Data protection

Our Commitments

Societe Generale Luxembourg's data protection commitments apply to all personal data processed by Societe Generale Luxembourg within the conditions defined by the personal data protection policy. The people concerned are:

• Clients and other Individuals, representatives of legal persons, contact persons, prospects;
• Employees of the company (staff), external service providers, apprentices, trainees or candidates.

Our responsibilities

Societe Generale Luxembourg, as a legal person, it assumes the responsibility of controller for the processing of the personal data entrusted to it, within the meaning of the Regulation (GDPR). The controller is responsible for ensuring that the necessary steps are taken to comply with the legal requirements for the protection of personal data.

In some cases, Societe Generale Luxembourg itself is processor, processing personal data on behalf of a client (controller in the meaning of GDPR). In this context, Societe Generale Luxembourg also commits to comply with all the requirements of Article 28.

Contact information :

Societe Generale Luxembourg, a public limited company under Luxembourg law
M. Frédéric Surdon, Chief Executive Officer
Societe Generale Luxembourg
11 avenue Emile Reuter
L-2420 Luxembourg

Welcome Adress : 11 avenue Emile Reuter, L-2420 Luxembourg

Mailing adress :
B.P. 1271 - L-1012 Luxembourg

Tel. : +352 47 93 11 1
Fax : +352 22 88 59

RCS Luxembourg B 6061

www.societegenerale.lu 

Our Data Protection Officer

At Societe Generale Luxembourg, Jean-Denis BRANGIER is data protection officer pursuant to Article 37 of GDPR.

Contact information :

Jean-Denis BRANGIER, Data Protection Officer
Societe Generale Luxembourg
DPO, B.P. 1271, L-1012 Luxembourg

Mail: lux.dpooffice@socgen.com 

Employees and external contractors, subcontractors

Specific training regarding data protection is provided to all Societe Generale Luxembourg's staff.

Any person working for Societe Generale Luxembourg, as an employee or as an external service provider, must respect the personal data protection measures, as well as the obligations related to the Luxembourg and European banking and financial legal framework.

Subcontractors who deal with data processings on behalf of Societe Generale Luxembourg (within the meaning of Articles 4.8 and 28 of the GDPR), are also subject to compliance with the data protection measures. In particular, they must respect the obligations of the Regulation, article 28, which are notified to them by Societe Generale Luxembourg. In particular, they must respect a confidentiality clause as well as contractual obligations of security.

The processings of your Personal Data conducted by Societe Generale Luxembourg

Clients, Employees or Third Parties, you entrust information to the Bank. These Personal Data (ie any information relating to an identified or identifiable natural person) that you transmit to us, are necessary for the execution of the operations and services prided to you by the  Bank .

These processings correspond to any transaction or set of transactions carried out with or without using automated processes and applied to data or set of personal data such as collection, registration, structuring, preservation, processing adaptation, or modification ... (within the meaning of GDPR article 4-2) ...

Processings performed by the Bank are for the particular purposes of:

• managing the banking relationship with the Client, the account(s) and/or products or services purchased, including through marketing and statistical analyses for overseeing the Bank's relationship with the Client,
• managing human resources
• carrying out opinion, statistical, satisfaction, and wealth-related surveys,
• managing, analysing, and granting loans, selecting risks,
• combating fraud,
• adhering to legal and regulatory obligations, particularly for managing operational risk (including the security of computer networks and transactions, as well as the use of international payment networks,

or the custody or sub-custody of financial instruments), anti-money laundering and terrorist financing, obligations related to financial markets, and determining tax status,

• identifying the accounts and safe deposit boxes of deceased persons,
• the Processing of disputes, recovery, or transfers of debt, and more generally managing payment incidents,
• the Processing of Personal Data generated by behaviours or actions that are extremely reprehensible,
• business prospecting, carrying out business meetings and advertising campaigns,
• recording conversations and communications with the Client, regardless of their medium (e-mails, faxes, phone interviews, etc.), for the purposes of improving call handling, adhering to legal and regulatory obligations related to financial markets, and ensuring the security of the transactions.

Societe Generale Luxembourg, in compliance with the requirements of the GDPR (Article 30-1), keeps a record of the processings of personal data.

For all processings of personal data, Societe Generale Luxembourg implements retention rules (retention duration and disposition) so that the processed data are not kept in the production systems longer than necessary.

Your rights

Societe Generale Luxembourg guarantees the exercise of the rights of data subjects in accordance with the GDPR. Any client, any employee any third party, and more generally any natural person concerned has in accordance with articles 13 to 22 of the GDPR a right of information, access and rectification, erasure, restriction of processing, as well as the right to data portability.

Any data subject may object at any time, for reasons relating to his particular situation, that its personal data are subject to processing.

It is specified that exercising of certain rights may entail Societe Generale Luxembourg being unable, on a case-by-case basis, to provide the product or service. In addition, some of these rights may not be exercised if this should imply the destruction or alteration of information for which there is otherwise a legal or contractual obligation to declare or retain.

No payment is required to provide information to data subjects and to carry out any communication and take any action in the exercise of the rights of individuals.

Nevertheless, in accordance with Article 12.5 of the GDPR, in the case of manifestly unfounded or excessive requests, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
The data subjects are informed in particular by this page of our WEB site and by the General Conditions (if applicable) of the processings of their personal data and the rights that they can assert.

The Client or the persons concerned may, at any time and at no cost, without needing to justify their request, object to their Personal Data being used for business prospecting purposes.

The Client may exercise these rights by contacting the Bank's personal data protection officer by:

• contacting his normal advisor,
• sending a letter or e-mail under the same terms as those which exist for complaints as set out in Article 19 of General Terms and Conditions (if applicable),
• logging in to his e-banking system.

The Client or any person concerned also has the ability to file a complaint with the Commission Nationale pour la Protection des Données (CNPD), the controlling authority in charge of adherence to personal data obligations, at the mailing address: 1, avenue du Rock’n Roll, L-4361 Esch-sur-Alzette or via their website www.cnpd.lu 

Your personal data protection and security

Risk analyzes are carried out and the necessary measures are taken to eliminate or limit the identified risks. A procedure for the management of personal data breaches is implemented and allows the notification, within the legal deadlines, to the supervisory authority of a possible violation, as well as to the data subjects if this is required under GDPR.

Societe Generale Luxembourg also uses technical and organizational systems for the processing of personal data which, by design and by default, guarantee the protection of these data.

Communication

Societe Generale Luxembourg communicates information relating to the protection of personal data to the persons concerned:

• To its Customers and third parties: in particular via its external website: https://www.societegenerale.lu/fr/rgpd-charte-donnees/,  its General Terms and Conditions (if applicable)
• To his employees: in particular via its intranet site

Contact for further information on data protection

Jean-Denis BRANGIER
Data Protection Officer
Lux.dpooffice@socgen.com