Skip to content



Welcome to the website (the “Website"). By connecting to the Website, you acknowledge that you have read, understood and accepted this Personal Data Protection & Cookie Policy (herein after referred to as the “Policy”) without limitation or reservation along. Please note that other general terms and conditions and personal data protection policies apply to other websites of the TotalEnergies group. It is recommended that you read them carefully.

This Policy is intended to inform you of the rights and freedoms that you can exercise with regard to our use of your personal data. It also describes the measures implemented to protect them.

TotalEnergies Country Services UK Limited (Companies House registration number 11223321),  and TotalEnergies E&P UK Limited (the UK Exploration & Production branch of TotalEnergies SE, registered at Companies House under number 00811900) (each, as the case may be, referred to herein as the “Data Controller”) is responsible for processing personal data concerning the management of the Website. Said processing is implemented in accordance with English laws.

1.  Purpose of processing and types of data collected

When visiting the Website, you may provide personal data such as your surname and first name in order to benefit from the services offered.

In particular we can collect some of your personal data for external communication purposes, such as answering your requests for information and better understanding your expectations. In our online forms, compulsory fields are marked with an asterisk. If you do not answer the compulsory questions, we will not be able to provide you with the requested service.

Your personal data are not subsequently processed in any manner that is incompatible with the purpose described above or in the collection forms. They are only stored for the requisite amount of time needed to fulfil these purposes.

2.   Data recipients

Your personal data may be disclosed only to our specific departments tasked with processing or affiliates directly or indirectly owned or to specific partners, independent distributors or sub-contractors for analysis and survey purposes.

Furthermore, if you submit a comment intended to be posted online, we may publish some of your personal data on the Website. Given the characteristics of the Internet, i.e., free capture of broadcast information and the difficulty, or even the impossibility, of monitoring usage by third parties, we inform you that you can stop such distribution by contacting us, as indicated in article 5 below.

Any data transfer to a third country outside of the European Economic Area is completed in accordance with applicable law and in such a way as to ensure adequate protection of data. For this purpose, for intra-group personal data transfers, the TotalEnergies group has adopted 'Binding Corporate Rules' (BCR) (Company’s internal regulations) governing the processing of personal data from European Economic Area. For data transfers outside of the European Economic Area, other safeguards are implemented.

3.   Security and confidentiality of your data

We implement the appropriate measures to ensure the security and confidentiality of your personal data and in particular to prevent them from being altered, damaged or accessed by unauthorized third parties.

4.   Cookie Management

4.1 Principles

When you visit the Website, a “cookie” may be installed in your computer. A cookie is a file that records information concerning your browsing of the Website from that computer (e.g., visited pages, date and time of browsing, viewed links) and will facilitate your visits by making it easier and faster for you to identify yourself to access your target pages.

You can delete cookies installed on your computer at any time and prevent new cookies being saved and receive notification before installation of a new cookie by configuring your browser software. Please refer to the help section of your browser software for more information on how to activate and deactivate these functions and refer to the browser’s “types of cookies, cookies, statistics, settings”.

Please note that you may not benefit from some of the services if you uninstall a cookie or prevent cookies from being installed on your machine.


4.2 Types of Cookie, Cookies and Statistics and Settings

Cookies installed on your server when you surf on the Website are cookies which exclusively aim at enabling or facilitating communication through electronic mean or which are strictly necessary for the provision of services you require (Languages cookies, identify cookies…) or statistics cookies or other cookies under the following conditions.

When cookies require your prior consent to the installation, you are asked through the link “More information” in the banner displayed on the front page, given that the pursuit of the navigation on the website means your acceptation.


4.2.1 Cookies Installed

Data Controller cookies




How to optout ?



Contains information on the navigation session and gives the user access to the website

See article 4.2.2

Deleted at the end of the session

cookie-agreed-en Cookie created by "Smile" to retain the user's choice on cookies within the GDPR scope See article 4.2.2 1 year 1 day
Drupal.language Drupal cookie configuration (language redirection) See article 4.2.2 7 days
Drupal_language_redirection Drupal cookie configuration See article 4.2.2 1 year


Third Parties cookies



How to optout ?



Cookie offered by Share This to activate content sharing click on the "Opt Out" button for advertising cookies or see article 4.2.2.

9 months

untag_main Used by Tealium See article 4.2.2 1 year


Statistics cookies

Cookie Editor


How to optout ?



Cookie used by AT Internet (Analytics) to identify the website visitors in first-party cookie (PS: this this cookie is not calling a domain name different from the website). Used by XITI.

