Personal data protection
Our clients’ and their employees’ personal data are valuable information, and Natixis is committed to ensuring their protection:
- Personal data processing is carried out pursuant to the French Law Informatique et Libertés n°78-17 of January 6, 1978, relating to information technology, files and individual freedom (hereafter the French Data Protection Act) and, when required, subject to prior formalities to the CNIL (the French Data Protection Agency);
- Natixis takes the measures necessary to ensure the confidentiality of these data and inform each person whose information is being processed, thereby enabling him/her to fully exercise his/her rights.
The information below is updated regularly by Natixis.
SCOPE OF APPLICATION
The information detailed here below apply to personal data collected by Natixis SA within the framework of the services offered to its clients.
This includes the set of information collected by Natixis as part of customer relationship (online services, paper forms, phone calling…).
Web users’ data that are collected on the website EspaceNet are processed as described in the section “Legal Notice” (provisions relating to the French Data Protection Act and Cookies).
Personal data correspond to a set of information enabling to identify an individual directly or indirectly.
This includes information such as names, phone numbers, and email addresses of employees working for a client company in contact with Natixis. It can also include other information such as all data collected during onboarding process, or login data for online services, etc.
PERSONAL DATA PROCESSING
Natixis can use personal data for the following purposes:
- Improvements made to the websites and online services
- Management of the banking and financial relationship:
- Compliance with regulatory obligations:
TRANSMISSION OF THESE DATA
Within Natixis SA, the services in charge of the corresponding processing have access to data, within the limit of their authorizations.
Data may also be transmitted, when requested, to Natixis’ and BPCE Group’s General Inspections, as well as supervisory authorities.
Transmission of information to comply with regulatory and tax obligations:
As part of its regulatory and tax obligations, Natixis can transmit information to the tax authority and to banking regulators, namely:
- Transmitting information to the tax authority:
When necessary and in application of its legal obligations, Natixis transmits these data to the French tax authority and to other countries’ tax authorities, namely the US tax authority (through the French government, pursuant to intergovernmental agreements), as part of the fight against tax evasion.
- Anti-money laundering and counter-terrorist financing:
As part of anti-money laundering and counter-terrorist financing, data may be transmitted:
When transferring data, in order to comply with the legal and regulatory obligations abovementioned, towards authorities located outside the European Union (EU), this transfer is carried out pursuant to the exception provided in article 69 of the French Data Protection Act which authorizes transfers towards countries whose protection level is not equivalent, only when it is necessary to safeguard a public interest.
Sharing information within the Group:
Personal data may be transmitted to other entities of the Group, namely:
- when exchanging information between entities linked by a common economic interest;
- when pooling resources, or when companies within BPCE Group are merging;
- as part of management or prevention of operational risks such as prevention of non-payment and of fraud or anti-money laundering.
With regard to the international dimension of Natixis, the transmissions of information abovementioned may imply transferring personal data to some non-EU countries. The list of the Group’s entities that might receive information concerning the Customer is available in the section “About Natixis/Natixis Worldwide”
In order to ensure an adequate level of personal data protection, data transfers are framed by standard contract clauses drawn up by the European Commission and have been authorized by the CNIL.
The processes concerned are the following:
- company’s CRM managing business relationships with our customers, prospects and partners – deployed in Natixis’ subsidiaries/branches exercising Wholesale Banking activities (decision n° DF-2014-738, authorization n° 1774435)
- Shared management of customers/prospects relationships (CRM), for the Aircraft, Infrastructure and Export Financing Department – deployed in Natixis’ subsidiaries/branches exercising the activity of Aircraft, Infrastructure and Export Financing (decision n° DF-2013-828, authorization n° 1683366)
- Anti-money laundering and counter-terrorist financing, and due application of financial sanctions - deployed in Natixis’ subsidiaries/branches (authorization by the CNIL as part of the AU-003: processing relating to anti-money laundering and counter-terrorist financing, and to the due application of financial sanctions)
- Management of written messages’ regulatory recording (emails and instant messaging) relating to transactions carried out on the trading platform - this transfer would be carried out towards the Compliance Department of our subsidiaries/branches if requested by the local regulator (decision n° DF-2014-630, authorization n° 1765700)
- Management of phone conversations’ regulatory recording on phone facilities of the trading platform - this transfer would be carried out towards the Compliance Department of our subsidiaries/branches if requested by the local regulator (decision n° DF-2014-629, authorization n° 1765676)
- Processing by Natixis Algerie, as part of a subcontracting mission, and of a part of Trade Finances operations (decision n° DF-2014-291, authorization n° 1804452)
The categories of data that might be transferred are the following: data related to identification and professional life, and, as part of the processing related to compliance with regulatory obligations, information of economic and financial nature and login data.
RIGHT OF ACCESS, CORRECTION AND OPPOSITION
Pursuant to the French Data Protection Act, the person whose data are processed has the right to access and correct his/her personal information, which he/her may exercise by writing to:
NATIXIS Service de traitement des réclamations - Banque de Grande Clientèle 47 Quai d’Austerlitz 75013 Paris email@example.com
He/she can oppose the use of his/her personal data for prospection purposes. He/she can also, for legitimate reasons, oppose the processing of data relating to him/her.
Furthermore, pursuant to provisions of article L. 561-45 of the French Monetary and Financial Code, the right to access computer processing, implemented in application of provisions relating to anti-money laundering and counter-terrorist financing, can be exercised by contacting the CNIL.