Notes on data privacy
The protection and confidentiality of data is our highest priority and we comply with the provisions of the European Regulation "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data" (EU GDPR), as well as with the applicable national provisions on the protection of personal data. Please read this data protection information carefully before submitting a report.
Purpose of this whistleblowing system and legal basis
The Enedis whistleblowing system operated with the platform BKMS® System is designed to collect, process and manage, securely and confidentially, the reports relating to breaches of Enedis’s anticorruption code. The system allows reports based on the fields referred to in law no 2016-1691 of 9 December 2016 on transparency, anti-corruption and economic modernisation (called Loi Sapin II) and in law no 2017-399 of 27 March 2017 on the duty of vigilance of parent companies and principal companies. The processing of personal data in the platform BKMS® System is based on Enedis interest to detect and prevent any breach and to thus protect the company, its employees, customers and suppliers.
Responsibility for the whistleblowing system
The Enedis Délégation Ethique – Sécurité du Patrimoine et Conformité des Affaires is responsible for the whistleblowing system (hereinafter the "whistleblowing system"). It is also the point of contact for persons affected by the whistleblowing system, at the following address:
Enedis
Secrétariat Général
Pôle Sûreté, Intelligence Economique & Ethique (PSI2E)
Mission Pénale et Conformité des Affaires (MPCA)
4 place de la Pyramide
92 800 PUTEAUX
The platform BKMS
® System is managed by a specialist company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany on behalf of Enedis.
Personal data and information entered into the platform BKMS® System is stored in a database operated by EQS Group GmbH, in a certified, high-security data centre. Only Enedis has access to this data. Neither EQS Group GmbH nor another third party has access to the data.
All the data is encrypted and protected with the help of multiple levels of password protection so that access is restricted to a very limited number of people who have been explicitly authorised by Enedis.
Questions concerning the protection of data in the whistleblowing system and enquiries relating to exercising your personal data rights can be sent to the Délégation Ethique – Sécurité du Patrimoine et Conformité des Affaires via the whistleblowing system by selecting the category "Ask for advice, exercise your personal data rights".
Type of personal data collected
The use of the whistleblowing system is voluntary. When you submit a report via the platform BKMS® System, we collect the following personal data and information:
- your name, if you choose to reveal your identity;
- whether you are an Enedis employee, an external employee, casual employee connected to Enedis or a third-party;
- your relationship with a third party if you disclose it;
- the names of persons and other personal data of the persons that you mention in your report.
Confidential handling of reports
The reports are received by a small selection of expressly authorised and specially trained employees of the Enedis Délégation Ethique – Sécurité du Patrimoine et Conformité des Affaires. The reports are always handled with the strictest confidentiality. The employees of the Délégation perform an analysis of the admissibility of the reports, exchange with the whistleblower and are appointed ‘responsible examiner’ for the category corresponding their expertise. The responsible examiner for processing the report will conduct the actions and the enquiries required by the specific case until it is closed.
During the processing of a report or an investigation, it may be necessary to give access to all or some of the data in the platform BKMS® System to other Enedis employees specifically authorised by the DESP. Compliance with the data protection provisions applicable at the time this data is transmitted is always guaranteed.
All persons who receive access to the data are obligated to maintain strict confidentiality.
Information concerning the person(s) affected by the report
The person mentioned in a report will be informed of the personal data concerning him/her and contained in the platform BKMS® System. However, he/she will not be informed of the identity of the whistleblower or of any information that would enable them to be identified. Where protective measures are necessary, in particular to prevent the destruction of evidence or for the purposes of the investigation, this person may be notified after these measures have been adopted in accordance with the applicable legal provisions.
Rights of the data subjects
Under the applicable data protection regulations, the whistleblower and the person(s) concerned by the report have the right to information, access, rectification, erasure and objection to the processing of personal data concerning them. If the right of erasure is invoked, Enedis will examine as soon as possible to what extent the data stored is still necessary for processing a report. Data which is no longer necessary is deleted. If the right of objection is invoked, Enedis will promptly examine to what extent there are no longer legitimate and compelling reasons for the processing which override the interests and the rights and freedoms of the data subject, or for establishing, exercising or defending legal rights. Furthermore, the whistleblower and the person(s) mentioned in the report have the right to issue a complaint with a supervisory authority.
Retention period for personal data
Personal data is stored for as long as it takes to verify and investigate the report or as stipulated by the applicable law. Once the report is processed, this personal data is destroyed within two months after the case has been closed. The anonymised report is archived in accordance with the applicable laws.
Use of the whistleblowing system
Communication between your computer and the whistleblowing system operated with the platform BKMS® System is achieved via an encrypted connection (SSL). The whistleblowing system does not enable IP addresses to be traced. To maintain the connection between your computer and the platform BKMS® System, a cookie is stored on your computer which only contains the session ID (a so-called "session cookie"). This cookie is only valid until the end of your session and expires when you close your browser or turn off your computer.
You can create a postbox within the whistleblowing system which is protected by a user name/pseudonym and a password of your choice. You can either submit reports by name or anonymously. Exchanges between the persons in charge of analysing the permissibility and the processing and the whistleblower are only recorded within the platform BKMS® System which makes them especially secure. It is not a traditional communication via e-mail.
Note on sending attachments
When submitting a report or an addition to an existing report, you can also send attachments. If you wish to submit a report anonymously, please take into account the following security advice: files may contain personal data other than your identity that could compromise your anonymity. Remove this data from the files before sending them. If you are unable to remove this data, or if you are unsure how to do so, send an anonymised copy of the document to the address in the footer at the bottom of the page, citing the reference number which you received at the end of the reporting process.
Complaint
According to the french law "Informatique et Libertés", you have the right to file a complaint to the CNIL.