Personal data protection

INSEE undertakes to ensure that the processing of personal data it carries out for statistical purposes complies with the General Data Protection Regulation (GDPR) and the Data Protection Act.

INSEE and official statistics
Dernière mise à jour le :11/05/2022

Data protection policy

Each processing operation limits the collection of personal data to what is strictly necessary (data minimisation) and is accompanied by information on:

  • the objectives of the data collection (purposes);
  • the legal basis for processing;
  • the mandatory or optional nature of data collection and the recapitulation of the categories of data processed;
  • the source of the data;
  • the categories of persons concerned;
  • the recipients of the data;
  • the duration of data conservation;
  • security measures (general description);
  • the possible existence of data transfers outside the European Union or automated decision-making;
  • Data protection rights and how to exercise them with INSEE.

The personal data that INSEE collects or holds for statistical processing are subject to strict rules and measures guaranteeing their security and confidentiality.
All persons having access to the collected data are bound by statistical confidentiality. Like all public servants, INSEE employees are also subject to the legislative and regulatory rules on professional secrecy and the obligation of confidentiality, which apply to the files and information they become aware of in their work.

How to exercise your rights

Data on companies

The right to non-disclosure of data from the directory of companies and establishments for which Insee is responsible (Sirene) is available to natural person who request it in accordance with Article 21 of the General Data Protection Regulation. This right is also available to legal entities, but only in certain very specific cases (joint ownership, joint ventures, armaments companies, associations of elected representatives).

Persons wishing to exercise their rights regarding the release or non-dissemination of their company's data should refer to the links below:

  • Individual entrepreneurs (natural persons) who wish to be included in the Sirene public dissemination lists to make their company's information accessible from the Internet must follow the procedure indicated by clicking here;
  • Individual entrepreneurs (natural persons) who no longer wish to be included in the Sirene public dissemination lists should follow the procedure indicated by clicking here;
  • Persons wishing to exercise their rights in the case of a ceased individual enterprise (ceased natural person) or a legal entity eligible for non-public dissemination of the register (joint ownership, joint venture, armaments companies, associations of elected representatives) must use the form accessible from the page Request further information on the Sirene directory.

Data on deceased persons

Any person, as an heir, may object to the dissemination by third parties of data on deceased persons made available by INSEE on its site or on the site of the Open Platform of French public data. In order to facilitate the application of their rights under Article 85 of the Data Protection Act to these third parties, they may request that the deceased concerned be registered in the file of objections to dissemination .

Other data

- by e-mail at the following address:
contact-rgpd@insee.fr
- by mail at the following address:
Insee - Unité des Affaires juridiques et contentieuses
88, avenue de Verdier - CS 70058
92 541 MONTROUGE CEDEX

  • or its Data Protection Officer (DPO):

- by e-mail at the following address:
le-delegue-a-la-protection-des-donnees-personnelles@finances.gouv.fr
- by mail at the following address:
Le Délégué à la protection des données des ministères économique et financier
Délégation aux Systèmes d’Information
139, rue de Bercy Télédoc 322
75 572 PARIS CEDEX 12

NOTE: the right to erasure does not apply to processing operations in the public interest, nor does the right to object to statistical processing operations in the public interest (Articles 17(3)(b) and 21(6) of the General Data Protection Regulation).

For more information