Cookies policy and data policy
DATA PROTECTION INFORMATION ON COOKIES
What is a cookie?
Cookies are small text files that are placed and stored on your terminal when you visit a website.. A cookie allows its issuer to identify the terminal in which it is stored for the duration of the validity or the storage of this cookie. The term “cookies” refers to all technologies allowing to trace the user’s navigation.
The terminal refers to the hardware/material equipment (computer, tablet, smartphone…) you use to consult or view a website, an application or advertising content etc.
Why we are using cookies?
We and our partners use different types of cookies for the following purposes:
1. Cookies that do not require user’s consent
(i) These are operating cookies, that are essential for browsing our website (such as the session identifiers), allow you to use the main features of the website and to secure the connection
For example, they allow you to access directly to reserved and personal areas thanks to identifiers or data that you have previously entrusted to us.
(ii) These are cookies that are not essential for browsing our website, but whose sole purpose is to enable or optimise its operation and to give you access to specific features.
They also allow you to adapt the presentation of the website to the display preferences of your terminal. These cookies allow you to have a fluid and customised navigation.
2. Cookies that require the user’s consent
1. Audience measurement
They allow us to better understand the use and performance of our website, to establish statistics, volumes of traffic and use of various elements of our website (visited pages, navigation path, etc.) allowing to improve the interest and ergonomics of our services (the most consulted pages and sections, the most read articles, …)
These cookies are also used to evaluate the performance of our advertising campaigns and to personalize the content of our website according to your profile and your navigation.
How to refuse/delete cookies
The registration of a cookie in a terminal is essentially subject to the will of the terminal user, which can be expressed and modified at any time and free of charge.
If you have accepted, the storage of cookies in your terminal, the cookies integrated into the pages and contents that you have consulted may be stored temporarily in a dedicated space in your terminal.
A cookie management configurator is available to allow you to manage the cookies used and/or deposited on this website. At any time, by clicking on the link below, you will be able to access the configurator and modify your preferences by purpose.
The taking into account of your wishes is based on a cookie. If you delete all the cookies stored in your terminal via your browser, SOCIETE GENERALE and its partner will no be aware of your refusal and you will therefore be asked again to express your choices on cookies.
The complete blocking of your cookies via your browser or ad-blockers ( including cookies related to the operation of the website), may lead to malfunctions such as the impossibility to accessing certain pages of the website or your secure client area.
As part of the regulation, you will be asked every 6 months to confirm or change your cookie preferences, regardless of how long they remain in effect.
What cookies are used on our website and what are our partners?
Please find below, the list of our cookies and our partners:
| Operating cookies | |||
| Name of the cookie | Data controller | Cookie's retention period | Purpose |
| SERVERID | Societe Generale | Length of session | It is used to establish a user session and transmit status data via a temporary cookie, commonly known as a session cookie |
| PHPSESSID | Societe Generale | Length of session | It is used to establish a user session and transmit status data via a temporary cookie, commonly known as a session cookie |
| Lang | Societe Generale | 1 year | It allows the user to be directed to the language selected during the last visit or the language of the browser |
| Fe_typo_user | Societe Generale | Length of session | Authentication mechanism |
| didomi_token, euconsent-v2 | Societe Generale | 6 months | Cookie for consent management |
| Audience measurement cookies | |||
| AT Internet (XITI) | Societe Generale | Establish statistics and volumes of visits and use of the various elements that make up our site. | |
GENERAL NOTES ON DATA PROTECTION
The following is intended to provide you with information about the processing of your personal data and your rights under applicable data protection law, particularly having regard to the transparency requirements under Articles 12 to 14 GDPR and the information required to be communicated under Articles 15 to 22 and Article 34 GDPR about the rights of data subjects under the GDPR.
