Collection and use of personal data
In the course of its banking relationship with the client, Societe Generale may, in strict compliance with the legislation, processes personal data (identity and other elements of civil statuses, ID documents, contact details, professional and financial situation) related to its client, their legal representatives and managers or other representatives.
In order to ensure compliance with its statutory and regulatory requirements, particularly in matters concerning the fight against money laundering and the financing of terrorism, Societe Generale may collect additional data related to its clients, to individuals who they are associated, to recipients and intermediaries of transactions relating to them and operations which they are associated.
Information collected are communicated directly by the client during the entry in relation, the subscription and use of products and services, the conclusion of management authority, communication of orders and transactions, or by third parties authorized to communicate such information (commercial information registers, other public resources available to banking and financial institutions).
Personal data collected will be processed only for determined purposes, among others:
To manage account(s) and/or bank products and services purchased, under the conditions provided in the contractual documentation, as well as to manage the account holder’s orders and transactions
To manage the banking relationship and marketing purposes, to organize commercial events, to offer new services, and to conduct statistical and private capital surveys (including behavioural ones).
To comply with statutory and regulatory requirements, particularly in matters concerning ID controls, the regularity check of transactions and operational risk management, the prevention of conflicts of interests, the prevention of the fraud, the fight against money laundering and the financing of terrorism
Besides, Societe Generale may, for the supply of financial services, in accordance with the applicable legal requirements, record electronic communications (telephone, instant messaging, e-mail and all other means of electronic communication) with its counterparts in order to meet the needs of ethical control, to ensure the control and the security of transactions and the service quality.
Communication with third-parties
Societe Generale may disclose personal data collected with legal entities of Societe Generale Group for the purpose of managing the banking relationship, managing the products and services, executing the account holder’s orders and transactions, managing accounting production of the Group, notably when pooling resources and services with the Societe Generale Group.
In addition, Societe Generale may entrust certain services with operational functions to other entities of the Societe Generale Group or to service providers chosen for their expertise and reliability to provide targeted and limited services. In this case, Societe Generale takes all physical, technical and organizational measures needed to ensure the security and confidentiality of personal data.
Application of European Union data protection rules regarding the transfer of personal data outside the European Economic Area
Owing in particular to the international nature of Societe Generale Group, and in order to optimize quality of service, the communication of information mentioned above may involved the transfer of personal data to countries from outside the European Economic Area (particularly IT and back office services in India), whose legislation on the protection of personal data is different from that within the European Union.
In particular, a clear and demanding contractual framework determines the conditions of intervention of service providers and the security rules that apply. This contractual framework is compliant with the European Commission decision of 5 December 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC. Moreover, when required, these transfers are subject to prior authorization from the local data protection Authorities (as the CNIL in France).
Furthermore, Societe Generale may also disclose personal data, upon request, to the official organs and administrative or judicial authorities of a country, located within or outside the European Economic Area, particularly in the context of the fight against money laundering and terrorist financing.
Security of processing
Societe Generale takes all physical, technical and organizational measures needed to ensure the security and confidentiality of personal data, particularly in view of protecting it against loss, accidental destruction, alteration, and non authorized access.
Rights of access, modification and objection
Any person concerned by these processing may obtain the communication of their personal information and have it amended, updated or deleted where such information is incorrect, incomplete or outdated. They may also object, on legitimate grounds, to the processing of their personal information. Such objection may, however, prohibit Societe Generale from providing the requested product or service.
They may also, without having to justify their decision, refuse that any information pertaining to them is used, or communicated to any third party for commercial purposes.
These rights can be exercised by contacting your usual commercial contact.