Crédit Agricole next bank (Suisse) SA undertakes to comply with Swiss and European data protection regulations which impose high standards of protection and an obligation of transparency regarding the processing of personal data.
This information note provides you with a comprehensive overview of the nature of personal data collected by the bank, how it is used, and your rights associated with this processing.
1. WE ARE TRANSPARENT ABOUT OUR COLLECTION AND PROCESSING OF YOUR PERSONAL DATA.
1.1. WHAT PERSONAL DATA IS COLLECTED, AND HOW?
We deal with different types of data, including personal and business details, financial and tax information, identification and authentication data, information obtained in the execution of our contractual obligations, marketing and sales data as well as various other similar information.
Personal data is mainly collected through the bank's channels of communication (branches, telephone calls, websites, mobile applications, etc.) as well as sources accessible to the public (registers, administration, Internet, etc.).
1.2. FOR WHAT PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
Your data enables us to provide you with banking services, to offer you suitable products, to ensure their good performance, to carry out market and clients satisfaction research, and to personalise our advice according to your needs. In order to better know you and advise you, we use automated decision-making, including profiling based on the types of products and services you use.
In addition, we collect your personal data to protect the bank's legitimate interests. By doing so we can guarantee network and information security, manage litigation, facilitate recovery procedures and carry out client acquisition campaign.
We also use your personal data to accomplish all the other objectives for which you have given us your consent.
In addition, as a banking institution, we are subject to certain legal and regulatory obligations whose aims include preventing fraud, money laundering, and non-payment, and ensuring the management of risk and security. The purpose of processing your data is to meet these requirements.
1.3. WHO HAS ACCESS TO YOUR PERSONAL DATA, AND FOR HOW LONG?
The potential recipients of your data are the bank's services, service providers, entities and institutions of public law who are legally required to receive them, persons acting on your behalf or who are involved in your transactions, and any entities for which you have given consent.
If the law so requires or if you have consented to it, and the adequate level of protection is guaranteed, your personal data may be transmitted abroad, to an EU member or non-member state.
We emphasize that when communicating externally, we take steps to ensure that banking secrecy and personal data security rules are respected.
In addition, we store your personal data only for as long as it is necessary for the purposes for which it was collected and to comply with our legal, regulatory, and internal obligations.
2. WE LEAVE YOU WITH CONTROL OVER YOUR PERSONAL DATA AND HOW IT IS USED.
2.1 WHAT ARE YOUR RIGHTS?
All clients have a right of access (Art. GDPR 15), a right to rectification of incorrect data (Art. GDPR 16), a right to erasure (Art. GDPR 17), a right to the restriction of processing (Art. GDPR 18), and a right to data portability (Art. GDPR 20).
You also have an individual right to object to processing and a right to object to the use of your data for direct marketing purposes (Art. GDPR 21).
You may also withdraw your consent to the processing of your personal data at any time, if we are processing your personal data on the basis of your consent (Art. GDPR 7). This withdrawal will apply only for the future.
Finally, you are entitled to lodge a complaint with the relevant authority responsible for the protection of personal data (Art. GDPR 77).
2.2 ARE YOU OBLIGED TO PROVIDE YOUR PERSONAL DATA?
You need to provide us with your personal data to allow us to accept and establish a banking relationship with you, and so that we can meet our related contractual and legal requirements. It is mandatory to obtain certain data in order to start a banking relationship and to subscribe products. Without these data, we therefore cannot enter into a contract or continue a banking relationship.
Upon your request, we can specify which data are mandatory in this respect.
2.3 YOUR POINTS OF CONTACTShould you have any questions or complaints, or should you want to exercise any of the above-mentioned rights, you can contact the service responsible for the protection of personal data:
- By post: Crédit Agricole next bank (Suisse) SA – Service Marketing Relation Client –Esplanade de Pont Rouge 4-6 - CP 1250, 1211 Genève 26
- By e-mail: firstname.lastname@example.org.
The representative of the controller in the EU of the Crédit Agricole next bank (Suisse) SA within the meaning of the GDPR is the following entity:
Crédit Agricole des Savoie
PAE Les Glaisins
4 av. du pré Félin
74 985 Annecy