PRIVACY NOTICE (applicable from May 25th 2018)

Similar documents
Broad Run Investment Management, LLC

UK SCHOOL TRIPS PRIVACY POLICY

Syntel Human Resources Privacy Statement

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

DATA PROTECTION NOTICE

INFORMATION WITH REGARD TO THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH REGULATION (EU) 2016/679 AND THE RELEVANT GREEK LEGISLATION

Associate Privacy Notice

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

DATA PROTECTION POLICY

This privacy policy (the 'conditions') was last amended in May 2016.

Celgene General Privacy Policy

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,

Recruitment Privacy Notice

Foundation trust membership and GDPR

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

Job Applicant Privacy Notice

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Opus2 or an Opus2 Affiliate within the Group (as applicable), shall be the Data Controller in respect of the Personal Data covered in this Notice.

Personal data: By Personal data we understand all information about identified or identifiable natural ( data subject ) according to GDPR

HKT Financial Services (IA) Limited Privacy Statement

This division includes the UK's largest single mortgage brokerage and also offers expert advice on life and general insurance.

PERSONAL DATA PROTECTION ACT (PDPA)

DATA PROTECTION POLICY

General Data Protection Regulation

EU GENERAL DATA PROTECTION REGULATION

Data Protection Policy

General Personal Data Protection Policy

ACCENTURE BINDING CORPORATE RULES ( BCR )

The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry

General Optical Council. Data Protection Policy

GDPR transparency notice for candidates (contractors and permanents)

Impact. Data Privacy Statement. Outcomes-Based Learning. Introduction

GDPR Privacy Notice for Staff

DATED: 25/05/2018 GDPR PRIVACY NOTICE FOR HOPES & DREAMS LTD FOR EMPLOYEES, CHILDREN ATTENDING A GROUP NURSERY AND THEIR PARENTS

St Mark s Church of England Academy Data Protection Policy

Auditing of Swedish Enterprises and Organisations

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Personal Data Policy

Data Privacy Policy for Employees and Employee Candidates in the European Union

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

CANDIDATE DATA PROTECTION STANDARDS

Employee Privacy Notice

Privacy Policy for Employees

Data Protection. Policy

Salesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data

How employers should comply with GDPR

closer look at Definitions The General Data Protection Regulation

What you need to know. about GDPR. as a Financial Broker. Sponsored by

The New EU General Data Protection Regulation 1

Will Your Company Pass a Privacy Audit?

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE

UK Research and Innovation (UKRI) Data Protection Policy

BRADFORD DIOCESAN ACADEMIES TRUST

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

Data Protection Policy

EBA/CP/2013/12 21 May Consultation Paper

Supplemental guide to the GDPR for HR professionals

GDPR: Is it just another strict regulation or a great opportunity for operational excellence?

Data Protection Policy

ARTICLE 29 Data Protection Working Party

General Data Privacy Regulation: It s Coming Are You Ready?

OCTOBER 2016 GROUP CODE OF CONDUCT

PRIVACY POLICY MAW Men at Work S.p.A. Agenzia per il Lavoro S.p.A

GUIDELINES CONCERNING THE PROCESSING OPERATIONS IN THE FIELD OF STAFF RECRUITMENT

Data Protection Policy

The draft Opinion was sent to the DPO for comments on 24 November These were received on 16 January 2012.

Data Protection Policy

ARTICLE 29 DATA PROTECTION WORKING PARTY

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

GDPR Factsheet - Key Provisions and steps for Compliance

English Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction

ARTICLE 29 Data Protection Working Party

Bodycote s Core Values are Honesty and Transparency, Respect and Responsibility and Creating Value and are summarised as follows:

GDPR factsheet Key provisions and steps for compliance

Data Protection Strategy Version 1.0

General Information on Authorised Economic Operator (AEO)

General Terms of Jobrapido

PRODUCT DISCLOSURE STATEMENT FOR THE THIRSTY CAMEL CARD

Guidance on the General Data Protection Regulation: (1) Getting started

IQ Data Protection Policy

Privacy Policy MONAT GLOBAL

DATA PROTECTION POLICY 2016

Getting Ready for the. General Data Protection Regulation GDPR. A Guide by Mason Hayes & Curran. Dublin, London, New York & San Francisco. MHC.

