Personal Data Protection charter

Kindly carefully read the Personal Data Protection Charter of Banque Richelieu France.

General

By subscribing to and using Banque Richelieu France products and services (hereinafter the “Services”), as well as by browsing all the internet pages provided and operated by Banque Richelieu France (hereinafter the “Website “Or the” Site “) you accept all the conditions of this personal data protection charter (hereinafter the” Charter”).

Introduction

The protection of your personal data (hereinafter “personal data” or “data”) is of vital importance to Banque Richelieu France. The present Charter is intended to inform you how our establishment collects, uses, processes and transmits your personal data when you use our Services, our Site as well as our mobile application. The processing of your data is carried out in accordance with current legislation on the protection of personal data and in particular European Regulation No. 679/2016 relating to the protection of individuals with regard to the processing of personal data (” RGPD “) and to law n ° 78-17 of January 6, 1978, in its current version, relating to data processing, files and freedoms (hereinafter the” Regulations “). These Regulations only apply to personal data that directly or indirectly identifies an indivdual person. This data may be collected, recorded, stored, adapted, transferred, processed and/or used by the Bank in accordance with the following provisions. For the purposes of this document, the terms “we”, “our” or the “Bank” mean Banque Richelieu France.

Who is responsible for data processing ?

Your personal data controller is Banque Richelieu France, whose head office is located at 1-3-5 rue Paul Cézanne
75008 Paris France. Banque Richelieu France determines the purposes and the way of processing your personal data.

Who are the persons concerned by the present document?

The present document is intended for any individual person in direct or indirect relation with the Bank, for example (non-exhaustive list):

  • Client
  • Prospect
  • Provider
  • Visitor / User of our Website
  • Candidate
  • Person contacting the Bank
  • Guarantor
  • Agent
  • Legal representative, corporate officer and authorized person of a legal person who is a client of the Bank
  • Beneficial owner and shareholder of a legal person who is a client of the Bank
  • Principal or beneficiary for transactions made in relation to a client of the Bank.

Bank employees are not concerned by this Charter, as they have besides received a data protection policy related to Human Resources.

In all of these cases, we use or may use your personal data. If you belong to one of them, we invite you to read this document carefully.

What personal data is collected when browsing the Website?

When you browse our Website, Banque Richelieu France collects and processes some of your personal data.

The data we collect may include, depending on your use of our Website, those listed in the below categories:

 Data categories Data type
 Navigation and Cookies Technical logs, IP address, data collected via cookies

What personal data is collected when browsing the Website?

The Bank, in particular when subscribing to one of its Services, will process different types of personal data and in particular those listed in the categories below:

 Data categories Data type
 Identification, personal  situation and contact  information Name, first name, address, place and date of birth, country of residence, tax situation, marital status, matrimonial regime,  studies and professional situation, telephone number, email address, language, hobbies and interests.
 Banking, financial and  transactional data Account number, portfolio number, client number, investment profile, transaction data, values of your assets.
 Videos and phone recordings

 The Bank’s premises to which you have access are protected by cameras. The data thus collected are processed by the Bank  for security purposes only.

 Electronic and phone communications may be recorded by the Bank or on its behalf.

 Public Data published or transmitted by a public institution may be processed by the Bank.
 Professional life Resume, education, professional training, distinctions.
 Other All other Personal Data reasonably related to the conduct of the Bank’s business.

We may also collect and use personal data if it is provided to us by your employer, your company or a company to which you are linked as part of an agreement or relationship between us and your employer or such company.
If we collect or receive your personal data while providing our services, we may receive information from third parties such as counterparties in transactions, regulatory authorities, etc. This information may include your name, contact information, job details and other information relevant to the services that we provide to our clients.

What data do we not collect?

Except in very specific cases where regulations require it, the Bank never processes data relating to your racial or ethnic origins, your political opinions, your philosophical beliefs, your religion, your trade union membership, your sex life or sexual orientation, and your genetic data.

