Bpifrance Assurance Export Data Protection Policy
The present policy concerning data protection provided by Bpifrance Assurance Export is intended to inform individuals whose personal data is processed by Bpifrance Assurance Export, acting as a data controller.
Bpifrance Assurance Export Data Protection Policy
Updated on 01/31/2024
The present policy concerning data protection provided by Bpifrance Assurance Export (hereinafter referred to as the “Policy”) is intended to inform individuals whose personal data is processed by Bpifrance Assurance Export, acting as a data controller.
In accordance with the applicable regulations, including European Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR) and the French provisions concerning data processing, files and freedoms (“Loi Informatique et Libertés”), Bpifrance Assurance Export, acting as a data controller, collects and uses personal data:
- to perform the contract with the aim of: processing application, elaborating and making available precontractual documents, preparing contractual documents, notifying a decision, managing the contractual relationship, saving files, handling potential complaints, litigation, and claims.
- on the basis of the legal obligations applying to Bpifrance with the aim of: carrying out customer knowledge process (KYC), tackling money laundering, financing of terrorism and corruption, conducing diligences in accordance with international sanctions and embargos in force, preventing fraud, complying with legal and regulatory provisions which are applicable to Bpifrance Assurance Export, especially the GDPR and the Loi Informatique et Libertés. Lastly, for electronically signed documents: managing the overall system of electronic signatures and establishing a body of evidence contributing to the reliability of the electronic signature process.
- For the legitimate interest of Bpifrance Assurance Export in managing and developing relationships with potential new or existing customers with the aim of: managing the overall relationship between Bpifrance Assurance Export and its current or potential new customers, carrying out reportings and disclosing statistics, prospecting new customers, sending newsletters.
- For the legitimate interest of Bpifrance Assurance Export in order to protect itself against fraud and provide proof, in the event of litigation to verify the identity of the signatory through an advanced electronic signature process.
In this context, Bpifrance Assurance Export may directly or indirectly collect various categories of personal data from contact persons, shareholders, directors, beneficial owners and/or any individuals whose personal data is collected for the purposes of processing and examining applications and/or managing the contractual relationship:
- Identification data: title, first name, last name, date and place of birth, personal address, mobile phone number, nationality, country of residence, ID documents (including passport and identity card: ID document date and place of issuance, expiration date, ID document’s photo, ID document’s MRZ strip), signature (electronic or handwritten);
- Administrative data: proof of address;
- Professional life data: professional address, professional phone number, professional e-mail, hierarchical position, curriculum vitae;
- Professional connection data: IP address and authentication on the portal (token procedure, e-signature certificate)
- Financial and commercial data: bank details, tax situation, registration number (SIREN).
The data collected are to be processed by Bpifrance Assurance Export and can be disclosed:
- To the State of the French Republic (hereafter referred to as the “State”);
- To any French or European administrative, judicial, arbitral or supervisory authority which needs to know it for the purposes of any administrative, judicial or arbitration proceedings and which has a right to be informed;
- To any other entity within the Bpifrance group, where such disclosures is necessary for prospecting purposes (to inform them on new products or any changes to existing products) to the exclusion of any personal data that the Banks have provided to Bpifrance Assurance Export and that concern them.
Provided that it has underlined the confidential nature of the information disclosed:
- For Credit insurance and Strategic project insurance, to entities which are directly or indirectly involved in reinsurance or joint insurance agreements.
- To any other entities within the Bpifrance group, where such disclosure is necessary to enable these entities to fulfil their legal or regulatory obligations. Such intra-group disclosure of information shall not, under any circumstances, release entities within the Bpifrance group from confidentiality obligations of legal, regulatory or contractual origin (including rules established by agreement with the State) which apply to them in relation to third parties.
- To the external advisers, counsel and auditors being specified that there shall be no obligation to inform these persons if they are subject to a professional obligation of confidentiality or to any other confidentiality obligations.
- To service providers used by Bpifrance Assurance Export to implement the advanced e-signature process.
- To IT service providers, or any other service provider or subcontractor carrying out services on behalf of Bpifrance Assurance Export in connection with all or part of operational processes identified above.
Bpifrance Assurance Export saves personal data no longer than is necessary for the purposes mentioned here above, the terms being extended, if required, by the French and European statutory or regulatory requirements on prescription.
When the information contained in this Policy is provided to a legal person, the latter undertakes to inform the individuals concerned of the data processing carried out by the present Bpifrance Assurance Export policy.
In accordance with the applicable regulations, and subject to the conditions set out in these regulations for the exercise of these rights, you have:
- The right to access, correct, delete, and migrate your personal data;
- The right to restrict the processing of your personal data as well as the right to object that your data be used for commercial purposes and that you are the subject of profiling practices;
- The right to withdraw your consent for processing based on it;
- The right to decide on your post-mortem personal data processing.
The aforementioned rights can be exercised by contacting the Bpifrance Data Protection Officer at the following postal address « Délégué à la protection des données” (DPD, Bpifrance, DCCP, 27-31 avenue du Général Leclerc, 94710 Maisons-Alfort Cedex) or the following e-mail address firstname.lastname@example.org.
Finally, you have the right to make a complaint to the National Commission for Data Processing and Freedoms (CNIL).
Other offers you might be interested in