|
INDUSTRIAL AND COMMERCIAL BANK OF CHINA (EUROPE) S.A.
PARIS BRANCH
73 Boulevard Haussmann
75008 PARIS, FRANCE
Paris, May 25th. 2018
Subject: General Data Protection Regulation– Information Letter
Dear Clients,
The new Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (commonly referred to as the General Data Protection Regulation or “GDPR”) – which governs the storage and processing of personal data – places new obligations on companies and organizations offering services in the European Union.
In view of these changes, we have updated our personal data protection rules to address specific GDPR obligations.
At ICBC (Europe) S.A. (hereafter referred as the “Bank”), we take your privacy seriously and believe that collecting and processing of personal data is a significant responsibility. Please find hereafter an information on the main GDPR principles.
Our role as Data Controller
The Bank will act as a Data Controller and will collect, store and process personal data provided by or on behalf of the Client necessary for performing any agreements with Clients and delivering any requested financial and banking services. The Client keeps, at his discretion, the right to refuse to provide this personal data, unless under the legal or contractual obligation to do so. Nevertheless, this may impede the establishment or continuation of a business relationship with the Bank.
Before disclosing any personal data to the Bank in relation to a data subject, you undertake and warrant that you have brought to the attention of such data subject the terms of this notification letter and acknowledge that the Bank and/or any of the Bank’s group entities may process the personal data of that data subject as set out in this letter.
Apart from personal data provided directly by the Client, to the extent allowed by law, the Bank may collect only such data which is necessary for the performance of its business and only within the framework of the services provided to its clientele.
The Purposes of Processing
The Client’s personal data may be processed where such processing is necessary:
(i)for the performance of contractual obligations towards the Client or to take steps at your request before entering into a contract,
(ii)for compliance with legal and regulatory obligations, and
(iii)for the purposes of the legitimate interests pursued by the Bank or by a third party, for instance, for fraud prevention purposes, in order to manage litigation, to establish statistics, for accounting, for IT-management (including infrastructure management, business continuity and IT security) as well as for direct marketing purposes relating to products and services of the Bank and aimed at the Client.
Unless it is expressly objected by the Client, the latter authorizes the Bank, on its behalf and on behalf of any of its subsidiaries (when such case is applicable), to collect, record, retain, use and otherwise process personal data about the Client, its subsidiaries (when such case is applicable) and any individual whose personal data is disclosed to the Bank, by or on your behalf (or by or on behalf of your subsidiaries, when such case is applicable), on the grounds mentioned above throughout the Bank’s group. In such a case, the transfer of the personal data shall follow the conditions as laid down in the “data transfers” section. This personal data shall include personal data within the special categories mentioned under articles 9 and 10 of the GDPR.
Disclosure
The Bank shall not disclose the collected personal data to third parties, except on the express instructions of the Client or if legally required or permitted to do so. The Client thus acknowledges that, in certain cases, the Bank may disclose personal data to any third parties that process personal data in order to ensure compliance with legal obligations or to enable the provision of banking or financial services. This includes, in particular, disclosure to (i) affiliates of the Bank, (ii) service providers which perform services on our behalf, (iii) agents, contractors and sub-contractors, intermediaries, banking and specialized partners, with which we or our group has a relationship, (iv) financial, taxation, judicial or regulatory bodies, agencies or authorities (including public or State-related ones) upon request or in the ordinary course of their supervisory or other functions, (v) certain regulated professionals such as lawyers, auditors or notaries, and (vi) insurers, re-insurers or other similar or equivalent role(s) or function(s).
Data transfers
Data transfers to entities belonging to the same group as the Bank and located in third countries are protected by appropriate safeguards and the Client can obtain a copy thereof by contacting the Bank.
Data transfers to subcontractors, services providers and other companies, the involvement of which is necessary to provide the services and that are located in third countries may, depending on the nature of the transfer:
- be covered by appropriate safeguards in which case the Client may obtain a copy thereof by contacting the Bank; or
- be otherwise authorized under applicable data protection law, as the case may be, as such transfer is necessary for the performance or execution of a contract concluded in the interest of the Client or for the establishment, exercise or defense of legal claims or for the performance of a contract between the Client and the Bank.
Retention
The duration of processing of personal data will be as long as it is necessary to achieve the described purposes and in accordance with applicable laws.
Rights for Individuals
Finally, any individual having its personal data collected and processed has:
-the right to receive, free of charge, a copy of his personal data held by the Bank;
-the right to request that any of your personal data be corrected if it is found to be inaccurate or out of date;
-the right to request for your personal data be erased when it is no longer necessary for such data to be retained;
-The right to withdraw, at any time, your consent to the processing;
-The right to request from the Bank to be provided with your personal data and/or to transmit them directly to another data controller (data portability);
-The right to request for a restriction on the processing of your personal data;
-The right to object to the processing of your personal data; and:
-The right to lodge a complaint with the French data protection authority (“CNIL”).
Data Protection Contact
The Bank has appointed a Data Protection Officer (“DPO”) who can be contacted for any question(s) or concern(s) regarding the personal data protection, at the following address: 32, Boulevard Royal L.2449 Luxembourg, or by e-mail at the following electronic address: data.protect@eu.icbc.com.cn.
Sincerely,
ICBC (Europe) S.A., Paris Branch
|