See article 4.2.2

1 year 1 day


Cookie used by Dynatrace (Analytics) containing the session ID (performance tracking).   1 minute
dtLatC Cookie used by Dynatrace (Analytics) containing the session ID (performance tracking).   1 minute
dtPC Cookie used by Dynatrace (Analytics) to identify the ideal location to measure performance (performance tracking)   1 minute
dtSa Cookie used by Dynatrace (Analytics) like intermediate stocking to follow the user’s actions (performance tracking)   1 minute
rxVisitor Cookie used by Dynatrace (Analytics) to identify the visitor (performance tracking)   1 minute
rxvt Cookie used by Dynatrace (Analytics) to identify the end of the user’s session (performance tracking)   1 minute
atidvisitor Cookie used by AT Internet (Analytics) to collect the numsites (unique site IDs) seen by the visitor and to stock the visitor ID. Used by XITI. See article 4.2.2 6 months


Statistics Cookies enable to measure the number of visits, the number of pages views, in addition to the activity of visitors on the website including their return rate. In that case, a statistical tool creates a cookie with a unique identifier, which will be stored for a maximum of 12 months.

Your IP address is also connected in order to determine the city from where you are connected. It is immediately rendered anonymous after your navigation on the website, which prevents your identification as a physical person. The statistic data concerning the site traffic are first collected by the service provider AT Internet and then returned to the data controller through an aggregated and anonymous way with a web interface to which only he/she can access.

Such data will not be transferred to third parties nor used for another purpose. At any time, you can block those cookies by using the “opt out” procedure described above.


4.2.2 How can you delete, set up your browsing to refuse or be informed about the installation of new cookies

How can you delete cookies file already installed on your computer?

  • Go on your  workstation
  • Select in  C:\ the “Windows file”
  • Open the “temporary internet Files” file
  • Select all the files (CTL A)
  • Choose the option “delete”

How can you set up your browsing to decline or be informed about the installation of new cookies?

  • Surfing with Internet Explorer 5 (Microsoft): choose “Tools”, “internet Options”, “Security”, “Customize the level”, in the rolling menu, click on, “authorize cookies on your computer”, choose “ask for”, to be informed or disable so as to decline all cookies
  • Surfing with Internet Explorer 6, 7 or 8 (Microsoft): Click on “Tools”, “Internet Options”, “Confidentiality”, then the level you want to apply.
  • Surfing with Firefox: Click on “Tools”, “Options”. In “Privacy” uncheck “Accept cookies”.
  • Surfing with Google Chrome: Click on “Customize and Control Google Chrome”, click on “Settings”. In “Confidentiality”, click “Content Settings”, and  tick “Block cookies and data from third party websites.


In accordance with the Data Protection Act 2018 you have notably a right of access by the data subject, right to rectification, right to erasure or restriction of processing, rights not be to subject to automated decision-making.

The Data Controller reserves the right to reject any request it deems inappropriate. In accordance with applicable law in force, you have a right of formal consent to sales canvassing via e-mail, fax or automatic caller.

If you wish to exercise these rights or obtain other information, please send your request by post or by email (as the case may be) to the following address:

  • TotalEnergies Country Services UK Limited, 18th floor, 10 Upper Bank Street, Canary Wharf, London, United Kingdom, E14 5BF
  • TotalEnergies E&P UK Limited, TotalEnergies House, Tarland Road, Westhill, Aberdeen, United Kingdom AB32 6JZ; E-mail: [email protected]

​Personal Data Collection (without data transfer outside the EU and without sales prospecting)

If personal data is collected into a specific form on the Website, the Data Controller manages and processes your personal data for the handling of you requests and offered your services on its site.

You are entitled to demand access, to modify, to rectify, or delete your data.

You can also object to the processing and circulation of your personal data on a legitimate ground and to claim compensation for damages caused by a breach of the Data Protection Act 2018.

If you wish to exercise your rights, please send your request by post or by email (as the case may be) to the following address:

  • TotalEnergies Country Services UK Limited, 18th floor, 10 Upper Bank Street, Canary Wharf, London, United Kingdom, E14 5BF
  • TotalEnergies Gas & Power Limited, 13th floor, 10 Upper Bank Street, Canary Wharf, London, United Kingdom, E14 5BF ; E-mail: [email protected] 
  • TotalEnergies E&P UK Limited, TotalEnergies House, Tarland Road, Westhill, Aberdeen, United Kingdom AB32 6JZ; E-mail: [email protected]

1. Introduction

The TotalEnergies Group (or “TotalEnergies”) promotes a culture and practices regarding the protection of personal data1, in accordance with the applicable laws. To this end, TotalEnergies has implemented Binding Corporate Rules (“BCRs”).

This document summarizes the data protection principles that apply under our BCRs and the rights granted by them.


2. Purpose

Our BCRs are a set of internal binding rules, which are applicable to all of the TotalEnergies subsidiaries that have adopted them. They have been approved by the European data protection authorities.

They allow TotalEnergies subsidiaries to transfer personal data originating from the European economic area (“EEA”)2 to TotalEnergies subsidiaries located outside of the EEA in compliance with the applicable law.


3. Implementation scope

Our BCRs apply to all EEA-originating personal data processed by TotalEnergies subsidiaries including data relating to former and current employees, job applicants, clients and prospective clients, suppliers and sub-contractors and the staff of third companies acting on behalf of the Group subsidiaries as well as shareholders (hereafter “data subjects”).


