Your personal data

Policy for protecting your personal data or information

This policy is aimed at describing the conditions under which CFM Indosuez Wealth Management, a Monegasque public limited company with share capital of €34,953,000, registered with the R.C.I under number 56 S 00341, authorized by Sovereign Order of 13 July 1922 and approved by the Financial Activities Supervisory Commission EC/2012-08, whose registered office is located in Monaco at 11 bd Albert 1er, (hereafter known as the "Bank") may collect and process, in the course of its activities, the personal data or information of any data subject, particularly its clients and the users of this Website (the ‘Website’) according to Law 1.565 of 3/12/2024.

Learn more about important personal data protection concepts: click here.

Personal data

In the course of its activities and the Client’s use of its services, including its online banking website and/or mobile apps, the Bank may process, whether automatically or not, personal data of natural persons: existing and potential clients, former clients, users of this Site (when they fill out online forms provided to them on this Site : “ User ”) and any other natural person (such as an agent or executive), these people all being individually known below as the "Data Subject".

Personal data regarding Data Subjects which the Bank collects or processes, acting as processing manager, is necessary for it to meet its professional, legal or regulatory obligations, to enable the execution of pre-contractual measures or contracts to which the Data Subject is a party and/or to pursue the Bank's legitimate interests, while respecting the rights of the Data Subject. When such data is collected for other purposes, the Bank must first obtain the consent of the Data Subject.

With regard to Data Subjects who are clients, the Bank uses their personal data to offer them personalized offers and advice, higher-quality service, and everything they need to help make the best decisions.

In the absence of certain information regarding a client that is needed to perform a service or an operation, the Bank will not be able to provide him or her the benefit of the service or carry out the operation for which that data had been required.

Purposes of personal data processing

The personal data of Data Subjects may be processed, primarily for the purposes mentioned above.

The Data Subject can, by clicking on the link below, access detailed information on how his or her personal data is used, both with respect to the purposes of the processing and the legal bases that enable the Bank to process his or her data, and how that data may be transferred to non-member states of the European Union and/or states not ensuring an adequate level of protection.

  1. Onboarding and managing the relationship and account   
    1. Prospecting and overseeing the relationship   
    2. Onboarding and managing the banking relationship and accounts
  2. Offering and managing products and services   
    1. Advisory and wealth engineering activities
    2. Securities transactions, investment, and life insurance activities
    3. Credit activities   
    4. Cash transaction, payment and payment method activities   
    5. Online banking activities
    6. Safe deposit box management
    7. Activities relating to philanthropy, social and environmental responsibility and green finance
  3. Logistics management (Safety and Security of people and property, archive management)
    1. Safety and security of people, property and information
    2. Storage and archiving
  4. Adherence to other legal and regulatory obligations   
    1. Adherence to legal and regulatory obligations with respect to outside authorities   
    2. Adherence to legal and regulatory obligations in response to internal auditing obligations
    3. "CFM Indosuez Wealth" Security Holders

Purposes of personal data processing

Recording of telephone conversations

Telephone conversations between the Data Subject and CA Indosuez may be recorded. The recordings are made in order to comply with legal and regulatory obligations relating to financial markets.

Only authorized persons within CA Indosuez may carry out the tapping. Recorded telephone conversations will be kept for the duration of legal retention. The Data Subject may request the exercise of his/her rights at any time (article "Rights of the data subject")

Cookies

The User is informed that, when visiting the Website, information may temporarily be stored in the memory or on the hard drive of their computer in order to facilitate website navigation. The User acknowledges that they have been informed of this practice and authorizes CA Indosuez to do so. For further information on the use of cookies by CA Indosuez, the User is advised to visit the Website page devoted to cookies.

Storing personal data

This personal data is processed and stored for as long as needed for the intended purpose, and no longer than for a period corresponding to the duration of the contractual or business relationship, plus whatever time is needed for the liquidation and the consolidation of rights and for the statutes of limitations and avenues of appeal to lapse.

To meet its legal obligations or respond to requests from regulators and administrative authorities, as well as for the purposes of historical, statistical, or scientific research, the Bank may archive the data under the conditions set out by applicable regulations.

Rights of the Data Subject

The Data Subject, at all times, has the following rights, under the conditions set out by applicable regulations:

  • the right to access his or her personal data;
  • the right to have his or her data rectified if inaccurate or incomplete;
  • the right to object, on legitimate grounds, to the processing of his or her data;
  • the right to request the erasure of his or her data when it is no longer needed for the purposes for which it was collected or processed, or when the Data Subject withdraws consent (when the processing of the data in question requires such consent);
  • the right to request restrictions on the processing of his or her data; and
  • the right to request the portability of the data entrusted to our Bank on the basis of the consent of the Data Subject or for the purposes of performing a contract: for the Data Subject, this right consists of receiving his or her data in digital format.

