Data Protection

INFORMATION NOTICE INVOLVING PERSONAL DATANatixis Payment Solutions in its capacity as data controller collects and processes data identifying individuals, which may concern their private or professional lives (for example, their name, date of birth, private or professional contact details, identity documents, occupation, IP address, etc.) on the basis of information received from clients or prospects and requested by our employees, agents or distributors, forms completed by our clients, automated data capture mechanisms or information gathering processes more generally from our clients and prospective clients from our website payments.mycloud.intranatixis.comSuch information is referred to below as “Personal Data” or “Data“.Protecting Data is essential in order to build a trusted business relationship with our clients.To this end, Natixis Payment Solutions constantly monitors its compliance with the law* on the protection of Personal Data and aims to ensure responsible governance of its computer files as well as maximum transparency of the Data processing it carries out.Natixis Payment Solutions has appointed a Personal Data Protection Officer (or DPO). This person ensures that Natixis Payment Solutions’ processing of Personal Data complies with applicable regulations.This information notice is intended for all individuals subject to Natixis Payment Solutions’ data processing. It explains why Natixis Payment Solutions needs to collect your Data, how your Data will be used and protected, how long it will be kept and the rights you have.General Data Protection Regulation no. 2016/679 of 27 April 2016 and updated Data Protection Act 78-17 of 6 January 1978

Whose Data is collected?

Visitors to the website, our clients or prospects and their potential legal representatives, agents, contact persons and staff.

What Data does Natixis Payment Solutions use and where does it come from?

Natixis Payment Solutions collects and uses Data that is strictly necessary for its activities and for the purposes set down in this information notice.Categories of data used:–       Identifying data e.g. civil status, identity document, place and date of birth, sex, address,–       Contact details e.g. postal address, email, telephone,–       Professional data e.g. occupation,–       Connection data for visitors to the website data categories:Natixis Payment Solutions does not process Data in connection with racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership, genetic, biometric or health data, data on sexual life or sexual orientation or data concerning criminal convictions or convictions for misdemeanors, unless necessary and required or permitted under applicable legislation.Data source:The Data used by Natixis Payment Solutions has been supplied directly by you or has been obtained indirectly via our business and institutional clients, our partners or from public sources.

On what basis is your Data collected and used and for what purposes?

Natixis Payment Solutions needs to collect your Data from the contact form on the website or from our business relationship for the purposes outlined below and on the following bases:

  • When you fill in the contact form on the website, you consent to Natixis Payment Solutions collecting and processing your Data to identify you and answer your request.
  • Execute the contract on the products and services you have subscribed to or wish to subscribe to:

This means Natixis Payment Solutions must ensure:–       Provision of payment equipment such as electronic payment terminals for example;–       Support and handling of your request in this regard.Unless it can gather and process your Data, Natixis Payment Solutions will not be able to make or perform the contracts that bind us to our clients.

  • Fulfilling our legal and regulatory obligations:

Natixis Payment Solutions must collect your Data in order to meet (i) its legal and regulatory obligations resulting in particular from the French Monetary and Financial Code, which it must meet in its capacity as a credit institution or (ii) its reporting requirements with all relevant public and legal authorities.This means fulfilling requirements with regard to:–       Know-your-customer,–       Combating money laundering and terrorist financing,–       Fraud prevention.Otherwise, Natixis Payment Solutions will not be able to continue its business relationships with its clients.

  • Where Natixis Payment Solutions has a legitimate interest in using your Data:

Natixis Payment Solutions may process your Data on the basis of its “legitimate interest” if it is in a position that could present risks to its business or is required to defend its rights, or in order to develop its products or services. This includes:–       Ensuring the security of its IT systems,–       Defending its rights,–       Managing relationships with clients and prospective clients,–       Personalizing its product and service offering by segmenting clients and prospective clients, including by compiling Data for analytical or anonymization purposes,–       Improving products and services,

  • Purposes for which your consent is required

Natixis Payment Solutions intends to make certain types of Data processing subject to obtaining your consent. In such cases, you will be asked to consent specifically to the collection and processing of your Data for expressly stated purposes.For example, your consent will be required for any direct marketing sent to clients or prospective clients who are individuals if you are not a Natixis Payment Solutions client, or if you are a Natixis Payment Solutions client but the marketing initiative relates to products that are not comparable to those you have already taken out.

