The simulation and calculations are performed directly in your web browser, so your answers to the questions remain on your device—we do not collect any of them.
However, we do track some information about your use of this calculator, such as pages viewed and time spent, for the sole purpose of improving the tool.
In particular, we log the URL of the final simulation page, which contains your total carbon footprint and its breakdown by major categories (transport, housing, etc.).
Privacy Policy
Updated on 06/26/2025
The French Environment and Energy Management Agency, a public industrial and commercial establishment whose headquarters are located at 20, avenue du Grésillé 49000 Angers (hereinafter "ADEME"), places great importance on the protection of personal data it collects and processes as the data controller, in the context of the activity of the Nos Gestes Climat website (hereinafter the "Site").
Thus, the collection and processing of personal data by ADEME, in the course of its activities and the use of its products or services, informational or communication websites, databases, web applications (which may require the creation of an account and allow user/application interaction), and mobile apps, are governed by this data protection policy (hereinafter the "Policy").
All personal data processing implemented within the accessible services complies with applicable data protection regulations, particularly the provisions of the French Data Protection Act of January 6, 1978, as amended, and the General Data Protection Regulation (Regulation EU 2016/679) ("GDPR").
To ensure proper application of these rules, ADEME has appointed a Data Protection Officer (DPO), who is the main contact point for the French data protection authority (CNIL). ADEME also implements appropriate internal procedures to raise awareness among its employees and ensure compliance with these rules throughout the organization.
The purpose of this Policy is to inform the data subjects, as defined below:
- how ADEME processes personal data it collects and that data subjects provide, either with their consent or on another legal basis, to allow ADEME to provide its products or services;
- the rights of the data subjects;
- the potential recipients of the data transfers.
Data subjects are invited to carefully read this Policy to understand ADEME’s practices regarding the processing of personal data.
1. Definitions
Terms with a capital letter have the meaning assigned to them below, whether used in singular or plural form:
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Data Subject(s)" means any natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural, or social identity.
- "Products" means ADEME’s products.
- "Data Controller" refers to ADEME, the legal entity which alone or jointly determines the purposes and means of processing.
- "Services" means services provided by ADEME.
- "Sites" means all web pages and resources accessible via the Internet.
- "Processing" means any operation or set of operations performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2. What are ADEME’s commitments regarding personal data protection?
ADEME is committed to ensuring a high level of protection for the personal data of data subjects who use its websites, products, services, or any other form of personal data it processes.
ADEME undertakes to comply with applicable regulations (particularly Articles 5 and 6 of the GDPR) regarding all personal data processing. In particular, ADEME ensures that:
- personal data is processed lawfully, fairly, and transparently;
- personal data is collected for specific, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes;
- personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed;
- personal data is accurate and kept up to date, and all reasonable steps are taken to ensure that inaccurate data is deleted or corrected without delay.
ADEME implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with its data processing, complies with legal requirements, and protects the rights and personal data of data subjects from the design stage of processing operations.
Additionally, ADEME contractually requires the same level of personal data protection from its processors (contractors, suppliers, etc.).
ADEME also commits to complying with any additional principle required by applicable personal data protection law, particularly those regarding data subject rights, retention periods, and obligations concerning cross-border data transfers.
3. What categories of personal data are collected?
When using its products, services, or websites, ADEME may collect various types of personal data, including:
- Identification data: last name, first name, username, date of birth;
- Contact data: phone number (landline or mobile), postal address, email address.
4. How is personal data collected?
Data subjects may provide their personal data to ADEME through several means, including when browsing the Sites, using ADEME’s products or services, filling out various forms, subscribing to newsletters, creating an account, submitting a job application, contacting ADEME, or in any other situation involving the transmission of personal data.
5. Purposes of processing and legal bases
The purposes of personal data processing by ADEME are based on the following legal grounds: contractual performance, the data subject’s consent, ADEME’s legal and regulatory obligations, its legitimate interests, or a public interest mission.