4. Protection principles

The following principles set out in our BCRs must be respected, among which: 


  • Lawfulness

Any processing3 operation carried out has a legal basis, provided by the applicable law.

Personal data must only be processed for lawful, determined and legitimate purposes. The data must not be further processed in a way which is incompatible with those purposes.


  • Relevance

Personal data must be accurate and proportionate, in terms of quality and quantity, in relation to the purpose of the processing.


  • Transparency

Personal data must be obtained lawfully and loyally. Data subjects must be informed about the characteristics of the processing of their personal data and about their rights, unless this proves impossible or would involve disproportionate efforts.


  • Security

Personal data must be protected by appropriate security measures to limit the risks of unauthorized access, destruction, alteration or loss.

To do so, a set of internal norms apply, allowing to ensure the security and the confidentiality of personal data:

  • The usage Charter for the IT and communication resources, that requires to act in accordance with the regulation and with the confidentiality rules;
  • The Information Systems Security policy, that defines the governance mode of the security of information systems;
  • The Information Systems Security Reference System, that enumerates, through 19 detailed themes, the different requirements of the Group in terms of security of information systems;
  • The Information Protection policy, that presents the requirements relative to the protection of confidentiality, integrity and of the availability of the information held and exchanged within the Group
  • When calling upon the services of a third party to process personal data, TotalEnergies subsidiary makes sure that the latter offers sufficient guarantees as regards the security and confidentiality of data.


  • Retention

Personal data must be retained only for a reasonable and not excessive period of time with regard to the purpose of the processing.

When the retention period expires, the data is destroyed, anonymized or archived.


  • International transfers4 of personal data

TotalEnergies does not transfer personal data originating from a country of the EEA directly to a TotalEnergies subsidiary located in a third country which does not provide an adequate level of protection, unless such subsidiary has formally subscribed to the BCRs or uses another legal instrument recognized by the European Commission.

TotalEnergies does not transfer personal data originating from the EEA directly to a company not belonging to the Group located in a country which does not provide an adequate level of data protection (data controller or processor) without a legal basis under applicable law and instruments providing for sufficient safeguards, such as the standard contractual clauses.

Similarly, where a data importer further transfers personal data originating from the EEA to a company not belonging to the Group (data controller or processor) located in a country which does not provide an adequate level of data protection, the data importer shall enter into an agreement with this company whereby it commits to observe the principles of BCRs.


5. Data subject rights

Under our BCRs, data subjects whose personal data are processed have the following rights:


  • Right of access to the data
  • Right to rectify, erase and lock data
  • Right to object to the processing
  • Right to limit the processing

[A comprehensive list of the rights granted by the BCRs is detailed in APPENDIX 1 hereafter].


Data subjects may exercise these rights by submitting a request using the contact details provided in the legal notice concerning the processing of their data. TotalEnergies subsidiaries undertake to give replies within the legal deadline about queries concerning the processing outside the EEA.

Moreover, if data subjects believe that a TotalEnergies subsidiary has failed to observe the BCRs, they have the right to lodge a complaint by sending:

- An e-mail to: [email protected]


- A letter to TotalEnergies – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX.


Data subjects will be informed about the status of their complaint and of any further steps.

The internal complaint procedure is described in APPENDIX 2 hereafter.

The fact that data subjects may file a complaint with TotalEnergies does not affect their rights to lodge a complaint with the competent EEA data protection authorities or to bring an action before the courts of the EEA country where the TotalEnergies subsidiary responsible for exporting the personal data is established.


6. Governance

An internal « personal data Protection network » is in charge of monitoring and controlling the implementation of the BCRs within the Group. It is composed of:

  • A Corporate Data Privacy Lead who monitors and follows compliance actions at the Group level;
  • Branch Data Privacy Leads who lead and coordinate compliance actions at the Branch level;
  • Data Privacy Liaisons who lead and coordinate compliance actions at the affiliate level.

7. Internal control and audit

To ensure the proper application of our BCRs, some internal control and audit mechanisms have been implemented.

An annual internal control plan is defined by the personal data Protection network to assess the level of compliance of the Group’s processing regarding our BCRs. A reporting is also set up to report regularly on the actions plans that have been drawn up after evaluations.

Furthermore, the Group Internal Audit Direction also integrates the control of the personal data protection pattern into its periodic audit plan.


8. Changes to TotalEnergies rules

If necessary, our BCRs may be completed or updated.


9. More information

A copy of the comprehensive version of our BCRs as well as a list of TotalEnergies subsidiaries that adopted them can be obtained by sending an e-mail at: [email protected]


1 Personal data means any information enabling the direct or indirect identification of a natural person.

2 EEA means Member States of the European Union plus Iceland, Liechtenstein and Norway.

3 Processing means any operation which is performed upon personal data, whether or not by automatic means (e.g: collection, recording, storage, destruction…).

4 Transfer means all virtual and physical exchanges of EEA-originating personal data from one country to another.