The Client is informed of the regulations concerning digital communication, including the Law of June 21, 2014, on confidence in the Digital Economy, the Law on Information Technology, Files and Civil Liberties of January 6, 1978, and its amended versions, as well as the General Data Protection Regulation (GDPR: No. 2016-679).
1 / GENERAL PROVISIONS
Since May 25, 2018, the General Data Protection Regulation (GDPR) has been applicable in all European Union countries. This regulation governs the processing of personal data and ensures confidentiality compliance by businesses within the European Union.
In accordance with the law, Voltalis declares to the CNIL (French Data Protection Authority) the processing of Personal Data collected and necessary for providing energy efficiency services. These Personal Data are detailed in the General Terms and Conditions for the Provision of the Voltalis device and are never used or transmitted to third parties for other purposes, particularly commercial ones.
2 / SECURITY
Voltalis is particularly sensitive to the protection of Internet users’ Personal Data. The collected Personal Data are secured through advanced software tools (VPN, Firewalls, encrypted communications…) and stored on servers hosted by a technical partner located in France, ensuring that all necessary measures are taken to guarantee their security and integrity.
Voltalis commits to taking all necessary precautions to maintain information security, particularly to prevent unauthorized persons from accessing it. However, if an incident affecting the integrity or confidentiality of a Client’s Personal Data comes to Voltalis’ attention, the company will notify the Client as soon as possible and communicate the corrective measures taken.
3 / DATA COLLECTION RESPONSIBLE PARTY
Voltalis has appointed a Data Protection Officer (DPO) responsible for ensuring the protection of personal data and compliance with applicable laws within the company. You may contact them for any inquiries or to exercise your rights at the following address:
Data Protection Officer – VOLTALIS – 75 Avenue des Champs-Élysées, 75008 Paris – France
Or by email at: protection-des-donnees{‘@’}voltalis.com
As the entity responsible for processing the data it collects, Voltalis commits to adhering to applicable legal provisions, specifying the purposes of data processing, providing Clients with complete information about the processing of their Personal Data upon obtaining their consent, and maintaining a processing record that accurately reflects reality. Every time Voltalis processes Personal Data, it takes all reasonable measures to ensure the protection, confidentiality, accuracy, and relevance of the Personal Data concerning the purposes for which Voltalis processes them.
4 / PURPOSES OF DATA COLLECTION AND PROCESSING
Voltalis may collect and process information for some or all of the following purposes:
- To enhance navigation and user experience on the Site, manage, and track services used by the Client (connection and Site usage data, browsing history, browser language, preferences, etc.);
- To provide the Client with energy efficiency services offered by the MyVoltalis application and participation in demand-side response to help balance the power system;
- To prevent and combat cyber fraud, such as spamming or hacking (hardware used for browsing, IP address, etc.);
- To manage customer inquiries and information requests;
- To conduct optional customer satisfaction surveys.
Voltalis does not sell Personal Data collected through the Site. These data are used solely for service requirements, statistical, and analytical purposes.
5 / DATA RETENTION PERIOD, RIGHT OF ACCESS, RECTIFICATION, AND OPPOSITION
The retention period for Data is defined in the General Terms and Conditions for the provision of the Voltalis device. In accordance with European regulations, the Client has the following rights:
- Right of access (Article 15 of the GDPR) and rectification (Article 16 of the GDPR), to update or complete Client data;
- Right to request the deletion of Client’s Personal Data (Article 17 of the GDPR) when they are inaccurate, incomplete, ambiguous, outdated, or if their collection, use, communication, or storage is prohibited;
- Right to withdraw consent at any time (Article 13-2c of the GDPR);
- Right to restrict the processing of Client’s data (Article 18 of the GDPR);
- Right to object to the processing of Client’s data (Article 21 of the GDPR);
- Right to data portability for data provided by the Clients, when those data are processed automatically based on their consent or contract (Article 20 of the GDPR);
- Right to define the fate of the Client’s data after their death and choose whether Voltalis should communicate their data to a designated third party;
- Right not to be subject to automated decision-making, including profiling, which produces legal effects concerning them or significantly affects them (Article 22 of the GDPR).
If the Client wishes to know how Voltalis uses their Personal Data, request modifications, or object to processing, they may contact Voltalis in writing at:
Data Protection Officer – VOLTALIS – 75 Avenue des Champs-Élysées, 75008 Paris – France
Or by email at: protection-des-donnees{‘@’}voltalis.com
In all cases, the Client must specify which Personal Data they want Voltalis to correct, update, or delete, along with a copy of an identity document (ID card or passport). Voltalis commits to processing all requests within one month. Requests for data deletion are subject to Voltalis’ legal obligations, particularly regarding document retention or archiving.
If you believe that, after contacting Voltalis, your « Data Protection and Freedoms » rights are not being respected, you may file a complaint with the CNIL.
6 / NON-DISCLOSURE OF PERSONAL DATA
Voltalis does not process, host, or transfer collected Client information to any country outside the European Union. However, Voltalis remains free to choose its technical and commercial subcontractors, provided they offer sufficient guarantees to comply with the General Data Protection Regulation (GDPR: No. 2016-679) or Privacy Shield requirements.
Additionally, the Site does not collect any « sensitive data » as defined by the CNIL.
7 / INCIDENT NOTIFICATION
Despite Voltalis’ efforts, no internet transmission or electronic storage method is entirely secure. Therefore, absolute security cannot be guaranteed. However, if Voltalis becomes aware of a security breach, affected Clients will be notified promptly to take appropriate action.
8 / LOCATION DATA (ABSENCE DETECTION FEATURE)
The MyVoltalis mobile application offers an « Absence Detection » feature. This intelligent heating optimization mode relies on the device’s geolocation and automatically switches the heating to « eco » mode when the Client leaves their home, turning it back on upon return.
Location data are neither stored on the device nor on the Site, remain strictly confidential, and Voltalis never has access to the Client’s location. Activation and deactivation of this feature are at the Client’s discretion and can be managed within the mobile device settings.