are processing for the purpose of our authorized interests, namely for the purpose of direct marketing. If you raise an objection against such processing for the purposes of direct marketing, your personal data will not be further processed for these purposes.

These Principles of Personal Data Processing are effective as of 25 May, 2018.