INFORMATION NOTICE RELATING TO THE PROTECTION OF PERSONAL DATA
Date of last update: June 2020
The BNP Paribas Group attaches great importance to the protection of your personal data (or “ personal data ”). This is why the BNP Paribas Group has adopted strong principles for the protection of your data, set out in a personal data confidentiality charter applicable to the entire Group and available at https: // group .BNP Paribas.
This Notice on the protection of personal data provides you with clear and detailed information (“you” being explained in more detail in section 2) concerning the way in which your personal data is protected by Finance Studio (“we”).
As data controller, we are responsible for collecting and processing your personal data in the course of our business. The purpose of this Notice on the protection of personal data is to inform you about the personal data that we collect about you, the reasons for which we use and share it, for how long we keep it, what your rights are and how you can exercise them.
If necessary, additional information may be communicated to you when you subscribe to a particular product or service.
1. WHAT PERSONAL DATA CONCERNING YOU DO WE USE?
We collect and use your personal data, which is any information that identifies you or allows you to be identified, to the extent necessary for our activities, and to provide you with personalized and high-quality products or services.
Depending in particular on the type of product or service we provide to you, we collect different types of personal data concerning you, including: - Identification information; - Private or professional contact information; - Information relating to your family situation and family life;
Economic, financial and fiscal information; - Information relating to education and employment; - Banking and financial information;
- Transactional data (data relating to transactions, including transfers, including in particular data relating to beneficiaries including their full names, address and contact details);
- Data relating to your habits and preferences (data related to your use of the products and services that you have subscribed to with us);
- Data collected as part of our exchanges with you (meeting reports), on our websites, our applications, our pages on social networks (connection and monitoring data such as cookies, connection to online services line, IP address), during meetings, calls, chats via instant messaging, e-mails, interviews, telephone conversations;
- Geolocation data;
- Information about your device (IP address, technical characteristics and unique identification data);
- Connection identifiers or personalized security devices used to connect to the BNP Paribas Group website and applications.
We are also likely to use the data we already have relating to your personal, economic, financial and banking situation.
We may collect the following special categories of personal data (or "sensitive data"), only after obtaining your prior explicit consent: - Biometric data (eg fingerprints, voice print or facial recognition data) which can be used for identification and security purposes; - Data relating to health, for example in connection with the conclusion and execution of certain insurance contracts; these data are processed only if this is strictly necessary.
We never ask you to provide us with other sensitive data such as data relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or relating to your trade union membership, genetic data or data relating to your life or your sexual orientation, unless a legal obligation requires us to do so.
2. WHO IS THIS MANUAL FOR AND FROM WHOM DO WE COLLECT PERSONAL DATA?
We collect data directly from you, whether you are a client or a prospect (when you contact us, visit one of our branches, visit our website or one of our applications, use our products and services, participate to a survey or event that we organize), but we also collect data about other people in an indirect way. Indeed, we collect information about people even if they do not have a direct link with us because they have a link with you, whether you are a customer or a prospect, for example: - members of your family ; - heirs and beneficiaries; - co-borrowers / guarantors; - legal representatives (mandates / delegations of powers); - beneficiaries of payment transactions; - beneficiaries of an insurance contract or policy and of a trust / trust; - owners; - beneficial owners; - creditors (for example in the event of bankruptcy); shareholders of companies.
When you send us the personal data of third parties such as those appearing in the above list, remember to inform the person to whom these data relate that we are processing their personal data and direct them to this Information Notice relating to the protection of personal data. We will also provide this information to them when possible (for example, if we do not have their contact details, we will not be able to contact them).
In order to check and enrich our databases, we are also likely to collect personal data from: - other BNP Paribas entities; - our customers (companies or individuals); - our business partners; - providers of payment initiation services and account aggregators (providers of account information services); - third parties such as data brokers, who must ensure that they collect the relevant information legally; - publications / databases made available by authorities or official third parties (for example the Official Journal of the French Republic, databases managed by financial sector supervisory authorities); - websites / social network pages of legal entities or professional clients containing information that you have made public (for example, your own website or your page on a social network); - public information such as that published in the press.