General Data Protection Regulation (GDPR) Frequently Asked Questions

Discussion Paper on innovative uses of consumer data by financial institutions

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

10366/15 VH/np DGD 2C LIMITE EN

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1

DATA PROTECTION NOTICE FROM THE DENYS GROUP. This Data Protection Notice applies to all companies cited below, which are part of the Denys group:

Tallinn, Estonia. Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011, OJ L 286,

BOARD CHARTER JUNE Energy Action Limited ABN

mytime Privacy Policy English version 25 November, 2017 mytc.io

Data Protection Policy & Procedures

Applicants will receive a job description and person specification for the role applied for.

Data Protection Audit Self-assessment toolkit

Transcription:

PRIVACY NOTICE (applicable from May 25th 2018) The protection of your personal data is important to the BNP Paribas Group. This Privacy Notice provides you with detailed information relating to the protection of your personal data by BNP Paribas Fortis SA/NV, with its head office at Montagne du Parc/Warandeberg 3, 1000 Brussels ( we ). We are responsible, as a controller, through our various brands (BNP Paribas Fortis, Hello Bank! and Fintro), for the processing of your personal data in relation to our activities. The purpose of this Privacy Notice is to inform you which of your personal data we use, the reasons why we use and share such data, how long we keep it and how you can exercise your rights. Further information may be provided where necessary when you apply for a specific product or service. 1. WHICH PERSONAL DATA DO WE USE ABOUT YOU? We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services. We collect various types of personal data about you, including : identification information (e.g. name, ID card and passport numbers, nationality, place and date of birth, gender, picture, IP address); contact information (e.g. postal address and e-mail address, phone number); family situation (e.g. marital status, number of children); tax status (e.g. tax ID, tax residence); education and employment information (e.g. level of education, employment, employer s name, remuneration); banking, financial and transactional data (e.g. bank account details, credit card number, money transfers including communications on bank transfers, assets, declared investor profile, credit history, debts and expenses); data relating to your habits and preferences: o data which relate to your use of our products and services; o data from your interactions with us: through our branches (contact reports), our internet websites, our apps, our social media pages, meetings, calls, chats, emails, interviews. video surveillance (including CCTV) and geolocation data (e.g. showing locations of withdrawals and payments, for security reasons, or to identify the location of the nearest branch or service suppliers for you); data that are provided by official authorities (i.e. to fight against over-indebtedness, we may also access to public or semi-public data about your global level of debt). We collect the following sensitive data only on a need to know basis and upon obtaining your explicit prior consent: biometric data : e.g. fingerprint, voice pattern or face pattern which can for instance be used for identification and security purposes; health data : for instance for the drawing up of some insurance contracts. Unless it is a legal obligation or it results from products and services we provide (e.g. if you have put this information in a payment instruction), we never process personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex life or orientation. The data we use about you may either be directly provided by you or be obtained from the following sources in order to verify or enrich our databases: publications/databases made available by official authorities (e.g. the official journal); our corporate clients or service providers;

third parties such as credit reference agencies and fraud prevention agencies or data brokers; websites/social media pages containing information made public by you (e.g. your own website or social media); and databases made publicly available by third parties. 2. SPECIFIC CASES OF PERSONAL DATA COLLECTION In certain circumstances, we may collect and use personal data of individuals with whom we could have (such as prospects) or used to have a direct relationship. We may also collect information about you whereas you do not have a direct relationship with us, for instance when a client (e.g. your employer), a service provider or a commercial partner provides us with information about you. This may happen if you are for example : a family member; a co-borrower / guarantor; a (legal) representative; a beneficiary of payment transactions made by our clients; a beneficiary of an insurance policy; an ultimate beneficial owner; a debtor (e.g. in case of bankruptcy); a shareholder; a staff member. 3. WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA? a. To comply with our legal and regulatory obligations We use your personal data to comply with various legal and regulatory obligations, including: prevention of money-laundering and the financing of terrorism; compliance with legislation relating to sanctions and embargoes; fight against tax fraud and fulfilment of tax control and notification obligations; banking and financial regulations under which we notably: o establish security measures in order to prevent abuse and fraud; o detect transactions which deviate from the normal patterns; o define your credit risk score and your reimbursement capacity; and o monitor and report risks that we could incur; replying to an official request from a duly authorised public or judicial authority. b. To perform a contract with you or to take steps at your request before entering into a contract We use your personal data to enter into and perform our contracts, including to: provide you with information regarding our products and services; assist you and answer your requests; 2/5