Entity responsible for data processing
Societe Generale S.A. Zweigniederlassung Frankfurt
Neue Mainzer Straße 46-50
60311 Frankfurt am Main
Tel.: 0 69 / 71 74- 0
Fax: 0 69 / 71 74- 1 96
Email: datenschutz@sgcib.com
Contact details of our Data Protection Officer:
Societe Generale S.A. Zweigniederlassung Frankfurt
Datenschutzbeauftragter Neue Mainzer Straße 46-50
60311 Frankfurt am Main
Tel: 0049 69 7174-484
Email: datenschutzbeauftragter@sgcib.com
A. Sources and data
We primarily process personal data received from legal representatives and employees of companies with whom we have or are initiating contact for business purposes (business contacts). To the extent necessary for the performance of our service, we also process personal data that we have lawfully received from our clients (e.g. in order to execute transactions, to perform contracts, to send fund reports), or based on your consent.
In addition, we process personal data that we receive in the course of our business relationship with our service providers. We also process personal data that we have lawfully obtained from publicly available sources (e.g. the commercial register) and which we are permitted to process.
The following may be relevant personal data in connection with our business relationship with you personally or in your capacity as a representative, employee, counterparty or shareholder of our clients:
Name, office address or other business contact details (telephone number, fax number, email address), residential address or other private contact details (telephone number, fax number, email address).
In addition to the data referred to above, other personal data from the following categories may be processed.
Business contact details
Other personal data arises in the course of initiating or negotiating business and during the business relationship, particularly as a result of face-to-face meetings, telephone calls or written correspondence, whether initiated by you or us. This data includes in particular information about the channel of communication, the date, the reason and outcome, (electronic) copies of correspondence and information about participation in direct marketing campaigns.
Account transactions and payments
Transaction data is recorded from payment orders as well as data from the performance of our contractual obligations (payment data).
General due diligence requirements
We collect details such as your name, place of birth, data of birth, nationality and residential address prior to establishing a business relationship in order to comply with anti-money laundering laws.
Institutional funds (Spezialfonds)
Details of your name and residential address as a partner in partnerships that invest directly or indirectly in funds limited exclusively to institutional investors; these details are sent to us by these partnerships.
Information from devices
In addition, we collect data that we received from the devices that you used (computers, tablets, mobile phones etc.), like IP addresses, for example.
B. Purpose of data processing and the legal basis for such processing
We process the above personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) as well as the Germany Telecommunications-Telemedia-Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz (TTDSG)):
The corporate purpose of Société Générale Frankfurt/Main comprises the following:
Banking business of any kind as defined in section 1 of the German Banking Act (Kreditwesengesetz – KWG), with the exception of investment transactions as defined in section 1 (1) no. 6 KWG.
Storing and processing personal data for own purposes and at the instruction and on behalf of group companies pursuant to the Group's service agreements.
Uncovering, preventing or prosecuting money laundering, fraud and other crimes in accordance with our statutory obligations.
Personal data is used solely for the following specific purposes:
a) in order to perform contractual obligations (point (b) of Article 6 (1) GDPR)
Data is collected and processed within the scope of the aforementioned corporate purpose for the purposes of providing and broking banking and financial services in the course of performing our contracts with our clients, or in order to take steps at the data subject's request prior to entering into a contract.
b) in order to balance interests (points (f) and (d) of Article 6 (1) GDPR)
Where necessary, we also process data to protect our legitimate interests or those of third parties. Our legitimate interests are as follows:
Performing contracts with our clients or taking steps prior to entering into a contract (if the data subject is not the client)
Establishing legal claims and defending legal actions
Ensuring the security and operation of the Bank's IT systems
Signature verification (through documents for checking authentication or through extracts from the commercial register)
Preventing and investigating criminal offences (prevention of money laundering)
Taking steps to ensure the security of buildings and equipment (e.g. access controls)
Taking steps to ensure compliance with building rules (e.g. video surveillance)
Storing email addresses (first name and surname are optional) for the organisation, management and distribution of our newsletter to keep our clients up to date or similar advertising measures.
