Protection of Personal Data
PERSONAL DATA PROTECTION NOTICE
As last updated on: 02/11/2020
The BNP Paribas Group, to which BNP Paribas Factor belongs, attaches great importance to protecting your personal information (or "personal data"). This is why the BNP Paribas Group1 has adopted strong principles regarding the protection of your data, which you may find in our Personal Data Privacy Charter available at the following address:
BNP Paribas Factor S.A., Branch in Spain, C / Emilio Vargas 4, 28043 Madrid, Spain and by email, can also contact the Data Protection Officer in Spain: DPOdeskSpain@bnpparibas.com
This Notice, issued by BNP Paribas Factor (a French public limited company (société anonyme), whose registered office is situated at RUEIL-MALMAISON (92506), 12-14 rue Louis Blériot, and BNP Paribas Factor S.A., Branch in Spain C / Emilio Vargas 4, 28043 Madrid, Spain in relation to personal data protection, provides clear and detailed information to the recipients (as such are listed in section 2 hereafter), on how we protect their personal data.
As data controller, we are responsible for collecting and processing your personal data in connection with the supply of our factoring services. The purpose of this Notice is to provide information about the personal data collected, the reasons why we use and share such data, the duration of data retention, your rights and how to exercise them.
As the case may be, additional information will be provided to you when purchasing a particular product or service.
We collect and use your personal data, namely information that identifies or enables to identify you, to the extent necessary for the purposes of our business activities and in order to provide high quality products or services that are tailored to your needs.
Depending on the type of product or service provided, we collect different types of personal data, including:
- identification data (e.g., full name, identity documents (e.g., ID card, passport number, etc.), nationality, place and date of birth, gender, photo);
- personal or business contact data (e.g., mailing and e-mail address, telephone number);
- data about your family situation and family life (e.g. marital status, number of children).
- economic, financial and tax data (e.g., tax identifier, tax status, salary and other income, amount of properties and assets);
- employment data (e.g., job position, corporate mandates);
- financial data (e.g., factoring products and services purchased and used, properties and assets, equity interests in other legal entities);
- transaction data (i.e., data relating to the relevant transaction including, without limitation, bank transfers, the beneficiaries of such transfers (full names, addresses and contact details);
- data on client behaviour and preferences (i.e., data on your use of the factoring products and services purchased from us);
- computer data (i.e., IP address, technical data and unique identification data);
- user login or other personal security devices that are used to log on to BNP Paribas Factor ‘s website and applications.
Please note that we will never collect sensitive data such as, data relating to health, race, ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or sexual orientation, unless required by law.
We collect data directly from you, whether you are a customer or a potential client (and whenever you contact us, visit any of our branches, browse or use our websites or any of our applications, use our factoring products and services, participate in any survey or event that we organise), but also data about other individuals, indirectly. Indeed, we collect information about certain individuals even though they are not directly related to us, but because they are related to you, whether you are a customer or a potential client, for instance:
- family members;
- successors and assigns;
- legal representatives (whether pursuant to any corporate mandate or delegation of powers);
- ordering parties or beneficiaries of payment transactions;
- beneficiaries of any contract or insurance policy and of any trust;
- beneficial owners;
- creditors (e.g., in case of insolvency);
- shareholders (for legal entities).
Whenever you provide personal data about third parties in accordance with the foregoing, please make sure that you inform the relevant data subjects that we are processing their personal data and direct them to this information Notice on personal data protection. We will also make every effort to provide such information to them as soon as possible (and yet, if we do not have their contact details, we will not be able to contact them).
In order to verify and improve our databases, we may also collect personal data from;
- other BNP Paribas entities;
- our clients (whether legal entities or private individuals);
- our business partners;
- payment initiation service providers and account aggregators (account information service providers);
- third parties such as credit investigators and counter fraud agencies or data brokers, who shall ensure that they collect the data in a lawful manner;
- publications/databases made available by governmental authorities or third parties (e.g., the Official Journal of the French Republic, databases managed by financial supervisory authorities);
- website/social network pages of legal entities or business customers containing information that you have made public (whether on your own website or social network pages);
- public information such as, information published in the press.
