Personal Data protection & Cookies Policy

Updated on 29 January 2026

1. Data controller

Corsica Sole acts as the data controller for personal data processing within the meaning of Regulation (EU) 2016/679 (the “GDPR”).

Contact details of Corsica Sole’s Data Protection Officer:

Email address: dpo@corsicasole.com
Postal address: Corsica Sole, Data Protection Officer (DPO), 59 rue Pernety, 75014 Paris

2. Scope and general principles

This Personal Data Protection Policy (the “Policy”) provides information on the processing of personal data for each category of data subjects (sections 2 to 4), the management of cookies and other trackers (section 5), and the rights of data subjects (section 6).

Corsica Sole collects and processes the personal data necessary:

for the management of its professional relationships with:
- its BtoB clients (section 2.1),
- its service providers and suppliers (hereinafter referred to as the “service providers”), and professional partners (section 2.2),
- its institutional relations and media (section 2.3),
- local communities surrounding Corsica Sole’s professional sites (section 2.4),
- landowners (section 2.5),
- farmers (section 2.6),
- Investors and lenders (banks, funds, etc.) (section 2.7),
for the processing of job applications from candidates (section 2.8).

Corsica Sole operates exclusively in a business-to-business (“B2B”) context and its activities are not based on the commercial exploitation of personal data.

Corsica Sole may collect personal data:

directly from data subjects: via contact requests submitted by completing the dedicated form available on its website, during professional discussions (for example, with a view to initiating a business relationship), etc.;
indirectly from its clients, service providers, partners, institutions, banks and investors, etc.

Where applicable, data subjects are informed by their employer and through this Policy.

Personal data relating to candidates are collected:

directly from candidates when responding to a job offer or submitting a speculative job application:
- by completing the dedicated form on Corsica Sole’s website,
- by sending a job application to Corsica Sole’s teams via their professional contact details or through professional social networks,
- or, where applicable, during discussions with recruitment teams and participation in job interviews;
indirectly, from recruitment agencies, partners, job boards or through professional recommendations;
or, where applicable, from professional networks, in compliance with contractual commitments with such networks and applicable regulations.

In accordance with the data minimisation principle, Corsica Sole ensures that it collects and processes only the personal data strictly necessary for the purposes pursued, and implements appropriate technical and organisational measures to ensure the security of personal data.

Corsica Sole ensures that its legitimate interests do not override the fundamental rights and freedoms of data subjects.

2.1. Client

Corsica Sole processes the personal data of persons acting on behalf of its clients, namely:

civil title, last name, first name,
job title / position within the company, department, business address, business email address, business telephone number,
signature (for companys’ representatives authorised to sign contracts and official documents).

Such data are collected and processed by Corsica Sole:

in order to take steps prior to entering into a contract or to perform a signed contract: professional communications, issuing quotations, commercial proposals, negotiation of contracts, signature of contracts, contract management, issuing and processing invoices, etc.;
to comply with its legal obligations relating to accounting and taxation;
to pursue its legitimate interest in ensuring high-quality services for its clients: monitoring the quality of services provided, monitoring performance, etc., and organising professional events.

Personal data are retained for the duration of the professional relationship and, where applicable, the contractual relationship, then for the period necessary for project management and the operation of the power plants, traceability of operations, compliance with legal and regulatory obligations, and the management of potential disputes or warranties, within the limits of applicable statutory limitation periods.

2.2. Data relating to service providers and professional partners

Corsica Sole processes the personal data of persons acting on behalf of its service providers who supply products and/or services and of its partners (e.g. representatives, corporate officers, managers and directors, employees in charge of the contractual relationship, etc.).

Depending on the professional relationships and services provided, Corsica Sole collects and processes:

identification data: civil title, last name, first name,
professional data: job title / position within the company, department, business address, business email address, business telephone number,
signature (for company representatives and staff authorised to sign contracts and official documents, and for independent service providers),
data necessary for invoicing for independent service providers: professional bank details and business identification number, for example.

