I . Glossary
1. Personal data
2. Rights of data subjects
3. Regulation on Personal Data Protection
4. GDPR
5. Data controller
6. Principles related to data processing
II . Confidentiality and Privacy Policy
1. What is personal data?
2. Which categories of personal data are processed by Monext?
3. What are the purposes and grounds justifying the collection of your personal data?
4. Commercial prospecting
5. Who are the recipients of the personal data processed by Monext?
6. Which security measures are implemented by Monext?
7. How long is your personal data stored?
III . Rights of data subjects
1. What are your rights?
2. How to exercise your rights.
Personal Data
Through this document, we endeavour to inform you in a clear and transparent manner about the conditions under which we collect, process, archive and delete your personal data.
The policy also includes a reminder of your rights regarding your data and useful information on how to exercise them.
I - Glossary
1. Personal data
Article 4.1 of the GDPR: ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.
2. Rights of data subjects
Article 12 of the GDPR: Data subjects enjoy the right to access, modify, oppose, limit and delete their data, and are entitled to the portability of their personal data.
3. Personal data protection regulations
Refers to the legal framework on personal data protection, including the GDPR, the French Data Protection Law No. 78-17 dated 6 January 1978, amended, and any new law or decrees adopted for its application.
4. GDPR (EU Regulation 2016/679)
The European regulation which is the benchmark for personal data protection. It entered into force on 25 May 2018. This regulation obliges all companies to take all the necessary measures to protect data subjects’ personal data.
5. Data controller
Article 4.7 of the GDPR: A data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
6. Principles related to data processing
Article 6 of the GDPR: Monext undertakes to respect your privacy and to protect the personal data processed: Lawfully, fairly and in a transparent manner with regard to the data subject Collected for specified, explicit and legitimate purposes Adequate, relevant and limited to what is necessary with regard to the purposes for which the data is processed Processed in a manner which ensures appropriate security of personal data.
II – Confidentiality and Privacy Policy
In accordance with Data Protection Regulations, processing defined in this Confidentiality and Privacy Policy is supported by a specific legal basis.
This Policy informs you of the conditions in which we (Monext) collect, process, store, archive and delete the personal data of our prospective clients, clients and partners. It also provides information on your rights concerning your data.
What is personal data?
Personal data means any information that identifies a natural person, whether directly or indirectly (e.g. name, address, registration number, telephone number, photograph, date of birth, IP address, fingerprint, etc.).
Which categories of personal data are processed by Monext?
As part of our sales relationship, the following categories of personal data are processed primarily:
1. Declarative personal data: i.e. data that we may collect directly from you, such as your surname, first name, electronic mail address (e-mail), company and date of subscription, or data collected indirectly from third parties with whom we have a contractual link for statistics relating to the newsletter service;
2. personal data obtained from public information (the public pages of social networks for example) in compliance with the regulations
Data source: the data comes from the registration, by the person wishing to receive the newsletter, of their surname, first name, e-mail address and company in the registration field on the newsletter registration form.
Compulsory collection of data: You must provide your surname, first name, e-mail address and company in order to receive the newsletter.
What are the purposes and grounds justifying the collection of your personal data?
We process personal data for the purposes and grounds listed hereafter:
Purposes : To improve our interactions with clients or prospective clients, To manage client complaints and requests, To facilitate subscriptions to one of our services.
Grounds : Such processing is based on a legitimate interest pursued by Monext without prejudice to your fundamental rights and freedoms.
Purposes : To conduct marketing initiatives: managing social network communities, commercial prospecting, organising games, contributing to conducting satisfaction surveys, publishing newsletters. To take part in calls for applications to join partner ecosystems: start-ups, competitions (see competition rules)
Grounds : Such processing is based on a legitimate interest pursued by Monext (sales development) or on the basis of your consent, without prejudice to your fundamental rights and freedoms.
Purposes : To measure the number of visitors to our website through the technical resources set out in our cookies policy. To inform you of Monext’s news, in particular through subscriptions to our newsletters.
Grounds : On the basis of our legitimate interest, we process your personal data to improve your browsing on our website.
Commercial prospecting
You can receive commercial offers by email only if you have given your prior consent, unless authorised by law. You can exercise your right to oppose prospecting via the email or postal addresses stated in our communications or in the website’s legal notices ([email protected]).
If you do not wish to receive commercial prospecting by telephone, you can sign up free of charge to a list opposing telephone solicitation via the website www.bloctel.gouv.fr. It should be noted that professionals are prohibited from cold calling a consumer on this list, with the exception of pre-existing contractual relationships.
Who are the recipients of the personal data processed by Monext?
Your personal data is passed onto the sales and marketing teams, or to the appropriate Monext contact who is able to respond to your request to exercise your rights.
We may not be held liable for the processing of your personal data for which you may have given your consent to third parties and which is not shared between this third party and Monext, such as for example data on social networks. Please refer to the data protection policies of these third parties to check the conditions of processing conducted or to exercise your rights with regard to these acts of processing.
Which security measures are implemented by Monext?
Collected data is stored on a database governed by Monext’s security policy.
We raise employee awareness with regard to personal data protection and ensure that they comply with the regulations in force and our company’s code of conduct.
We select sub-contractors or service providers which provide a high level of guarantees with regard to the implementation of appropriate technical and organisational measures so that the processing of your data meets the requirements of the applicable personal data protection regulations.
How long is your personal data stored?
We have defined specific rules with regard to the timeframes in which personal data can be stored.
To define these timeframes, we consider the various purposes for which this data is collected, the data subjects concerned by the collection, compliance with legal and regulatory obligations and professional practices with which we undertake to comply. This does not exceed what is strictly necessary for the proper completion of the processing act.
Data collected via our website is stored for 18 months.
III – Rights of data subjects
What are your rights?
You enjoy specific rights concerning your data such as the right to access, modify, oppose, limit and delete your data, and are entitled to the portability of your personal data. You also enjoy the right to define the instructions concerning the storage, deletion and disclosure of your personal data following your death. You also have the right to appeal to the French Data Protection Authority (CNIL).
How to exercise your rights.
You can exercise your rights under the French Law dated 6 January 1978 by writing an email to [email protected] or a sending a letter by post to 260 rue Claude Nicolas Ledoux – Service Communication - Pôle d'Activité d'Aix en Provence CS 60507 13593 Aix en Provence Cedex
As part of the exercise of your right to data portability, we will return declarative data to you, i.e. data that we may collect directly from you.
Monext, via the Crédit Mutuel Arkea Group, has appointed a Data Protection Officer (DPO). The DPO monitors compliance with personal data protection regulations within the Group and its subsidiaries such as Monext. The DPO is also the contact person of the French Data Protection Authority (CNIL), our supervisory body, for any questions concerning personal data management.
You can contact our DPO at the following addresses:
- protectiondesdonnees@arkéa.com
- M. le Délégué à la Protection des Données- Crédit Mutuel Arkéa-29808 Brest Cedex 9
To guarantee an optimum level of safeguarding and compliance with the use of your personal data, the information published concerning this website will be reviewed regularly and more specifically when new functions are integrated.
Last updated on 2023/05/30