Data Protection Notice

Introduction

We take the protection of your personal data very seriously; accordingly, the BNP Paribas Group has adopted strong principles in its Personal Data Protection Charter available at https://group.bnpparibas/uploads/file/bnpparibas_personal_data_privacy_charter.pdf.

Cardif Assurance Vie, whose registered office is located at 1 boulevard Haussmann 75009 Paris (“We”), are responsible, as a controller, for collecting and processing your personal data, in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided where necessary when you apply for a specific product or service.

1. ARE YOU SUBJECT TO THIS NOTICE?

This Data Protection Notice applies to you if you are (“You”) a person interested in our products, services or contents (newsletters…), when you subscribe by providing us your personal data, on our websites and applications and/or during events or sponsorship operations.

When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of their personal data and invite them to read this Data Protection Notice. We will ensure that we will do the same whenever possible (e.g., when we have the person’s contact details).

2. HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?

You have rights which allow you to exercise real control over your personal data and how we process them.

If you wish to exercise the rights listed below, please submit a request to the following address

• BNP Paribas Cardif – DPO, 8 rue du Port, 92728 Nanterre Cedex-France; or

• Data.protection@Cardif.com with a scan/copy of your identity card where required.

If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officer at the following address:

• BNP Paribas Cardif – DPO 8 rue du Port, 92728 Nanterre Cedex-France, or
• Data.protection@Cardif.com

2.1 You can request access to your personal data

If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing. Your right of access may be limited in the cases foreseen by laws and regulations. This is the case with the regulation relating to anti-money laundering and countering the financing of terrorism, which prohibits us from giving you direct access to your personal data processed for this purpose. In this case, you must exercise your right of access with the CNIL, which will request the data from us.

2.2 You can ask for the correction of your personal data

Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.

2.3 You can request the deletion of your personal data

If you wish, you may request the deletion of your personal data, to the extent permitted by law.

2.4 You can object to the processing of your personal data based on legitimate interests

If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defence of legal claims.

2.5 You can object to the processing of your personal data for commercial prospecting purposes

You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.

2.6 You can suspend the use of your personal data

If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request. You may request that we suspend the use of your personal data while we review your request.

2.7 You can withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.

2.8 You can request the portability of part of your personal data

You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may request that we transmit this copy to a third party.

2.9 How to file a complaint with the CNIL

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, which is usually the one in your place of residence, such as the CNIL (Commission Nationale de l’Informatique et de Libertés) in France.

3. WHY AND ON WHICH LEGAL BASIS DO WE USE YOUR PERSONAL DATA?

In this section we describe how and why we use your personal data and draw your attention to some data processing we consider could be more impactful for you and, in some cases, may require your consent. 

We use your personal data, to fulfil our legitimate interest :

• Personalisation of our offering
• Improve the quality of our products and services
• Security reasons and IT systems performance,
• Inform you about our products and services;
• Organise contests and games, price competitions, lotteries or any other promotional operations;
• Perform client satisfaction and opinion surveys;
• Improve process efficiency (train our staff by recording phone calls in our call centres and improve our calling scenario);
• Implement process automation of our processes such as application testing, automatic filling complaints handling, etc

In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided in section 2.

4. WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

We collect and use your personal data, meaning any information that identifies or allows to identify you, to the extent necessary in the framework of our activities. We collect various types of personal data about you, including:

• Identification information (e.g. full name, identity, nationality, date of birth, gender, photograph);
• Contact information private or professional (e.g. postal and e-mail address, phone number);
• Family situation and family life(e.g. marital status, number and age of children, number of persons composing the household, etc.);
• Data relating to your habits and preferences (data which relate to your use of our products and services);
• Data from your interactions with us, our branches (contact reports), our internet websites, our apps, our social media pages, (connection and tracking data such as cookies, connection to online services, IP address) meeting, call, chat, email, interview, phone conversation;
• Information about your device (IP address, technical specifications and uniquely identifying data) .Intégrer les données personnelles collectées sur le site.

We never ask for any other sensitive personal data such as data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex life or sexual orientation, unless it is required through a legal obligation.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

Sharing aggregated or anonymized information

We share aggregated or anonymised information within and outside the BNP Paribas Group with partners such as research groups, universities or advertisers. You won’t be able to be identified from this information.

Your data may be aggregated into anonymised statistics that may be offered to professional clients to assist them in developing their business. In this case your personal data will never be disclosed and those receiving these anonymised statistics will be unable to identify you.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis.

For transfers to non-EEA countries where the level of protection has not been recognized as adequate by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you, such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:

• Standard contractual clauses approved by the European Commission; To obtain a copy of these safeguards or details on where they are available, you can send a written request as set out in Section 2.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data over the period required to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.

8. HOW TO FOLLOW THE EVOLUTION OF THIS DATA PROTECTION NOTICE?

In a world where technologies are constantly evolving, we regularly review this Data Protection Notice and update it as required.

We invite you to review the latest version of this document online, and we will inform you of any significant amendments through our website or through our standard communication channels.