POLICY ON THE PROCESSING OF PERSONAL DATA COLLECTED IN THE CONTEXT OF CONTACT REQUESTS FROM FUTURE PARTNERS
Scope of application
Oney Bank (hereinafter “Oney”) attaches the greatest importance to the protection of your personal data.
All operations carried out on your personal data are carried out in compliance with the regulations in force, in particular European Regulation 2016/679 on the protection of personal data and Act 78-17 of 06/01/1978, as amended, relating to information technology, files and freedoms.
As Oney acts in full transparency, the purpose of this personal data processing policy is to inform you
how Oney collects, uses, shares, protects and processes your personal data during the pre-commercial and commercial relationship process;
about your rights in relation to your personal data and how you can exercise them.
1. Collection of your personal data
Oney collects information that is relevant, adequate and limited to what is necessary for the purposes for which it is processed.
Oney acts as a personal data controller and as such is responsible for the personal data it processes.
Personal data is any information that makes it possible to identify a natural person.
Oney may collect your personal data through the contact form and any associated additional documents or correspondence that you provide to Oney or through other sources, such as interviews.
2. Purposes of the processing for which your personal data is intended
Personal data will only be processed or used insofar as this is necessary for the management of the relationship with the partner and the management of the accesses of the employees of the application partner of Oney.
3. Recipients of your personal data
The information collected is intended for the International Business Development Department. Oney communicates your personal data to subcontractors and agents to whom it entrusts the performance of services in the context of achieving the purposes defined above. The latter are contractually bound to respect the confidentiality and security of the data to which they have access and to use it exclusively for the purposes of the services entrusted to them.
Oney’s employees, who are authorised to access personal data in accordance with their job and mission, are bound by confidentiality obligations.
Lastly, information concerning you may be communicated to any person or any public or private entity, in particular administrations, when this request is provided for by law.
4. Transfer of your personal data outside the European Union
Oney may, for the purposes specified above, communicate information about you to other entities of the Group. Some of these entities may be located outside the European Union and outside countries recognised by the European Union as having laws that guarantee adequate protection of personal data (in particular Oney Russia and Oney Ukraine). In accordance with the regulations in force, Oney has taken the necessary measures to ensure that personal information transferred in this way is protected in terms of its security, integrity and confidentiality. Any data transfers are carried out in accordance with the regulations and are governed by the standard contractual clauses established by the European Commission, as these clauses are available on the CNIL website: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commision-europeenne. If necessary, Oney will provide you with the appropriate specific information, in accordance with the regulations in force.
5. Retention of your personal data
Oney will keep your data for a period of one year.
6. Your rights
In accordance with the applicable regulations, you may exercise the rights defined below, free of charge and at any time, by contacting Oney electronically at the following address: partenariat@oney.fr
the right of access: you may obtain a copy of all your data processed by Oney, as well as information on the characteristics of the processing carried out on your data;
the right of rectification: you may obtain the rectification and/or completion of your inaccurate and/or incomplete data;
the right to erasure: you may obtain the erasure of your data when (i) these data are no longer necessary for the purposes for which they were collected, (ii) you exercise your right to object to the processing concerned, or (iii) the processing concerned is unlawful. However, this right does not apply when the retention of your data is necessary for Oney to comply with a legal obligation or to exercise legal rights;
the right to restrict processing: you may obtain a restriction of the processing of your data when you dispute the accuracy of the data, for the period of time necessary for Oney to carry out the appropriate checks. The same applies when Oney no longer needs the data but it is still necessary for the defence of a legal claim, or when you exercise your right to object, while Oney examines your request. When such a limitation is put in place, the data may only be processed with your consent or for the defence of a legal claim;
the right to portability: you have the right to data portability in certain specified circumstances, where (i) you have provided Oney with your personal data, (ii) the processing is based on your consent or is necessary to perform a contract with you and (iii) the process is automated;
the right to object: you may ask Oney, on grounds relating to your particular situation, to cease processing your data for the purpose of pursuing its legitimate interests. Oney will then cease such processing unless it can justify that its legitimate and compelling interests override your rights and freedoms.
the right to withdraw your consent: where we have relied on your consent as the lawful basis for processing, you may withdraw your consent at any time. Withdrawal does not invalidate the processing on the basis of the consent that occurred before the withdrawal
the right to define general and specific directives defining how you intend the above rights to be exercised after your death.
You also have the right to lodge a complaint with the French supervisory authority or with the authority of the country in which you are habitually resident if you consider that a processing operation carried out by Oney infringes the provisions of the European Regulation on the protection of personal data. In France, the supervisory authority in charge of compliance with personal data obligations is the Commission Nationale de l’Informatique et des Libertés (CNIL).
7. Data Protection Officer
For any additional information, you may contact the Oney Data Protection Officer at the following postal address ONEY – DELEGUE A LA PROTECTION DES DONNEES – CS 60006 – 59895 LILLE CEDEX 9 or at the following e-mail address: dpd@oney.fr
