Your personal data

Policy for protecting your personal data

This policy is aimed at describing the conditions under which CFM Indosuez Conseil en Investissement, a simplified joint-stock company with share capital of €150,000, whose registered office is located in France, at 1 Place de la Liberté – Bâtiment C La Lombarde, 06320 Cap d’Ail, registered with the Nice Trade and Companies Register under No. 513 672 790 (hereafter known as the "Company") may collect and process, in the course of its activities, the personal data of any data subject, particularly its clients and users of this Site.

In light of the entry into force on 23 May 2018 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, we would like to inform you of the methods used by our Company to process your personal data.


Learn more about important personal data protection concepts: click here




In the course of its activities, the Company may process, whether automatically or not, personal data of natural persons: existing and potential clients, users of this Site (when they fill out online forms provided to them on this Site) and any other natural person (such as an agent or executive), these people all being individually known below as the "Data Subject".

Personal data regarding Data Subjects which the Company collects or processes, acting as processing manager, is necessary for it to meet its professional, legal or regulatory obligations, to enable the execution of pre-contractual measures or contracts to which the Data Subject is a party and/or to pursue the Company's legitimate interests, while respecting the rights of the Data Subject. When such data is collected for other purposes, the Company must first obtain the consent of the Data Subject.

With regard to Data Subjects who are clients, the Company uses their personal data to offer them personalised offers and advice, higher-quality service, and everything they need to help make the best decisions.

In the absence of certain information regarding a client that is needed to perform a service, the Company will not be able to provide him or her the benefit of the service or carry out the operation for which that data had been required.


Purposes of personal data processing

The personal data of Data Subjects may be processed, primarily for the purposes mentioned above.

The Data Subject can, by clicking on the link below, access detailed information on how his or her personal data is used, both with respect to the purposes of the processing and the legal bases that enable the Company to process his or her data, and how that data may be transferred to non-member states of the European Union.

1. Onboarding and managing the relationship

2. Managing services

3. Logistics management (Safety and Security of people and property, mail and archive management)

4. Adherence to other legal and regulatory obligations


Purposes of personal data processing


Storing personal data

This personal data is processed and stored for as long as needed for the intended purpose, and no longer than for a period corresponding to the duration of the contractual or business relationship, plus whatever time is needed for the liquidation and consolidation of rights and for the statutes of limitations and avenues of appeal to lapse.

To meet its legal obligations or respond to requests from regulators and administrative authorities, as well as for the purposes of historical, statistical, or scientific research, the Company may archive the data under the conditions set out by applicable regulations.


Rights of the Data Subject

The Data Subject, at all times, has the following rights, under the conditions set out by applicable regulations:

  • the right to access his or her personal data;
  • the right to have his or her data rectified if inaccurate or incomplete;
  • the right to object, on legitimate grounds, to the processing of his or her data;
  • the right to request the erasure of his or her data when it is no longer needed for the purposes for which it was collected or processed, or when the Data Subject withdraws consent (when the processing of the data in question requires such consent);
  • the right to request restrictions on the processing of his or her data; and
  • the right to request the portability of the data entrusted to our Company on the basis of the consent of the Data Subject or for the purposes of performing a contract: for the Data Subject, this right consists of receiving his or her data in digital format.

The Data Subject may also, at any time and without justification, oppose the use of his or her data for the purposes of commercial prospecting, including profiling when it is linked to that purpose, by the Bank or by third parties, or when the processing is legally based on consent, withdraw his or her consent, by writing a letter to CFM Indosuez Conseils en Investissement Data Protection Officer, 1 Place de la Liberté – Bâtiment C La Lombarde, 06320 Cap d’Ail. Postage fees shall be reimbursed upon request by the Data Subject.

The Data Subject may exercise his or her rights by contacting [the Data Protection Officer], whose contact information appears below in the section entitled "Data Protection Officers".

In support of his or her request, the Data Subject may use the rights exercise form by clicking on the link below:
click here

The Data Subject is informed that exercising some of the aforementioned rights may prevent the Company from providing him or her with certain products or services in some cases.  


Data Protection Officer (DPO)

The Company has designated a Data Protection Officer, whom the Data Subject may contact at the following address: CFM Indosuez Conseils en Investissement Data Protection Officer, 1 Place de la Liberté – Bâtiment C La Lombarde, 06320 Cap d’Ail and/or at the following email address:


Complaints to Authorities

The data Subject may, in the event of a dispute, file a complaint with the CNIL, whose contact information appears on the website accessible from the following link:


Transferring personal data

Personal data collected by the Company in accordance with the agreed purposes may, during various operations, be transferred to a country that is or is not a member state of the European Union.Whenever it is transferred to a country that is not a member state of the European Union that has not received an adequacy decision from the European Commission, guarantees are put in place to ensure the protection and security of that data.

The Data Subject is hereby informed that his or her personal data is being processed by in Switzerland, a country that provides adequate protection per European Commission decision no. 2000/518/EC of 26 July 2000, at AZQORE SA, a subsidiary of CA Indosuez Wealth (Group) in Switzerland.

The Client is also informed that his or her personal data is being processed in Monaco, a country that has not received an adequation decision, at CFM INDOSUEZ WEALTH MANAGEMENT, a Crédit Agricole Group company. In this regard, the Client is informed that CFM INDOSUEZ WEALTH MANAGEMENT has extended the protection standard from the GDPR to the processing of this data and implemented appropriate guarantees to ensure their protection and their security.

It is specified for whatever purpose it may serve that the transfer of that data has no effect on the performance of services concerning them, which are carried out in France by the Company's own teams.

Furthermore, the Data Subject is hereby informed that his or her personal data may be sent to the recipients mentioned below in the section entitled "Professional Secrecy".


Professional Secrecy

The services provided and the personal data of Data Subjects are covered by professional secrecy, to which the Company is bound in accordance with its legal and regulatory obligations.

However, in order to meet those obligations, the Company may be required to disclose information regarding those Data Subjects who are clients to legally authorised judicial or administrative authorities, as well as any service provider or duly authorised person, provided that this is justified by the mission entrusted to the Company or by the provision of services delivered.

Consequently, each Data Subject who is a client expressly authorises the Company to share data about him or her and to update that data with the following third parties:

  • the central body of the Crédit Agricole Group, as defined by the French Monetary and Financial Code, so that said body can meet its legal and regulatory obligations for the benefit of the entire Group;
  • any mediators, officers of the court, or ministerial officials in the course of their duties, as well as people involved in the transfer or reassignment of debts or contracts;
  • the recipients of funds transfers and their payment service providers, for the purposes of fighting money laundering and terrorism financing, and in accordance with international sanctions and embargo regulations;
  • companies of the Crédit Agricole Group responsible for the management and prevention of operational risk (risk assessment, security and prevention of delinquencies and fraud, combating money laundering and the financing of terrorism, etc.) on behalf of all entities of the Group;
  • any entity of the Crédit Agricole Group in the event of pooled resources or business consortiums in order to enable such entities to carry out the purpose of their joining together;
  • subcontractors of the Company, and in particular those which participate in relationship management and in providing services, and solely for the purpose of the subcontracting work;

Finally, the Data Subject expressly authorises the Company to send him or her, by e-mail, any information about him or her, which may be covered by professional secrecy.

The list of personal data recipients may be sent to the Data Subject upon simple request by him or her to the Company, via the Data Protection Officer.