Privacy Policy

We are ENGIE Energy Access (Africa) group and this policy applies to ENGIE Energy Access Group and its subsidiaries. In this policy, ‘we’, ‘us’, ‘our’ or EEA will refer collectively to ENGIE Energy Access Group and its subsidiaries.

We respect the privacy of our customers, our employees and our independent sales agents, and are committed to protecting their personal data. This Privacy Policy explains how we collect, use, process, disclose, and protect your personal data when you purchase products from us, opt for credit payments, visit our website(s), enter into a contract with us or interact with us in any way. This policy also contains information about when we share your personal information with third parties (such as, among others, our network and mobile money providers).

Personal Data We Collect

We may collect and process the following types of personal data about you:

For Employees:

Contact information: this refers to all acceptable legal and national identifiers e.g. first name, last name, email address, personal and secondary phone numbers, physical address, date and place of birth, sex, identification document number and references (passport, ID card, driver’s license, etc.), signature.

Employment data (for example: starting date of employment, employee identification number, telephone and e-mail address at work, photograph for internal use such as organisational charts, telephone directory, job title and function, business area and location, local language, cost centre, transfers to current position, salary level and other contractual benefits, such as company car allowances, bonuses, incentives, next of kin phone number and details).

Employee’s performance-related data (for example: performance reviews, promotions, disciplinary record).

Professional qualifications of the employee (for example: school certificate, university degree, signature authority, police clearance certificate, job application information, data on the employee’s skills and knowledge in relation to the job profile of the employee’s position, professional experience).

Personal data accrued during the employment, such as time recording data, regular weekly working hours, absences, holiday times, salary data and periods of incapacity to work, working time data for example regular weekly working hours, absences, company car data, if applicable).

Financial information: bank account information.

Insurance data (for example: social security number, pension insurance number, certification  of health insurance).

Tax related data (for example: Tax ID number and denomination).

Usage data of technical equipment (for example, computer, email, internet, voicemail messages and other log data generated during the use of IT systems).

Billing and travel data in individual cases (for example: data on the billing of business trips, data for booking business trips, passport data, ID card data, driver’s license number, credit card number).

For Customers:

Contact information: this refers to all acceptable legal and national identifiers, e.g. first name, last name, email address, personal and secondary phone numbers, physical address, date and place of birth, sex, identification document number and references (passport, ID card, driver’s license, etc.), signature.

Additionally, we collect next of kin information such as names and phone numbers.

Financial information: payment information, payment history (amounts and dates), contracts.

Usage data: information about how a customer uses our products and services, such as the types of products a customer purchases, the mode of payment and the duration of payment chosen.

Device information: device type, unique device identifiers.

Customer service data: any information a customer provides to us when a customer contacts customer service, such as the nature of the customer’s inquiry and any solutions provided, satisfaction ratings, referrals.

For Agents:

Contact information: this refers to all acceptable legal and national identifiers, e.g. first name, last name, email address, personal and secondary phone numbers, physical address, date and place of birth, sex, identification document number and references (passport, ID card, driver’s license, etc.), signature.

Additionally, we collect next of kin and guarantor information such as names and phone numbers.

How We Use Your Personal Data

We use your personal data for the following purposes:

For Employees:

• to establish a contract with us;
• to pay wages;
• to provide, maintain and improve our contractual relationship with you, including disclosing information to national administrations;
• to comply with legal and regulatory requirements;
• to prevent fraud and other illegal activities; and
• any other legally accepted purpose for which the Personal Data was collected.

For Customers:

• to create an account with us;
• to provide after-sales support;
• to confirm warranty claims;
• to provide, maintain and improve our services with you, including reconciling payments and managing your account;
• to communicate with you about your account, services, and promotions;
• to personalize your experience with our services;
• to improve our services via your feedback;
• to comply with legal and regulatory requirements;
• to prevent fraud and other illegal activities;
• to check with credit reference for outstanding loans; and
• any other legally accepted purpose for which the Personal Data was collected.

Legal Basis for Processing Your Personal Data

We will only process your personal data where we have a lawful basis to do so. The legal basis will depend on the specific purpose for which we are using your data. In most cases, the legal basis will be one of the following:

Contract: we collect certain personal data from you to implement the contract we have with you, or to enter into a contract with you.

Consent: you have consented to us using your data for any legitimate purpose relating to your contractual relationship with us and the processing of your personal data.

Legitimate Interests: we have a legitimate interest in processing your data, such as improving our services, network security, preventing fraud, etc. We will only rely on legitimate interests where our interests do not override your interests and rights or where they are incompatible with other lawful bases of processing your personal data.

