Richelieu Corporate Finance

Personal data protection charter

Please read Banque Richelieu Group’s Privacy Policy carefully.

Introduction

Richelieu Corporate Finance attaches the utmost importance to the protection of your personal data (hereinafter “personal data” or “data”).

The purpose of this Charter is to inform you about the manner in which our establishment collects, uses, processes and transmits your personal data when you use our Services, our Site and our mobile application.

Your data is processed in accordance with current legislation on the protection of personal data and in particular with European Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data (“RGPD”) and Law No. 78-17 of January 6, 1978, in its current version, relating to data processing, files and freedoms (hereinafter the “Regulations”).

These Regulations apply only to personal data that directly or indirectly identifies a natural person. Such data may be collected, recorded, stored, adapted, transferred, processed and/or used by Richelieu Corporate Finance in accordance with the following provisions.

For the purposes of this document, the terms “we”, “us/our” or the “Bank” refer to Richelieu Corporate Finance.

Who is the data controller?

The party responsible for processing your personal data is Richelieu Corporate Finance, whose registered office is located at 1-3-5, rue Paul Cézanne – 75008 Paris. Richelieu Corporate Finance determines the purposes and manner of processing your personal data.

Who is concerned by this document?

This document is intended for any individual who has a direct or indirect relationship with the Bank, such as (but not limited to) :

      • Customer
      • Brochure
      • Supplier
      • Visitor/User of our Website
      • Candidate
      • Person contacting the Bank
      • Guarantor
      • Agent
      • Legal representative, corporate officer and authorized person of a corporate customer of the Bank
      • Beneficial owner, beneficial owner and shareholder of a corporate client of the Bank
      • Ordering party or beneficiary for transactions carried out in relation to a customer of the Bank

In all these cases, we use or may use your personal data. If you are one of them, we invite you to read this document carefully.

What personal data is collected when browsing the Website?

When you browse our Website, Richelieu Corporate Finance collects and processes some of your personal data.

The data we collect may include, depending on your use of our Website, those listed in the categories below:

Data categories Data type
Browsing and cookies Technical logs, IP address, data collected via cookies.

What data is collected about you when you are not browsing the Website?

The Bank will process various types of personal data, in particular those listed in the categories below, when subscribing to an advisory service contract:

Data categories Data type
Identification, personal situation and contact information Last name, first name, address, place and date of birth, country of residence, tax status, marital status, educational and professional qualifications, telephone number, e-mail address.
Banking, financial and transaction data Customer number, investment profile, transaction data, asset values.
Videos and telephone recordings

The Bank’s premises to which you have access are protected by cameras. The data collected in this way is processed by the Bank for security purposes only.

Electronic and telephone communications may be recorded by or on behalf of the Bank.
Public Data published or transmitted by a public institution may be processed by the Bank.
Professional life CV, education, professional training, awards.

Other

All other Personal Data reasonably related to the conduct of the Bank’s business.

If we collect or receive your personal data in the course of providing our services, we may receive information from third parties such as transaction counterparties, regulatory authorities, etc. This information may include your name, contact details, employment details and other information relevant to the services we provide to our customers. This information may include your name, contact details, employment details and other information relevant to the services we provide to our customers.

What data do we not collect?

Except in the very specific cases where regulations require it, the Bank never processes data relating to your racial or ethnic origins, your political opinions, your philosophical beliefs, your religion, your trade-union membership, your sex life or sexual orientation and your genetic data.

What are the purposes of the processing carried out?

The personal data you communicate to us via the Website are collected and processed by Richelieu Corporate Finance mainly in order to respond to the requests expressed via all collection media, tools and services made available to you on the site, the request for information, to make an appointment, to call you back or to participate in an event.

Data relating to you and communicated to the Bank by you or by a third party, by means of a form or document issued by the Bank, an order or request or in any other way, and regardless of the medium of such communication, are processed by the Bank with a view to their use in carrying out operations in your favour and are processed with a view to achieving one or more of the purposes listed below:

      • customer knowledge and data updating,
      • performance of the consulting services contract,
      • risk assessment and management,
      • claims, collection, litigation
      • the management of operations aimed at offering the person concerned the products and services marketed by the Bank,
      • conservation and archiving,
      • all legal and regulatory obligations.

What are the legal bases for collecting and using personal data?

The data collected is processed if you have given your consent or if the processing is based on at least one of the following legal grounds:

Richelieu Corporate Finance is required by law or regulation to process data for the following purposes:

      • combating money laundering and the financing of terrorism,
      • cooperation in the automatic exchange of information under the CRS regulations,
      • tax identification and reporting, in particular in the context of the US “FATCA” regulation on the fight against tax evasion,
      • compliance with the Bank’s obligations towards the supervisory authorities, administrative or judicial authorities, authorized official bodies and French or foreign market authorities.

The Bank processes your data in the context of the performance of pre-contractual and contractual measures with you or a company to which you are linked and in particular for the following purposes:

      • relationship management,
      • consulting services contract management
      • We process your personal data to achieve the legitimate interests pursued by the Bank or by a third party that are necessary, for example to:
      • to enable the Bank to carry out its day-to-day activities and provide its services,
      • statistics production,
      • implement any change in the Bank’s corporate organization or shareholding structure,
      • a video surveillance system for safety and security purposes (people and property).

Furthermore, if information that is not strictly necessary for the above-mentioned purposes is collected, this will be done with your prior consent. You may withdraw your consent at any time.

