INFORMATION NOTICE CONCERNING PERSONAL DATA

The BPCE Group is made up of the following Natixis legal entities and branches in Europe in relation to our corporate and institutional banking business:

FRANCE:


Natixis 30 avenue Pierre Mendès-France, 75013 Paris – Postal address: BP 4 – 75060 Paris Cedex 02 France
Tel: +33 1 58 32 30 00 - www.natixis.com
Société anonyme with share capital of €5,019,776,380.80 – 542 044 524 Paris Trade & Companies Register


UK:


Natixis, London branch, Cannon Bridge House, 25 Dowgate Hill, London, EC4R 2YA Tel: +44 020 3216 9000

GERMANY: 


Natixis Zweigniederlassung Deutschland- Im Trutz Frankfurt 55 - 60322 Frankfurt am Main -Tel: +49 69 97153 0

ITALY:


Natixis S.A. Milan BranchVia Borgogna, 8; I-20122 MILANO MI Tel. +39 02 0066 7200

SPAIN:


Natixis SA, Sucursal en España- Serrano 90, 5th floor - CP 28006 Madrid Tel: +34 91 111 77 00

Natixis Partners España, S.A., Spain- Serrano 90, 5th floor - CP 28006 Madrid Tel: +34 91 781 56 40
registred at the Mercantile Registry of Madrid, Volume 17,654, Book 0, Folio 60, of Section 8 Page Number M-303245, 1st registration


The following Information Notice applies to the business relationship between you and the above Natixis entity(ies) hereinafter referred as ‘Natixis’.

On the basis of the information requested by our employees, agents or distributors, forms completed by our you, automated data capture mechanisms or information gathering processes more generally, Natixis as data controller collects and processes information that allows individuals to be identified and may concern their private or professional lives (for example, their name, date of birth, private or professional contact details, family circumstances, photograph, identity documents, occupation etc.).

Such information is referred to below as “Personal Data” or “Data”.

Protecting Data is essential in order to build a trusting business relationship.

To this end, Natixis constantly monitors its compliance with the law on the protection of Personal Data (General Data Protection Regulation no. 2016/679 of 27 April 2016 and applicable Data national laws) and aims to ensure responsible governance of its information files as well as maximum transparency of the Data processing it carries out.

Natixis has appointed a Personal Data Protection Officer (or DPO). This person ensures that Natixis’s processing of Personal Data complies with the applicable regulations.

This information notice has been sent to you as an individual affected by Natixis’s data processing. It explains why Natixis SA needs to collect your Data, how your Data will be used and protected, how long it will be retained and the rights that you have.



Whose Data is collected?

Our customers and their legal representatives, agents, contact persons, staff or beneficial owners, directors, auditors and guarantors as applicable.


What Data does Natixis use and where does it come from?

Natixis collects and uses Data that is strictly necessary for its activities and for the purposes set down in this information notice.

To find out more about the categories of Data used and their sources, please click here.


On what basis is your Data collected and used and for what purposes?

As part of our banking relationship,Natixisneeds to gather yourDatafor the purposes described below, on the basis described:

Unless it can gather and process your Data,Natixiswill not be able to make or perform the contracts that bind us to our customers and counterparts.

Otherwise,Natixis will not be able to continue its business relationships with its customers or counterparts.



Who has access to your Data?

Natixis takes all necessary steps to ensure the safety and confidentiality of the Data it collects, i.e. to ensure that only authorised persons have access to it.

Only persons who are authorised by virtue of their activity in the competent Natixis departments that are in charge of the relevant processing have access to your Data, and only within the scope of their authorisations.

BPCE Group companies (subsidiaries and branches), our service providers and our partners may likewise have secure access to your Data insofar as it is needed in relation to the performance of their services or our collaboration agreement.

Your Data will also be passed to certain authorities in accordance with the applicable law and regulations.

In the above circumstances, Natixis may transfer your Data (by communicating or making it accessible) to another country either in or outside the European Union.

To find out more about the categories of recipients of your Data and about potential transfers outside the European Union and the relevant frameworks of legal safeguards, please click here.


How long will your Data be retained?

Most Data collected in relation to a specified customer are kept for the duration of the contractual relationship plus a specified number of years after the end of the contractual relationship.
Our criteria for defining our retention periods are:

In case of regulatory requests or legal claims, our retention standards may be increased in this regard for Natixis defense.


What rights do you have over your Data?

Within the limits and conditions laid down by current legislation, you can:


How do you exercise your rights?

To exercise your rights, please contact our Data Protection Officer by email or by post, stating your full name and contact details, providing a copy of your identity document and specifying Natixis legal entity, branch and country you are in business relationships with.

 

 Data Protection Officer

Natixis France, UK, Italy and Spain

Natixis – BP 4 – 75060 Paris Cedex 02 France

dpo@natixis.com

Natixis Germany

Natixis Pfandbriefbank AG and Natixis Zweigniederlassung Deutschland Im Trutz Frankfurt 55 - 60322 Frankfurt am Main

datenschutz-npb@natixis.com


In relation to electronic communications for direct marketing purposes:

An unsubscribe link (for emails) or a unsubscribe number (for SMS/MMS messages) also appears on every electronic message sent to you by Natixis.

Country specific provisions:


France :
You also have the option of sending us instructions concerning the retention, deletion and communication of your Data after your death. These instructions may also be registered with a “certified digital trusted third party”. Such instructions, a kind of “digital will”, may designate a person in charge of their execution; failing this, your heirs will be designated.

Spain :
The legal heirs of a deceased person may contact us in order to request access to the personal data of that person and, where appropriate, rectification or deletion.
As an exception, the heirs may not access the data of the deceased, nor request its rectification or suppression, when the deceased had expressly prohibited it or so established by law.
The testamentary executor as well as that person or institution to which the deceased had expressly designated for this purpose may also request, in accordance with the instructions received, access to the personal data of the latter and, where appropriate, its rectification or suppression.