3. WHY AND ON WHAT LEGAL BASIS DO WE USE YOUR PERSONAL DATA?
In this section we explain how and for what purposes we use your personal data.
a) To comply with our various legal or regulatory obligations:
We use your personal data to comply with the regulations in force, particularly banking and financial regulations, in order to: - manage, prevent and detect fraud; - monitor operations and identify those which are abnormal / unusual (for example when you withdraw a large sum of money in a country in which you do not live); - issue and keep electronic certificates linked to electronic signatures; - monitor and report the risks (of a financial nature, of a legal nature, of reputation, of default, etc.). We are and / or the BNP Paribas Group is liable to 'to be confronted; - record, if necessary, telephone calls, chat exchanges, emails, etc., notwithstanding any other use described below; - detecting situations of financial fragility in order to offer the customers concerned appropriate support measures; - to exchange information, to report transactions or to respond to an official request from the legal, criminal, administrative, fiscal and financial authorities, or from an arbitrator or a mediator. the law, government bodies or public bodies; - prevent and detect money laundering and terrorist financing and comply with all regulations on international sanctions and embargoes as part of our know your customer (KYC) procedure (to identify you, verify your identity, check your information against sanctions lists and determine your profile); - fight against tax fraud and fulfill our obligations in terms of declarations or tax audits; - detect and manage suspicious requests and operations; - carry out an assessment of the suitability for each client and the suitability of the provision of investment services in accordance with regulations on the markets in financial instruments (MiF 2); - record transactions for accounting purposes; - prevent, detect and report risks related to Corporate Social Responsibility and sustainable development; - detect and prevent corruption.
The data concerning you may in particular be used for the transmission of information to the Central Checks File (FCC).
In addition, and as part of the credit granting procedure, we are required to consult the Personal Credit Repayment Incidents File (FICP), and in the event of a clear payment incident, to request registration. information about you in this file. It is important to note that if your request is refused, you can ask us for an interview to present your observations.
b) To perform any contract to which you are a party or to perform pre-contractual measures taken at your request
We use your personal data to enter into and perform our contracts as well as to manage our relationship with you, in particular in order to:
• define your credit risk score and your repayment capacity;
• assess (eg on the basis of your credit risk score) whether we can offer you a product or service and on what terms (including price);
• assist you, in particular by responding to your requests;
• manage and process payment incidents, unpaid debts (identification of unpaid customers and, where applicable, their exclusion from benefiting from new products or services) and the resulting amicable and legal recovery operations.
c) To serve our legitimate interests:
We process your personal data, including data relating to your operations, for the following purposes::
- Risk management: - establish proof of transactions, including in electronic format; - manage, prevent and detect fraud; - develop individual statistical models to facilitate the definition of your borrowing capacity; - monitor operations and identify those that are abnormal / unusual (for example when a large sum of money is deposited in your account in a country in which you do not live); - recovery; - assert legal rights and defend ourselves in litigation.
- Personalize our offer and that of the other subsidiaries of the BNP Paribas group and: - improve the quality of the products or services we offer you, - deduce your preferences and your needs in order to present you with a personalized commercial offer, in particular by segmenting our prospects and customers in order to provide them with the most suitable products or services; - promote products and services that correspond to your situation or your profile.
This can be done by: - analyzing your habits and preferences through different channels (eg emails, communications, visits to our websites); - analyzing character traits or behaviors in current customers and finding other people who share the same characteristics for prospecting purposes;
- offering products or services corresponding to your situation, and to the products or services that you already own or use; - monitoring transactions to identify those that appear unusual. As a result, you will be likely to receive offers electronically for our products or services similar to those you have already subscribed to. However, you can oppose it under the conditions provided for in section 7.
