Data Protection

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect for the entire Group in its Personal Data Privacy Charter available at group.bnpparibas.

This Data Protection Notice provides you with detailed information relating to the protection of your personal data by Group Communications, one of the Group Functions of BNP Paribas SA (“we”).

We are responsible, as a controller through our various brands, notably e.g. BNP Paribas, Hello Bank, We Are Tennis, We Love Cinéma, Echonet, for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided where necessary when you apply for, subscribe or use a specific product or service.

You are subject to this notice if you are:

  • An individual interested in our products, services or content (newsletters…), who is registering for email notification about our news and press releases, who is interacting directly or indirectly with us (through our websites or social network accounts contact form), or who is visiting our websites or is attending an event organized by BNP Paribas;
  • An applicant interested in the job offers published by the BNP Paribas Group, who is registering for email notification;
  •  A journalist in touch with our press team;
  • A social network user posting a publication related to BNP Paribas Group activities.

In case you provide personal data about other individuals, please make sure to inform them about that and invite them to read this notice. We will ensure to do the same as soon as possible (e.g.: once we will receive the individual contact details).

1.  WHICH PERSONAL DATA DO WE USE ABOUT YOU?

We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.

We may collect various types of personal data about you, including:

  • identification information (e.g. name, ID card and passport numbers, nationality, place and date of birth, gender, photograph;
  • contact information (e.g. postal address and e-mail address, phone number);
  • family situation (e.g. marital status, number of children);
  • education and employment information (e.g. level of education, employment, employer’s name);
  • client or prospect status;
  • information related to your digital activities (eg. IP address, browsing activity, geolocation etc.);
  • data relating to your habits and preferences:

   o    data from our interactions with you: your comments, suggestions and needs made online during phone conversations, your voice and image during our videoconferences, discussion through email , chat, chatbot, exchanges on our internet websites, apps, social media pages and your recent complaints/claims;

   o    Connection and tracking data and such as cookies and trackers on our websites, our online services, our apps, and our social network pages;

   o   data concerning your hobbies and your interests.

We never ask for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex orientation, unless it is required through a legal obligation.

The data we use about you may either be directly provided by you or be obtained from the following sources in order to verify or enrich our databases:

  • publications/databases made available by official authorities (e.g. the official journal);
  • our corporate clients or service providers;
  • websites/social media pages containing information made public by you (e.g. your own website or social media);
  • databases made publicly available by third parties. For journalists, we do use your data registered in Cision database “Hors Antenne” (first name, name, email addresses, social network accounts, phone numbers, press contributions, job position, topic treated.

2.    SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION

2.1. Direct and indirect personal data collection

For some reasons, we may also collect information about you whereas you have not direct relationship with us. This may happen for instance when your employer provide us with information about you or your contact details are provided by one of our clients if you are for example :

  • A family member;
  • A legal representative (power of attorney);
  • Companies shareholder;
  • A staff member of service providers and commercial partners;
  • A journalist;
  • A personal contact.


2.2. Personal data collection via social network

In today context, use of social network is essential to companies.

In order to fulfill efficiently our mission, it is essential for us to be present on social networks, and this presence is susceptible to involve the processing of some of your personal data.

Therefore, in our legitimate interest of needs in marketing, communication, advertising, and publications, as well as for crisis management and interaction with social media users, we are susceptible to collect the following personal data:

  • The exchange that you had with us on our pages and publications on social networks, including your early claims and complaints.
  • Data coming from pages and publications on social networks that contain information that you publicly made available.

More specifically, these personal data will be treated for the following purposes:

  • Crisis management (social listening) and customer relationship management, this includes:

 o  Crisis prevention: Monitoring and analysis of social networks and the web by using keywords to assess BNP Paribas reputation and be aware of what is said about a trending/crisis topic in order to communicate accordingly.

o  Crisis management handling: Analyze the problematics raised by some publications and act accordingly; answer to publications, posts or comments of social network users; identify and tackle fake accounts and fake publications; or investigate in case of strong allegations and claims. 

  • Marketing and communication/ advertisement and publications which includes:

o  Data extraction to identify trending topics by collecting data publicly available on social networks;

o  Publication of articles;  

o  Suggestion of publications according to your interests;

o  Customer and social network users’ segmentation according to their influence;

o  Advertisement optimization/targeted marketing by segmenting the recipients of the marketing/advertisement.

