Welcome to the website http://services.totalgp.com (the "website"). By connecting to or browsing the website, you agree that you have read, understood and accepted, without limitation or reservation, the personal data and cookies management policy (the "policy") and our terms and conditions of use. Please note that other terms and conditions and personal data protection policies apply to other Total Group websites, and we recommend that you read them carefully.

The policy aims to inform you of the rights and freedoms that you can exercise in respect of our use of your personal data and describes the measures that we take to protect these data. Total Gas & Power Ltd. is the "data controller" with responsibility for processing the personal data used to manage the website. These processing operations are carried out in accordance with the applicable law.

  1. Purpose of processing, legal basis, the period of storage, and types of data collected
    When you visit the website, you may need to provide us with a number of items of personal data, such as your first name and surname, in order to use the services available. The data controller processes your personal data for the purposes of providing some or all of the services for Online Billing, Gas Meter Reads and Energy Trading.
    In our online forms, the mandatory fields are marked with an asterisk. If you do not provide answers to the mandatory questions, we will not be able to provide you with the service(s) requested.
    Your personal data will not be processed subsequently in a way that is incompatible with the purposes described above or below the collection forms. Your data is kept for no longer than necessary for processing see section 5.II for details.
  2. Recipients of data
    Your personal data may be communicated to one or more of the data controller's departments or to Total Group companies and one or more partners, independent distributors or sub-contractors for the purposes of analysis and surveys.
    If you leave a comment intended to be posted online, we may be required to publish some of your personal data on the website. Given the characteristics of the internet, namely the unrestricted capture of published data and the fact that it is difficult, or even impossible, to control how third parties can use these data, we hereby inform you that you can object to this publication by contacting us as explained in article 5 below.
  3. Data Transfers
    Any transfer of data to a country outside the European Economic Area shall be carried out in accordance with the applicable regulations and in such a way as to protect your data appropriately.
    For the purposes of the services provided on this website, your data first name, surname and email address will not be transferred to entities located outside the European Union.
    You can request a copy by writing to this address Total Gas & Power Ltd., Bridge Gate, 55-57 Redhill, Surrey, RH1 1RX for the standard contractual clauses.
  4. Data security and confidentiality
    The data controller takes appropriate steps to preserve the security and confidentiality of your personal data, including to prevent them from being distorted, damaged or disclosed to unauthorised third parties.
  5. Cookie management
    1. Principle.
      A cookie is a file which enables a website to save information relating to your computer's browsing of the website (e.g. number of visits, number of pages viewed, etc.), to make your visits to the website smoother.
      You can at any time delete the cookies stored on your computer, object to the storage of new cookies and receive a notification before new cookies are stored by changing your browser settings using the instructions below ("Types of cookies, cookies and statistics, and settings").
      Please note that if you remove a cookie or object to the storage of cookies on your device, you may not be able to use some of the website's services.
    2. Types of cookies, cookies and statistics, and settings.
      The cookies that may be stored on your server when you browse the website are cookies which are intended solely to enable or facilitate electronic communication or which are strictly necessary to provide the service you are requesting (language cookies, login cookies, etc.), or statistics cookies or other cookies in accordance with the conditions below.
      When cookies require your agreement before they can be saved, we will ask you for this agreement via the "find out more" link displayed on the first page of the website that you land on, in which it is made clear that by continuing to browse the website you accept these cookies.


      Which Cookies are stored?

      Cookie Name

      Description

      Duration / Expires

      COOKIE_SUPPORT

      This is used by the customer portal to register if the user's PC and browser allows cookies to be stored.

      Forever or until deleted

      GUEST_LANGUAGE_ID

      This is used by the customer portal to denote the language the user will prefer to see the pages rendered in.

      Forever or until deleted

      JSESSIONID

      This is used by the customer portal to hold details of the successful authentication of the user on the portal. This is used by the other applications within the portal to ensure the customer is known to the application and they have logged in successfully. If this is not allowed then the single sign on functionality of the portal will be lost.

      When the browser is closed

      Statistics Cookies

      Cookie Name

      Description

      Duration / Expires

      __hstc

      This is used by the customer portal in conjuction with Google Analytics to determine if the statistics about the number of sessions and views should be incremented.

      401 days

      __utma

      It tracks visitors. Metrics associated with the Google __utma cookie include: first visit (unique visit), last visit (returning visit). This also includes Days and Visits to purchase calculations which afford ecommerce websites with data intelligence around purchasing sales funnels.
      A persistent cookie - remains on a computer, unless it expires or the cookie cache is cleared.