- Based on contractual performance, ADEME processes personal data for:
- Managing the user relationship on its Sites, including:
- Account creation;
- Use of Sites and Services;
- Communication and interaction tracking.
- Managing the user relationship on its Sites, including:
- Based on consent, ADEME processes personal data for:
- Providing personalized services such as newsletters, announcements, training, etc.;
- Offering optional services such as chat rooms or discussion spaces;
- Managing user participation in contests and games;
- Managing consent-based cookies (including via Google to better manage spending and targeting).
- Based on legal and regulatory obligations, ADEME processes personal data for:
- Developing products and services that facilitate administrative procedures;
- Responding to official requests from public or judicial authorities;
- Ensuring compliance with applicable regulations;
- Managing data subject rights requests.
- Based on legitimate interests, ADEME processes personal data for:
- Developing and improving new products or services for public benefit;
- Combating fraud or abuse and managing related consequences;
- Addressing security incidents or technical issues;
- Conducting commercial prospecting towards professionals;
- Managing clients or staff within a corporate group for internal purposes;
- Handling user information requests and complaints;
- Establishing evidence to defend ADEME’s rights;
- Managing cookies that do not require consent.
- Based on public interest, ADEME processes personal data for:
- Handling aid requests to facilitate administrative procedures;
- Managing communication and user interaction;
- Complying with activity-related regulations.
6. How long is personal data retained?
ADEME commits to retaining personal data only as long as necessary for the purposes for which it was collected, plus the legal limitation period. Additionally, ADEME keeps personal data in accordance with retention periods mandated by applicable laws.
ADEME’s data retention policy is organized accordingly:
(Note: The detailed retention periods would follow here.)
| PURPOSES | RETENTION PERIODS |
|---|---|
| Management of User Relationships on ADEME Websites | Data is retained for the entire duration of the contractual relationship: the lifespan of the user account or last inbound contact (login or changes to the personal space), extended by the legal limitation period. The standard civil and commercial statute of limitations is five (5) years from the end of the contract. |
| Provision of Personalized Services | Data is retained for three (3) years from the last inbound contact. |
| Provision of Optional Services | Data is retained for three (3) years from the last inbound contact. |
| Management of User Participation in Games and Contests | Data is retained for three (3) years from the last inbound contact. |
Development of Products and Services to Facilitate Administrative Formalities | Data is retained for the entire duration of the administrative formalities, extended by the legal limitation period. The standard civil and commercial statute of limitations is five (5) years from the end of the contract. |
Responding to Official Requests from Public or Judicial Authorities | Data is retained for the entire duration of the proceedings by the authorities. |
| Management of Data Subject Rights Requests | Data is retained for one (1) or six (6) years, depending on the right exercised. |
| Fraud and Abuse Prevention | Data may be retained for up to twelve (12) months from the issuance of alerts before being qualified. Alerts deemed irrelevant or unqualified after twelve (12) months are deleted. Qualified alerts are retained for a maximum of five (5) years from the closure of the fraud case. For individuals listed as confirmed fraudsters, data is deleted five (5) years after the date of listing. If legal proceedings are initiated, data is retained until the conclusion of the proceedings, extended by the legal limitation period. The standard civil and commercial statute of limitations is five (5) years from the end of the contract. |
| Security Incident Management | Digital logs are retained for thirteen (13) months. |
| Internal Administrative Management Within a Corporate Group | Data is retained for three (3) years from the last inbound contact. |
| User Information Requests and Complaints | Data is retained for the entire duration of the contractual relationship, extended by the legal limitation period. The standard civil and commercial statute of limitations is five (5) years from the end of the contract. |
| User Information Requests and Complaints | If there is a contractual relationship with ADEME, data is retained for the duration of that relationship, extended by the legal limitation period. If there is no contractual relationship, data is retained for three (3) years from the last inbound contact. |
| Establishment of Evidence for Legal Defense | If there is a contractual relationship with ADEME, data is retained for the duration of that relationship, extended by the legal limitation period. If there is no contractual relationship, data is retained for three (3) years from the last inbound contact. |
| Cookie Management | Your cookie preferences are stored for six (6) months. Data collected via cookies is retained for twenty-five (25) months to analyze your footprint’s evolution over time. |
7. Who Can Access the Personal Data of the Data Subjects?
Recipients of the Personal Data
Data collected on ADEME Websites and Services, or through any other means, may be shared with authorized ADEME staff, partners, or service providers as part of service delivery. ADEME requires these partners and providers, through contracts, to apply strict confidentiality and data protection measures.
