Personal data privacy

Introduction

According to the general data protection regulation - GDPR since 25 May 2018, "SOCIETE GENERALE | SG OPEN API" was designed to protect your personal data as default ("privacy by design" and "privacy by default").

This document is intended for users and describes how we collect, process and protect your personal data collected from our platform (through forms and cookies), in order to allow you to clearly and voluntarily decide on their treatments.

Your personal data will be processed when you use services with our "SOCIETE GENERALE | SG OPEN API" platform, in accordance with policies which are described below.In this document, we inform you about how Societe Generale processes information collected through our "SOCIETE GENERALE | SG OPEN API" platform.These policies do not apply to information that can be obtained by third parties on other websites, even linked by our platform.

We remind you the need to read these policies every time you use our "SOCIETE GENERALE | SG OPEN API" platform.

Account creation request

Processing target

Societe Generale collects your data to create your user account which makes it possible to use our APIs.
It allows subscription management and statistics development related to our services.

Data categories

Data we process are: your firstname and lastname, email address, company name, password and PIN number (for multi-factor authentication).
And two security questions to choose from the followings (for your password renewal requests):
- What is the name of your primary school?
- In which city were you born?
- What is your first pet's name?
- Where does your nearest sibling live?
- What is the name of your childhood best friend?

These data come from registration, by people wishing to create an account through the associated form.

Your firstname, lastname, email address, password and security questions are mandatory for your account creation. A PIN number will also be required in case for multi-factor authentication. Your company name is optional.

Data processing does not allow automated decision making.

Related persons and addressees

Data processing only concerns people who want to create an account on the "SOCIETE GENERALE | SG OPEN API" portal to use our APIs.

Recipient of the data is: Societe Generale IT department.

No data transfer is carried outside the European Union.

Data retention period

Societe Generale keeps your personal data (firstname, lastname, email address, company name) as long as you do not unsubscribe. In the case of unsubscription Societe Generale keeps your personal data for a one (1) year period for security reasons related to its information system.

Contact request

Processing target

Societe Generale collects your data to manage your request.
It allows request management and statistics development related to our services

Data categories

Data we process are: your name, email address and the subject of your request.

These data come from registration, by people wishing to contact us through the associated form.

Your name and email address are mandatory to process your request and coming back to you.

Data processing does not allow automated decision making.

Related persons and addressees

Data processing only concerns people who want to contact us from the "SOCIETE GENERALE | SG OPEN API" portal.

Recipient of the data is: Societe Generale IT department.

No data transfer is carried outside the European Union.

Data retention period

Societe Generale keeps your personal data (name and email address) for a one (1) year period.

APIs usage

Processing target

Societe Generale collects your data to protect your banking information, services offered and to cover laws around fraud prevention.
It allows API requests monitoring and statistics development related to our services.

Data categories

Data we process are: your terminal IP address, the country code and name, the region name, the city postal code and name, timestamp, GPS location and user agent which is applied by your terminal.

These data come from technical requests, sent by people using available APIs.

These data are mandatory to ensure the security of your information and the offered services.

Data processing does not allow automated decision making.

Related persons and addressees

Data processing only concerns subscribed people who want to call APIs or use an already registered application or a service.

Recipient of the data is: Societe Generale IT department.

No data transfer is carried outside the European Union.

Data retention period

Societe Generale keeps personal data which come from API requests for a one (1) year period.

Security on collected data

All your personal data (firstname, lastname, email address) are encrypted before recording in our systems.

Your rights

You can access and obtain copies of your personal data, oppose or limit processing of these data, have them rectified or erased.

You can contact the Data Protection Officer (DPO) from Societe Generale by email at protectiondesdonnees@societegenerale.fr or using the following address:

SOCIÉTÉ GÉNÉRALE
Service Protection des données personnelles
CPLE/BDF/DPO
75886 Paris Cedex 18

> Read Understand your rights, from the CNIL (French national commission).

Laws

Article 6.1 of the general data protection regulation - GDPR