BNP AM

The bank for a changing world

Data protection notice

Last updated: September 2020

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect in its Personal Data Protection Charter.

This Data Protection Notice provides you (as further defined in section 2) with transparent and detailed information relating to the protection of your personal data by the entities listed in the Appendix below (“we”).

We are responsible, as a controller, for collecting and processing your personal data, in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided where necessary when you apply for a specific product or service.

1.   Which personal data do we use about you?

We collect and use your personal data, meaning any information that identifies or allows to identify you, to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.

Depending among other things on the type of products or services we provide to you, we collect various types of personal data about you, including:

  • identification information (e.g. full name, identity (e.g. ID card, passport information, etc.), nationality, place and date of birth, gender, photograph);
  • contact information private or professional (e.g. postal and e-mail address, phone number);
  • family situation and family life (e.g. marital status);
  • economic, financial and tax information (e.g. tax ID, tax status, income and others revenues, value of your assets);
  • education and employment information (e.g. level of education, employment, employer’s name, remuneration);
  • banking and financial information (e.g. bank account details, product and services owned and used,  money transfers, assets, declared investor profile, credit history);
  • transaction data (including full beneficiary names, address and details including communications on bank transfers of the underlying transaction)
  • data relating to your habits and preferences (data which relate to your use of our products and services);
  • data from your interactions with us, our branches (contact reports), our internet websites, our apps, our social media pages, connection and tracking data such as cookies, connection to online services, IP address, meeting, call, chat, email, interview, phone conversation, video content and/or photographs of events;
  • video protection (including CCTV);
  • information about your device (IP address, technical specifications and uniquely identifying data);
  • login credentials used to connect to BNP Paribas’ website(s) and apps.

We may collect the following sensitive data only upon obtaining your explicit prior consent:

  • biometric data (g. fingerprint, voice pattern or face pattern) which can be used for identification and security purposes;

We never ask for any other sensitive personal data such as data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sex life or sexual orientation or data relating to criminal convictions and offences unless it is required through a legal obligation.

2.   Who is concerned by this notice and from whom do we collect personal data?

We collect data directly from you as a customer or prospect or as a representative, director, employee or other individual involved with, or working for one of our customers, prospects or service providers (when you contact us, visit us, our website(s) or our apps, use our products and services, participate to a survey or an event with us) but also regarding other individuals indirectly. Thus, we collect information about individuals whereas they have no direct relationship with us but are related to you, such as for instance your:

  • Family members;
  • Successors and right holders;
  • Co-borrowers / guarantors;
  • Legal representatives (power of attorney)
  • Beneficiaries of your payment transactions;
  • Beneficiaries of your insurance contracts or policies and trusts;
  • Landlords;
  • Ultimate beneficial owners;
  • Debtors (e.g. in case of bankruptcy);
  • Company shareholders, board members, representatives and other contact persons;

When you provide us with third party personal data like the examples listed above, please remember to inform the individuals providing the data that we process their personal data and direct them to the present Data Protection Notice. We will also provide them the information when possible (for instance if we don’t have their contact details, we will not be able to contact them).

In order to verify or enrich our database, we may also obtain personal data from:

  • other BNP Paribas entities;
  • our customers (corporate or individuals);
  • our business partners;
  • payment initiation service providers and aggregators (account information service providers);
  • third parties such as credit reference agencies and fraud prevention agencies or data brokers which are responsible for making sure that they gather the relevant information lawfully;
  • publications/databases made available by official authorities or third parties (e.g. the French Official Journal, databases operated by financial supervisory authorities);
  • websites/social media pages of legal entities or professional customers containing information made public by you (e.g. your own website or social media);
  • public information such as information from the press.