c) based on your consent (point (a) of Article 6 (1) GDPR) or where applicable according to Point 1 of § 25 TTDSG
Where you have given us your consent to the processing of your personal data for specific purposes, we will process your data on the basis of and in accordance with that consent. You will be informed about the details of the data processing separately in advance. You may withdraw your consent at any time with prospective effect; any such withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
d) based on legal requirements (point (c) of Article 6 (1) GDPR) or in the public interest (point (e) of Article 6 (1) GDPR)
As a bank, we are subject to various legal obligations, in other words statutory requirements under German legislation such as the Banking Act, the Investment Code (Kapitalanlagegesetzbuch), the Money Laundering Act (Geldwäschegesetz), the Securities Trading Act (Wertpapierhandelsgesetz), tax legislation, criminal procedure law, the Investment Tax Act (Investmentsteuergesetz) and prudential requirements (e.g. imposed by the European Central Bank, the Committee of European Banking Supervisors, the German Bundesbank, the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) or the Autorité des marchés financiers (French financial markets regulator) and other European supervisory authorities). The purposes of processing include checking identity and good repute, preventing fraud and money laundering, combating terrorist financing, complying with verification and notification requirements under tax law and checking investment rules, assessing and managing company risks, ensuring the security and operation of IT systems and taking steps to ensure the security of buildings and equipment (e.g. access controls).
C. Recipients of the personal data
Within our bank, access to personal data is only given to functions and departments that need it in order to fulfil our contractual and statutory obligations. For this purpose we also avail ourselves of appointed internal and external service providers who process data on our behalf, and they may also receive the data.
With regard to the disclosure of data to recipients outside our company, we would firstly like to point out that we are bound by a duty to keep all personal details and ratings/assessments of which we become aware strictly confidential. We are only permitted to disclose information about you if required to do so by law, if you have given your consent, if we are authorised to provide information and/or service providers commissioned to process data on our behalf similarly guarantee to comply with the duty to ensure banking secrecy and the requirements of the GDPR/the BDSG.
Subject to these requirements, the following categories of recipient may receive personal data:
Where a statutory or regulatory requirement exists, public sector agencies and institutions (e.g. BaFin, the European Securities and Markets Authority (ESMA), tax authorities, the Federal Central Tax Office (Bundeszentralamt für Steuern), the Autorité des marchés financiers (AMF), European supervisory authorities or investigating authorities).
Other member entities of our Group, advisers, institutional investors, depositories, similar institutions and group companies and service providers processing data on our behalf to which we send personal data for the purpose of carrying on our business relationship with you or with our clients. This may specifically involve: archiving, debt collection, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data destruction, support/maintenance of IT applications, funds management, purchasing/procurement, space management, client management, group services, marketing, reporting, risk control, expense accounting, securities services, auditing services, payments.
Other data recipients may include functions or departments for which you have given your consent to the transfer of data.
D. Data transfer to third countries or an international organisation
Data is transferred to agencies in countries outside the European Union (EU) or the European Economic Area (EEA) ("third countries") where required by law, where you have given us your consent, or where it is authorised under data protection law based on the existence of legitimate interests and does not conflict with any compelling legitimate interests on the part of the data subject.
Where the recipients of your data, particularly our service providers or their subcontractors, have their registered office outside the EU/EEA, it may be that the applicable laws ensure a different level of data protection in that country compared to the level prescribed under European data protection law. Where this is the case, we ensure (e.g. by entering into appropriate contracts (Article 46 (2) GDPR)) that the service provider concerned guarantees an appropriate level of data protection comparable to the level of protection in Germany.
If the services of group companies in third countries are used in order to fulfil our contractual or legal obligations, these companies are also bound to comply with an appropriate level of data protection by agreeing to "corporate binding rules" (Article 45 GDPR).
Additional written agreements are not required in the case of third countries which the European Commission has decided ensure an appropriate level of protection for personal data in Europe (Article 45 GDPR). A copy of the relevant suitable and adequate safeguards is available from our Data Protection Officer. Beyond this, we do not transfer any personal data to international organisations.
E. Duration of data storage
We process and store your personal data for as long as is necessary for the purpose for which it is processed and necessary in order to fulfil our contractual and statutory obligations.
Where the data is no longer necessary for the purpose for which it was processed or to fulfil contractual or statutory obligations, it is erased or rendered anonymous, unless it is necessary to store (for a fixed term) or continue to process the data for the following purposes:
To comply with commercial or tax law retention periods: Relevant legislation here includes the German Commercial Code (Handelsgesetzbuch), the German Fiscal Code (Abgabenordnung), the Money Laundering Act and the Securities Trading Act, as well as other regulatory provisions. The retention or record keeping periods prescribed in those statutes are between two and ten years.