The Data Subject may also, at any time and without justification, oppose the use of his or her data for the purposes of commercial prospecting, including profiling[1] when it is linked to that purpose, by the Bank or by third parties, or when the processing is legally based on consent, withdraw his or her consent, by writing a letter to CFM Indosuez Wealth Management, Data Protection Officer, 11 avenue Albert 1er, 98000 Monaco. Postage fees shall be reimbursed upon request by the Data Subject.

The Data Subject may exercise his or her rights by contacting the Data Protection Officer, whose contact information appears below in the section entitled "Data Protection Officers".

In support of his or her request, the Data Subject may use the rights exercise form by clicking on the link below :

Purposes tables and detailed information

The Data Subject is informed that exercising some of the aforementioned rights may prevent the Bank from providing him or her with certain products or services in some cases. 

[1] "profiling": any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements (art. 2 parag. 15 of Regulation n° 1.565 of 3 decembre 2024). 

Data Protection Officer (DPO)

The Bank has designated a Data Protection Officer, whom the Data Subject may contact at the following address:

Representative of the Indosuez Wealth Management Group within the EU

The Indosuez Wealth Management Group has designated a Representative within the EU, whose address is the following:

Complaints to Authorities

The Data Subject may, in the event of a dispute, file a complaint with the President of the Personal Data Protection Authority (APDP) whose contact information is accessible from the following links : https://apdp.mc/.

Transferring personal data

Personal data collected by the Bank in accordance with the agreed purposes may, during various operations, be transferred to a third-party country. Whenever it is transferred to a third-party country that is not a member state of the European Union and/or has not received adequate protection and is not on the list established by the CCIN, guarantees are put in place to ensure the protection and security of that data.

The Data Subject is informed that his/her personal data are processed by AZQORE SA, a subsidiary of CA Indosuez in Switzerland, country ensuring an adequate level of protection. It is specified for whatever purpose it may serve that the transfer of that data to Switzerland has no effect on the custody of clients' assets or the conducting of transactions concerning them, which are carried out in Monaco by the Bank's own teams.

The countries to which Personal Data may be transmitted by the Bank are listed in Appendix III of this policy: Table of Recipient Countries

Furthermore, the Data Subject is hereby informed that his or her personal data may be sent to the recipients mentioned below in the section entitled "Professional Banking Secrecy".

Information

By contacting the DPO, the Data Subject may access detailed information on his or her rights and how his or her personal data is being used, in particular with respect to the purposes of processing, the legal bases that enable the Bank to process data, its storage periods, its recipients, and, if applicable, its transfer to countries outside the European Union as well as the guarantees implemented.

Professional Banking Secrecy

The transactions and personal data of Data Subjects are covered by professional secrecy, to which the Bank is bound in accordance with its legal and regulatory obligations.

However, in order to meet its legal, regulatory and professional obligations, the Bank may be required to disclose information regarding those Data Subjects who are clients to legally authorized judicial or administrative authorities, as well as to service providers or any duly authorized person, provided that the execution of the operations requested or the provision of services justifies such disclosure.

Consequently, each Data Subject who is a client expressly authorizes the Bank to share data about him or her and update that data with the following third parties:

  • the central body of the Crédit Agricole Group, so that said body can meet its legal and regulatory obligations for the benefit of the entire Group;
  • any officers of the court or ministerial officials in the course of their debt collection duties, as well as people involved in the transfer or reassignment of debts or contracts;
  • the recipients of funds transfers and their payment service providers, for the purposes of fighting money laundering and terrorism financing, and in accordance with international sanctions and embargo regulations;
  • companies of the Crédit Agricole Group responsible for the management and prevention of operational risk (risk assessment, security and prevention of delinquencies and fraud, combating money laundering, etc.) on behalf of all entities of the Group;
  • any entity of the Crédit Agricole Group in the event of pooled resources or business consortium in order to enable such entities to carry out the purpose of their joining together;
  • subcontractors of the Bank, and in particular those which participate in account management and in offering financial, banking, and/or insurance products, and solely for the purpose of the subcontracting work;

Finally, the Data Subject expressly authorizes the Bank to send him or her, by e-mail, any information about him or her, which may be covered by professional secrecy.

The list of personal data recipients may be sent to the Data Subject upon simple request by him or her to the Bank, via the Data Protection Officer.