3.    Why and on which basis do we use your personal data?

In this section we describe how and why we use your personal data.

a- To comply with our various legal and regulatory obligations

We use your personal data to comply with the regulations in particular with the banking and financial ones :

  • monitor transactions to identify those which deviate from the normal routine/patterns.
  • manage, prevent and detect fraud, including the establishment of a fraud list and the inclusion of fraudsters in such list, if required;
  • monitor and report risks (financial, credit, legal, compliance or reputational risks, default risks etc.) that we and/or the BNP Paribas Group could incur;
  • record, when necessary, phone calls, chats, email, etc. notwithstanding other usages described hereafter;
  • prevent and detect money laundering and financing of terrorism and comply with regulation relating to sanctions and embargoes through our Know Your Customer (KYC) process (to identify you, verify your identity, screen your details against sanctions lists and determine your profile);
  • detect and manage suspicious orders and transactions;
  • carry out an assessment of appropriateness or suitability to provide investment services to each client in compliance with Markets in Financial Instruments regulations (MiFid);
  • contribute to the fight against tax fraud and fulfil tax control and notification obligations;
  • record transactions for accounting purposes;
  • prevent, detect and report risks related to Corporate Social Responsibilities and sustainable development;
  • detect and prevent bribery;
  • exchange and report different operations, transactions or orders or reply to an official request from a duly authorised local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, law enforcement, state agencies or public bodies.

b- To perform a contract with you or to take steps at your request before entering into a contract

We use your personal data to enter into and perform our contracts as well as to manage our relationship with you, including to:

  • evaluate if we can offer you a product or service and under which conditions;
  • assist you in particular by answering your requests;
  • provide you or our corporate clients with products or services;
  • manage outstanding debts (identification and exclusion of customers with outstanding debts).

c- To fulfil our legitimate interest

We use your personal data, including your transaction data, for:

  • Risk management purpose:
    • proof of transactions including electronic evidence;
    • debt collection;
    • assertion of legal claims and defence in case of legal disputes;
    • development of individual statistical models in order to help defining your creditworthiness;
    • consultation and exchange of data with credit agencies to identify credit risks;
  • Personalisation of our offering to you and/or the company you work for and that of other BNP Paribas entities to:
    • improve the quality of our products or services;
    • advertise products or services that match with your situation and profile and/or that of the company you work for;
    • deduct your preferences and needs to propose you and/or the company you work for a personalised commercial offer;

This personalisation can be achieved by:

  • segmenting our prospects and clients;
    • analysing your habits and preferences in our various communications channels (visits to our branches, emails or messages, visits to our website, etc.);
    • sharing your data with another BNP Paribas entity, notably if you or the company you work for are – or are to become – a client of that other entity in particular to speed up the onboarding;
    • matching the products or services that you and/or the company your work for already hold or use with other data we hold about you and/or the company you work for;
    • considering common traits or behaviors among current customers, and seeks others individuals who share those same characteristics for targeting purposes.
  • Research & Development (R&D) consisting of establishing statistics and models to:
    • optimise and automate our operational processes (e.g.: creating FAQ chatbot);
    • offer products and services that will best meet your needs and/or the needs of the company you work for;
    • adapt products and services distribution, content and pricing in accordance with your profile;
    • create new offers;
    • prevent potential security failures, improve customer authentication and access rights management;
    • enhance security management;
    • enhance risk and compliance management
    • enhance the management, prevention and detection of fraud;
    • enhance the fight against money laundering and financing of terrorism.
  • Security reasons and IT systems performance, including:
    • manage IT, including infrastructure management (e.g.: shared platforms), business continuity and security (e.g.: internet user authentication);
    • prevent personal injury and damages to people and goods (for instance video protection).
  • More generally:
    • inform you and/or the company you work for about our products and services;
    • carrying out financial operations such as debt portfolio sales, securitisations, financing or refinancing of the BNP Paribas Group
    • organise client events, contests and games, price competitions, lotteries or any other promotional operations;
    • perform client satisfaction and opinion surveys;
    • improve process efficiency (e.g. train our staff by recording phone calls in our call centres and improve our calling scenario);
    • implement process automation of our processes (such as application testing, automatic filling, complaints handling, etc.).

