DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect for the entire Group in its Personal Data Privacy Charter available at group.bnpparibas.
This Data Protection Notice provides you with detailed information relating to the protection of your personal data by Group Communications, one of the Group Functions of BNP Paribas SA (“we”).
We are responsible, as a data manager through our various brands (most notably BNP Paribas and Echonet) for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.
Further information may be provided where necessary when you apply for, subscribe or use a specific product or service.
- WHICH PERSONAL DATA DO WE USE ABOUT YOU?
We may collect various types of personal data about you, including: We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.
We may collect various types of personal data about you, including:
- identification information (e.g. name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
- contact information (e.g. postal address and e-mail address, phone number);
- family situation (e.g. marital status, number of children);
- education and employment information (e.g. level of education, employment, employer’s name);
- banking, financial and transactional data (e.g. bank account details, credit card number, money transfers);
- client relationship
- information related to your digital activities (e.g. IP address, browsing activity, geolocation etc.)
- Data relating to your habits and preferences :
- data which relate to your use of our products and services in relation with banking, financial and transactional data;
- data from your interactions with us: our branches (contact reports), our internet websites, our apps, our social media pages, meeting, call, chat, email, interview, phone conversation;
- data concerning your hobbies and your interests
We never ask for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex orientation, unless it is required through a legal obligation.
The data we use about you may either be directly provided by you or be obtained from the following sources in order to verify or enrich our databases:
- publications/databases made available by official authorities (e.g. the official journal);
- our corporate clients or service providers;
- websites/social media pages containing information made public by you (e.g. your own website or social media); and
- databases made publicly available by third parties.
2. SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or use to have a direct relationship.
Notwithstanding the above, we may also collect personal data of individuals we have no direct relationship with. This may happen for instance when an employer provides us with information about an Individual
In case of indirect collection of data, where we receive data about you that is not from you (for example; from a third party), we shall, when applicable and required, notify you, of the purposes for which the data has been collected and the source of such data, except where we are legally required not to disclose the source.
3. WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
a. To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including but not limited to banking and financial regulations in compliance with which we:
- set up security measures in order to prevent abuse and fraud;
- detect transactions which deviate from the normal patterns;
- prevention of money-laundering and financing of terrorism; and
- reply to an official request from a duly authorised public or judicial authority
b. To perform a contract with you or to take steps at your request before entering into a contract
We use your personal data to enter into and perform our contracts, including to:
- provide you with information regarding our products and services;
- assist you and answer your requests;
- evaluate if we can offer you a product or service and under which conditions;
- to confirm and verify your identity or to verify that you are an authorized user for security purposes; and
- provide products or services to our corporate clients of whom you are an employee or a client (for instance: in the context of cash management).
c. To fulfil a legitimate interest
We use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including:
- proof of transactions;
- IT management, including infrastructure management (e.g. : shared platforms) & business continuity and IT security;
- establishing aggregated statistics, tests and models, for research and development, in order to improve the risk management of our group of companies or in order to improve existing products and services or create new ones;
- personalising our offering to you and that of other BNP Paribas entities through:
- improving the quality of our banking, financial or insurance products or services;
- advertising products or services that match with your situation and profile which we achieve. This can be achieved by :
- segmenting our prospects and clients;
- analysing your habits and preferences in the various channels (visits to our branches, emails or messages, visits to our website, etc.);
- if you agree, sharing your data with another BNP Paribas entity, notably if you are – or are to become – a client of that other entity;
- matching the products or services that you already hold or use with other data we hold about you (e.g. we may identify that you have children but no family protection insurance yet); and
- administer a contest, sweepstakes, giveaway, competition, or other similar marketing campaign or offering promotional games and managing events
- communicating about our products, services, offers, news, and what we generally do at BNP Paribas or other brands managed by Group Communications
- customer service, including responses to your inquiries;
- to improve and personalise your experience on our websites and applications;
- account maintenance including administering any consumer loyalty or rewards programs that are associated with your account;
- to process and ship prize won through your participation to our promotional games.
Your data may be aggregated into anonymized statistics that may be offered to professional clients to assist them in developing their business. In this case your personal data will never be disclosed and those receiving these anonymised statistics will be unable to ascertain your identity.
d. To respect your choice if we requested your consent for a specific processing
In certain cases, we must require your consent to process your data, for example:
- where the above purposes lead to automated decision-making, which produces legal effects or which significantly affects you. At that point, we will inform you separately about the logic involved, as well as the significance and the envisaged consequences of such processing;
- if we need to carry out further processing for purposes other than those above in section 3, we will inform you and, where necessary, obtain your consent.
- for interaction on social networks for the purposes of running contests
4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
In order to fulfil the aforementioned purposes, we only disclose your personal data to:
- BNP Paribas Group entities (e.g. you can benefit from our full range of group products and services);
- Service providers which perform services on our behalf;
- Independent agents, intermediaries or brokers banking and commercial partners, with which we have regular relationship;
- Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
- Certain regulated professionals such as lawyers, notaries or auditors.
5. CROSS BORDER TRANSFER OF PERSONAL DATA
In case of international transfers, we will make sure to transfer your information to countries and regions that provide a sufficient level of protection. Any such transfer shall be in accordance with any applicable lists recognised by the relevant authorities and laws.
In some instances, we may be required to transfer your information to other countries whose level of protection has not been recognized. In such cases, we may rely on sufficient guarantees regarding the protection of privacy as well as individuals’ basic rights and liberties.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
7. WHAT ARE YOUR RIGHTS?
In accordance with applicable regulations, you have the following rights:
- The right to be informed or notified of the purpose for processing your data;
- The right to object to the processing of their data for the purposes of direct marketing;
- The right to object to processing that causes harm or distress to you or others
- The right to request access to your data;
- The right to demand rectification, blocking or erasure of your personal data, to the extent permitted by law; and
- To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time
8. HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?
In a world of constant technological changes, we may need to regularly update this Data Protection Notice.
We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels.
9. HOW TO CONTACT US?
If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our data protection correspondent using the email address: firstname.lastname@example.org
You can also contact us by mail using the following address:
Data Protection Office C/O Risk ORC
Bahrain Financial Harbour
King Faisal Highway
Manama, Kingdom of Bahrain
P.O Box 5241
Please include a scan/copy of your identity card for identification purpose.
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.
If you wish to learn more about cookies, please read our cookies policy .