Data Protection Notice
Last updated 6 December 2022
We take the protection of your personal data very seriously; accordingly, the BNP Paribas Group has adopted strong principles in its Personal Data Protection Charter available at https://group.bnpparibas/uploads/file/bnpparibas_personal_data_privacy_charter.pdf.
BNP Paribas S.A. German Branch (“We”), are responsible, as a controller, for collecting and processing your personal data, in relation to our activities.
1. ARE YOU SUBJECT TO THIS NOTICE?
This Data Protection Notice applies to you if you are a person interested in our products and services or contents and make your personal data available to us (e.g. by contacting us via the contact options indicated on this website).
When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of their personal data and invite them to read this Data Protection Notice. We will ensure that we will do the same whenever possible (e.g., when we have the person’s contact details).
2. HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?
You have rights which allow you to exercise real control over your personal data and how we process them.
If you wish to exercise the rights listed below, please submit a request by mailing a letter to the following address BNP Paribas S.A. German Branch, Group Brand & Communication Germany, Senckenberganlage 19, 60325 Frankfurt. We may ask you for suitable identity documentation.
If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officer at the following address firstname.lastname@example.org.
2.1. You can request access to your personal data
If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing.
Your right of access may be limited in the cases foreseen by laws and regulations. For example, this is the case with the regulation relating to anti-money laundering and countering the financing of terrorism, which prohibits us from giving you direct access to your personal data processed for this purpose.
2.2. You can ask for the correction of your personal data
Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.
2.3. You can request the deletion of your personal data
If you wish, you may request the deletion of your personal data, to the extent permitted by law.
2.4. You can object to the processing of your personal data based on legitimate interests
If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defence of legal claims. 2.5. You can object to the processing of your personal data for commercial prospecting purposes You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.
2.5. You can object to the processing of your personal data for commercial prospecting purposes
You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.
2.6. You can suspend the use of your personal data
If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request. You may request that we suspend the use of your personal data while we review your request.
2.7. You have rights against an automated decision
As a matter of principle, you have the right not to be subject to a decision based solely on automated processing based on profiling or otherwise that has a legal effect or significantly affects you. However, we may automate such a decision if it is necessary for the entering into or performance of a contract with us, authorised by regulation or if you have given your consent.
In any event, you have the right to challenge the decision, express your views and request the intervention of a competent person to review the decision.
2.8. You can withdraw your consent
If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.
2.9. You can request the portability of part of your personal data
You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may request that we transmit this copy to a third party.
2.10. How to file a complaint with a competent data protection authority
In addition to the rights mentioned above, you may lodge a complaint with a competent supervisory authority. The address of the supervisory authority responsible for us is as follows: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden
3. Why and on which legal basis do we use your personal data?
3.1. Your personal data is processed to perform a contract with you in the context of our services to our clients and/or counterparties
Your personal data is processed when it is necessary to enter into or perform a contract in order to respond to and support you in your requests (in case you are a contracting party) through the contact options specified in the website.
3.2. Your personal data is processed to fulfil our legitimate interest or the legitimate interest of a third person
If we process your personal data based on legitimate interest, we will ensure our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided above.
We use your personal data to:
- manage the risks to which we are exposed:
- we keep records of operations, including in electronic form;
- we deal with legal claims and defend the law in the event of litigation;
- be able to respond effectively to your requests (if you are not a contractual party);
- ensure the cybersecurity of our IT systems (e.g. to block IP addresses affected by cyber attacks).
3.3. Your personal data is processed if you have given your consent
For some personal data processing activities, we will give you specific information and ask for your consent. Of course, you can withhold your consent or, if given, withdraw your consent at any time.
4. What types of personal data do we collect?
We collect and use your personal data, meaning any information that identifies or allows to identify you, to the extent necessary in the framework of our activities. We collect various types of personal data about you, including:
- identification information (e.g. full name);
- contact information private or professional (e.g. postal and e-mail address, phone number), to the extent provided by you;
- data from your interactions with us, for example, your comments, suggestions, needs that we have gathered during our communication with you during telephone communication (conversation note or conversation recording), communication by email or any complaints you may have;
- information about your device (IP address)
5. Who do we share your personal data with and why?
We may provide information to other BNP Paribas companies if necessary to process requests or contacts, or if necessary for risk management purposes, as described above. In addition, we may, upon request, disclose information to local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, public authorities or institutions, provided that there is a legal or regulatory obligation.
6. How long do we keep your personal data?
We will retain your personal data over the period required to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. For instance, data we process as part of your visit to our website, is usually deleted within 6 months.
7. How to follow the evolution of this data protection notice?
In a world where technologies are constantly evolving, we regularly review this Data Protection Notice and update it as required.
We invite you to review the latest version of this document online, and we will inform you of any significant amendments through our website or through our standard communication channels.