Your Data may be transmitted to or accessible by

• Subsidiaries and branches of the BPCE Group in France and abroad
  • In relation to the sharing of resources, particularly financial and IT resources
  • In the event of restructuring involving a merger or similar transaction
  • In relation to operational risk management
  • In relation to the management of customer relations, investments and transactions (customers of our investment bank) or in connection with the prevention of money laundering and the financing of terrorism
• IT and financial service providers (IT hosting, technical maintenance and support) in France and abroad
• Intermediaries, brokers and banking partners in France and abroad
• Beneficiaries of funds transfers and their banks in France and abroad
• Competent tax, financial, administrative or judicial authorities in France and abroad
  • French and foreign tax authorities in relation to the prevention of tax evasion
  • An authorised financial information unit (such as Tracfin in France)
  • French and foreign authorities in accordance with international law and treaties
  • Competent public authorities in charge of data on persons subject to asset freezing orders (in France, the Direction Générale du Trésor)
• Certain regulated professions (lawyers, notaries, auditors) in France and abroad
• The General Inspection departments of BPCE and Natixis

Transfers of Data outside the European Union

Your data may be transferred from an EEA country to a non-EEA country provided that the European Commission has recognised that country as providing an adequate legal level of Data protection with respect to European legislation (e.g. Switzerland, Canada).

Where Data is transferred to countries outside the EEA in which the legal level of Data protection has not been recognised as adequate (e.g. India, China, United States), Natixis will base its transfer:

• on one of the binding legal assurances provided for by the regulations :
  • The signing of contractual clauses of a type approved by the European Commission whereby the recipient of your Data guarantees the protection of your Data,
  • Binding corporate rules applicable by our recipient service providers that guarantee the protection of your data,
• or on one of the exemptions for specific transfer situations
  • The transfer of Data to the recipient bank is necessary in order to carry out an international payment (transfer necessary for the performance of a contract)
  • The transfer of Data to the authorities in accordance with our legal and regulatory obligations (transfer necessary to safeguard the public interest).

To obtain a copy of these assurances or the location at which they can be obtained, you may contact our Data Protection Officer in the manner described under “How do you exercise your rights?”