This Privacy Policy is issued by:
Societe Generale a French société anonyme incorporated in France, under registration number RC2 552 120 222, acting through its London Branch, whose principal place of business is at One Bank Street, Canary Wharf, London E14 4SG; and
Societe Generale International Limited a company registered in England and Wales under number 05407520 and whose registered address is at One Bank Street, Canary Wharf, London E14 4SG,
(together or singularly referred to as “we, “us” or “our”), each acting as a data controller (as defined in UK Data Protection Laws*).
This Privacy Policy is addressed to individuals associated with organisations or third parties with whom we interact in the areas of our investment banking, global finance, global markets (including prime brokerage) and Securities Services activities, as well as individuals associated with our clients and prospective clients, including: their legal representatives, signatories, authorised personnel, directors, beneficial owners, trustees, other employees, associates of and any other person duly authorised to act on behalf of the customer (together, “you”).
As a data controller, we may collect and process personal data about you. This personal data will be collected directly from you or from the organisation that you represent, from publicly available sources, or from third parties providing services to us.
This Policy sets out:
This Policy may be amended or updated from time to time to reflect changes in practices with respect to the processing of personal data or changes in applicable law.
Data protection principles
We will comply with data protection law. This says that the personal data we hold about you must be:
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
* UK Data Protection Laws means the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018;
1 - Processing Purpose
1.1 Categories of Personal Data
During our banking relationship with you, we will, in compliance with UK Data Protection Laws, collect and process the following personal data relating to you:
1.2 Processing Purposes
We have set out the purposes for which we process your personal data in the Appendix to this Policy entitled “List of Personal Data Processing” (the “Appendix (List of Personal Data Processing)”)
1.3 Lawful Basis for Processing
Further information regarding our lawful basis for processing is provided in the Appendix (List of Personal Data Processing).
1.4 Retention of Data
We will only retain personal data for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, reporting requirements, or to comply with internal policy requirements. The criteria used to determine the retention periods are detailed in the Appendix (List of Personal Data Processing).
2 - Communication with Third Parties
We will disclose personal data to other legal entities within the Societe Generale Group for the purpose of managing our banking relationship, managing products and services, executing the account holder’s orders and transactions, managing accounting procedures of the Group, notably when pooling resources and services within the Societe Generale Group.
In addition, we entrust certain operational functions to other entities of the Societe Generale Group or to service providers, chosen for their expertise and reliability to provide specific services. In such cases, we will take all physical, technical and organizational measures necessary to ensure the security and confidentiality of your personal data. In addition, third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
3 - Transfers of Personal Data Outside the European Economic Area (EEA)
Given the international dimension of the Societe Generale Group, and in order to optimize the quality of our services, the communication of information mentioned above may involve the transfer of personal data outside the EEA, whose legislation on the protection of personal data is different from that of the European Union and/or United Kingdom.
Where we transfer personal data outside the EEA (except where the concerned country has been officially recognized by the European Commission as ensuring that personal data has an adequate level of protection equivalent to the European standard), we will ensure that the transferred data is protected by suitable Standard Contractual Clauses or other appropriate safeguards referred to in UK Data Protection Laws.
If you require further information about safeguards applied to international transfers of personal data, please send your queries to the email address in section 5 below.
We may also disclose personal data, upon request, to the official bodies and administrative or judicial authorities of a country, located within or outside the EEA, particularly in the context of the fight against money laundering and terrorist financing.
4 - Security of Processing
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
5 - Your rights under UK Data Protection Laws
Under certain circumstances, by law you have the right to:
If you would like to review, verify, correct, request erasure or object to the processing of your personal information; request that we transfer a copy of your personal information to another party; or if you have any general queries about how we handle your personal data, please email: [email protected]
6 - Data Protection Officer
We have appointed a data protection officer (DPO) to oversee compliance of data protection laws. Our DPO can be contacted by:
Email: [email protected]
Post: UK Data Protection Officer, UK Data Protection Office, Societe Generale London Branch, One Bank Street, London E14 4SG
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues at the following address:
Information Commissioner’s Office, Wycliffe House,Water Lane, Wilmslow, Cheshire SK9 5AF
Fill in your email address and we'll send you an email to reset your password.