In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided in section 9 “How to contact us” below..

d- To respect your choice if we requested your consent for a specific processing

For certain personal data processing, we will give you specific information and invite you to consent to such processing. Note that you may request to revoke your consent at any time.

4. Who do we share your personal data with?

a- Sharing of information within the BNP Paribas Group

We are part of the BNP Paribas Group which is an integrated bank insurance group, i.e. a group of companies working closely together all over the world to create and distribute various banking, financial, insurance services and products.

We share personal data through the BNP Paribas Group for commercial and efficiency needs such as:

  • based on our legal and regulatory obligations:
    • sharing of the data collected for AML/FT, sanctions, embargoes and for KYC;
    • risk management including credit and operational risks (e.g. risk rating, credit scoring) ;
  • based on our legitimate interest:
    • prevention, detection and fight against fraud;
    • R&D activities in particular for compliance, risk and communication and marketing purposes;
    • global and consistent overview of our clients;
    • offering the full range of products and services of the Group to enable you and/or the company you work for to benefit from them.
    • personalisation of products and services’ contents and pricing for our client.
    • receiving services from other entities within the BNP Paribas Group in order to allow us to provide you and/or the company you work for with the services and products or execute our contractual obligations or transactions (e.g. IT services, custodian services, transfer agent services, portfolio management services, fund administration services).

b- Disclosing information outside the BNP Paribas Group

In order to fulfil some of the purposes described in this notice, we may disclose from time to time your personal data to:

  • service providers which perform services on our behalf (e.g. IT services, logistics, printing services, telecommunication, debt collection, advisory and consulting and distribution and marketing).
  • banking and commercial partners, independent agents, intermediaries or brokers, financial institutions, counterparties, trade repositories with which we have a relationship if such transmission is required to allow us to provide you and/or the company you work for with the services and products or execute our contractual obligations or transactions (e.g. investment firms, banks, correspondent banks, brokers depositaries, custodians, issuers of securities, paying agents, transfer agents, exchange platforms, insurance companies, payment system operators);
  • credit reference agencies;
  • local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, law enforcement, state agencies or public bodies, we or any member of the BNP Paribas Group is required to disclose to pursuant to:
    • their request;
    • defending or responding to a matter, action or proceeding;
    • complying with regulation or guidance from authority applying to us or any member of the BNP Group;
  • certain regulated professionals such as lawyers, notaries, rating agencies or auditors when needed under specific circumstances (litigation, audit, etc.) as well as to actual or proposed purchaser of the companies or businesses of the BNP Paribas Group or to our insurers;

c- Sharing aggregated or anonymized information

We share aggregated or anonymised information within and outside the BNP Paribas Group with partners such as research groups, universities or advertisers. You won’t be able to be identified from this information.

Your data may be aggregated into anonymised statistics that may be offered to professional clients to assist them in developing their business. In this case your personal data will never be disclosed and those receiving these anonymised statistics will be unable to identify you.

5. International transfers of personal data

In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis.

For transfers to non-EEA countries where the level of data protection has not been recognised as adequate by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you ) or implement one of the following safeguards to ensure the protection of your personal data:

  • Standard contractual clauses approved by the European Commission;
  • Binding corporate rules.

To obtain a copy of these safeguards or details on where they are available, you can send a written request as set out in Section 9.

6.   How long do we keep your personal data for?

We will retain your personal data  over the period required to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. For instance, most of a client’s information is kept for the duration of the contractual relationship and 3 years after the end of the contractual relationship, subject to local laws and regulations. For prospects, information is kept 3 years after the last contact, subject to local laws and regulations. If you would like to receive more detailed information about our retention policy, please send a written request as set out in Section 9.

