PERSONAL DATA PROTECTION
As a data controller we may collect and process personal data about you.
This Policy sets out:
1. Information about the types of personal data we process, how and why we process personal data and our lawful basis for processing your personal data;
2. Information on Communication to third parties and data sharing;
3. Transfers outside the European Economic Area;
4. Information about your rights under the GDPR; and
5. Information on data security.
This Policy may be amended or updated from time to time to reflect changes in practices with respect to the processing of personal data or changes in applicable law.
Data protection principles
We will comply with data protection law. This says that the personal data we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data)
1 - Processing purpose
1.1 Categories of Personal Data
In the course of our banking relationship with you, we will, in compliance with the GDPR and other applicable laws in the UK relating to data protection and privacy, collect and process the following personal data relating to you:
- Identification data: name, address, date of birth, nationality, identity documents.
- Personal data: civil status.
- Professional data: email address, telephone number, professional status, job title.
- Economic and financial information.
- Conversations and communications with us.
1.2 Processing purposes
We have set out the purposes for which we process your personal data in the Appendix to this Policy entitled “List of Personal Data Processing” (the “Appendix (List of Personal Data Processing)”)
1.3 Lawful Basis for processing
• Contract performance: we will use your personal data to provide you with products or services that you request, in order to perform contracts to which you are a party, or in order to take steps at your request prior to entering into a contract.
• Legal obligation: personal data is also processed for the purposes of complying with statutory and regulatory requirements to which Societe Generale is subject to, particularly in matters concerning financial market obligations, identification controls, checking transactions, operational risk management, the prevention of conflicts of interests, the prevention of the fraud, the fight against money laundering and financing of terrorism.
• Legitimate interests: some of the processing we carry out is necessary for our legitimate interests or those of third parties.
• Consent: your consent will be obtained for processing that requires such consent, and in particular where the fundamental rights of individuals override Societe Generale’s legitimate interest. Your consent is not obtained where processing is necessary to provide services and products, or in connection with compulsory and regulatory processing.
Further information regarding our lawful basis for processing is provided in the Appendix (List of Personal Data Processing).
1.4 Retention of data
We will only retain personal data for as long as necessary to fulfill the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, reporting requirements, or to comply with internal policy requirements. The criteria used to determine the retention periods are detailed in the Appendix (List of Personal Data Processing).
2 - Communication with third parties
We will disclose personal data to other legal entities within the Societe Generale Group for the purpose of managing our banking relationship, managing products and services, executing the account holder’s orders and transactions, managing accounting procedures of the Group, notably when pooling resources and services within the Societe Generale Group.
In addition, we entrust certain operational functions to other entities of the Societe Generale Group or to service providers, chosen for their expertise and reliability to provide specific services. In such cases, we will take all physical, technical and organizational measures necessary to ensure the security and confidentiality of your personal data. In addition, third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
3 - Transfers of personal data outside the European Economic Areaof personal data outside the European Economic Area (EEA)(EEA)
Given the international dimension of the Societe Generale Group, and in order to optimize the quality of our services, the communication of information mentioned above may involve the transfer of personal data outside the EEA, whose legislation on the protection of personal data is different from that of the European Union.
Where we transfer personal data outside the EEA (except where the concerned country has been officially recognized by the European Commission as ensuring that personal data has an adequate level of protection equivalent to the European standard), we will ensure that the transferred data is protected by suitable Standard Contractual Clauses or other appropriate safeguards referred to in the GDPR.
If you require further information about safeguards applied to international transfers of personal data, please send your queries to the email address in section 5 below.
We may also disclose personal data, upon request, to the official bodies and administrative or judicial authorities of a country, located within or outside the EEA, particularly in the context of the fight against money laundering and terrorist financing.
4 - Security of processing security of processing
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
5 - Your rights under the GDPR
Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
If you want to review, verify, correct, request erasure or object to the processing of your personal information; request that we transfer a copy of your personal information to another party; or if you have any general queries about how we handle your personal data, please email: [email protected]
Data protection officer
We have appointed a data protection officer (DPO) to oversee compliance of data protection laws. Our DPO can be contacted at [email protected]
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues at the following address:
Information Commissioner’s Office
Fill in your email address and we'll send you an email to reset your password.