As part of the selection of service providers (e.g. competitive tendering, call for tenders), Corsica Sole may collect and process data relating to the training and professional profile of the persons concerned: professional presentation, level of education, qualifications and references, professional experience, positions held, training; as well as their photograph.

Where staff of service providers and partners access Corsica Sole’s information and communication systems (the “IT System”), Corsica Sole also processes personal data relating to connections and access to such IT System, namely:

professional identifiers (login), password*,
access rights and authorisations granted, IP/MAC address, technical logs and other IT traces, history of access to data, applications and networks, connection timestamps, recording of actions performed within the IS.

*Passwords are never stored in plain text. They are encrypted in accordance with security standards.

Where staff of service providers and partners access Corsica Sole’s sites and premises, Corsica Sole, depending on the physical security arrangements of the sites and premises, collects and processes:

data relating to professional movements: place, date and time of intervention, delivery or appointment,
data relating to their presence in the premises or on site: authorisations, accreditations and certifications, and identity documents where applicable,
image recordings: video surveillance.

Such data are collected and processed by Corsica Sole:

in order to take steps prior to entering into a contract and/or to perform contracts entered into:
- in order to manage the contractual relationship: professional communications, processing of quotations and commercial proposals, negotiations, contracting, administrative and operational monitoring of services and partnerships,
- ensure the operational management of services and partnerships,
- processing and payment of invoices, accounting and tax obligations, monitoring of payments and cost control;
to comply with its legal obligations relating to accounting and taxation;
to pursue its legitimate interest in:
- ensuring the security of its IT system: management of authorisations, control of access to IS, prevention of incidents, detection of abnormal uses, traceability of actions, incident management (including investigations), compliance and audit, evidence of authorised access, and in the interest of the persons concerned in ensuring the security of their personal data and, where applicable, their company’s data;
- ensuring the security of its physical sites and professional premises: identity and authorisation checks for access by visitors and professional contractors to secure sites and premises, monitoring of access to sites and premises, video surveillance;
- referencing service providers and partners and monitoring services;
- organising professional events.

Where staff of service providers and partners access Corsica Sole’s IT System, they undertake to comply with the security and confidentiality rules defined and implemented by Corsica Sole, in particular:

access strictly limited to professional needs,
compliance with contractual confidentiality and security commitments.

2.3. Institutional relations and media

Corsica Sole collects and processes the personal data of staff of public or private institutions, elected officials, representatives, corporate officers, managers and directors (e.g. State authorities, local authorities, administrative authorities, professional organisations, supervisory authorities, professional associations and federations, sector stakeholders, etc.), and media, in the context of their interactions and professional relations.

The categories of personal data processed by Corsica Sole are:

identification data: civil title, last name, first name,
professional contact data: job title / position within the organisation, department, professional email address, professional telephone number, professional postal address,
signature, where applicable (for representatives and staff authorised to sign administrative and professional documents requiring a signature).

Such data are collected and processed by Corsica Sole:

to comply with its legal and regulatory obligations: authorisation procedures, consultation procedures, public inquiries, mandatory consultations, regulatory reporting, environmental authorisations, sector-specific obligations, etc.;
to pursue its legitimate interest in:
- ensuring the success and management of its projects: regulatory monitoring, sector analysis, analysis of changes in legal frameworks, monitoring of positions of authorities, dialogue with institutional actors, administrative or institutional procedures that do not strictly fall within a legal or regulatory obligation (e.g. preparatory meetings prior to authorisation requests, technical committees, etc.), participation in sectoral work and working groups, relations with professional associations, etc.;
- communicating with the media,
- organising professional events.

Personal data are retained for the duration of the professional relationship, then, where applicable, for the period necessary for project management and the operation of the power plants, traceability of operations, compliance with legal and regulatory obligations, and the management of potential disputes, within the limits of applicable statutory limitation periods.

2.4. Local communities surrounding Corsica Sole’s professional sites

Corsica Sole collects and processes the personal data of companies and individuals forming the local community surrounding its professional sites under development and/or in operation (e.g. neighbouring landowners, local associations, local elected officials, etc.).

