Attijariwafa bank Europe limits the collection of data to that which is strictly necessary
Attijariwafa bank Europe, 6-8, rue Chauchat F-75009 Paris, is the Data Controller with regards to the personal data processed by the company.
As such, it ensures that only those data strictly necessary for the performance of the services rendered are collected from prospects, partners and customers when they subscribe to offers for goods and services, throughout the duration of the commercial relationship, and also regarding management operations and marketing campaigns that we may conduct.
All paper and digital forms and files have been designed in such a way as to collect only that information which is relevant and necessary. They are reviewed regularly to ensure that they comply with the latest regulatory requirements in this area and that they meet your requirements.
When collection of certain data is optional, this will be specifically indicated, together with the consequences of failing to provide it.
Attijariwafa bank Europe processes your data in accordance with the law.
The personal data processing operations used by Attijariwafa bank Europe strictly comply with all legal obligations in force at the time.
Data is collected for specific purposes which are clearly indicated to data subjects on all forms, paper and digital files. The corresponding legal or contractual framework is also noted, if applicable.
You may therefore be required to provide us with personal data. Data are collected and processed by Attijariwafa bank Europe to deal with requests made using the forms, tools and services provided, and also to execute contractual and pre-contractual obligations and to comply with our legal obligations.
The data collected are mainly intended to be used for the management of banking relationships and the accounts, products and services subscribed to, as well as risk management, the prevention of money laundering and the financing of terrorism, determining tax status, prevention of fraud, identification of dormant accounts, banking compliance, control and monitoring, collection and allocation of receivables, commercial prospecting, sales activities and advertising campaigns.
Attijariwafa bank Europe only keeps your data for the time required to process it for the purpose for which it was collected.
When personal data is no longer needed for the specified purposes and the required services, it is only kept when it is subject to legal archiving obligations or when you have given your consent for this. All other information is deleted.
When Attijariwafa bank Europe collects information from persons who are not customers, it may be kept for a maximum period of three (3) years from the last contact with Attijariwafa bank Europe, unless a shorter period is indicated at the time of collection.
When the person whose data has been collected has a contract with Attijariwafa bank Europe, their personal data will be kept for the period required to provide the service, to comply with regulatory obligations and to conserve proof in contractual matters, until the rights of the parties or third parties in question expire. Accordingly, in the absence of special time limits, data may be retained for the maximum period allowed.
Main retention periods:
At the end of the business relationship, data relating to contracts may be kept for a period of up to 10 years (excluding escheat within the meaning of Eckert Law 2014-617 of 13 June 2014 and excluding litigation); the personal data of proxies of one or more customer accounts will be kept for a period of 10 years.
In the event of inheritance, the data will be kept for 10 years after closure of the case; in the event of amicable recovery or over-indebtedness, the data will be kept for 5 years after closure of the case.
Data required for the management of legal claims are kept until the end of the proceedings. They are then archived according to the legal period of limitation.
In the event of escheat within the meaning of Eckert Law 2014-617 of 13 June 2014, the data will be kept in accordance with the procedures provided for by the aforementioned law. Information of an accounting nature will be kept for a period of 10 years.
Recordings of video surveillance images are kept for 30 days.
Recordings of telephone conversations are kept for 5 years (this period may be extended to a maximum of 7 years for certain calls, depending on the requirements set by the regulator).
Attijariwafa bank Europe keeps your data securely
The personal data that we collect may be entered and processed in computer systems under the responsibility of Attijariwafa bank Europe.
We aim to preserve the confidentiality, quality and integrity of your data. The technical methods we use comply with the strictest security practices available. The security technologies and the policies we apply enable us to fully protect your personal data against unauthorised access and improper use.
Only authorised personnel have access to your data and they are subject to the confidentiality obligations imposed by our internal confidentiality policy.
Attijariwafa bank Europe only transmits your data to authorised recipients
By express agreement and by waiving professional secrecy, Attijariwafa bank Europe is authorised by the client to provide his/her personal data:
- to the internal departments of Attijariwafa bank Europe, within the limits of the authorisation,
- to any entity of the Attijariwafa bank Group for the purposes of commercial prospecting and concluding other contracts and in the event of resource pooling and grouping of companies,
- to its service providers, subcontractors and partners, intermediaries, brokers and insurance companies, to the extent necessary for the purposes of this agreement and the services entrusted to them,
- to authorised third parties and various administrative bodies, according to the regulations in force,
- to mediators, court officials and ministerial officers, beneficiaries and assignees, as well as subrogees of the bank’s debt obligation rights in the context of debt securitization and transfer operations,
- to recipients of money transfers and payment service providers, for the purposes of preventing money laundering and financing of terrorism.
Given the international size of the Attijariwafa bank Group, as is known to its clients, communication of the information referred to above may involve transfers of personal data to countries that are not members of the European Economic Area and whose Personal data protection laws may differ from those of the European Union.
In particular, Attijariwafa bank Europe entrusts Attijariwafa bank, the Bank’s parent company in Morocco, with the performance of targeted services required for the execution of this contract (customer relations centre, processing of certain international transactions).
All transfers of data outside the European Union are governed by contractual, physical, organisational, procedural and technical measures, which are effective and appropriate for ensuring the security and confidentiality of personal data. To obtain details regarding the conditions of transfers and the guarantees covering them, please send a written request as per the paragraph on “Rights”.
Attijariwafa bank Europe respects your rights
You have rights of access, rectification or deletion, as well as rights to the portability of your data and to limit its processing. You may also, for reasons relating to your particular situation, cancel processing of your data, unless said data are being processed within the framework of a contractual relationship or for compliance with legal obligations.
For certain processing operations (in particular for commercial prospecting), your explicit consent is required. Information to this effect will be included on the collection form. You can withdraw your consent at any time without affecting your relationship with Attijariwafa bank Europe.
You can exercise these rights by sending a letter to Attijariwafa bank Europe at the following address: 6-8 rue Chauchat F-75009 Paris, or by sending an email to the following address firstname.lastname@example.org.
Attijariwafa bank Europe undertakes to respond to requests to exercise your rights within the applicable legal deadlines, i.e. 1 month.
You also have the right to lodge a complaint with the National Commission for Computing and Liberties (www.cnil.fr).
Attijariwafa bank Europe has initiated a governance process concerning data protection
All Attijariwafa bank Europe staff have been made aware of the best practices applicable to the handling of personal data. All data are processed with the greatest respect for your privacy.
Attijariwafa bank Europe has appointed a Data Protection Officer (the bank’s main compliance officer), who took up the position on 25 May 2018, and who can be reached at the following address: email@example.com.
Legal framework applying to the protection of personal data
- Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms.
- European Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016.