To preserve evidence in accordance with provisions relating to the limitation of actions. Pursuant to sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), limitations periods can be up to 30 years, although the usual limitations period is three years.
F. Obligation to provide data
As a governing body or employee of our clients, in the course of the business relationship you are required to provide the personal data necessary for commencing and carrying on the business relationship and for fulfilling the associated contractual obligations to our clients, or the personal data we have a legal obligation to collect. Without this data, we will usually have to decline entering into a contract or executing a transaction, or will no longer be able to perform an existing contract and may have to terminate it.
In particular, we are required under anti-money laundering laws to verify your identify before a business relationship is established with our clients, for example by checking your personal identification card, and in so doing we are required to record your name, place of birth, date of birth, nationality and your residential address. In order for us to be able to comply with this statutory obligation, you are required under the Money Laundering Act to provide the necessary information and documents and to notify us without undue delay of any changes arising in the course of the business relationship. If you fail to provide us with the necessary information and documents, we may decline to enter into or continue the desired business relationship with clients.
G. Your data protection rights
Each data subject generally has the following rights:
Right of access (Article 15 GDPR). You have the right to obtain confirmation from us as to whether or not your personal data is being processed. Where that is the case, you have the right to certain information and the personal data. The right of access particularly includes access to information regarding the purposes of processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data has been or will be disclosed. Please note that this right of access is not an absolute right and may be restricted by the legitimate interests of others. The right of access may be limited by section 34 of the Federal Data Protection Act.
Right to rectification (Article 16 GDPR). You have the right to have inaccurate personal data concerning you rectified. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure ("right to be forgotten") (Article 17 GDPR). Where the relevant prerequisites are met, you have the right to have your personal data erased without undue delay. The right to erasure may be limited by section 35 of the Federal Data Protection Act.
Right to restriction of processing (Article 18 GDPR). Where the relevant prerequisites are met, you have the right to have the processing of your personal data restricted. Where this is the case, the personal data will be identified accordingly and, if applicable, only processed for certain purposes.
Right to data portability (Article 20 GDPR). Where the relevant prerequisites are met, you have the right to the data portability of the personal data you provided to us, in other words you have the right to receive that data in a structured, commonly used and machine-readable format and, if applicable, the right to transmit that data to another controller without hindrance from the controller to which the personal data was provided.
You also have the right to lodge a complaint with a competent supervisory authority (Article 77 GDPR in conjunction with section 19 BDSG).
You have the right to inform us at any time that you withdraw your consent to the processing of your personal data. The withdrawal of consent shall not affect the lawfulness of processing up until such withdrawal. This also applies to the withdrawal of consent you granted to us prior to the application of the GDPR, in other words prior to 25 May 2018. The withdrawal of consent has prospective effect only. The processing of data prior to the withdrawal is not affected.
H. Automated decision-making
We basically do not make use of any fully automated decision-making as referred to in Article 22 GDPR to establish and carry on business relationships. Should we implement automated decision-making in individual cases, we will notify you separately where required by law.
I. Profiling
Your data will be processed automatically in part with the objective of evaluating certain personal aspects (profiling):
In order to inform you selectively about our products and to provide advice to you, we use analysis tools. These permit communication according to your needs and advertising including market and opinion research. You can find more detailed information on this topic in the legal notice regarding data protection for the use of the website and the data protection information on cookies
Otherwise, we do not use automated decision-making to process your data with the aim of evaluating specific personal aspects (profiling).