evaluate if we can offer you a product or service and under which conditions; and provide products or services to our corporate clients of whom you are an employee. c. To fulfil our legitimate interest We use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including: proof of transactions; fraud prevention; IT management, including infrastructure management (e.g. shared platforms), business continuity and IT security; establishing statistical models, based on the analysis of transactions, for instance in order to help define your credit risk score; we also carefully aggregate your personal data to the stage where they can no longer be linked to you, in order to create insights (e.g. aggregated spending habits) which we may offer in the market; establishing aggregated statistics, tests and models, for research and development; training of our personnel for instance by recording phone calls to our call centres; personalising our offering, and that of other BNP Paribas entities, to you, through: o improving the quality of our banking, financial or insurance products or services; o advertising products or services that match with your situation and profile. This can be achieved by : segmenting our prospects and clients; analysing your habits and preferences (in your use of our products and services or in your interaction with us through the various channels (visits to our branches, emails or messages, visits to our website, etc.)); sharing your data with another BNP Paribas entity, notably if you are or are to become a client of that other entity; matching the products or services that you already hold or use with other data we hold about you (e.g. we may offer family protection insurance for families with children who do not have an insurance yet); and monitoring transactions to identify those which deviate from the normal routine (e.g. when you receive a large amount deposited into your bank account). d. To respect your choice if we requested your consent for a specific processing In some cases, we must require your consent to process your data, for example: where an abovementioned processing leads to automated individual decision-making, which produces legal effects or which significantly affects you. At that moment, we will inform you about the logic involved, as well as the significance and the envisaged consequences of such processing; if we carry out further processing for purposes other than those above in this Section 3, we will inform you and obtain your consent where necessary. e. To process data from electronic communications In addition to any recording of electronic communications that is either legally authorised or imposed or to which you have consented, we may record electronic communications with you, including the related traffic data, if we do so in the course of lawful business practice for the purpose of: ensuring the training and supervision of employees and improving the quality of the service; and/or 3/5

providing evidence of commercial transactions, or communications that took place through these electronic communications including the content of these communications (including any advice being given by us). We may retain such records as long as legally required or permitted including for the period of time during which a dispute may arise further to the electronic communication recorded between you and us. The above applies to phone conversations as well as all other electronic communications (such as e-mails, SMS, instant messaging services or other equivalent technologies) with our call center, (independent) branches, private banking and business centres, dealing rooms and other Bank s representatives. 4. WHO DO WE SHARE YOUR PERSONAL DATA WITH? In order to fulfill the aforementioned purposes, we only disclose your personal data to: BNP Paribas Group entities (e.g. you can benefit from our full range of group products and services); Service providers which perform services on our behalf; Independent agents, intermediaries or brokers; Banking, insurance and other commercial partners (e.g. AG Insurance, Swift, Visa, Master Card) Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law; Certain regulated professionals such as lawyers, notaries or auditors. 5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA ( EEA ) In case of international transfers originating from the EEA to a non-eea country which the European Commission has recognised as providing an adequate level of data protection, your personal data will be transferred on this basis. For transfers to non-eea countries which level of protection has not been recognised by the European Commission as adequate, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data: Standard contractual clauses approved by the European Commission; Binding Corporate Rules. To obtain a copy of these safeguards or details on where they are available, you can send us a written request as set out in Section 9. 6. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR? We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. For instance, most of clients information is kept for the duration of the contractual relationship and 10 years after the end of the contractual relationship. For prospects, information is kept for maximum 1 year. 7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM? In accordance with applicable regulations, you have the following rights: To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data. 4/5

To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly. To erase: you can require the deletion of your personal data. To restrict: you can request the restriction of the processing of your personal data. To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing. To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time. To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party. You can exercise the rights listed above: via our electronic form (you are required to provide your identity card details); by logging into Easy Banking Web or Easy Banking App (for the access, rectify, withdraw your consent and data portability rights); by calling the Easy Banking Centre; by visiting one of our branches. Exercise my rights You can also submit your application by: letter to BNP Paribas Fortis SA Data Protection and Privacy Office, 1MA4B, Montagne du Parc 3, 1000 Brussels; e-mail to privacy@bnpparibasfortis.com. Please also send a copy or a scanned copy of your identity card. In accordance with the applicable regulations, you are entitled to lodge a claim with the competent supervisory authority. 8. HOW CAN YOU KEEP UP WITH CHANGES TO THIS PRIVACY NOTICE? In a world of constant technological changes, we may need to regularly update this Privacy Notice. We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels. 9. HOW TO CONTACT US? Should you have any questions relating to our use of your personal data or this Privacy Notice, please contact our data protection officer by email to privacy@bnpparibasfortis.com or by letter to BNP Paribas Fortis SA/NV Data Protection and Privacy Office 1MA4B, Montagne du Parc/Warandeberg 3, 1000 Brussels, who will investigate your query. 5/5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback