Data Ethics Policy 2022
TotalEnergies EP Danmark A/S
TotalEnergies Upstream Danmark A/S
TotalEnergies Marketing Denmark A/S
At TotalEnergies, ethical commitments are a top priority. With our ambition to be a world-class player in the energy transition, it is essential that our conduct is exemplary, and therefore we strive to process and manage data in an ethical and responsible manner in all areas of our business.
We aim to handle data with careful consideration to any potential challenges we may face. We seek to secure TotalEnergies’ operations, protect TotalEnergies’ information assets, and preserve the trust of our partners and stakeholders.
The primary purpose of this Data Ethics Policy is to articulate our company values and standards, to demonstrate openness and transparency with all our employees and stakeholders, and to show our commitment to protect and process data to the highest ethical standards.
This Data Ethics policy applies to all employees of TotalEnergies EP Danmark A/S, TotalEnergies Upstream Danmark A/S, and TotalEnergies Marketing Denmark A/S (“TotalEnergies”). The policy further outlines our expectations to external stakeholders, such as our customers, suppliers, contractors and business partners.
TotalEnergies recognizes that we are faced with various data ethics challenges due to our large spectrum of data processing. We face legal, financial, and reputational risks when processing data and therefore, it is critical that we consider the potential data ethics challenges. Challenges to consider are, for instance, whether we collect too much data; whether our data sets are biased; whether the data is mishandled or inappropriately shared, etc.
We aim to assess the various issues that our use of data may generate and manage the risks by complying with the legal requirements and in the framework of TotalEnergies’ responsible business model, principles and values.
Types of Data Within TotalEnergies
TotalEnergies handles many types of data on a day-to-day basis, both personal data, non-personal data and data transfers to a limited number of parties.
TotalEnergies uses data associated with its business. We therefore primarily process business data, legal documentation, financial documentation, documentation of compliance with environmental and societal requirements, technical data, etc.
TotalEnergies handles personal data in the form of documentation about our employees and users of our digital services and business relations. We further collect relevant data on visitors, occupants, customers, contractors and job applicants. We seek to safeguard all personal data by following the General Data Protection Regulation (GDPR) as well as other EU and Danish legislation, rules and standards. All data processing operations are therefore carried out in accordance with the applicable laws and through data security risk assessments, data retention management and personal data protection.
TotalEnergies aims to inform all relevant parties about their rights that may be exercised regarding the processing of personal data and further describes the measures that TotalEnergies takes to protect such data.
In connection with our business affairs, TotalEnergies is required to share certain data with third parties. Any transfers of data to a country outside of the European Economic Area are carried out in accordance with the applicable regulations to ensure adequate protection of personal data. TotalEnergies also complies with the Binding Corporate Rules (BCRs) in order to fully protect personal data originating from the European Economic Area that is transferred to TotalEnergies Group entities located outside of the European Economic Area. For transfers of data in which the BCRs do not apply, a Transfer Impact Assessment is put in place to ensure proper data protection.
TotalEnergies takes appropriate steps to preserve the security as well as the confidentiality of personal data, including measures for prevention of such data from being disclosed to unauthorized parties and to prevent the data from being distorted and damaged.
Technologies Used Within TotalEnergies
TotalEnergies is exposed to a large spectrum of technological data and works with new means of automated business procedures. We work with a mix of structured- and unstructured data in connection with our operations and operating assets. We specifically handle big data, in relation to our production; algorithms, in order to optimize our production, maintenance and decision making; visualization of risks and results; automated safety measures; drawings and technical documentation; and bio-stratigraphical data. All data is segmented into categories based on their technical nature to ensure that its use is constrained to its approved purpose, thereby limiting the risk of misuse.
Our Ethical Principles
When working with data, TotalEnergies commits to following TotalEnergies’ Binding Corporate Rules and our key ethical principles: lawfulness, retention, relevance, security and transparency.
TotalEnergies operates in accordance with applicable laws, legal principles and standards, and we ensure that decision-making around data processing is carried out in accordance with a legal basis, provided by the law. We consider all lawful, determined, and legitimate purposes of our data processing and ensure that we do not work in ways which are incompatible with such purposes.
Proper retention and disposal of data is essential. The data must be retained for an appropriate time to ensure lawfulness and alignment with business requirements. In this connection, we consider the legal requirements and risks, any security considerations, knowledge management and technical constraints in the programs and systems that TotalEnergies works with. Once a retention period has expired, the data is archived or destroyed.
To ensure that we limit the amount of data used, we assess the relevance of the data and whether or not the data is absolutely necessary to keep in our systems. We ensure that our data processing is accurate and proportionate in terms of quality and quantity, in relation to the purpose of the data processing.
TotalEnergies acknowledges that data can be used and misused for reasons other than those intended for the data. Protective measures are therefore implemented to avoid destruction, alteration, loss, and unauthorized access. TotalEnergies ensures a high level of security and confidentiality of data through our protected IT systems. Furthermore, a set of internal norms are applied, such as the “Principles for the Use of Information Systems and Resources” company directive, which governs the access to and use of information systems and resources by users; the “Information Systems Cybersecurity” company directive, which defines the main principles of cybersecurity to protect the TotalEnergies’ information systems; the “Classification of IS Resources”, which is a methodological guide for the classification of Information Systems (IS) resources of the Group; and the “Information Protection” directive, which outlines Group requirements relative to the protection of confidentiality, integrity and of the availability of the information held and exchanged within the Group.
We ensure that our use of data is carried out in an open and transparent manner. We seek to make sure that our data processing and data ethics principles remain clear, comprehensive, and readily available to all stakeholders. We solely obtain data in a lawful and loyal manner, and it is essential that the data we collect is obtained without dishonesty or fraud. We strive to keep all stakeholders adequately informed about our processing of data.
Ensuring & Promoting Compliance with Our Principles
Our data ethics initiatives and reporting are supported by our legal department and compliance departments in order to ensure TotalEnergies’ continued efforts within data ethics and data protection. Moreover, an international Personal Data Protection Network oversees monitoring and controlling the implementation of the BCRs within the Group.
All employees are trained in data protection, business ethics and other compliance matters with the overall objective of ensuring full compliance in all areas of our business.
Each year, TotalEnergies will account for this policy in accordance with Section 99d of the Danish Financial Statements Act.