      1,340 days

      __utmz

      These cookies work in tandem to calculate visit length. Google __utmb cookie records the exact arrival time, then Google __utmc registers the precise exit time of the user. Because __utmb counts entrance visits, it is a session cookie, and expires at the end of the session, e.g. This is a standard 'grace period' in web analytics. Ominture and WebTrends among many others follow the same procedure.
      When the user leaves the page. A timestamp of 30 minutes must pass before Google cookie __utmc expires. As __utmc cannot tell if a browser or website session ends so if there is no activity in 30 minutes the cookie is expired.

      6 months

      _ga

      This is used by the customer portal in conjuction with Google Analytics to provide a unique identity for the user.

      6 months

      hubspotuk

      This is used by the customer portal in conjuction with the Hubspot marketing tool to track user visits to the portal and potentially be used in future email marketing campaigns.

      10 years

  6. How do you delete cookies already stored on your computer?
    • On your workstation:
    • On the C:\ drive select the Windows folder;
    • Open the "Temporary Internet Files" folder;
    • Select all files (CTRL A);
    • Choose the "delete" option.
  7. How do you change browser settings to reject or be informed of the storage of cookies?
    • In the Internet Explorer 5 (Microsoft) browser: Select "Tools", and then "Internet Options". Click on the "Security" tab, then "Custom level" and scroll down to the "cookies" section. Next to "Allow cookies that are stored on your computer" select "Ask" to be notified or "Disable" to decline all cookies;
    • In the Internet Explorer 6, 7 or 8 (Microsoft) browser: Select "Tools", "Internet Options", "Privacy", then the level you wish to apply;
    • In the Firefox browser: Click on "Tools" and select "Options". In the "Privacy and security" tab, untick the box "Accept cookies from websites";
    • In the Chrome (Google) browser: Click "Customize and control Google Chrome" and select "Settings" . Under "Privacy and security", click on "Content settings" and enable "Block third-party cookies".
  8. Your rights / Contact
    In accordance with current regulations, you have the right to access, correct, delete and object to the use of your personal data. You also have a right to prior consent to marketing and to object to it under the applicable regulations. You can ask for your personal data to be sent to you and you have the right to give instructions for the use of your personal data after your death. You can also ask for restriction of the data, OPTION: portability of the data [delete portability if the legal basis for the processing operation is not consent or the performance of a contract] and/or make a claim to the CNIL (the French data protection agency).

    Please use the contact form to make your request or send it to the following address:

    Paul Margetts
    TPI Audit & Compliance Manager
    Bridge Gate
    55 - 57 High Street
    Redhill
    Surrey
    RH1 1RX
    gp.redhill.DataPrivacyTeam@totalgp.com

    APPENDIX- LIST OF LEGAL BASIS

    POSSIBLE LEGAL BASIS

    EXPLANATIONS

    EXAMPLES

    Legitimate interest

    Legitimate interest may be a legal basis when you can answer ‘yes' to this question: "might the data subject reasonably expect this data processing operation?" If so, you should specify the legitimate interests pursued by the controller or by a third party.

    Examples: protection against fraud; prevention for the sake of safety and security (including IT security); protection of privacy, etc.

    Contractual nature

    The performance of a contract (processing of personal data is genuinely necessary for the performance of a contract) or the intention to conclude a contract may be a legal basis for processing. If so, you should specify whether the requirement to provide data is necessary for the conclusion of this contract, and any consequences of not providing these data.

    Examples: processing of employees' data to send out payslips; processing of data so that purchases can be delivered, etc.

    Consent of the data subject

    Consent is defined as "any freely given specific and informed indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." If consent is the legal basis for processing, it must be possible to withdraw it at any time, it being made clear that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. NB: for children below the age of 16, 15 (in France) or 13 in some States, it is necessary to obtain the consent or authorisation "of the holder of parental responsibility". IN PRACTICE for valid consent: provide a (not pre-ticked) tickbox; or a choice of technical settings; or a statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing.

    Examples: the use of visitors' photographs for the in-house magazine, etc.

    Legal obligation

    Data processing is required by law; in this case, legal obligation is the legal basis for processing.

    Examples: processing of remuneration data for social security; processing of remuneration data for the tax authorities; etc.

    Vital interest

    Data processing is required by the fact that the vital interest of the data subject or another natural person is at stake. Vital interest is equivalent to a question of life or death, or threats entailing a risk of injury or harm to the health of the data subject or a third party.

    Examples: processing of an employee's data for the purposes of repatriation.