What are the purposes of the processing carried out?

The personal data that you communicate to us via the Website are collected and processed by Banque Richelieu France in order mainly to respond to requests expressed via all collection tools and services available to you on the site, the request for information, appointment making, reminder or participation in an event.

The data concerning you and which are communicated to the Bank by you or by a third party, by means of a form or document from the Bank, an order or a request or in any other way, and whatever the communication channel, are processed by the Bank for use to carry out operations in your favor and are processed to achieve one or more of the purposes listed below:

  • knowing the Customer and updating his data,
  • the execution of the Account Agreement,
  • the account management and banking and financial relations,
  • the management of banking, financial or insurance products/services provided by the Bank,
  • the granting and management of credit,
  • the development of statistics,
  • risk assessment and management,
  • prevention, research and detection of unpaid debts and fraud,
  • claim, recovery, litigation
  • advisory,
  • the assessment of the adequacy and suitability of the investment service provided,
  • the management of operations aimed at offering the person concerned the products and services marketed by the Bank,
  • conservation and archiving,
  • any legal and regulatory obligation.

What are the legal basis for collecting and using personal data ?

The data collected is subject to processing, if you have agreed to it or if the processing is based on at least one of the following legal grounds:
The processing is subject to a legal or regulatory obligation to which Banque Richelieu France is subject and in particular for the following purposes:

  • fight against money laundering and financing of terrorism,
  • cooperation related to the automatic exchange of information under the “CRS” regulations,
  • tax identification and reporting within the framework of US regulations known as “FATCA” in the fight against tax evasion,
  • compliance with the Bank’s obligations with regard to supervisory authorities, administrative or judicial authorities, authorized official bodies, and French or foreign market authorities.

The Bank processes your data as part of the execution of pre-contractual and contractual measures with you or your employer or a company to which you are linked and in particular for the following purposes:

  • relationship management,
  • account management,
  • credit granting and management,
  • supply or receipt of products and services,
  • need of the processing in order to enter into a future contract with you.

We process your personal data to achieve the legitimate interests pursued by the Bank or by a third party which are necessary, for example for:

  • the Bank to carry out its daily activities and provide its services,
  • statistics production,
  • implementing any change in the social structure or the shareholding of the Bank,
  • have a video surveillance system for safety and security purposes (people and goods).

Furthermore, if information not strictly necessary for the execution of the above-mentioned purposes is collected, it will be done with your prior consent. You can, at any time, withdraw your consent if necessary.

Who do we share your personal data with?

The personal data collected by Banque Richelieu France may be communicated, for achieving the purposes mentioned above, to:

  • any entity of the group to which the Bank belongs (as defined in Article L.233-3 of the French Commercial Code) within the limit of the data necessary for the performance of the services or subcontracted tasks, or for their use for study and file management purposes as well as for commercial prospecting and / or other statistical studies,
  • third parties, in particular partners, brokers and insurers as well as subcontractors and/or service providers, with whom Banque Richelieu France collaborates and whose intervention is necessary or useful for the processing or the achievement of the above purposes,
  • official bodies and legally empowered administrative or judicial authorities, at their request, to the extent necessary to comply with any applicable law and regulation,
  • potential buyers, or investors of all or part of our business, and their advisors and financiers, if we have a legitimate interest in doing so,
  • any recipient who requests the data necessary to identify the concerned person and contact her, in particular in the context of a health crisis, and when the purpose of this data transmission is to protect the vital interests of the concerned person or those of another individual person and within the limits of the data strictly necessary for achieving this purpose.

To which third countries do we transfer your personal data?