- Research and development (R&D) activities consisting in developing statistics and models for:
- optimize and automate our operational processes (for example the creation of a chatbot for FAQs);
- offer products and services that allow us to best meet your needs;
- adapt the distribution, content and prices of our products and services based on your profile;
- create new offers;
- prevent potential security incidents, improve customer authentication and manage access;
- improve safety management;
- improve risk and compliance management;
- improve the management, prevention and detection of fraud;
- improve the fight against money laundering and the financing of terrorism.
- IT systems security and performance management objectives, which include:
- manage information technology, including infrastructure (eg shared platforms), business continuity and security (eg user authentication);
- prevent damage to people and property (eg video protection).
- More generally :
- inform you about our products and services;
- carry out financial transactions such as the sale of debt portfolios, securitizations, financing or refinancing of the BNP Paribas Group;
- organize contests, lotteries and other promotional operations;
- conduct customer opinion and satisfaction surveys;
- improve process efficiency (train our staff by recording telephone conversations in our call centers and improve our call scenarios);
- improve the automation of our processes, in particular by testing our applications, processing complaints automatically, etc.
- carry out checks on the quality of our data.
In any case, our legitimate interest remains proportionate and we ensure, through a balancing test, that your interests or fundamental rights are preserved. If you would like more information about the balancing test, please contact our services using the contact details in section 9 “How to contact us” below.
d) To respect your choice when we have asked for your consent for a specific treatment
In the context of certain personal data processing activities, we will send you specific information and invite you to consent to this processing. Please note that you can withdraw this consent at any time.
4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
a) Data sharing within the BNP Paribas Group
We are members of the BNP Paribas Group, in the field of banking and insurance, that is to say companies collaborating closely around the world to create and distribute various insurance, financial products and services and banking.
We share personal data within the BNP Paribas Group for commercial purposes and to improve our efficiency, in particular on the basis of:
• compliance with our legal and regulatory obligations:
- share data collected for the fight against money laundering and the financing of terrorism, for compliance with international sanctions, embargoes and know your customer (KYC) procedures;
- manage risks, which includes credit risk and operational risk (risk category / risk rating / etc.);
• our legitimate interests:
- prevent, detect and fight against fraud;
- R&D activities, in particular for compliance, risk management, communication and marketing purposes;
- obtain a global and coherent vision of our clients;
- offer a full range of Group products and services, to enable you to benefit from them;
- personalize the content and prices of products and services for the customer.
Your data may also be transmitted, with regard to the study, granting and prevention of unpaid debts, to the entities of the BNP Paribas Personal Finance group as well as to credit institutions subject to professional secrecy, linked to BNP Paribas. Personal Finance for the management of their loans to individuals.
b) Data sharing outside the BNP Paribas Group
In order to achieve some of the purposes mentioned in this Notice, we may share your personal data with:
• service providers who provide services on our behalf (eg IT, printing, telecommunications, collection, consulting, distribution and marketing services);
• banking and commercial partners (for example in the context of debt transfer transactions, in particular to management companies in the context of securitization transactions), independent agents, intermediaries or brokers, financial institutions , counterparties, trade repositories with which we have links if such a transfer is necessary to provide you with services or products or to meet our contractual obligations or carry out transactions (for example banks, correspondent banks, depositaries, securities issuers, paying agents, exchange platforms, insurance companies, payment system operators, payment card issuers or intermediaries);
• business intelligence agencies;
• financial, tax, administrative, criminal or judicial, or local or foreign authorities, arbitrators or mediators, law enforcement authorities, government agencies or public bodies, to whom we or any member of the BNP Paribas Group are required to disclose data:
- at their request;
- as part of the defense or response to a question, action or proceeding;
- in order to comply with any regulation or recommendation issued by a competent authority with respect to us or any member of the BNP Paribas Group;
• third-party payment service providers (information about your bank accounts), for the purposes of providing a payment initiation or account information service if you have consented to the transfer of your data to this third party part ;
• certain regulated professionals such as lawyers, notaries, rating agencies or auditors when specific circumstances require it (litigation, audit, etc.) as well as any current or potential buyer of companies or activities of the BNP Paribas Group or our insurers.
