No alt text defined

Processing of personal data

PREAMBLE

This document constitutes the Data Protection Policy of Crédit Agricole next bank (Suisse) SA (hereinafter referred to as "CAnb", the "Bank", or "we") for clients (existing or potential) and visitors to the Bank's website.

Crédit Agricole next bank (Suisse) SA has always been committed to respecting your privacy and your personal data. In the context of its product and service offerings, the Bank collects several categories of personal data through the various communication channels at your disposal.

This Data Protection Policy (the "Policy", or this "document") provides you with clear and detailed information about how we process and store your personal data as well as your rights associated with such processing.

DATA CONTROLLER

In accordance with the Data Protection regulations in force, Crédit Agricole next bank (Suisse) SA is the "Data Controller". We define the nature of the data to be collected, their purposes, and their retention periods, except when it is expressly mentioned on the data collection medium that the controller is a third party. In this case, the Data Controller will specify the characteristics of the processing operations that they implement under their sole responsibility.

TO WHOM IS THIS DATA PROTECTION POLICY ADDRESSED?

This Data Protection Policy applies to you for one or more of the following reasons:

  • You are a "Client": we are, or have been, in a direct contractual relationship with you in your capacity as a client of the Bank.
  • You are an "Intermediary Person": we process your data when you are in contact with our institution through one of our Clients. You may, namely be their representative, their agent, their guarantor, their beneficiary, the originator or beneficiary of transactions, a member of their tax household, their shareholder, or their partner
  • You are a "Prospect": your personal data is processed even though you do not have a contractual relationship with us.

This Policy supplements and clarifies the information contained in the contracts you have signed with our institution or that is included in other media (websites, forms, etc.). In the event of any contradiction between the provisions of this Policy and the provisions in such contracts or other materials, the provisions of the latter shall prevail. Where we collect your data through one of our Clients and process it, it is the responsibility of that Client or their representative to inform you of this, notably through this Personal Data Protection Policy.

Certain specific processing operations, or those that concern a limited number of people, are not mentioned in this Data Protection Policy. In such cases, specific information is provided to these persons through appropriate means of communication.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data through different communication channels, in person or remotely, and in different ways:

  • Directly from you when you sign a contract with us, use our services, fill in a form, or browse our websites and mobile apps; when recording conversations by telephone or video conference (for proof of transaction, staff training, and/or improving our service quality), etc., or
  • Indirectly, through our Clients when you have a relationship with them, or
  • Indirectly through external sources, public or private, which enable us, in compliance with your rights and with regulations, to get to know you better (browsing on third-party sites, sponsorship operations, recommendation drives, databases, and publications made accessible by official authorities, etc.).

WHAT DATA DO WE COLLECT ABOUT YOU?

Personal data, or personal information, is any information about a person with which that person can be identified. Data for which the identity has been removed (anonymous data) are therefore not concerned.

We may collect, use, store, and transfer different categories of personal data about you:

  • Identity data such as first name, maiden name, family name, ID number or similar identifier, marital status, title, date of birth, gender, photocopies of passports, etc.
  • Contact data such as home address, e-mail address, and telephone/fax numbers, etc.
  • Financial data such as bank account and payment card information, as well as your financial position, status and history, assets, origin of assets, income, professional activity (past and present), credit reports, knowledge, and experience.
  • Transaction data such as information about payments made by you or received by you, explanations of the reasons for such transactions (including related documents), fund origins, and other information about the products and services you have purchased from us or invested in, etc.
  • Login data such as your username, e-mail address, and (possible) password, nickname, etc.
  • Usage data such as information about how you use our products and services, our website, and our e-banking. The data collected includes the type of device and browser software, pages viewed on our website, IP address, login country, login day and time, messages exchanged, voice and video calls.

In principle, we do not collect any information belonging to particular categories of sensitive personal data about you (race, ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, information about any criminal convictions or offences, etc.), unless this is necessary for lawful reasons and/or for the provision of services under contracts we have concluded with you.

WHY DO WE PROCESS YOUR PERSONAL DATA?

In general, the personal data processing we carry out enables us to ensure the supply or promotion of our various products and services. In this regard, some of the data collected or processed may be required by law or be necessary for the conclusion and execution of contracts.

We process your personal data by basing ourselves, as appropriate, on the following legal bases:

  • The execution of contracts relating to products and services you have entered into with us, including your bank account, or pre-contractual measures taken at your request
  • Our legal obligations
  • Our legitimate interests or those of third parties, while respecting your rights
  • Your consent
  • Safeguarding the vital interests of the persons concerned

We use your personal data mainly for the following purposes (objectives); (see attached table for details):

  • Managing the day-to-day relationship with the Client, Intermediary, and Prospect, our products and services
  • Managing complaints, disputes, unpaid bills, and debt collection
  • Prospecting and sales promotion
  • The assessment and management of credit, financial, and other related risks
  • The assessment and management of internal monitoring, the monitoring of compliance, fraud, financial security and anti-money laundering, and the security of persons and property.

