For the best experience on our website, we measure our audience using cookies. The data collected are used only to provide anonymous statistics such as the number of pages viewed, the number of visits, return frequency, etc. If you continue without changing your settings, we’ll assume that you accept the use of cookies. However, if you wish to refuse the use of cookies, or to change cookie settings, click on « More »


Data protection

Personal data protection

Our clients’ and their employees’ personal data are valuable information, and Natixis is committed to ensuring their protection:

-          Personal data processing is carried out pursuant to the French Law Informatique et Libertés n°78-17 of January 6, 1978, relating to information technology, files and individual freedom (hereafter the French Data Protection Act) and, when required, subject to prior formalities to the CNIL (the French Data Protection Agency);

-          Natixis takes the measures necessary to ensure the confidentiality of these data and inform each person whose information is being processed, thereby enabling him/her to fully exercise his/her rights.


The information below is updated regularly by Natixis.





The information detailed here below apply to personal data collected by Natixis SA within the framework of the services offered to its clients.


This includes the set of information collected by Natixis as part of customer relationship (online services, paper forms, phone calling…).


Web users’ data that are collected on the website EspaceNet are processed as described in the section “Legal  Notice” (provisions relating to the French Data Protection Act and Cookies).





Personal data correspond to a set of information enabling to identify an individual directly or indirectly.


This includes information such as names, phone numbers, and email addresses of employees working for a client company in contact with Natixis. It can also include other information such as all data collected during onboarding process, or login data for online services, etc.





Natixis can use personal data for the following purposes:

-          Improvements made to the websites and online services

-          Management of the banking and financial relationship:

  • Management of accounts or products or services subscribed (namely as part of the provision of credits, of financial instruments management, and of the provision of payment means);
  • Transactions and flows management (treasury, financial instruments, trade finance, cash management, correspondent banking…);
  • Customer relationship management (CRM system, customer satisfaction surveys, contacts management for professional data sharing, new business prospecting…);
  • Underwriting of products by phone, on the Internet or on tablet and evidence management;
  • Risk assessment and management, security prevention of non-payment and of fraud;

-          Compliance with regulatory obligations:

  • Customer due diligence;
  • Anti-money laundering and counter-terrorist financing, and due application of financial sanctions;
  • Compliance with obligations relating to the fight against tax fraud pursuant to international agreements (identification of clients concerned, accounts monitoring and reporting);
  • As part of the regulation applicable to investment services providers, recording of phone conversations and written messages (emails and instant messaging) relating to transactions carried out on the trading platform (the clients concerned are informed through the service agreement of by email).





Within Natixis SA, the services in charge of the corresponding processing have access to data, within the limit of their authorizations.


Data may also be transmitted, when requested, to Natixis’ and BPCE Group’s General Inspections, as well as supervisory authorities.


Transmission of information to comply with regulatory and tax obligations:

As part of its regulatory and tax obligations, Natixis can transmit information to the tax authority and to banking regulators, namely:

-          Transmitting information to the tax authority:

When necessary and in application of its legal obligations, Natixis transmits these data to the French tax authority and to other countries’ tax authorities, namely the US tax authority (through the French government, pursuant to intergovernmental agreements), as part of the fight against tax evasion.

-          Anti-money laundering and counter-terrorist financing:

As part of anti-money laundering and counter-terrorist financing, data may be transmitted:

  • to the French Financial Intelligence Unit Tracfin;
  • to the competent control authorities;
  • to the French treasury department for data concerning persons subject to asset freezing;
  • to the competent control authorities of other European Community’s State Members, of State Contracting Parties to the EEA (European Union Area) Agreement, and of States where you can apply Agreements signed with the French Prudential Control Authority (ACPR) and the French Financial Markets Authority (AMF) pursuant to the French Monetary and Financial Code’s provisions;
  • to authorized persons and other entities belonging to the same group;
  • to other entities involved in the same transaction for the same client;
  • to the beneficiaries of fund transfer and their bank.


When transferring data, in order to comply with the legal and regulatory obligations abovementioned, towards authorities located outside the European Union (EU), this transfer is carried out pursuant to the exception provided in article 69 of the French Data Protection Act which authorizes transfers towards countries whose protection level is not equivalent, only when it is necessary to safeguard a public interest.



Sharing information within the Group:

Personal data may be transmitted to other entities of the Group, namely:

-          when exchanging information between entities linked by a common economic interest;

-          when pooling resources, or when companies within BPCE Group are merging;

-          as part of management or prevention of operational risks such as prevention of non-payment and of fraud or anti-money laundering.

With regard to the international dimension of Natixis, the transmissions of information abovementioned may imply transferring personal data to some non-EU countries. The list of the Group’s entities that might receive information concerning the Customer is available in the section “About Natixis/Natixis Worldwide


In order to ensure an adequate level of personal data protection, data transfers are framed by standard contract clauses drawn up by the European Commission and have been authorized by the CNIL.


The processes concerned are the following:


-          company’s CRM managing business relationships with our customers, prospects and partners – deployed in Natixis’ subsidiaries/branches exercising Wholesale Banking activities (decision n° DF-2014-738, authorization n° 1774435)

-          Shared management of customers/prospects relationships (CRM), for the Aircraft, Infrastructure and Export Financing Department – deployed in Natixis’ subsidiaries/branches exercising the activity of Aircraft, Infrastructure and Export Financing (decision n° DF-2013-828, authorization n° 1683366)

-          Anti-money laundering and counter-terrorist financing, and due application of financial sanctions  - deployed in Natixis’ subsidiaries/branches (authorization by the CNIL as part of the AU-003: processing relating to anti-money laundering and counter-terrorist financing, and to the due application of financial sanctions)

-          Management of written messages’ regulatory recording (emails and instant messaging) relating to transactions carried out on the trading platform  - this transfer would be carried out towards the Compliance Department of our subsidiaries/branches if requested by the local regulator (decision n° DF-2014-630, authorization n° 1765700)

-          Management of phone conversations’ regulatory recording on phone facilities of the trading platform - this transfer would be carried out towards the Compliance Department of our subsidiaries/branches if requested by the local regulator (decision n° DF-2014-629, authorization n° 1765676)

-          Processing by Natixis Algerie, as part of a subcontracting mission, and of a part of Trade Finances operations (decision n° DF-2014-291, authorization n° 1804452)


The categories of data that might be transferred are the following: data related to identification and professional life, and, as part of the processing related to compliance with regulatory obligations, information of economic and financial nature and login data.





Pursuant to the French Data Protection Act, the person whose data are processed has the right to access and correct his/her personal information, which he/her may exercise by writing to:

NATIXIS Service de traitement des réclamations - Banque de Grande Clientèle 47 Quai d’Austerlitz 75013 Paris

He/she can oppose the use of his/her personal data for prospection purposes. He/she can also, for legitimate reasons, oppose the processing of data relating to him/her.


Furthermore, pursuant to provisions of article L. 561-45 of the French Monetary and Financial Code, the right to access computer processing, implemented in application of provisions relating to anti-money laundering and counter-terrorist financing, can be exercised by contacting the CNIL.