The personal data collected and processed by Corsica Sole are:

identification data: civil title, last name, first name,
professional contact data: job title / position within the organisation, department, professional email address, professional telephone number, professional postal address,

where applicable:

personal contact data, for example for neighbouring residents: personal email address, personal telephone number, personal postal address,
signature (for persons or representatives authorised to sign documents requiring a signature),
summaries of exchanges with the local community relating to projects, strictly limited to information necessary for project monitoring.

Such data are collected and processed by Corsica Sole:

to comply with its legal and regulatory obligations: mandatory consultation procedures and public inquiries, administrative monitoring of applications;
to pursue its legitimate interest in
- ensuring that projects are aligned with local expectations: meetings with local associations, discussions with residents organised voluntarily, voluntary consultations outside legal obligations, analysis of project feasibility, risk analysis, exchanges with local elected officials, etc.
- organising professional events.

2.5. Landowners

Corsica Sole processes the contact data of landowners with whom projects are envisaged and/or ongoing, namely:

civil title, last name, first name,
the postal address of the land,
the landowner’s telephone number and email address.

In the context of the purchase or lease of land, Corsica Sole may also process:

the landowner’s postal address,
data relating to the signing of the lease or purchase agreement: identity documents, date and place of birth, marital and family status, succession, etc.;
data relating to the payment of the purchase price or rents: bank details and other information necessary for payments.

Such data are collected and processed by Corsica Sole:

in order to take steps prior to entering into a contract and to perform the contract, in order to manage the business relationship: exchanges relating to land, negotiations and signing of lease or purchase agreements, monitoring of lease or purchase, processing and payment of rents;
to comply with its legal obligations relating to accounting and taxation;
to pursue its legitimate interest in assessing the feasibility of projects: study and analysis of land, etc.

2.6. Farmers

Corsica Sole processes the contact data of farmers with whom the agricultural use of land is envisaged or ongoing, namely:

civil title, last name, first name,
contact details: postal address, telephone number and email address.

In the context of an agricultural land-use agreement, Corsica Sole may also process:

data relating to their professional training (qualifications, CV, etc.),
professional identification data of the farm operator,
data necessary for invoicing (ex: professional bank details, etc.),
where applicable, information evidencing the exploitation of the land.

Such data are collected and processed by Corsica Sole:

in order to take steps prior to entering into a contract and to perform the contract, in order to manage the business relationship: exchanges relating to the operator’s qualifications and project feasibility, negotiations and signing of the land-use agreement, monitoring of exploitation, processing and payment of invoices, etc.;
to comply with its legal obligations to ensure the exploitation of the land concerned and to justify such exploitation, and its legal obligations relating to accounting and taxation;
to pursue its legitimate interest in developing agricultural activities on these lands.

2.7. Investors and lenders (banks, funds, etc.)

Corsica Sole processes the contact data of representatives of its professional investors and individual shareholders, as well as staff of lenders (banks, funds, etc.), namely:

civil title, last name, first name,
job title / position within the organisation, department, company name, business address, business email address, business telephone number, signature (for company representatives authorised to sign contracts),
for individuals: personal address, personal email address, personal telephone number, signature, and bank details for payments.

Such data are collected and processed by Corsica Sole:

to perform the contract in order to manage the contractual relationship: professional communications, negotiations, signature of confidentiality agreements, contracting, monitoring of the relationship;
to comply with its legal obligations relating to accounting and taxation;
to pursue its legitimate interest in managing its professional relationships, referencing banks and investors, and organising professional events.

2.8. Candidates

Corsica Sole processes the personal data of candidates who have applied for a job offer or submitted a speculative application, namely:

identification data: civil title, last name, first name,
contact data: telephone number, email address, postal address,
data relating to education and professional background: level of education, professional training, professional experience, professional qualifications, curriculum vitae (“CV”), cover letter, etc.;
the content of messages (e.g. in the online form, in messages sent by email or via professional social networks, etc.);
any other document attached to the job application (documents useful for the job application only).