  • Cookies and other tracking devices

Cookies or other tracers are tracers deposited and read for example when consulting a website, reading an e-mail, installing or using software or a mobile application.When you visit the website, cookies and tracers may be installed on your equipment (computers, smartphones, digital tablets, etc.).The cookie policy implemented by Natixis Payment Solutions can be consulted at its website, in the Cookies section of its legal notices or at the bottom of the page.Cookies are kept for 13 months.

Who has access to your Data?

Natixis Payment Solutions takes all necessary steps to ensure the safety and confidentiality of the Data it collects, i.e. ensuring that only authorized persons have access to it.Only persons who are authorized due to their role in the competent Natixis Payment Solutions departments that are in charge of the relevant processing have access to your Data, and only within the scope of their authorization.Similarly, your Data may be provided or made accessible as needed to:–       Companies in the BPCE Group, to which Natixis Payment Solutions belongs,–       Our service providers and partners as part of execution of their service or our partnership and entirely securely,–       Some regulated professions (lawyers, notaries, auditors),–       BPCE’s and Natixis’ General Inspection & Audit departments.Some authorities, such as the appropriate tax, administrative or legal authorities, may also receive your Data, in accordance with applicable laws and regulation.In the circumstances outlined above, Natixis Payment Solutions may transfer (provide or give access to) your Data to another country within or outside the European Union.

How long will your Data be retained?

Once the Data collected has been used for the relevant purpose, and in accordance with any potential legal or regulatory requirements for retaining certain Data, Natixis Payment Solutions will no longer keep your Data.The length of time data is retained varies and depends on the type of data and the purpose it was used for.Prospect Data, collected in the contact form available on the website or directly by a Natixis Payment Solutions officer, is kept for a maximum period of 1 year.Data collected for managing a contract is maintained for the time required to execute the contract and until the applicable legal timeframe has been reached. This timeframe may vary as follows:–       Provisions in the French Commercial Code, accounting documents and evidence must be kept for ten years,–       The limitation period under common law for civil and commercial matters is five years,–       The timeframe for specific legislation such as anti-money laundering and terrorist financing is five years,–       The timeframe required for purposes such as fraud prevention for example is five years.These timeframes may be longer in some specific situations, when required by regulation. They can also be longer in the event of legal proceedings, and in this case, data is kept until the legal proceedings are complete and then filed in accordance with applicable legal requirements.When personal data is collected for several purposes, it is kept until the longest retention or filing time has been reached.

What rights do you have over your Data?

Within the limits and conditions laid down by current legislation, you can:

  • Obtain access to all of your Data,
  • Rectify, update and delete your Data for legitimate reasons,
  • Object to the processing of your Data for legitimate reasons and object to the processing of your Data for direct marketing purposes without giving any reason,
  • Request the portability of your Data for processing that requires your consent or for the performance of a contract that has been or will be made,
  • Request the limitation of the processing we perform in relation to your Data,
  • Withdraw your consent at any time (for processing that requires your consent),
  • Lodge a complaint with a competent supervisory authority, i.e. the authority in the country of the European Economic Area of your habitual residence, your place of work, or the place of an alleged infringement (the CNIL in France

In addition, you have the option to provide us with instructions regarding the retention, deletion and disclosure of your Data after your death. These instructions may also be registered with “a certified digital trusted third party”. These instructions, or a kind of “digital will”, may designate a person to carry them out, otherwise, your heirs will be designated.

How do you exercise your rights?

To exercise your rights, please contact our Data Protection Officer by email or by post, stating your full name and contact details, and providing a copy of your identity document.Data Protection Officer
Mailing adress: Natixis Payment Solutions – BP 4 – 75060 Paris Cedex 02 France
Email address:  dpo-paymentsolutions@natixis.comEmail for marketing purposes:A link to unsubscribe (for email) or a number to unsubscribe (for SMS/MMS) features on each email sent by Natixis Payment Solutions.