Privacy policy

Neoen (hereinafter “Neoen” or “we”) is aware of its duties regarding the protection of personal data. We are vigilant about using your personal data responsibly, while maintaining a confidential environment. The purpose of this privacy Policy (hereinafter the “Policy”) is to explain how we process your data and how you can exercise your rights over it.

The Policy applies to all processing of personal data by Neoen. Personal data refers to information that can directly or indirectly identify a natural person, either from the information itself, or by cross-referencing multiple pieces of information. Processing refers to any operation performed on such data, including collecting, storing, using, disclosing, modifying, or deleting such data.

 In compliance with the General Data Protection Regulation (“GDPR“) No. 2016/679 of 27 April 2016 and the French Data Protection Act  (“Loi Informatique et Libertés”) No. 78-17 of 6 January 1978 (hereinafter referred together as the “Regulation”), we undertake to inform you transparently of our processing operations and to only process data in connection with the services we offer.

1. Who are we?

Neoen is a limited liability company with a share capital of €324,490,130, with a registered office at 22 rue Bayard, 75008 Paris, France, registered with the Paris RCS under n° 508 320 017 and intra-Community VAT number FR74 508 320 017. Neoen is a subsidiary of Brookfield Renewable Holdings.

2. What data do we collect?

Neoen processes personal data received directly from you — such as when you enter into a contract with us or when you complete our website contact form — and indirectly through public sources.

The categories of data we process include:

  • Identity and contact information (e.g., name, email address, phone number, postal address);
  • Professional information (e.g., job title, company name, sector of activity);
  • Recruitment-related data (e.g., CV, education, professional experience, cover letter);
  • Economic and financial data (e.g., bank account details, financial records, payment history);
  • Billing and payment information (e.g., invoices, payment methods, transaction details);
  • Message content and communication data (e.g., content of contact form submissions, emails, or project inquiries).

We may also collect technical data related to website usage (access provider identity, IP address, browser type, etc.).

Failure to provide all or part of this data, may limit the services we can offer.

3. Do we use cookies?

Neoen uses cookies to improve user experience on our website. A cookie is a small text files which does not allow the identification of the user but records information relating to the navigation of a terminal on a website.

The data collected by these cookies are:

  • Login ID;
  • IP address;
  • Unique device identifier;
  • Date and time of connection.

Our website uses different types of cookies, some of which are strictly necessary for the functioning of the site, and others are used for performance and analytics purposes. The detailed list of cookies used is available in the cookies banner on the website.

You may decline cookies and manage your cookie preferences at any time via the cookie banner on our homepage and your browser settings. However, some features of the website may be limited or unavailable if cookies are disabled.

Your consent to the use of the non-essential cookies is valid for up to six months, in application of Deliberation n° 2020-092 adopted by the CNIL on 17 September 2020 , after which it will need to be renewed.

The website uses Google Analytics(by Google LLC) for audience measurement and website analysis.

We inform you that information obtained from cookies about your use of the website may be transmitted to a Google LLC server in the USA where it is stored. Data collected may be transferred to Google servers in the U.S and is processed under Google’s privacy policy.

4. How do we use your data?

We process personal data only when we have a valid legal basis within the meaning of Article 6 of the GDPR. Depending on the specific context and purpose for which such personal data is collected, the legal basis may include one or more of the following:

  • Consent;
  • Legal obligation (e.g., tax, accounting, and compliance obligations);
  • Contract performance: Where the processing is necessary for the performance of a contract to which you have entered into or for the execution of pre-contractual measures taken. This includes providing access to our services and managing your account;
  • Legitimate interests: we (or a third-party) have a legitimate interest which is not overridden by your interests or your rights and freedoms.

You may withdraw your consent at any time, in which case we will stop processing your data for the purposes based exclusively on that consent. Please note that withdrawing your consent does not make previous processing operations illegal.

