Personal data protection charter

Who does our Privacy Policy apply to?

If you are under the legal age specified above, you are not authorised to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at dpo@hellio.com.

If you believe that we hold personal data about your children without your consent, please contact us at the dedicated address detailed above.

Why do we process your personal data and on what basis?

We process your personal data primarily for the following reasons:

• to browse our website, to benefit from our services (e.g. identifying energy savings opportunities, compiling EEC files, submitting them and obtaining financial compensation, conducting energy audits, providing project management assistance, managing energy consumption and energy brokerage, etc.) and so that we can respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our general terms and conditions of use and our legitimate interest in providing you with the best possible service.
• For professionals, to keep you informed of our latest offers and events by email and telephone on the basis of our legitimate interest in identifying new potential customers, in accordance with the provisions of the CNIL (French Data Protection Authority) available here.
• For individuals, to keep you informed of our latest offers and events by email and telephone on the basis, for consumers, of our legitimate interest in building customer loyalty and on the basis of your consent, if you are not yet a customer of our services.
• To record the conversations we have with you during our sales prospecting calls, on the basis of your prior consent.
• conduct online advertising campaigns based on our legitimate interest in promoting our activities.
• Receive our newsletter, which provides you with all the latest news about our services, based on our legitimate interest in building customer loyalty and on your consent if you are not yet a customer of our services.
• Manage our customer service based on the performance of the contract and our legitimate interest in taking your feedback and complaints into account to improve our services.
• participate in our competitions based on the associated competition rules and our legitimate interest in promoting our activities.
• conduct satisfaction surveys based on our legitimate interest in evaluating your experience and identifying specific areas for improvement.
• manage any unpaid debts based on our legitimate interest in obtaining payment for the provision of our service and based on our terms and conditions.
• Follow us and comment on our social media posts based on our legitimate interest in having a dedicated social media page.
• Record conversations we have with you in order to improve our customer service, based on your prior consent and our legitimate interest in improving the quality of our service and training our staff.

How did we obtain your personal data?

Your data is collected directly from you when you are a customer of our services or a ‘simple’ visitor to our website www.hellio.com, and we undertake to process your data only for the reasons described above.

However, we may also obtain your personal data indirectly from partners if you have given your prior consent to them.

On the other hand, when you voluntarily publish content on the pages we edit on social networks, you acknowledge that you are entirely responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

What personal data do we process and for how long?

We have summarised the categories of personal data and their respective retention periods below:

For professionals:

Professional identification data (e.g. surname, first name, position, company, etc.) and contact details (e.g. email address and work telephone number, etc.) are retained for the entire duration of the service provision, plus the statutory limitation periods, which are generally five years.

When there is confusion between the name of your organisation and your personal name (e.g. self-employed, micro-business, etc.), economic and financial data (e.g. bank account number, verification code, etc.) retained for the period necessary for the transaction and for managing invoicing and payments, plus the statutory limitation periods, which are generally 5 to 10 years.

For individuals:

Personal identification data (e.g. surname, first name, etc.) and contact details (e.g. email address and work telephone number, etc.) are kept for the entire duration of the service provision, plus the legal limitation periods, which are generally 5 years.

Technical and administrative data for the creation of EEC files (e.g. quotes or invoices for work carried out, postal address of the property, etc.) are kept for the legal retention period for documents relating to the devices.

For professionals and individuals:

Telephone numbers collected as part of our telephone marketing campaigns are retained for a maximum period of three years from the date of our last contact with you.

Email addresses are kept for a maximum of 3 years from the last contact we had with you as part of our email prospecting campaigns, and kept until the end of your subscription to our newsletter.

Video surveillance images collected using our video surveillance cameras are kept for a maximum of one month.

Connection data (e.g. logs, IP address, etc.) stored for a period of 1 year.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we can only store anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all personal data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge in order to control how we use your data.

• Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
• Right to rectify personal data that is inaccurate, obsolete or incomplete.
• Right to object to the processing of your personal data for commercial prospecting purposes.
• For consumers only, right to register free of charge on the Bloctel telephone canvassing opposition list at www.bloctel.gouv.fr.
• Right to request the erasure (‘right to be forgotten’) of your personal data that is not essential to the proper functioning of our services.
• Right to restrict your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
• Right to data portability, which allows you to retrieve some of your personal data in order to store it or easily transfer it from one information system to another.
• Right to give instructions on the fate of your data in the event of death, either through you or through a trusted third party or beneficiary.

For a request to be considered, it must be made directly by you at dpo@hellio.com. Any request not made in this manner cannot be processed.

Requests cannot be made by anyone other than yourself. We may therefore ask you to provide proof of identity if we have any doubts about the identity of the person making the request.

We will respond to your request as soon as possible, within a maximum of three months of receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who can access your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.

We would like to point out that we screen all our technical service providers before recruiting them to ensure that they strictly comply with the applicable rules on personal data protection.

However, we may, with your prior consent only, pass on your personal data to partners. You can withdraw this consent at any time by contacting our DPO at dpo@hellio.com.

Can your personal data be transferred outside the European Union?

The personal data processed by our website is hosted exclusively at our premises within the European Union.

Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we take great care to ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement all the technical and organisational measures required to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.

Do we use cookies when you browse our website?

We inform you that we use cookies when you browse our website. For more information, please see our Cookie Policy.

Who can you contact for more information about the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (‘DPO’) to our supervisory authority.

You can contact our DPO at any time, free of charge, at dpo@hellio.com to obtain more information or details about how we process your data.

How can you contact the CNIL?

You can contact the French Data Protection Authority (Commission nationale de l'informatique et des libertés or CNIL) at any time using the following contact details: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be changed?

We may change our Privacy Policy at any time to adapt it to new legal requirements and to new processing methods that we may implement in the future.

Certified compliant by Dipeeo ®