With whom do we share your personal data?

The personal data collected by Richelieu Corporate Finance may be communicated, in order to achieve the purposes mentioned above, to :

      • any entity belonging to the Bank’s group (within the meaning of article L.233-3 of the French Commercial Code), within the limits of the data required for the performance of services or subcontracted tasks, or for their use in the study and management of files, as well as for commercial prospecting and/or other statistical studies,
      • third parties, in particular partners, brokers and insurers as well as subcontractors and/or service providers, with whom Richelieu Corporate Finance collaborates and whose intervention is necessary or useful for the processing or realization of the above-mentioned purposes,
      • official bodies and administrative or judicial authorities, at their request, to the extent necessary to comply with all applicable laws and regulations,
      • to prospective purchasers or investors in all or part of our business, and to their advisers and financiers, if we have a legitimate interest in doing so,
      • any recipient requesting data needed to identify and contact the data subject, particularly in the event of a health crisis, and provided that the purpose of the data transmission is to safeguard the vital interests of the data subject or those of another individual, and limited to the data strictly necessary to achieve this purpose.

To which third countries do we transfer your personal data?

Personal data thus transmitted in accordance with the agreed purposes may, in the course of various operations, be transferred to a member country of the European Economic Area (EEA) or to a country whose legislation has been recognized as adequate by the European Commission in application of the provisions of Article 25 of European Directive 95/46/EC, such as Switzerland.

In the event of a transfer to a country outside the EEA whose level of protection has not been recognized as adequate by the European Commission, you are informed that Richelieu Group may only transfer personal data if it has provided for Appropriate Safeguards within the meaning of Article 46, paragraphs 2 and 3 of the RGPD (“Transfers with Appropriate Safeguards”), such as:

      • standard contractual clauses approved by the European Commission, which guarantee a level of data protection equivalent to that of a European Union country;
      • where applicable, binding company rules (for intra-Group transfers).

In the absence of an adequacy decision or Appropriate Safeguards, a transfer of personal data to a country outside the European Union may only take place on the basis of the derogations provided for in Article 49 of the RGPD (“Derogations for special situations”).

These data transfers take place under conditions and guarantees that ensure the protection of your personal data.

How do we protect your personal data?

We take every precaution to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorized third parties. In addition, we require the above-mentioned third parties to implement appropriate technical and organizational security measures with respect to such personal data.

What are your rights?

In accordance with legal and regulatory provisions, you may exercise the following rights at reasonable intervals, free of charge:

Right to access and receive your personal data:

You have the right to ask us what personal data we hold about you. You also have the right to access your personal data.

Right to obtain rectification of your personal data :

You can ask us to rectify your personal data at any time if you find it incomplete or incorrect.

Right to obtain the deletion of your personal data :

You may also request that the Bank delete your personal data using reasonable technical means available to the Bank. However, the Bank may refuse to do so if the processing of your data is still necessary, in particular to meet its legal or contractual obligations or for evidential purposes.

Right to limit the processing of your personal data :

In certain specific cases, you may ask us to restrict the processing of your personal data.

Right to object to the processing of your personal data :

You may object to the processing of your personal data in certain specific cases. In this case, the Bank will no longer process your personal data, unless it can demonstrate that there are compelling legitimate grounds for the processing which override your interests. You also have an absolute right to object to the processing of your personal data for the purposes of direct commercial prospecting.

Right to withdraw your consent to the processing of your personal data :

You may withdraw your consent to the processing of your personal data by the Bank at any time.

Right to the portability of your personal data

You have the right to have your personal data supplied to us forwarded directly to another data controller, insofar as this is technically possible for the Bank.

The above rights may be exercised by contacting the Bank’s Data Protection Officer at the following address: “Richelieu Corporate Finance, Délégué à la protection des données (DPD) – 1-3-5, rue Paul Cézanne – 75008 Paris” or by e-mail at the following address:“protectiondesdonnees.fr@banquerichelieu.com “.

The Bank undertakes to respond within the time limits stipulated by regulations.

In the event of a dispute, the user may contact the Commission Nationale de l’Informatique et des Libertés (CNIL). To contact the CNIL, send a letter to the attention of the Chairman of the CNIL, Commission nationale de l’informatique et des libertés – 3, Place de Fontenoy – TSA 20715 – 75334 PARIS CEDEX 07.

What are the retention periods for personal data?

The length of time the Bank holds personal data varies and is determined by various criteria, including :

      • the purpose for which the Bank uses the data: the Bank must retain the data for the period necessary to fulfil the purpose of the processing; and
      • legal obligations: legislation or regulations may set a minimum period for which the Bank must retain data

Changes to our Privacy Policy

The Bank reserves the right to modify this Charter in order to take account of changes in the various regulations and practices in force. Any changes we make to our Charter will be published directly on this page of our Website. To ensure that you always have the latest version, we invite you to consult it online.

Cookies – Collection of personal data by automated means

Cookies or other identifiers are identifiers deposited and read, for example, when consulting a website, reading an e-mail, installing or using software or a mobile application, regardless of the type of terminal used. You are informed that when you visit one of our sites, cookies and tracers may be installed on your terminal equipment. Where necessary, we obtain your consent prior to installing such cookies on your terminal equipment, and also when we access data stored on your equipment. Tracers are kept for a maximum of 13 months.