Sign up Login

Personal Data

Personal Data Management Policy

1 - DEFINITION OF PERSONAL DATA

Personal data refers to any information that can directly or indirectly identify a natural person. For example, personal data includes:

  • A first and last name
  • Date of birth
  • Postal address
  • IP address (Internet Protocol is a number that identifies each computer connected to the Internet)
  • Telephone number
  • Email address
  • Marital status (married, civil union, single, etc.)
  • Nationality
  • Identity document
  • Bank account identifier (IBAN)
  • Customer number

    • INST MUTUEL collects this data in order to offer you the products and services provided. But also to meet legal obligations and ensure security in the use of our services.

    2 - THE RESPONSIBLE FOR YOUR PERSONAL DATA

    The company that collects and uses your personal data is called the data controller. It must specify its name and the reasons for collecting this data.

    INST MUTUEL is the data controller. To ensure compliance with your personal data and your privacy, the bank has appointed a Data Protection Officer (DPO), whom you can contact at the following postal address: 115 rue de Sèvres - 75 275 Paris Cedex 06

    3 - PURPOSES OF COLLECTION

    A treatment refers to the various activities of a company. Each activity has a specific objective called a purpose. INST MUTUEL collects your personal data for the realization of the following main activities:

    Management of customer relationship, products, and services:

    Recording and updating information about your bank accounts and the characteristics of how accounts operate.

    Management of operations concerning deposits and withdrawals (transfers, withdrawals, cards, and other fund movements).

    Maintaining accounts (statements, periodic statements and extracts, oppositions, issuance of bank cards, bank identity statements, and attestations).

    Proposal of means of payment and financing solutions:

    Issuance of adapted payment card and tailor-made financing solution in line with each individual's situation to offer the best advice and support.

    Proposal and management of insurance:

    Concluding and managing insurance contracts for means of payments (financial guarantee, assistance to persons), legal protection (protection of identity), exercise of recourse, management of claims, litigation, termination, and execution of legal provisions.

    External account aggregation service:

    Service allowing to see the balance, payment transactions (transfers issued / received, direct debits) of accounts held in external banks. The list of accounts to be aggregated will be established by the customer. The activation of this service requires the consent of the customer.

    Fraud prevention:

    The data is used for detecting acts performed within the scope of activities presenting an anomaly, inconsistency, or reported as possibly constituting fraud.

    Compliance with legal and regulatory requirements:

    The bank must comply with the legal and regulatory obligations to which it is subject, such as the fight against money laundering and the financing of terrorism.

    Proposal of personalized offers

    Proposal of personalized commercial offers corresponding to your needs and future projects subject to your consent.

    • For customers, personal data will be kept for 3 years after the end of the commercial relationship.
    • For prospects, personal data will be kept for 3 years from the last contact.
    Recording of telephone conversations:

    Telephone conversations will be recorded to improve the quality of service unless you object. Personal data will be kept for a period of 6 months.

    4 - PROFILING AND AUTOMATED PROCESSING

    For certain processes, the bank uses profiling and applies partially automated decisions (with human intervention).

    Profiling allows to assess and predict the reactions and preferences of a person. It is used in the following cases:

    • Personalized proposal of commercial offers;
    • Assessment of the financial situation in the context of a credit application.

    A partially automated decision is made for the analysis of a credit application. The study of this application will be supplemented by human intervention to ensure a better assessment of the file.

    5 - SECURITY OF PERSONAL DATA

    INST MUTUEL undertakes to take all necessary measures to ensure the security and confidentiality of personal data and in particular to prevent them from being damaged, erased, or accessed by unauthorized third parties.

    Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration, or disclosure), INST MUTUEL undertakes to take all necessary measures to remedy it. In the event of such a situation, the bank will inform you and report the incident to the National Commission for Information Technology and Civil Liberties (CNIL).

    6 - RECIPIENTS OF PERSONAL DATA

    Recipients are individuals who may access your personal data in order to offer you quality products and/or services. INST MUTUEL ensures when selecting its partners and service providers that they offer a high level of security to guarantee the confidentiality and security of your personal data.

    Your data may be transmitted to:

    • Internal services of INST MUTUEL: the departments responsible for the execution and management of the subscribed products and services;
    • External providers to INST MUTUEL: technical providers, including subcontractors who contribute to the execution of the subscribed products and services;
    • Services and/or entities of the group to which INST MUTUEL belongs and to entities or commercial partners of INST MUTUEL, after prior information and consent;
    • Any authorized administrative or judicial authority, or more generally any authorized third party, to comply with INST MUTUEL's legal or regulatory obligations.
    7 - TRANSFER OF YOUR PERSONAL DATA ABROAD

    INST MUTUEL carries out all processing of your personal data within the territory of the European Union (EU).

    However, for certain specific services, INST MUTUEL may use subcontractors located outside the EU. Some personal data may then be communicated to them for the sole purpose of their missions. In this case, in accordance with current regulations, INST MUTUEL would require its subcontractors to provide the necessary guarantees for the framing and securing of these transfers, in particular by signing standard contractual clauses of the European Commission.

    8 - DURATION OF RETENTION

    The retention period of your personal data depends on the products and services subscribed to. INST MUTUEL undertakes not to keep your personal data beyond the duration necessary for the provision of the subscribed product or service.

    Some of your personal data may be kept for an additional period, notably in the following cases:

    • management of complaints and/or disputes;
    • compliance with legal or regulatory obligations;
    • response to requests from Authorities or Authorized Third Parties.
    9 - RIGHTS OF INDIVIDUALS

    You have the following rights:

    • Right of access:

    You can obtain access to your personal data processed by INST MUTUEL;

    • Right to rectification:

    You can update or rectify your personal data processed by INST MUTUEL. You also have the possibility to manage this right via your customer area;

    • Right to object:

    You can invoke it for processing based on legitimate interest for reasons related to your particular situation that justify your request;

    • Right to erasure (right to be forgotten):

    You can request the deletion of your personal data at the end of the contractual relationship and legal retention periods;

    • Right to restriction:

    You can request the suspension of the processing of your personal data following an objection to processing, a challenge to the accuracy of the data, when their processing is unlawful or in the event of a dispute, for the exercise or defense of rights in court;

    • Right to data portability:

    You can request INST MUTUEL to retrieve the personal data you have provided and which are necessary for the contract or processing to which you have consented;

    • Right to give instructions regarding the retention, erasure, and communication of personal data after death;
    • Right to withdraw consent:

    You can exercise the withdrawal of your consent for any processing for which it was collected, without having to justify your request.

    You can exercise your rights by sending a postal mail to the customer relations service at the following address:

    INST MUTUEL - Customer Service - CS 20024

    59591 Nice Cedex 3

    Any request must be accompanied by proof of identity. INST MUTUEL undertakes to respond to your requests to exercise your rights as soon as possible and in any case within the legal deadlines.

    In the event of difficulties related to the management of your personal data, you can file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL).

    Copyright @2024 INST MUTUEL SA.