METROPOLE Gestion SA
All personal information processed by METROPOLE Gestion is governed, in particular, by the provisions of French Data Protection Law No. 78-17 of 6 January 1978 as amended by the French Law of 6 August 2004 and by the General Data Protection Regulation (GDPR) of 27 April 2016 and all national laws implementing the GDPR.
This Privacy Policy sets out the measures and steps taken by METROPOLE Gestion, in its capacity as data controller, and explains the procedures that you need to follow to exercise your data subject rights.
METROPOLE Gestion is committed to the principles of data minimisation, data protection by design and data protection by default.
It therefore collects information that is relevant, adequate and limited to what is necessary in relation to the purposes for which it is processed.
Collection and use of personal data on its website
In order to improve your browsing experience on its website, METROPOLE Gestion collects personal data that can be used to identify you, directly or indirectly (your server’s IP address, pages viewed, documents downloaded), often through forms.
You may only access, view and/or download some documents if you satisfy certain conditions that will be notified to you by METROPOLE Gestion, where applicable.
The information you provide will be recorded by METROPOLE Gestion, as data controller. It will be analysed and forwarded to the various departments and teams that require that information for in-house management purposes.
Pages containing personal data fields may state whether fields are mandatory or optional and may specify the consequences of leaving those fields blank or providing incorrect information.
That data may be used to send you information on events, initiatives and publications that could be of interest to you.
Data that allows you to be identified indirectly, used for statistical purposes, may also be collected to manage your login and browsing activity.
Collection and use of personal data to manage business relationships
METROPOLE Gestion collects personal data (identity and other civil status information, identity documents, contact details) about its clients, their legal representatives, executives and other corporate officers to manage its business relationships, in strict compliance with applicable laws.
In order to ensure that it complies with its legal anti-money laundering and terrorist financing obligations, METROPOLE Gestion collects additional data relating to its clients, their connected persons, the beneficiaries and intermediaries of their transactions and associated operations.
This information is provided directly by the client at the beginning of the business relationship, when the client requests and uses products or services and when the client signs management mandates, or by third parties authorised to provide that information (business information databases, other public sources available to banks and financial institutions).
The personal data collected can only be processed for clearly defined purposes, namely:
- to manage the accounts, products and services requested by the client in accordance with the provisions of the corresponding contractual documentation,
- to manage the business relationship and promotional and business development initiatives, to offer new services and features and to conduct market research and statistical analyses (including user behaviour),
- to ensure compliance with regulatory obligations, including controls, to undertake identity controls and checks, to verify the lawfulness of operations and monitor risks, to prevent conflicts of interest, fraud and other damaging conduct and to prevent money laundering and terrorist financing.
As part of the provision of its financial services and in compliance with applicable legal provisions, METROPOLE Gestion also records electronic communications (telephone calls, instant messages, emails and all other methods of electronic communication) with its business contacts in order to check compliance with its rules of conduct, monitor and ensure the security of transactions and provide a high-quality service.
Data recipients
The personal data collected is transferred to the appropriate departments and teams at METROPOLE Gestion. All persons with access to your personal data are bound by a duty of confidentiality.
Communication to third parties
The data we collect may be transferred to third-party subcontractors, data processors or partners located in France, in EU countries or in Switzerland (it being noted that the European Commission has confirmed, in its decision no. 2000/518/EC of 26 July 2000, that Switzerland provides an adequate level of protection) for the purposes of processing, the provision of our services, the implementation of our policy on the prevention and management of conflicts of interest or the fulfilment of our statutory and regulatory obligations, provided that the data is communicated on a need-to-know basis only.
Security of processing
METROPOLE Gestion has endeavoured to take all appropriate steps to protect the confidentiality and security of the personal data that is processed and to prevent any alteration, deletion or unauthorised access. Technical and organisational security measures have been implemented in line with the current standard practice in this field, in particular in relation to our information systems.
Despite the fact that reasonable measures are taken to protect any personal data that may be transferred, no data transfer or storage technology is perfect and some risks remain.
Pursuant to applicable EU regulations, METROPOLE Gestion undertakes to notify any confirmed personal data breach posing a high risk to the rights and freedoms of data subjects to the relevant supervisory authority and also, to the extent required under those regulations, to the data subjects affected by the breach (individually or as a general notification, as appropriate).
Storage periods
The data will not be stored for any longer than is necessary for the purposes for which it was collected and in compliance with the laws in force, taking into account, in particular, the mandatory retention periods associated with statutory limitation periods.
Right of access, right to rectification and right to object
Data subjects have the right to request access to the personal data they have provided and to specific information on the processing of their data. METROPOLE Gestion will provide an electronic copy of the data it holds to any data subject submitting a request.
If the personal data held by METROPOLE Gestion is incorrect, outdated or incomplete, the data subject has the right to have that data rectified, completed or updated. METROPOLE Gestion agrees to make those changes without undue delay and at the latest within 30 days of receiving the request. METROPOLE Gestion may ask data subjects to provide supporting documents to establish the validity of their request for changes.
Data subjects may object to the processing of their personal data (unless METROPOLE Gestion is required to process it under one of our statutory or regulatory obligations).
Right to be forgotten/right to have data erased
Subject to the exceptions set out in applicable laws (for example, where data is required to be stored to fulfil a legal obligation), data subjects have the right to ask METROPOLE Gestion to delete and erase their personal data without undue delay on one of the following grounds:
- Their personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
- Their personal data has been unlawfully processed, as demonstrated by the data subject,
- The erasure of their personal data is mandatory under a legal obligation.
Pursuant to applicable laws, METROPOLE Gestion agrees to erase personal data without undue delay to the extent that the data subject’s request is valid.
Right to restrict the processing of personal data
Under applicable regulations, this right may be exercised in certain circumstances only, including:
- Where data subjects contest the accuracy of their personal data,
- Where data subjects can demonstrate that the processing of personal data is unlawful but they oppose the erasure of their personal data and request that processing be restricted instead,
- Where METROPOLE Gestion no longer needs the data subject’s personal data but it is still required by METROPOLE Gestion for the establishment, exercise or defence of legal claims.
Right to data portability for some types of data provided to METROPOLE Gestion
Data subjects have the right to receive the personal data they have provided to METROPOLE Gestion in a structured, commonly used format and to ask METROPOLE Gestion to transmit that personal data to another data controller.
Right to withdraw consent to the processing of personal data
Whenever METROPOLE Gestion processes personal data based on the data subject’s consent, that consent may be withdrawn.
Pursuant to applicable laws, any withdrawal of consent will only be valid in respect of future processing and cannot therefore affect the lawfulness of any processing performed prior to consent being withdrawn.
Right to decide what will happen to personal data on death
Data subjects have the right to give general or specific instructions on what is to happen to their personal data on their death. METROPOLE Gestion undertakes to follow those instructions. If no instructions have been given, METROPOLE Gestion will allow their heirs to exercise certain rights, including the right of access, where required for the administration of the deceased’s estate, and the right to object in order to close the deceased’s user accounts and object to the processing of their data.
Any questions on the information set out above and/or any requests from data subjects to exercise the above rights should be sent to METROPOLE Gestion:
- by email, [email protected] or
- by post, to
12 Boulevard de la Madeleine,75440 Paris Cedex 09
Please note that the supervisory authority for data processing issues in France is the Commission Nationale de l’Informatique et des Libertés (www.cnil.fr). Data subjects may lodge any complaints they may have on the processing of their personal data with that authority.