Privacy Policy

When you visit the website, you may need to provide us with a number of items of personal data, such as your first name and surname, in order to use the services available.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

TotalEnergies Marketing UK Limited as a controller will only process your personal data when the law allows us to and we are required by law to have a lawful basis for processing personal data. In particular, at least one of the following must apply whenever we process personal data:

• where we have your consent
• where the processing is necessary for compliance with a legal obligation that we are subject to
• where there is vital interest and it is necessary to protect someone’s life
• where it is necessary to perform a task in the public interest and the task has a clear basis in law
• in order to perform the contract we are about to enter into or have entered into with you, or
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

In particular, we may collect some items of your personal data for the purposes of:

• providing you with our services
• external communication in order to answer your requests for information
• to manage our relationship with you via our website, and
• to administer and protect our business and our website

In our online forms, the mandatory fields are marked with an asterisk. If you do not provide answers to the mandatory questions, we will not be able to provide you with the service(s) requested. Your personal data will not be processed subsequently in a way that is incompatible with the purposes described above or below the collection forms. Your data are kept for no longer than necessary for processing.

We take appropriate steps to preserve the security and confidentiality of your personal data, including to prevent them from being distorted, damaged or disclosed to unauthorised third parties.

Please see our Cookie Policy for details on our use of cookies.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Your personal data may be communicated to the TotalEnergies companies, our partners and affiliates, independent distributors or subcontractors, and any third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

If your query is related to service stations in the UK, we may have to transfer your personal data to Harvest Energy (BLA) Limited or one of its affiliates (“Harvest Energy”) for the purposes of handling your requests. This is because service stations are owned by, operated by, and/or under the responsibility of Harvest Energy.

Any transfer of data to a country outside of the United Kingdom or the European Economic Area shall be carried out in accordance with the applicable regulations and in such a way as to protect your data appropriately. 

For the purposes of the services provided on this website, your data may be transferred to recipients located outside the European Union.

For this reason, the TotalEnergies has adopted “Binding Corporate Rules” (BCR) governing intra-company transfers of personal data originating in the European Economic Area. You can read a summarised version of TotalEnergies’ BCR further down this page.

For data transfers not covered by the BCR, to countries outside the European Economic Area, other guarantees, or if necessary, appropriate safeguards, are provided.

Our BCRs are a set of internal binding rules, which are applicable to all of the TotalEnergies subsidiaries that have adopted them. They have been approved by the European data protection authorities.

They allow TotalEnergies subsidiaries to transfer personal data originating from the European Economic Area ("EEA") (2) to TotalEnergies subsidiaries located outside of the EEA in compliance with the applicable law.

Our BCRs apply to all EEA-originating personal data processed by TotalEnergies subsidiaries including data relating to former and current employees, job applicants, clients and prospective clients, suppliers and sub-contractors and the staff of third companies acting on behalf of TotalEnergies subsidiaries as well as shareholders (hereafter "data subjects").

The following principles set out in our BCRs must be respected: 

• Lawfulness: Any processing (3) operation carried out within TotalEnergies has a legal basis, provided by the applicable law. Personal data must only be processed for legitimate and lawful purposes. The data must not be further processed in a way which is incompatible with those purposes.
• Relevance: Personal data must be accurate and proportionate, in terms of quality and quantity, in relation to the purpose of the processing.
• Transparency: Personal data must be obtained lawfully and loyally. Data subjects must be informed about the characteristics of the processing of their personal data and about their rights, unless this proves impossible or would involve disproportionate efforts.
• Security: Personal data must be protected by appropriate security measures to limit the risks of unauthorised access, destruction, alteration or loss. When calling upon the services of a third party to process personal data, TotalEnergies subsidiary makes sure that the latter offers sufficient guarantees as regards the security and confidentiality of data.
• Retention: Personal data must be retained only for a reasonable and not excessive period of time with regard to the purpose of the processing. When the retention period expires, the data is destroyed, anonymised or archived.
• International transfers (4) of personal data:

TotalEnergies does not transfer personal data originating from a country of the EEA directly to a TotalEnergies subsidiary located in a third country which does not provide an adequate level of protection, unless such subsidiary has formally subscribed to the BCRs or uses another legal instrument recognised by the European Commission.

TotalEnergies does not transfer personal data originating from the EEA directly to a company not belonging to TotalEnergies located in a country which does not provide an adequate level of data protection (data controller or processor) without a legal basis under applicable law and instruments providing for sufficient safeguards, such as the standard contractual clauses.

Similarly, where a data importer further transfers personal data originating from the EEA to a company not belonging to TotalEnergies (data controller or processor) located in a country which does not provide an adequate level of data protection, the data importer shall enter into an agreement with this company whereby it commits to observe the principles of BCRs.

Under our BCRs, data subjects whose personal data are processed have the following rights:

• Right of access to the data
• Right to rectify, erase and lock data
• Right to object to the processing
• Right to limit the processing

A comprehensive list of the rights granted by the BCRs is detailed in APPENDIX 1, available below.

Data subjects may exercise these rights by submitting a request using the contact details provided in the Legal Notice concerning the processing of their data. TotalEnergies subsidiaries undertake to give replies within a reasonable timeframe about queries concerning the processing outside the EEA.

Moreover, if data subjects believe that a TotalEnergies subsidiary has failed to observe our BCRs, they have the right to lodge a complaint by sending:

• An email to : [email protected], or
• A letter to TotalEnergies – DATA PROTECTION, Tour Coupole, 2 place Jean Millier, Arche Nord Coupole/Regnault, 92078 PARIS LA DEFENSE CEDEX

Data subjects will be informed about the status of their complaint and of any further steps.

The internal complaint procedure is described in APPENDIX 2, available below.

The fact that data subjects may file a complaint with TotalEnergies does not affect their rights to lodge a complaint with the competent EEA data protection authorities or to bring an action before the courts of the EEA country where the TotalEnergies subsidiary responsible for exporting the personal data is established.

Read the appendix

If necessary, our BCRs may be amended or updated.

A copy of the comprehensive version of BCRs and a list of TotalEnergies subsidiaries can be obtained by sending an e-mail to: [email protected].

(1) Personal data means any information enabling the direct or indirect identification of a natural person.

(2) EEA means Member States of the European Union plus Iceland, Liechtenstein and Norway.

(3) Processing means any operation which is performed upon personal data, whether or not by automatic means (e.g.: collection, recording, storage, destruction…).

(4) Transfer means all virtual and physical exchanges of EEA-originating personal data from one country to another.
 

We will only hold your information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, before making it non-identifiable or deleting it.

Please note that other terms and conditions and personal data protection policies apply to other TotalEnergies websites, and we recommend that you read them carefully.

Our website may contain links to third-party websites. This policy does not apply to those third-party sites. We recommend that you read the privacy policies of any other sites that you visit as we cannot accept responsibility for the privacy practices of these sites which may be different to ours.
 

In accordance with current regulations, you have the right to access, correct, delete and object to the use of your personal data. You also have a right to prior consent to marketing and to object to it under the applicable regulations.

You can ask for your personal data to be sent to you and you have the right to give instructions for the use of your personal data after your death. You can also ask for restriction of the data, portability of the data and/or make a claim to the Information Commissioner’s Office (ICO). For any request please use our contact form or send it to the following address:

Attn: Data Protection Officer

TotalEnergies Marketing UK Limited

10 Upper Bank Street (19th floor), Canary Wharf, London E14 5BF, United Kingdom

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.