In this section, we explain how and why we use and process your personal data. We also draw your attention to certain processing activities that may have a significant impact and which, in certain circumstances, may require your consent.
a. To comply with various legal or regulatory requirements
We use your personal data in order to comply with applicable regulations including, without limitation, banking and financial regulations, and with a view to:
- monitoring transactions and identifying abnormal/unusual transactions (e.g., withdrawal of large sums of money in any foreign jurisdiction);
- managing, preventing and detecting fraud;
- monitoring and reporting risks (e.g., financial, credit, legal, compliance, reputational, default, etc.) to which, we and/or the BNP Paribas Group, may be exposed;
- recording, where necessary, telephone conversations, instant messaging discussions, e-mails, etc., notwithstanding any other use described below;
- preventing and detecting money laundering and terrorist financing and complying with international sanction and embargo regulations in connection with our Know Your Customer (KYC) procedures (e.g., for identification purposes or information cross-checks against sanction lists, risk profile assessment);
- detecting and managing suspicious requests and transactions;
- assessing the suitability and appropriateness of the clients and of the investment services provided, in accordance with the regulations on the financial instrument markets (the MiFID 2);
- combatting tax fraud and meeting tax reporting or monitoring requirements;
- recording transactions for accounting purposes;
- preventing, detecting and reporting risks associated with Corporate Social and Environmental Responsibility and sustainable development;
- detecting and preventing corruption and bribery;
- making or reporting operations, transactions or requests or responding to any official request from any duly authorised local or foreign judicial, criminal, administrative, tax or financial authority, any arbitrator or mediator, law enforcement authority, governmental body or public agency.
b. To perform any contract to which you are a party or any pre-contractual duty at your request
We use your personal data with a view to, entering into, and performing contracts as well as managing our relationship with you including, without limitation:
- determining your credit risk rating and borrowing capacity;
- assessing (for instance, based on your credit risk rating) whether you may purchase any of our products or services and under what conditions (including price);
- assisting you, in particular by answering to your requests;
- providing you with information about our products and services;
- managing and processing payment defaults and unpaid debts (e.g., identification of defaulting debtors and, as the case may be, exclusion from new products or services).
- enabling you to purchase the BNP Paribas Factor factoring products and services.
c. To safeguard our legitimate interests
We use your personal data with a view to marketing and developing our factoring products and services, enhancing risk management and defending our interests in court, including, without limitation:
- Risk management:
- keeping records of operations or transactions, including in a digital format;
- managing, preventing and detecting fraud;
- ensuring debt collection;
- enforcing any right in court or defending any claim;
- Creating anonymous statistic models and testing for research and development purposes and with a view to enhancing BNP Paribas Factor's risk management procedures and improving our offer.
- Providing customized offers:
- improving the quality of our factoring products or services;
- promoting factoring products or services that are tailored to your needs;
- analysing your preferences and needs to offer tailored services;
This may be achieved by:
- segmenting potential clients and customers;
- analysing your habits and preferences via our various communication channels (e-mails or messages, visits to our websites, etc.);
- sharing your data with another BNP Paribas entity including, in particular, if you are or may be a client of such other entity, to speed up the contacting process;
- analysing existing customers’ attitudes and behaviours and searching for new customers with the same patterns of behaviour for business development purposes.
- adapting the offer of factoring products and services according to the products and services already purchased or used by you and based on the data held.
- Research and development (R&D) activities aimed at developing statistics and models for:
- enhancing and automating our operational processes (e.g. chatbot for FAQs);
- offering factoring products and services that better suit your needs;
- adjusting the distribution, contents and rates of our factoring products and services according to your profile;
- developing new offerings;
- preventing security incidents, improving client identification and managing access;
- improving safety management;
- improving risk and compliance management;
- improving the management, prevention and detection of fraud;
- better combatting money laundering and terrorist financing.
- IT system security and service management, including:
- managing information technology including, infrastructure (e.g., shared platforms), ensuring business continuation and security (e.g., user authentication);
- And, more generally:
- supplying information about our factoring products and services;
- organising contests, lotteries and other promotional operations;
- conducting any opinion or customer satisfaction survey;
- improving process efficiency (i.e., staff training session by recording telephone conversations in our call centres and improve call scenarios);
- improving the automated handling of our processes including, without limitation, application testing, automated claim processing, etc.
In any case, our legitimate interests remain proportionate and we are committed to ensuring, based on a balancing test, that your interests or fundamental rights are safeguarded. For more information on the afore-mentioned balancing test, please contact us in accordance with section 9 "How to contact us" below.
d. To meet your request, whenever asked to approve any particular data processing
In connection with certain personal data processing activities, we will provide you with special information and we will ask you to give your consent to such processing. You may withdraw such consent at any time (see point 7 below, on how to exercise your rights).
a. Data sharing within the BNP Paribas Group
We are a subsidiary of the BNP Paribas Group in the banking and insurance industry namely, companies working closely with each other and worldwide, to create and distribute various insurance, financial and banking products and services.
