Personal data protection policy

The content of this site is for information purposes and may not be equated with public information, solicitation or canvassing on the part of Banque Delubac & Cie.

As a credit institution subject to banking secrecy, Banque Delubac & Cie (hereinafter referred to as the “Bank”) ensures the confidentiality of the information provided to it.

---

Therefore, in the context of our relationship, your personal data shall be handled with close attention. This personal data protection policy describes the commitments implemented by our bank, as controller, to ensure the protection of your personal data. The purpose of this document is also to inform you of the way your personal data is collected and used throughout your relationship with our bank.

This policy, which complies with Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), applies uniformly to all the products and services we offer and includes any natural person in connection with the Bank (client, prospective client, legal representative or an actual beneficiary of a legal entity…).

---

Article 1
What personal data is being processed?

The Bank makes sure it collects only the personal data that is strictly necessary for the purpose for which it is processed.

All personal data is mainly obtained directly from you (in agencies, by phone, letter or e-mail, Internet…). However, the Bank may be required to process data obtained from third parties such as Banque de France when consulting the National Register of Incidents of Repayment of Credits to Individuals (FICP) or the Fichier Central des Chèques (FCC) in particular to meet its regulatory obligations or, with your consent, in connection with the use of certain services.

The different categories of personal data that the Bank usually processes as part of its banking business and in accordance with its regulatory obligations include the following:

• Identification and contact data:  first name, surname, place and date of birth, ID and/or passport number, postal and e-mail address, telephone number as well as any useful information provided when subscribing to a product or service;
• Data relating to your family situation: matrimonial property regime, household composition, marital status…;
• Data relating to your employment and tax situation: employment, remuneration, country of tax residence, tax identification number…;
• Banking and financial data: outstanding loans, valuation of property assets or other assets including financial assets, knowledge of financial products, investment targets, bank details, data relating to operations and transactions (transfers, payments, credit card number, withdrawals and deposits…);
• Identification and authentication data on the use of services: historical connection to the Bank’s website, IP address, cookies …);
• Data from your dealings with the Bank: phone calls, emails, branch CCTV images…;
• Data required for compliance with the regulations in force.

---

Article 2
For what purposes is your personal data used?

The purpose of processing is defined as the desired objective, the need it meets for the Bank. The processing operations carried out have an explicit, legitimate and determined purpose, which is based on the proposal, implementation or performance of a contract, compliance with a legal or regulatory obligation, business development or the protection of property and persons.

• During the proposal, implementation and performance of a product or service to:
  • advise and guide you through the steps of subscription ;
  • provide you with the subscribed products;
  • manage your products and services and process your requests as part of their use; 
  • update the client knowledge regarding the products and services taken out;
  • track your exchanges with the Bank (notably by recording certain telephone conversations, subject to pre-notification); 
  • recover or assign receivables and manage payment incidents;
• To meet the legal and regulatory obligations to which the Bank is bound:
  • fight against money laundering and the financing of terrorism, fight against fraud, manage operational risk, determine the tax status of clients…; 
  • exercising your rights;
  • reply to requests made by all competent authorities (supervisory authorities such as the ACPR or the AMF, courts or any other authorised public authority).
• For purposes of commercial prospecting, sales events and advertising campaigns, and in particular: 
  • marketing operation;
  • analysis of the use of products and services, with a view to improving the products and services marketed by the Bank.
• For the protection of people and property:
  • remote surveillance or video surveillance device in bank branches and ATMs.

---

Article 3
Who are the recipients of your personal data?

We would like to inform the Client that his/her personal information may be transmitted to the following recipients:

• any Banque Delubac & Cie Group’s entity, for commercial prospecting purposes or to conclude other contracts or when pooling resources or grouping businesses together. The list of Banque Delubac & Cie Group’s entities that may benefit from information regarding is available upon request;
• the subcontractors or partners of the Bank participating in particular in the management of the banking products or services that it offers, and for the sole purpose of the work associated with these activities;
• the Mediator of the Bank;
• credit rating or fraud prevention agencies for the purpose of verifying your identity with respect to the data collected;
• authorised administrative, supervisory and judicial authorities (supervisory authorities such as the ACPR or the AMF, competent courts, etc.);
• recipients of money transfers and payment service providers for the purpose of the fight against money laundering and financing of terroism;
• any recipient who would request data necessary to identify you and to contact you as soon as this data transmission is intended to safeguard your vital interests or those of another natural person and within the limits of the data strictly necessary to achieve that purpose.
   