Some of your data may be transmitted to EDF, to the Société de Gestion des Financements et de la Garantie de Access Sociale à la Propriété (SGFGAS) and to local authorities if you benefit from a loan at a subsidized rate. as part of the management of the bonus. In addition, within the framework of a SACCEF guarantee, some of your data may be transmitted to the European Company of Guarantees and Cautions (CEGC).
c) Sharing of aggregated or anonymized data
We share aggregated or anonymized data within the BNP Paribas Group and outside the Group with partners such as research groups, universities or advertisers. However, you will not be able to be identified from this data.
Your personal data may be aggregated in the form of anonymized statistics to be offered to professional clients in order to help them develop their activities. In this case, our professional clients will not be able to identify you, and your personal data will never be disclosed to them.
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
In the event of international transfers from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place on the basis of a decision rendered by the European Commission, when that -ci has recognized that the country to which your data will be transferred ensures an adequate level of protection.
In the event that your data is transferred to a country whose level of protection of your data has not been recognized as adequate by the European Commission, either we will rely on a derogation applicable to the specific situation (for example if the transfer is necessary to perform a contract concluded with you, such as in particular when executing an international payment) or we will take one of the following measures to ensure the protection of your personal data:
- standard contractual clauses approved by the European Commission;
- binding corporate rules.
To obtain a copy of these measures to ensure the protection of your data or to receive details of where they are accessible, you can send us a written request as indicated in Section 9 below.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data for as long as necessary to comply with applicable laws and regulations, or for a period defined with regard to our operational constraints, such as keeping our accounts, efficient management of customer relations, as well as for assert legal claims or respond to requests from regulatory bodies. For example, customer data is mostly kept for the duration of the contractual relationship and for 10 years from the end of it. With regard to prospects and in the event that a request is unsuccessful, this data is kept for 6 months. The biometric data collected ( for example your voice, your face , your templates ) are kept 48 hours after the end of the biometric procedure.
7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with the legislation applicable to your situation, you can exercise the following rights, if applicable:
• Right of access: you can obtain information concerning the processing of your personal data as well as a copy thereof;
• Right of rectification: if you believe that your personal data is inaccurate or incomplete, you can request that it be modified accordingly;
• Right to erasure: you can request the erasure of your personal data, to the extent permitted by law;
• Right to restriction of processing: you can request restriction of processing of your personal data;
• Right to object: you can object to the processing of your personal data for reasons relating to your particular situation. You have the absolute right to object at any time to your data being used for commercial prospecting purposes, or for profiling purposes if this profiling is linked to commercial prospecting. If you do not wish to receive electronic offers for our products or services similar to those that you have already subscribed to, you can object to them as described below.
• Right to define guidelines relating to the retention, erasure or communication of your personal data, applicable after your death.
• Right to withdraw your consent: if you have given your consent to the processing of your personal data, you can withdraw this consent at any time.
• Right to portability of your data: when authorized by law, you can request the return of the personal data that you have provided to us, or, when technically possible, the transfer of these to a third party.
If you wish to exercise the rights mentioned above, please send us a request by post or email to the following address Finance Studio - Main Building - Immeuble Victoria - 1st floor, 375 Contre Allée - Route de Neufchatel, 76230 Isneauville - consumer .donneespersonnelles @ artists-studio.com. Please include a scan / copy of your proof of identity, where necessary, so that we can identify you.
In accordance with the applicable legislation, in addition to the rights mentioned above, you can lodge a complaint with the CNIL (National Commission for Computing and Freedoms).
8. HOW TO BE INFORMED OF CHANGES TO THIS PERSONAL DATA PROTECTION NOTICE?
In a world where technologies are constantly evolving, we may need to regularly update this Notice.
We invite you to read the latest version of this document online, and we will inform you of any significant changes through our website or through our usual communication channels.
9. HOW TO CONTACT US?
If you have any questions regarding our use of your personal data under this Personal Data Protection Notice, you can contact our Data Protection Officer BNP Paribas Personal Finance Data Protection Officer 95908 Cergy Pontoise Cedex 09 - firstname.lastname@example.org, which will process your request.