GDPR Data Protection and Privacy Policy

1. Introduction

New laws, regulations, directives and recommendations request that organizations put in place efficient Policies and Procedures aiming at ensuring conformity and compliance.

To this end, Sonatrach Petroleum Corporation (SPC), has adapted its organization and adopted the principles of the General Data Protection Regulation, GDPR, EU/180/2018 into force in the UK from 25 May 2018. Conformity and compliance to this new regulation are backed by a solid set-up which ensures all the requirements of this new regulation are met.

The GDPR is aimed at the personnel of SPC in its entirety, as well as, at all individuals and moral entities with a commercial and business relationship with SPC and which are therefore subjects to collection and processing of personal data.

Sonatrach Petroleum Corporation remains a Company committed to being, at all times and in all circumstances, compliant with the laws and regulations which govern the economic and corporate environment.

2. Objective

The GDPR Data Privacy Policy aims to confirm SPC’s commitment to the respect of the recommended principles of the GDPR.

It also aims to inform/ advise all parties concerned of the principles adopted by SPC in order to implement the law.

3. Scope

The GDPR applies to all personal data, which is collected, processed, and stored by SPC and refers to internal and external data subject in a business relationship with the Company.

 4. Principles

The GDPR SPC Privacy Policy is drawn up in accordance with the Code of Conduct of the SONATRACH Group and based on the following main principles:

4.1 The purpose of the data collection

The subject data is collected and processed with a specific, legitimate/legal, explicit purpose compatible with SPC’s/the Company’s needs and missions.

4.2 The relevance of the data

Only data that is relevant, pertinent and strictly necessary to achieve the purpose of the data collection is collected, processed and stored.

4.3 Duration of storage of the data

The subject data collected and processed is kept and stored for a duration not exceeding the necessary period relevant to the purpose of the data collected and to its legal and regulatory needs.

4.4 Data security

All necessary means and measures meant to protect personal data will be put in place internally and externally in order to guarantee the safety and security of the data, to avoid all unauthorized access and prevent all loss, alteration or unlawful disclosure.

4.5 Data subject rights

All Data Subjects whose data is collected and processed by the Company in the exercise of its business have a right to be informed of the purpose of the collection of their data.

They also hold a right to access their individual data held by the Company, to have the data rectified or corrected and kept up to date, and to oppose its use for legitimate reasons.

All these rights can be exercised within a well-defined framework.

5. Updates 

There will be regular updates of SPC's GDPR Privacy Policy in order to keep it up to date and correct at all times so that SPC keeps in line with the compliance of the legal requirements of the GDPR.