Your personal data will not be transferred for purposes other than those described above, unless expressly agreed by you, which may be withdrawn at any time.

---

Article 4
What are the security measures that guarantee the protection of your personal data?

The protection of your data is subject to organisational, technical and physical security measures within the Bank to maintain its integrity, confidentiality, availability and resilience. The Bank is committed to protecting personal data, taking into account its sensitivity and purpose of processing.

Your data is stored in information systems that meet high security criteria and whose access is restricted to authorised persons only. As such, the Bank ensures that all of its employees and all persons involved in data processing on its behalf comply with the protective measures and the confidentiality of the processed data.

---

Article 5
What is the retention period of your personal data?

Your personal data is kept for the time necessary for the purpose of its processing, under the conditions and limits laid down in applicable regulations. The relevant personal data is deleted at the end of the retention period.

In exceptional cases, your personal data may be archived to manage claims and litigation in progress as well as to respond to the authorities empowered to make the request.

In addition, certain personal data may be stored and made anonymous for statistical analysis purposes.

The main retention periods for personal data are as follows:

• from the end of the business relationship: your personal data can be kept for a period of 10 years (unless a special regulation outlines a specific deadline),
• in the event of unclaimed property or assets as defined by Law 2014-617 dated 13 June 2014 (Eckert law): your data is stored in accordance with provisions of the above text,
• in the event of succession: personal data is kept for a period of 10 years from the closure of the file,
• accounting information: this data is kept for a period of 10 years in accordance with the provisions of Article L.123-22 of the French Commercial Code,
• Recording telephone conversations: data retention for a period of 5 years from their registration,
• Recording images of video surveillance: data retention for a period of 30 days.

---

Article 6
How is your data processed outside the European Union?

The aforementioned processing operations may involve transfers of personal data to countries outside the European Union, whose legislation on the protection of personal data differs from that of the European Union (for example in the case of subcontractors or partners residing outside the European Union).

In this case, the Bank makes the necessary arrangements with its subcontractors and partners to ensure an appropriate level of protection of your data and in accordance with the regulations in force at the time of their transfer. As such, the Bank implements all appropriate contractual, technical, organisational and physical measures to ensure the security of your personal data.

Your data may also be communicated to the official bodies and the authorised administrative and judicial authorities of the countries concerned, particularly in the fight against money laundering and the financing of terrorism, the fight against fraud and the determination of tax status.

---

Article 7
How is your data processed outside the European Union?

In accordance with the regulations in force, users have the right to access, correct, delete and limit the processing and portability of their data. These rights can be exercised under the conditions and limits covered by applicable regulations.

You may also, at any time and without charges and without having to justify your request, object to the use of this data for commercial prospecting purposes. If the processing is in accordance with your express consent, withdrawal of consent does not affect the lawfulness of the processing based on consent made before the withdrawal.

In this case, the Bank makes the necessary arrangements with its subcontractors and partners to ensure an appropriate level of your data and in accordance  with the regulations in force at the time of their transfer. As such, the Bank implements all appropriate contractual, technical, organisational and physical measures to ensure the security of your personal data.

Your data may also be communicated to the official bodies and the authorised administrative and judicial authorities of the countries concerned, particularly in the fight against money laundering and the financing of terrorism, the fight against fraud and the determination of tax status.

How to contact us?

Identity and contact details of the controller

The Controller is Banque Delubac & Cie, 16 Place Saléon Terras 07160 Le Cheylard.

Contact details of the Data Protection Officer

The Bank has appointed a Data Protection Officer whose contact details are:

• Postal address: Data Protection Officer – 16 Place Saléon Terras 07160 Le Cheylard
• E-mail address : dpo@delubac.fr
   

All requests must be accompanied by a photocopy of proof of identity; otherwise, it will not be processed. A response will then be made within one month of receipt of your duly documented request. This period may be extended by two months in the event of a complex request or if there is a large number of pending requests. The Bank will then notify you within one month of receiving your request.

The Bank strives to answer all your questions regarding the processing of your personal data. You have the right to lodge a complaint with the CNIL in the manner indicated on its website

---

Article 8
Amendment of the data protection policy

The Bank may make changes to this personal data protection policy, in particular to keep pace with regulatory, technological or processing developments.

The Bank will inform you via its website or by any other means if it makes changes to this policy.