We share the personal data of our clients within the BNP Paribas Group for marketing purposes and to streamline our operations, based on the following in particular:
- legal and regulatory requirements:
- sharing the data collected with a view to combatting money laundering and terrorist financing, complying with international sanction regulations, embargoes and Know Your Customer (KYC) procedures;
- managing risks, including, without limitation, credit risk and operational risk (risk category/risk rating/etc.);
- our legitimate interests:
- preventing, detecting and combating fraud;
- our R&D activities including, in particular, for the purposes of compliance, risk management, communication and marketing;
- getting a global and consistent view of our clients;
- offering a complete range of factoring products and services for your benefit;
- offering tailored factoring products and services at the best rates.
b. Data sharing outside the BNP Paribas Group
For several of the aforementioned purposes, we may also share your personal data from time to time, with the following persons in particular:
- service providers providing services on our behalf (e.g., IT, printing, telecommunication, debt collection, consulting, distribution or marketing services);
- banking and commercial partners, independent agents, intermediaries, financial institutions, counterparties, trade repositories to which we are related whenever such a transfer is necessary to provide services or products or to meet our contractual obligations or carry out any transaction (e.g., banks, correspondent banks, custodians, securities issuers, paying agents, exchange platforms, insurance companies, payment system operators, payment card issuers or intermediaries);
- commercial intelligence agencies;
- financial, tax, governmental, criminal or judicial authorities, local or foreign arbitrators or mediators, law enforcement authorities, governmental agencies or public bodies, to whom we or any member of the BNP Paribas Group, are/is required to disclose such data:
- at their request;
- for the purpose of defending any claim, action or proceeding;
- to comply with any regulation or recommendation issued by any competent authority that is either applicable to us or to any other member of the BNP Paribas Group;
- third party payment service providers (e.g., information about your bank accounts), for the purposes of providing payment initiation services or account information subject to your prior approval of the transfer of your data to such third party;
- certain regulated professionals such as lawyers, notaries, rating agencies or statutory auditors where the circumstances so require (litigation, audit, etc.) as well as to any current or potential buyer of any company or business of the BNP Paribas Group or our insurers.
c. Sharing aggregated or anonymised data
We share aggregated or anonymised data within the BNP Paribas Group and outside the Group, with partners such as research groups, universities or colleges and advertisers. However, such data does not enable to identify the data subjects.
Your personal data may be aggregated in the form of anonymised statistics aimed at professional customers and with a view to helping them to improve their business performance. In such case, our professional customers will not be able to identify you and your personal data will never be disclosed to them.
a. Transfers outside the EU/EEA
In case of international transfers from the European Economic Area (EEA) or the EU to a non-EU/EEA country, your personal data may be transferred based on a decision of the European Commission, if the latter finds that the recipient country provides adequate level of protection for personal data.
If your personal data is transferred to a country that is not recognized by the European Commission as ensuring adequate level of protection then, we will either rely upon any applicable exemption (for instance, if the transfer is deemed necessary to perform any contract entered into by you including, without limitation, for the purposes of making any international payment) or we will take any of the following steps with a view to ensuring protection of your personal data:
- use the standard contractual clauses approved by the European Commission; or
- establish binding corporate rules.
To get a copy these contractual safeguards ensuring the protection of your personal data or the details on how to get access to your data, please make a written request in accordance with Section 9 below.
We retain your personal data for so long as necessary to comply with applicable laws and regulations or as the case may be, for an indefinite period of time due to operational constraints such as, accounting and bookkeeping requirements, customer relationship management or to enforce any right in court or respond to any request from any regulatory body. For instance, the great majority of customer data is retained for the duration of the contractual relationship and thereafter, for a period of 10 years. Regarding potential clients, personal data is retained for a period of 3 years only.
In accordance with applicable laws, you may exercise the following rights:
- right of access: you may obtain information about the processing of your personal data and a copy of such data;
- right of rectification: if you find that your personal data is either inaccurate or incomplete, you may request that your data be amended accordingly;
- right of erasure: you may request that your personal data be erased, to the extent permitted by law;
- right of limitation: you may request that the processing of your personal data be limited;
- right of objection: you may object to the processing of your personal data for reasons pertaining to your personal situation. You have an unqualified and unrestricted right to object at any time, to the use of your personal data for solicitation or profiling purposes to the extent that profiling is carried out for solicitation purposes.
- right to withdraw your consent: if you have given your consent to the processing of your personal data, you may withdraw such consent, at any time.
- right to data portability: to the extent permitted by law, you may seek retrieval of your personal data or, where technically possible, you may request that your data be transferred to any third party.
If you wish to exercise any of the afore-mentioned rights, please send your request by post, at the following address:
BNP Paribas Factor Spain
Calle Emilio Vargas 4
28043 Madrid, España
and enclose a scan/copy of your proof of identity, where necessary, so that we can identify you.
In accordance with applicable laws and in addition to the afore-mentioned rights, you may lodge a complaint with any competent supervisory authority.
In a constantly shifting environment, we may need to update this Notice, from time to time.
You may get access to the latest version of this document online and we will inform you of all significant changes through our website or our usual communication channels.
If you have any question about the processing of your personal data pursuant to this Data Protection Notice, you may contact our Data Protection Officer who will promptly handle your request, at the following address:
BNP Paribas Factor Spain
Calle Emilio Vargas 4
28043 Madrid, España