ADEME may also be required to share personal data with authorized public authorities in France or abroad.
Data Transfers Outside the European Union
Some of the above-mentioned recipients may be located outside the EU and have access to personal data based on specific legal authorizations.
In such cases, ADEME commits to ensuring personal data protection according to the strictest standards, including signing standard contractual clauses approved by the European Commission or using any other GDPR-compliant mechanism when data is processed outside the EEA in countries not recognized as offering adequate protection.
In any case, ADEME will inform data subjects prior to any such transfer.
7.1 Subcontractors
| Partner | Recipient Country | Hosting Country | Processing Performed | Guarantee |
|---|---|---|---|---|
| Scalingo | France | France | Website hosting | https://scalingo.com/legal-notice |
| Scalingo | France | France | Database hosting | https://scalingo.com/legal-notice |
7.2 Cookies
| Cookie Category | Cookie Name | Retention Period | Purpose | Publisher | Destination |
|---|---|---|---|---|---|
| Anonymized Audience Measurement | Matomo | 13 months | Audience measurement | Matomo & ADEME | France |
| Audience measurement | Google Tag Manager | 13 months | Tag and behavior tracking | United States | |
| Behavioral tracking analysis | Google Tag Manager | 13 months | Behavioral tracking analysis | United States |
You can withdraw your cookie consent at any time by clicking the following button:
To learn more, see the CNIL’s guidance:
8. How Can Data Subjects Exercise Their Rights?
In accordance with the GDPR, data subjects can exercise their rights of access, rectification, deletion, limitation, objection, and data portability at any time.
If personal data processing is based on consent, the data subject may withdraw consent at any time, without affecting the lawfulness of previous processing.
They may also define post-mortem instructions regarding data retention, deletion, or disclosure through a certified trusted third party.
Minors at the time of collection may request the erasure of their data as soon as possible.
Data subjects may object to processing based on ADEME’s legitimate interests, including profiling. Processing will stop unless there are compelling legitimate grounds or for legal claims.
Objection to marketing-related-processing can be made without justification.
Under the right of access, ADEME may charge a reasonable fee for additional copies of data.
To exercise rights, contact:
- By post:
ADEME
Data Protection Officer
20, avenue du Grésillé — BP 90406
49004 Angers Cedex 01 — France - By email: rgpd@ademe.fr
Include necessary identification details (name, surname, email) and any additional information to verify identity.
For certain services, rights can be exercised directly online (e.g., account management, newsletter subscriptions).
If personal data rights are violated, you can lodge a complaint with the French Data Protection Authority:
CNIL
3 Place de Fontenoy – TSA 80715
75334 Paris Cedex 07
Tel: +33 (0)1 53 73 22 22
www.cnil.fr
9. Information Security / Transaction Security
ADEME implements appropriate technical and organizational measures to ensure the security of personal data and to prevent accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access.
Data security also depends on user practices. Users are advised not to share passwords, to log out of accounts, and to close browser windows when finished—especially on shared devices.
10. Personal Data Concerning Minors
ADEME does not collect or process personal data of children under 16 without prior parental consent.
If such data is collected, parents or legal guardians may oppose it by contacting ADEME.
As stated, minors can request the erasure of their personal data as soon as possible.
11. Links to Other Websites
Some ADEME pages contain links to third-party websites. ADEME encourages users to review those sites’ privacy policies, as they may differ from ADEME’s and ADEME bears no responsibility for third-party processing practices.
12. Modifications
ADEME reserves the right to amend this policy. Updates will be published on relevant platforms with the new “last updated” date. Users are encouraged to check the policy regularly.