PROTECTION AND USE OF PERSONAL DATA BY CAISSE REGIONALE
Policy on data protection and online privacyThis policy on data protection and online privacy sets out the way in which user data are processed on this site. The site’s data collection tools and services are used to disclose personal data to Caisse Régionale de Crédit Agricole Mutuel de Normandie, the site publisher. Depending upon the website, these include:
- Data collection forms, questionnaires;
- Appointment requests and requests for information;
- Simulation and comparison engines available on the site;
- Online collaborative workspaces for consulting and/or publishing contributions in the form of comments on issues discussed on the site;
Data controller and aims
The personal data collected via the data collection services or methods found on this site are collected by Caisse Régionale de Crédit Agricole Mutuel de Normandie, the site publisher and data controller in the meaning of the General Data Protection Regulation, unless the data collection method expressly mentions that the data controller is a third party. In accordance with the law, each data controller is exclusively responsible for its own processing services and for explaining their features. Personal data disclosed by users of the site and its services are collected and processed by Caisse Régionale de Crédit Agricole Mutuel de Normandie in order to reply to requests and questions submitted via the available forms, tools and services, to perform contractual or pre-contractual obligations requested by the user, to comply with the site publisher’s legal obligations or to further the legitimate interests of the site publisher or a third party without violating the user’s rights. Data may only be processed in the publisher’s legitimate interest or with user consent, as applicable. Data may be processed for commercial prospecting purposes, subject to the applicable regulations (right to refuse postal and telephone prospecting, prior consent for electronic prospecting).
The purpose of cookies used by this site is to facilitate website navigation, to measure the site audience, to personalise your visit and, subject to your consent, to send you targeted advertising or personalised messages dealing with your interests or needs as well as commercial prospecting messages.
When the site has identified you as a customer of Normandie, Normandie may use the data collected to manage your banking relationship. Information on the way your personal data are processed can be found in the Personal Data Protection Policy included in your Account Agreement.
Data utilisation and collection characteristics
You are not obliged to answer all questions asked. An asterisk indicates information that is required. If you do not fill out required data, Caisse Régionale de Crédit Agricole Mutuel de Normandie cannot process your request and you will not able to use the tool or service.
Caisse Régionale de Crédit Agricole Mutuel de Normandie agrees to maintain professional secrecy in accordance with the applicable regulations. No information will be disclosed to third parties except with the user’s express prior permission or when Normandie is required to do so by law, particularly to the monetary authorities, the tax administration or any other competent authority.
Data storage period
The customer’s personal data are stored and processed for the time needed to achieve the processing purpose and in any event no longer than the times mentioned in this Data Protection Policy:
- 3 years for commercial prospecting purposes;
- 12 months from the moment when cookies are downloaded to the user’s device;
- For geolocation data, the time needed to provide the service, after which the data are deleted;
- 13 months for connection data (IP address, logs, etc.);
- Cookies from Havas Media are stored for 90 days.
Exercising your rights
You have the following rights in connection with the personal data collected and processed by us when you use the site or its services or submit requests:
- The right to access, rectify and delete data (inaccurate, incomplete, unclear or outdated);
- The right not to have your data processed for commercial prospecting purposes;
- The right to restrict processing of your data in accordance with current regulations;
- The right to data portability;
- The right to withdraw your consent at all times;
- The right to file claims with the supervisory authorities.
You can exercise these rights by simply writing a letter to Caisse Régionale de Crédit Agricole Mutuel de Normandie, the site publisher, at the following address:
Caisse Régionale de Crédit Agricole Mutuel de Normandie, 15 Esplanade Brillaud de Laujardière - CS 25014 - 14050 Caen Cedex 4. firstname.lastname@example.org
You may also write the data protection correspondent at: email@example.com In the case of a dispute, the user can file a claim with the CNIL, the supervisory authority, at the following address: http://www.cnil.fr or by writing the head office at 3 Place de Fontenoy, 75007 Paris.
Your personal data may be disclosed to:
- Any entity of the Crédit Agricole Group for commercial prospecting purposes and when resources are pooled or companies of the Group are merged;
- Our subcontractors, but only for subcontracting requirements;
- Our partners, to offer you the advantages of these partnerships;
- Survey institutions commissioned by Normandie or by the Crédit Agricole Group to prepare statistics, on the understanding that you are not required to do their surveys and questionnaires and that your data are deleted after processing.