7.   What are your rights and how can you exercise them?

In accordance with applicable regulations and where applicable, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly.
  • To erase: you can require the deletion of your personal data, to the extent permitted by law.
  • To restrict: you can request the restriction of the processing of your personal data.
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

If you wish to exercise the rights listed above, please send a letter to the data protection officer of the respective entity via the contact details listed in the Appendix below. Please include a scan/copy of your proof of identity for identification purpose when required.

In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.

8.   How can you keep up with changes to this data protection notice?

In a world of constant technological changes, we may need to regularly update this Data Protection Notice.

We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels.

9.   How to contact us?

If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our data protection officer of the respective entity via the contact details in the Appendix below.

If you wish to learn more about cookies, please read our cookies policy.

APPENDIX: List of entities subject to this Data Protection Notice and contact details of data protection officers

BNP PARIBAS ASSET MANAGEMENT Holding
Société anonyme (S.A.)
1 Boulevard Haussmann 75009 Paris – France

Data Protection Officer contact details:

DPO – RISK Function

Service Comptabilité Fournisseurs, 8 rue du port, TSA 90007, 92729 NANTERRE CEDEX – France

BNP PARIBAS ASSET MANAGEMENT France
Société par actions simplifiée (SAS)
1 Boulevard Haussmann 75009 Paris – France

Data Protection Officer contact details:

DPO – RISK Function

Service Comptabilité Fournisseurs, 8 rue du port, TSA 90007, 92729 NANTERRE CEDEX – France

BNP PARIBAS ASSET MANAGEMENT Belgium S.A/N.V.
Société anonyme (S.A.) / Naamloze Vennootschap (N.V.)
55 Rue du Progrès / Vooruitgangstraat 1210 Brussels – Belgique

Data Protection Officer contact details:

DPO – RISK Function

8 Montagne du Parc / Warandeberg 1000 Brussels – Belgique

BNP PARIBAS ASSET MANAGEMENT Luxembourg S.A.
Société anonyme (S.A.)
10, rue Edward Steichen L-2540 Luxembourg – Luxembourg

Data Protection Officer contact details:

DPO – RISK Function

BGL BNP Paribas

50, Avenue JF Kennedy L-2951 Luxembourg – Luxembourg

BNP PARIBAS ASSET MANAGEMENT France, Netherlands Branch

Herengracht 595, 1017CE, Amsterdam – the Netherlands

Data Protection Officer contact details:

DPO – RISK Function

Herengracht 595, 1017CE, Amsterdam – the Netherlands

BNP PARIBAS ASSET MANAGEMENT UK Limited
Limited Company
5, Aldermanbury Square London EC2V 7BP United Kingdom

Data Protection Officer contact details:

DPO – RISK Function

10 Harewood Avenue, NW1 6AA, London – United Kingdom

BNP PARIBAS Capital Partners
Société par actions simplifiée (SAS)
1 Boulevard Haussmann 75009 Paris – France

Data Protection Officer contact details:

DPO – RISK Function

Service Comptabilité Fournisseurs, 8 rue du port, TSA 90007, 92729 NANTERRE CEDEX – France

BNP PARIBAS Dealing Services

1 Boulevard Haussmann 75009 Paris – France

Data Protection Officer contact details:

DPO – RISK Function

Service Comptabilité Fournisseurs, 8 rue du port, TSA 90007, 92729 NANTERRE CEDEX – France

BNP PARIBAS SA, Bankfilial Sverige, acting though its asset management department

Provided that a contractual relationship exists, the relevant data controller for the processing of your personal data in relation to the BNP Paribas Group’s asset management services and activities in Sweden is:

Visiting address: Hovslagargatan 3, 111 48 Stockholm, Sweden

Postal address: PO Box 7763, 103 96 Stockholm, Sweden

Telephone no: +46 8 562 347 00

We will only disclose your personal data as set out in this Data Protection Notice to the extent this does not violate provisions of Swedish banking secrecy law and/or Swedish anti-money laundering obligations and/or other local statutory requirements.