In order to achieve this, we use external service providers


3.    WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?

a.         To comply with our legal and regulatory obligations 

We use your personal data to comply with various legal and regulatory obligations such as:

replying  to an official request from a duly authorised public or judicial authority.

b.         To perform a contract with you or to take steps at your request before entering into a contract

We use your personal data to enter into and perform our contracts, including to:

  • provide you with information regarding our products and services;
  • assist you and answer your requests;

c.         To fulfil our legitimate interest

We use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including:

  • IT management, including infrastructure management (e.g. : shared platforms) & business continuity and  IT security;
  • establishing aggregated statistics and /or tests(e.g. A/B testing), in order to improve existing products and services or create new ones or to improve your experience on our websites
  • Communicating and interact with you via our various communication channels (emails or messages, visits to our websites, etc.);
  • Managing our activities and our presence on social networks (see more details in section 2.2).
  • Analysing your habits and preferences in the various communication channels (emails or messages, visits to our website, social networks, etc.);
  • Sharing your data with another BNP Paribas entity, notably if you are – or are to become – a client  of that other entity;
  • Administering a contest, sweepstakes, giveaway, competition, or other similar marketing campaign or  offering promotional games and managing events
  • Managing and sending prices won by participating to one of our contests
  • Communicating about our news, and what we generally do at BNP Paribas or in other brands managed by Group Communications
  • Responses to your inquiries;
  • Improving and personalise your experience on our websites and applications;
  • Administering any consumer loyalty or rewards programs that are associated with your user account;

Your data may be aggregated into anonymized statistics that may be shared with our partners and service providers. In this case those receiving your personal data will be unable to ascertain your identity.

d.         To respect your choice if we requested your consent for a specific processing

In certain cases, we must require your consent to process your data, for example:

  • Send email notifications and newsletters if you have subscribed to them (e.g. BNP Paribas Group news)
  • Administer contests or other similar marketing campaigns.
  • If we need to carry out further processing for purposes other than those above in section 3, we will inform you and, where necessary, obtain your consent.

4.    WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In order to fulfill the aforementioned purposes, we only disclose your personal data to:

  • BNP Paribas Group entities (e.g. you can benefit from our full range of group products and services);
  • Service providers which perform services on our behalf;
  • Independent agents, intermediaries or brokers banking and commercial partners, with which we have regular relationship;
  • Financial or judicial authorities, state agencies or public  bodies, upon request and to the extent permitted by law;
  • Certain regulated professionals such as lawyers, notaries or auditors.

5.    TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA

In case of international transfers originating from the European Economic Area (EEA), where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis.

For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:

  • Standard contractual clauses approved by the European Commission;
  • Binding corporate rules 

To obtain a copy of these safeguards or details on where they are available, you can send a written request as set out in Section 9.

6.    HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. 

In any case, your data will be kept for the duration needed to achieve the purpose of the processing.

7.    WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

You have rights which allow you to exercise real control over your personal data and how we process them.

If you wish to exercise the rights listed below, here are the terms at your disposal:

In France you can refer to mabanque.bnpparibas, in Belgium to BNP Paribas Fortis website, in Italy to BNL website, in Luxembourg to BGL BNP Paribas website

For HelloBank!, please refer to the personal data area of your local website

In all other cases, please send a letter to the following address:

Permanent Control - Right Management
Group Communication

Code ACI : CVA06A

Millénaire 4 - Parc du Millénaire

35 rue de la Gare 

75019 Paris

France

Please include a scan/copy of you identity card for identification purpose when this is needed

7.1.      You can request access to your personal data

If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing.

Your right of access may be limited in the cases foreseen by laws and regulations. This is the case with the regulation relating to anti-money laundering and countering the financing of terrorism, which prohibits us from giving you direct access to your personal data processed for this purpose. In this case, you must exercise your right of access with the local Data protection supervisory authority, which will request the data from us.

7.2.      You can ask for the correction of your personal data

Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.

7.3.      You can request the deletion of your personal data

If you wish, you may request the deletion of your personal data, to the extent permitted by law.

7.4.      You can object to the processing of your personal data based on legitimate interests

If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defense of legal claims.

7.5.      You can object to the processing of your personal data for commercial prospecting purposes

You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.

7.6.      You can suspend the use of your personal data 

If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request. You may request that we suspend the use of your personal data while we review your request.

7.7.      You have rights against an automated decision

As a matter of principle, you have the right not to be subject to a decision based solely on automated processing based on profiling or otherwise that has a legal effect or significantly affects you. However, we may automate such a decision if it is necessary for the entering into or performance of a contract with us, authorized by regulation or if you have given your consent.

In any event, you have the right to challenge the decision, express your views and request the intervention of a competent person to review the decision.

7.8.      You can withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw this consent at any time

7.9.      You can request the portability of part of your personal data

You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may request that we transmit this copy to a third party

7.10.    How to file a complaint with the local data protection supervisory authority

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, which is usually the one in your place of residence, (e.g. CNIL (Commission Nationale de l'Informatique et de Libertés) in France].

8.    HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?

In a world of constant technological changes, we may need to regularly update this Data Protection Notice.

We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels.

9.    HOW TO CONTACT US?

If you have any questions regarding the processing of your personal data, the contact details are as follows: 

In France you can refer to mabanque.bnpparibas, in Belgium to BNP Paribas Fortis website, in Italy to BNL website, in Luxembourg to BGL BNP Paribas website

For HelloBank!, please refer to the personal data area of your local website

In all other cases, please send a letter to the following address:


Permanent Control – Right Management

Group Communications

Code ACI : CVA06A

Millénaire 4 - Parc du Millénaire

35 rue de la Gare 

75019 Paris

France    

Please include a scan/copy of your identity card for identification purpose. 

If you wish to learn more about cookies, please read our cookies policy.