Legal Obligations: the processing is necessary for compliance with a legal obligation we have, such as keeping records or providing information to a law enforcement agency.

Disclosure of Your Personal Data

Any transfer of data will be made only within the scope of legal requirements. We may disclose your personal data to the following third parties only if this is required:

• Service Providers: we may use third-party service providers to help us provide our services, such as payment processors, mobile network providers, data analytics providers, cloud-based solutions providers, customer service providers and any other potential providers as may be required by the purposes enunciated above. These service providers will only have access to the personal data they need to perform their services and are obligated to protect your data.
• Funders: we may be awarded grants and we may also look for other external funding. In that context these funders will only have access to the personal data they need to perform their evaluation of EEA and are obligated to protect your data.
• Government Authorities: we may disclose your personal data to government authorities if required by law or if we believe it is necessary to prevent fraud or other illegal activities.
• Court Order: to comply with legal or regulatory requirements or obligations in accordance with applicable law.
• Internally: your personal data may be disclosed to other entities of the Engie Group, among other things as aggregated data.
• To your next of kin when our agents are looking for you.

Where we do not have a lawful basis for disclosure of your personal data, we will obtain consent from you before sharing your personal data with third parties. Where we need to transfer your personal data to another country, such country must have an adequate data protection law. For countries without an adequacy decision, we generally agree on EU standard contractual clauses with the recipients of your data or obtain your consent for the data transfer.

Data Retention

We will retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected and for any additional period required by law or to comply with legal, regulatory or internal policy requirements. When your personal data is no longer needed, we will securely delete or anonymize it.

Data Storage

The personal data we collect from you may be transferred to and stored at a destination outside your relevant jurisdiction. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely with an appropriate level of protection and that the transfer is lawful.

Your Rights

You have several rights in relation to your personal data. These rights may vary depending on the specific data privacy laws that may apply to you. You generally have the right to:

• access your personal data – you have the right to request we provide copies of your personal data. The first request for a copy of your personal data will be provided free of charge. For any additional copies, we reserve the right to charge a reasonable fee based on administrative costs;
• rectify any inaccuracies related to your personal data;
• erase your personal data (also known as the right to be forgotten) – in certain circumstances you may ask for the personal data we hold about you to be erased from our records;
• restrict the processing of your personal data – where certain conditions apply, you have a right to restrict processing of your personal data;
• object to the processing of your personal data;
• withdraw your consent (where applicable), please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out on the basis of the consent up to the withdrawal; and
• your data portability (where applicable) – you have the right to have your personal data transferred to another organization.

Automated decision-making including profiling does not take place.

If you have any concerns about how we handle your personal data, you have the right to contact us (more details in the section “contact us”) or lodge a complaint with a data protection authority in the country where you live or where we operate.

Security of Your Personal Data

We take appropriate technical and organizational measures, as a data controller, to protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration, or destruction. Additionally, we implement policies designed to protect the confidentiality and security of your personal data. We have also taken measures to comply with provision of security facilities for the protection of your personal data through the set-up of firewalls, limited access to specified authorized individuals, encryption and continuous capacity building for relevant personnel. We therefore have digital and physical security measures to limit and eliminate possibilities of data privacy breach incidents.

Local Requirements

This Privacy Policy is intended to provide a general overview of our data privacy practices across the world. However, we recognize that there are specific data privacy laws in each of the markets we operate in. We will comply with all applicable data privacy laws and may supplement this Privacy Policy with additional information specific to each market.

Children’s Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us (details are in the section “contact us”).

Breach/Privacy Violation

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, we shall take all necessary steps and upon having knowledge of such breach report the details of the breach to the appropriate regulatory authority and within such timelines as may be required by the data protection laws in the relevant jurisdiction.

Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your personal data, we shall in accordance with applicable laws, take reasonable steps to inform you of the breach, the risks to your rights and freedoms resulting from such breach and any course of action to remedy said breach.

Changes to this Privacy Policy

This document was created in April 2025. We may update this Privacy Policy from time to time and notify you of any changes by sharing the new Privacy Policy on our communication platforms.

Contact Us

If you have any questions about this Privacy Policy or grievances, please contact us by the following means:

Email – privacy.eea@engie.com

Physical address – The ENGIE Energy Access Head Office in your country.

Additional Information

We will also provide contact information for our local data protection officer(s) in each of the African markets we operate in. This information will be available on our communication platforms and in any local privacy notices we may provide.

We are members of GOGLA (the Voice of the Off-Grid Solar Energy Industry) and have subscribed to GOGLA Customer Protection Practices and Code.

By using our products and services, you acknowledge that you have read and understood this Privacy Policy.

Thank you for choosing ENGIE Energy Access !