Right to object under Article 21 GDPRYou have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interests (point (f) of Article 6 (1) GDPR). This also applies to any profiling within the meaning of Article 4 (4) GDPR based on this provision. We will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or the processing is in the interests of the establishment, exercise or defence of legal claims. You also have the right to object to the processing of your personal data for direct marketing purposes without charge and without giving reasons. The same applies with respect to the processing of your personal data, including profiling to the extent it is related to such direct marketing. We will thereafter no longer use your data for these purposes (Article 21 (2) GDPR). Addressee for objectionsThere is no prescribed form for objections. Please include "objection" in the reference/subject line, provide your name and address, and send to: Societe Generale S.A. Zweigniederlassung Frankfurt or send by email to: datenschutz@sgcib.com |
Legal notice regarding data protection for the use of the website
Thank you for visiting our website http://www.societegenerale.de/en/ (hereinafter "website"). We take the protection of your personal data and its confidential treatment very seriously.
With this data protection information (hereinafter "data protection declaration") we would like to inform you which parts of your personal data we will process when you visit our website and how this is done. This legal notice regarding data protection is complemented by the general notes on data protection as well as the data protection information on cookies. Your personal data will of course be processed in compliance with the applicable data protection regulations.
Entity responsible for data processing
Societe Generale S.A. Zweigniederlassung Frankfurt
Neue Mainzer Straße 46-50
60311 Frankfurt am Main
Tel.: 0 69 / 71 74- 0
Fax: 0 69 / 71 74- 1 96
Email: datenschutz@sgcib.com
Contact details of our Data Protection Officer:
Societe Generale S.A. Zweigniederlassung Frankfurt
Datenschutzbeauftragter Neue Mainzer Straße 46-50
60311 Frankfurt am Main
Tel: 0049 69 7174-484
Email: datenschutzbeauftragter@sgcib.com
A. Processing of Personal Data when Visiting our website
During a purely informational visit to our website, certain personal data are automatically collected, processed and stored. This means the following information: IP address, server logs, some of the information usually transmitted by the internet browser, insofar as your browser provides that information, the type of web browser, the operating system you use, screen resolution, device type, language settings, domain name of the internet service provider you use, the website you visit us from, the websites you visit on our page, as well as the date and length of your visit. The processing takes place exclusively in pseudonymised form and does not allow to draw any direct conclusions about your person. There is no integration of this data with other data sources. There is no person-related evaluation of this information.
The data mentioned will be processed by us for the following purposes:
- Ensuring comfortable use of our website,
- Evaluation of system safety and stability,
- as well as the optimization and further development of our website
The legal basis for this processing are our legitimate interests (Art. 6 para. 1 lit. f GDPR), which lie in the monitoring and maintaining of the performance of the website. Further information on the weighing of interests is available on request (contact: see above).
Additionally, we process the above listed data for certain purposes based on your consent according to point (a) of Article 6 (1) GDPR or, where applicable, according to point 1 of § 25 TTDSG, especially for:
- personalised website use,
- Evaluation purposes, trend analysis, use and activities in the context of the use of our website.
B. Recipients of the Personal Data
When administering the website, Societe Generale employees from various departments may have access to and/or process your personal data. Access is restricted to those employees who need the knowledge thereof for the fulfillment of work-related tasks.
In addition, we will only pass on data if:
- the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. f DSGVO in the enforcement of rights). Further information on the weighing of interests is available on request (contact: see above),
- there is a legal obligation to which Societe Generale is subject. The legal basis for this processing is a legal obligation (Art. 6 para. 1 sentence 1 lit. c DSGVO).
C. Cookies/Analysis Tools
You can find our cookie policy and an overview of the cookies we use under the following link: Cookies policy and data policy (societegenerale.de)
D. Your Data Protection Rights
We process all personal data in accordance with the GDPR. As the person concerned, you have the following rights:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure ("right to be forgotten") (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object under Article 21 GDPR
- Please note that the rights to information and deletion are restricted in accordance with the national regulations of §§ 34, 35 Bundesdatenschutzgesetz (BDSG), which supplement the GDPR. In addition, there is a right to lodge a complaint with a competent supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
Further information on your rights as a data subject can be found in our general data protection information, which can be accessed at Cookies policy and data policy (societegenerale.de)
The data protection measures set out in this data protection declaration apply only to our website. This website may contain links to other websites. Societe Generale is not responsible for the privacy practices or the content of such other websites. If you visit another website via such a link or otherwise, please read the data protection information published there by the respective responsible person.