PROFILING

On the basis of your data, including banking operation and transaction data when you are a client, we may use targeting, profiling, or “scoring” operations for the purpose of meeting our legal and regulatory obligations, and to enable the management of our risks. We may, all while respecting your interests and rights, also use this information to manage our marketing activities, to develop new offers, and to provide you with advice and personalised offers in order to provide you with a better service.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We store and process your personal data for the period of time necessary to fulfil the purpose for which it was collected. These periods are detailed as follows:

  • Prospect data is kept for a maximum of 3 years after the last contact.
  • Client data is kept for 10 years after the end of the contractual relationship.

Personal data may be stored in an archive (that is, with restricted access) for the purposes of evidence management, for a maximum period corresponding to the duration of the contractual or business relationship, increased by the periods necessary for the settlement and consolidation of rights, the legal periods of limitation and the exhaustion of legal remedies.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

We may disclose your personal data to the parent company and/or Crédit Agricole Group in order to (i) comply with our regulatory obligations to combat financial crime, and (ii) to protect our legitimate interests in combating fraud.

In addition, we may have recourse to subcontractors who process your personal data on our behalf and according to our instructions, without being able to use this data for any other purpose than the execution of the subcontracted operations.

Lastly, your data may, in certain cases, be communicated to other data controllers, in particular:

  • in the context of carrying out your transactions or managing your situation, for example to other credit institutions, guarantee or collection companies, or notaries;
  • through partnerships to provide you with offers and solutions tailored to your needs, for example in the areas of insurance or savings;
  • as part of our business management, for example to measure your satisfaction.

HOW DO WE PROCESS YOUR PERSONAL DATA IF IT IS TRANSFERRED OUTSIDE SWITZERLAND?

We take great care in ensuring that your personal data is processed and stored in Switzerland or in a country whose data protection legislation is recognised as "adequate" by the Federal Data Protection and Information Commissioner, which is the case for almost all processing operations.

However, data transfers outside Switzerland do occur in the following situations in particular, when:

  • Carrying out international operations (transfers, credits, recommendations, etc.) requested by the client. This is the case when there are recurring transfers or direct debits whose recipients or issuers are located in countries outside Switzerland.
  • Using service providers to carry out securities purchase/sale transactions. These services are provided by companies within the Crédit Agricole Group or outside the European Union. The data concerned is indirect identification data which does not allow you to be easily identified. These data transfers are covered by security commitments offering the level of guarantee the regulations require.
  • Using Internet tracers/cookies for advertising and client/prospect knowledge purposes – in which case the user's consent may be required – or for operational purposes such as audience measurement. The transfers are of anonymised login data which does not allow you to be directly identified. These data transfers are covered by dedicated contractual clauses.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

You may at any time, and in accordance with the law:

  • access your personal data: you can obtain information about the processing of your personal data and their disclosure;
  • request data rectification: you can ask for the rectification of your personal data that is inaccurate or incomplete;
  • oppose the processing thereof for reasons relating to your particular situation, where the legal basis for the processing is the legitimate interest of the Bank or of third parties (unless the Bank can prove that there are compelling legitimate grounds for such processing which override your interests and your rights and freedoms, or for the establishment, exercise, or defence of legal claims) – at any time and without justification, to their processing for the purposes of commercial prospecting by the Bank;
  • request data erasure: you may request the deletion of your personal data, in particular when the data are no longer necessary for the purposes for which they were collected, with the exception notably of any processing necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims;
  • request a restriction of processing: you can request the suspension or restriction of the processing of your data;
  • request data portability: where the processing is automated and based on consent or the execution of the contract or pre-contractual measures, you may request that the personal data you have provided us with be returned and/or that it be transferred to a third party.
  • Finally, when the legal basis for the processing is consent, you may withdraw this consent for the future and thus put an end to the processing of your data, it being understood that the withdrawal of consent does not call into question the lawfulness of the processing carried out until then.

Please note that, depending on the case, the exercising of some of these rights may prevent the Bank from providing certain products or services.

If you wish to exercise any of your rights, simply write to the contact details mentioned in the "Your Points of Contact" section indicating the right(s) you wish to exercise, as well as any element that may be necessary to identify you (identity document, contract number, etc.).

YOUR POINTS OF CONTACT

In the event of questions or complaints, or to exercise your above-mentioned rights, you can contact the service responsible for the protection of personal data:

  • By post: Crédit Agricole next bank (Suisse) SA – Service Marketing Relation Client – Esplanade de Pont Rouge 4-6 – CP 1250, 1211 Geneva 26
  • By email: dpo@ca-nextbank.ch.

The Bank has appointed a Data Protection Officer (DPO), whom you can contact at the following addresses Crédit Agricole next bank (Suisse) SA – Data Protection Officer – Esplanade de Pont Rouge 4-6 – CP 1250, 1211 Geneva 26 or by email at: dpo@ca-nextbank.ch.

A Representative of the Bank for data protection within the EU is appointed and can be contacted at the following address: CADS (CAnb Representative) – 1220 avenue Costa de Beauregard – 73290 La Motte Servolex or by email representantcanb@ca-des-savoie.fr.

You may, in the event of a dispute, lodge a complaint with the competent data protection authority.


July 2022