The personal data thus transmitted in accordance with the agreed purposes may, during various operations, be transferred to a member country of the European Economic Area (EEA) or to a country whose legislation has been recognized as adequate by the European Commission in application of the provisions of Article 25 of European Directive 95/46 / EC such as Switzerland.
In the event of a transfer to a country that does not belong to the EEA and whose level of protection has not been recognized as adequate by the European Commission, you are informed that the Richelieu Group will not be able to transfer personal data only if it has provided Appropriate Safeguards as defined in article 46, paragraphs 2 and 3 of the GDPR (“Transfers with appropriate safeguards”), such as:

  • standard contractual clauses approved by the European Commission, which guarantee a level of data protection equivalent to that of a country of the European Union;
  • where applicable, binding corporate rules (for intra-Group transfers).

In the absence of an adequacy decision or of Appropriate Safeguards, a transfer of personal data to a country which does not belong to the European Union can take place only on the basis of the exemptions provided for in article 49 of the GDPR (“Exemptions for specific situations”).
These data transfers take place under conditions and under specific guarantees to ensure the protection of your personal data.

How do we protect your personal data?

All necessary precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorized third parties. In addition, we ask these third parties, referred to above, to put in place appropriate technical and organizational security measures with regard to this personal data.

What are your rights ?

In accordance with legal and regulatory provisions, you can exercise, free of charge, at reasonable intervals, the following rights:

  • Right to access and receive your personal data:
    You have the right to ask us what personal data we hold about you. You can also access your data.
  • Right to rectify your personal data:
    You can ask us, at any time, to rectify your personal data if you notice that they are incomplete or incorrect.
  • Right to erase your personal data:
    You can also ask the Bank to delete your personal data according to the reasonable technical means available to the Bank. However, the Bank may refuse to proceed with this operation if the processing of your data is still necessary, in particular to meet its legal, contractual obligations or for the purposes of proof.
  • Right to limit the processing of your personal data:
    In certain specific cases, you can request that the processing of your personal data be restricted.
  • Right to object to the processing of your personal data:
    You can object to the processing of your personal data in specific cases. In this case, the Bank will no longer process your personal data, unless it can demonstrate that there are legitimate and compelling reasons for the processing which prevail over your interests. You also have an absolute right to object to the processing of your personal data for direct marketing purposes.
  • Right to withdraw your consent to the processing of your personal data:
    You can withdraw, at any time, the consent given for the processing by the Bank of personal data concerning you.
  • Right to data portability:
    You have the right to obtain that the personal data that you have provided to us be transmitted directly to another data controller, where technically feasible for the Bank.

The aforementioned rights can be exercised with the Bank’s Data Protection Officer at the following address: “Groupe Richelieu, Délégué à la protection des données (DPD) – 1-3-5, rue Paul Cézanne -75008 Paris ”or by e-mail to the following address: protectiondesdonnees.fr@banquerichelieu.com 

The Bank undertakes to respond within the time limits provided for by the regulations.

The user may, in the event of a dispute, contact the National Commission for Data Protection and Liberties (CNIL). To contact the CNIL, you should send a simple letter to the attention of the President of the CNIL, National Commission for Data Protection and Liberties – 3, Place de Fontenoy – TSA 20715 – 75334 PARIS CEDEX 07.

How long can we keep personal data ?

The retention period of personal data by the Bank varies and is determined by various criteria, including:

  • the purpose for which the Bank uses them: the Bank must keep the data for the period necessary to accomplish the purpose related to the processing; and
  • legal obligations: laws or regulations may set a minimum period during which the Bank must keep personal data.

Amendments to our Personal Data Protection Charter

The Bank reserves the right to modify this Charter in order to take into account the changes made to the various regulations and practices in force. Any changes we make to our Charter will be posted directly on this page of our Website. To ensure that you have the latest version at all times, we invite you to consult it online.

Cookies – Collection of personal data by automated means

Cookies or other trackers mean trackers deposited and read, for example, when browsing a website, reading an e-mail, installing or using software or a mobile application, regardless of the type of device used. You are informed that when you visit one of our sites, cookies and trackers may be installed on your device. When necessary, we collect your consent before installing such trackers on your device, but also when we access data stored on your device. The lifespan of these trackers is 13 months maximum.