The purposes of processing and their corresponding legal bases are summarized below:

ProcessingPurposesLegal Basis
Contract managementRecord and execute energy service contracts   Process payments   Manage client communicationsContract performance/ legitimate interest
Job applicationsManage job applications and CVsContract performance (anticipation)/consent/ legitimate interest
Assess and develop projectsAssess the relevance of renewable energy development projects   Communication with prospect customers/stakeholdersContract performance (anticipation)/Legitimate interest
Interaction with public bodiesObtain necessary permits and authorizations from public administrations or authoritiesLegal obligation (only if legally required)
Supplier data managementManage supplier relationships, and contracts  Contract performance /legitimate interest
Manage suppliers’ invoices, and financial recordsContract performance/legal obligation
Website managementPrevent and detect fraud, malware and security incidentsLegitimate interest  
Measuring audience   Improve user experience   Website administrationConsent
Communication (general)Respond to contact requests, provide information about services and projectsLegitimate interest/performance of a contract/consent

5. Who can access your personal data?

Access to your personal data is strictly limited to Neoen authorised personnel, and only for purposes relevant to their responsibilities (e.g., project teams for development matters, finance for payments, IT for website security).

Neoen may share your personal data with third parties including:

  • Public and ministerial officials responsible for supporting the drafting of contracts you have concluded with us;
  • Subcontractors assisting with service delivery of our contractual obligations;
  • Public bodies as required by law;In the context of a reorganisation of our group or M&A transactions, third parties and their advisors involved in such reorganisation or transaction;
  • We may also be required to disclose your personal data at the request of a competent authority, in accordance with applicable legal obligations.

6. Do we transfer your personal data outside France?

Your personal data may be shared with third parties located outside the European Economic Area, including countries where data protection laws may differ from those applicable in your jurisdiction.

Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These may include:

  • Transfers to countries recognized by the European Commission as providing an adequate level of data protection, or
  • The use of Standard Contractual Clauses approved by the European Commission.

We take all reasonable steps to ensure that your personal data is treated securely and in accordance with applicable data protection laws.

7. How long is your data retained?

We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:

  • Any laws or regulations that we are required to comply with;
  • The type of information that we hold about you; and
  • Whether we are asked by you or a regulatory authority to keep your personal data.

8. What are your rights under the Regulation?

Under applicable data protection laws, you have the following rights:

  • Request access to your data;
  • Request the correction of your data;
  • Request the deletion of your data;
  • Request to limit the processing of your data;
  • Request the transfer of your data in a usable format;
  • Object to the processing, for legitimate reason;
  • Define guidelines for the handling of your personal data after your death.

Legal or regulatory obligations may sometimes prevent us from fulfilling your request.  We may also refuse to act on a request that is manifestly unfounded or excessive (for example, due to its repetitive nature). We will try to implement your request as soon as reasonably practicable and, in any event, within one month from the date of receipt. If your request is incomplete, we may ask for additional information.

9. Is my data automatically processed?

No, Neoen does not use automated decision-making or profiling systems. We also do not process your data automatically.

10. Where can I find the current privacy policy?

The current version of this Policy is always available on our website at https://neoen.com/fr/politique-de-confidentialite/. This version was last updated in May 2025. We reserve the right to make changes to the Policy at any time. We therefore invite you to regularly review this Policy.

11. How can I exercise my rights or file a complaint?

If you wish to exercise your rights relating to your personal data or file a complaint, you can contact us by filling our contact form available at https://www.neoen.com/contact-2/, or by contacting us by phone on 01 70 91 62 62 or by post at 22 rue Bayard, 75008 Paris, France.

If we have reasonable doubts about the identity of the requester, we may ask for additional information to verify their identity, such as documentation to prevent identity theft.

If you believe that Neoen processes your data in a manner contrary to the Regulation, you may file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the French personal data protection supervisory authority. The CNIL can be contacted at 3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, by phone on 01 53 73 22 22 and on its website: www.cnil.fr.

Thank you for reading this Policy.