Use of data for prospecting purposes
Pursuant to the applicable regulations, user permission is required for all prospecting by auto dialer, email, sms/mms or fax and the sale or rental of data for prospecting purposes using these methods. If you agree to receive such prospecting messages from Caisse Régionale de Crédit Agricole Mutuel de Normandie by ticking the boxes provided for this purpose on this site, you will always be able to withdraw your consent and every prospecting email will allow you to opt out of future prospecting emails from Caisse Régionale de Crédit Agricole Mutuel de Normandie, the site publisher. Moreover, if you don’t want to receive commercial telephone calls, you can register with Bloctel (for further information, please visit the following website: bloctel.gouv.fr.). You will always be able to oppose prospecting by other methods by writing the contact persons mentioned in the section entitled “Exercising your rights”. The cost of your stamp will be reimbursed on request.
Our concern is to preserve the quality and integrity of your personal data. Our security technologies and policies protect your personal data against all unauthorised access and misuse. People with data access are required to respect the privacy of site users and the confidentiality of user data. We will never send you an email asking you to connect to your online bank account or to provide confidential data (bank card number, code, etc.).
PROTECTION AND USE OF PERSONAL DATA BY CAISSE REGIONALE
The purpose of this Personal Data Protection Policy is to inform you of the processing operations carried out by us, Caisse Régionale, with personal data collected from you. These operations allow us inter alia to promote and supply you with our products and services. This Personal Data Protection Policy complements the information in your contracts with us. In the case of a contradiction between this Personal Data Protection Policy and any contractual clauses, the clauses in your contracts will prevail.
The personal data obtained from you as part of our relationship and to operate your account are needed for several reasons, particularly the following:• Performance of our product and service contracts, especially your bank account;
• Performance of our legal obligations;
• Furtherance of our legitimate interests subject to your rights.
Certain data collected or processed may be required under current regulations or for the signature of contracts. Different channels may be used to collect your personal data, particularly personal contact at one of our branches, telephone calls or the websites and mobile applications of Caisse Régionale. Your personal data will be used primarily for the following purposes: day-to-day management of our relationship and our banking and insurance products and services; collection of receivables, management of disputes and proof; commercial prospecting and management; risk assessment and management, security management, prevention of unpaid bills and fraud control; and compliance with legal and regulatory obligations, especially in the fight against money laundering. We may use targeting or profiling techniques in order to personalise our advice and services, to improve service quality and to provide everything needed to help you make the best possible decision.
We store and process your personal data for the time needed to achieve the processing purpose. The maximum storage time is the length of the contractual or business relationship. This period may be extended for the time needed to settle and consolidate all rights and for the legal storage and limitation period. We may store your data under the conditions imposed by law in order to comply with our legal obligations or the demands of regulators and government authorities and for historic, statistical or scientific purposes.
Below follows detailed information about the conditions under which we process your personal data, particularly as regards:
• Processing purposes,
• The legal principles governing processing of your personal data,
• Storage times,
• Origin when data are not collected directly by Caisse Régionale,
• As applicable, transfers to non-EU countries and the measures implemented to protect them in such countries (existence of an adequacy decision of the European Commission or appropriate transfer guarantees).
In accordance with the law, you may always access your personal data, oppose processing for legitimate reasons, request rectification or deletion of your data, set limits on their processing, request their portability or give instructions on their use in the case of death. Moreover, you may always oppose the use of your data for commercial prospecting purposes by Caisse Régionale or by third parties, without having to explain your reasons. Lastly, when consent is legally required, you may always withdraw your consent. To do so, simply write a letter to the following address: Service Qualité Satisfaction Client - 15 Esplanade Brillaud-de-Laujardière - CS 25014 - 14050 Caen Cedex 4. The cost of your stamp will be reimbursed on request. Please note that Caisse Régionale may be unable to provide certain products or services when the foregoing rights are exercised.
Caisse Régionale has appointed a Data Protection Correspondent whom you can contact at the following addresses: Caisse Régionale de Crédit Agricole Mutuel de Normandie -DPO (Entreprise numérique), 15 esplanade Brillaud de Laujardière - CS 25014 - 14050 Caen Cedex 4; or firstname.lastname@example.org. In the case of a dispute, you can file a claim with the CNIL, the supervisory authority, at the following address: http://www.cnil.fr or by writing to the head office at 3 Place de Fontenoy, 75007 Paris.
Certain special processing operations and processing operations restricted to a limited number of customers are not mentioned in this Data Protection Policy. The customers concerned are informed directly through the appropriate communication channels.