Such data are collected and processed by Corsica Sole:

in order to take steps prior to entering into an employment contract:
- receipt and review of job applications,
- communications in the context of the recruitment process (e.g. exchanges with HR teams, interviews, etc.),
- assessment of the suitability of profiles for current or potential positions,
- responses to candidates,
- where applicable, administrative follow-up of recruitment;
to pursue its legitimate interest in identifying relevant profiles for available positions and, where applicable, verifying candidates’ professional references.

Personal data are retained for the period necessary for processing job applications and the recruitment process and, where applicable, administrative follow-up of recruitment. Data may be retained beyond this period where necessary for evidentiary purposes, in compliance with applicable limitation periods.

In the event of recruitment, relevant data are integrated into the employee’s personnel file and retained in accordance with applicable retention periods in human resources management. Successful candidates are then informed of the processing of their data in the context of recruitment and integration within the company as an employee, with other personal data being collected at that time.

3. With whom does Corsica Sole share personal data?

Personal data are intended for Corsica Sole’s internal departments responsible for processing the requests received.

They may also be processed by:

technical service providers acting as processors, in particular for website hosting, receipt and management of requests, sending communications relating to requests, management of business relationships, for project management and the operation of the power plants;
service providers and partners acting as data controllers, in particular in the context of supporting Corsica Sole in project management, as well as in the construction and operation of the power plants.

4. Data security and transfers outside the European Union

Corsica Sole implements appropriate technical and organisational measures to ensure the security and confidentiality of the personal data processed.

Personal data may be transferred outside the European Union in the context of the use of technical service providers. Such transfers are subject to appropriate safeguards, in particular standard contractual clauses adopted by the European Commission, in accordance with Articles 44 et seq. of the GDPR.

5. Cookies and other trackers

In the current configuration of the website, Corsica Sole uses only cookies strictly necessary for its operation and an audience measurement tool exempt from consent in accordance with CNIL guidelines.

The cookie necessary for the operation of the website is used to record the user’s language preferences during navigation. Its lifespan is limited to the session: when the visitor leaves the website, the cookie is immediately deleted.

The Website uses UseFathom (Fathom Analytics) to measure website traffic and produce aggregated usage statistics.

UseFathom is a privacy-friendly audience measurement tool that does not use cookies and does not allow cross-site tracking or individual profiling.

The data collected are used exclusively for statistical purposes and are processed in accordance with the terms defined by this provider as part of its standard service.

Consequently, since the website uses only cookies strictly necessary for its operation and a cookie-less audience measurement tool, no prior consent is required in accordance with applicable regulations.

6. Rights of data subjects

In accordance with the GDPR and the French Data Protection Act, you have the right of access, rectification, erasure, restriction of processing and objection on legitimate grounds.

Corsica Sole does not implement automated decision-making (including profiling) producing legal effects or similarly significant effects concerning individuals.

The right to data portability applies only where processing is based on consent or on the performance of a contract to which the data subject is directly or indirectly a party and is carried out by automated means. In the context of the processing carried out by Corsica Sole, this right is in principle not applicable.

Where processing is based on consent, such consent may be withdrawn at any time.

Data subjects may define instructions regarding the fate of their personal data after their death.

These rights may be exercised by contacting Corsica Sole by sending:

by email at: dpo@corsicasole.com;
by post at the following address: « Corsica Sole, Data Protection Officer (DPO), 59 rue Pernety, 75014 Paris ».

You also have the right to lodge a complaint with the French Data Protection Authority (Commission nationale de l’informatique et des libertés – CNIL) (www.cnil.fr).

7. Modification and biding effects of the Policy

This Policy may be updated to reflect legislative or regulatory developments or to comply with information obligations under applicable personal data protection regulations.

Corsica Sole invites you to consult this document regularly on its website.

In the event of any material change, Corsica Sole will make the updated version of this Policy available, indicating the date of the update and, where applicable, the changes relating to the processing of your personal data.

In the event of any inconsistency or discrepancy between the English and French versions, the French version shall prevail and be binding on the parties.