BPIFRANCE REGIONS

Privacy Policy

Last Updated: March 2026

1. Introduction

At BPIFRANCE REGIONS, we are committed to protecting your privacy and ensuring the security of your personal data. This comprehensive privacy policy explains how we collect, use, store, and protect your personal information when you use our financial services, visit our website, or interact with us in any way.

This policy covers all aspects of our data processing practices, including financial data protection, compliance with German and European data protection laws (GDPR), and adherence to international financial standards. By using our services or providing us with your personal data, you agree to the terms outlined in this privacy policy.

Important note: We never sell your personal data to third parties. Your financial privacy is of utmost importance to our business relationship.

2. Information we collect

2.1 Information you provide

  • Personal identification information: Full name, date of birth, identification numbers, nationality
  • Contact information: Email address, +33 (0)1 45 18 85 03s, home and business addresses
  • Financial information: Bank account details, income verification, tax information, employment data
  • Account credentials: Usernames, encrypted passwords, security settings
  • Transaction history: Service applications, payment records, agreements, portfolios
  • Communication records: Customer service interactions, feedback, survey responses
  • Marketing preferences: Communication preferences, newsletter subscriptions

2.2 Automatically collected information

  • Device information: IP address, browser type, operating system, device IDs
  • Usage data: Pages visited, time spent, click patterns, search queries
  • Location data: Approximate geographic location based on IP address
  • Cookie data: Session IDs, user preferences, analytics data
  • Transaction metadata: Timestamps, transaction amounts, payment methods

2.3 Information from third parties

  • Credit reference agencies: Credit scores, credit reports, payment history
  • Financial institutions: Account statements, account verification
  • Payment processors: Payment confirmation, fraud alerts
  • Government authorities: Tax information, reporting obligations
  • Business partners: Referral information, joint account details

3. How we use your data

3.1 Financial services

  • Account management: Opening, maintaining, and closing customer accounts
  • Service delivery: Assessing applications, determining eligibility
  • Risk assessment: Analyzing financial stability, fraud prevention
  • Payment processing: Executing transactions, maintaining records
  • Customer service: Providing support, resolving disputes

3.2 Legal and regulatory compliance

  • KYC compliance: Verifying customer identity according to legal requirements
  • AML monitoring: Screening for suspicious activity
  • Tax reporting: Fulfilling tax obligations
  • Regulatory reporting: Submitting required reports to authorities
  • Legal requests: Responding to court orders and lawful government requests

3.3 Communication and customer service

  • Transaction notifications: Sending account alerts and payment confirmations
  • Policy updates: Informing you about changes to terms and policies
  • Security alerts: Notifying you about suspicious activity
  • Customer surveys: Gathering feedback to improve service quality

3.4 Marketing and business development (with consent)

  • Product recommendations: Suggestions for relevant financial products
  • Promotional communications: Sending newsletters, market insights
  • Market research: Analyzing trends to develop new services
  • Performance analysis: Measuring campaign effectiveness

4. Information sharing and disclosure

4.1 Financial service providers

  • Banking partners: Secure transmission of account and transaction data
  • Credit reference agencies: Exchanging credit-related information
  • Payment processors: Encrypted payment information
  • Insurance providers: Relevant data for insurance products
  • Asset managers: Portfolio data for advisory services

4.2 Legal and regulatory requirements

  • Court orders: Complying with judicial instructions
  • Regulatory authorities: Reporting obligations to BaFin, ECB, and other supervisory bodies
  • Tax authorities: Providing information required for tax compliance
  • Law enforcement: Cooperating with legitimate investigations
  • Anti-money laundering: Reporting suspicious transactions

4.3 Corporate transactions and mergers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will notify you before your personal data becomes subject to a different privacy policy, and you will have the option to object to the transfer or request deletion of your data, where legally permissible.

4.4 With your explicit consent

We will share your data with third parties when you have given us your explicit consent to do so, for example, when you request specific services that require data sharing with our partners.

5. Data security and protection measures

5.1 Technical security measures

  • Advanced encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Multi-factor authentication: Required for administrative access and customer accounts
  • Network security: Enterprise-grade firewalls, intrusion detection systems
  • Access controls: Role-based permissions, regular access reviews
  • Data backup: Encrypted, geographically distributed backups
  • Security monitoring: 24/7 monitoring, automated threat detection

5.2 Organizational security measures

  • Employee training: Mandatory security awareness training
  • Background checks: Comprehensive employee screening
  • Confidentiality agreements: Legal obligations for all employees
  • Security policies: Comprehensive information security management system
  • Regular audits: Internal and external security assessments
  • Incident response: Detailed procedures for security breach response

5.3 Your security responsibility

  • Secure passwords: Use unique, complex passwords
  • Device security: Keep your devices updated and use security software
  • Secure connections: Only access your account from trusted networks
  • Logout practices: Always fully log out on shared devices
  • Phishing awareness: Be cautious of suspicious communications
  • Immediate reporting: Contact us if you suspect unauthorized access

5.4 Data breach notification

In the unlikely event of a data breach that could affect your personal data, we will notify you and the relevant supervisory authorities in accordance with the GDPR within 72 hours of becoming aware of the breach. We will provide you with comprehensive information about what happened and the steps we are taking.

6. Cookies and tracking technologies

Additional tracking technologies:

  • Google Analytics: Traffic analysis, user behavior insights
  • Web beacons: Measuring email interaction
  • Local storage: Browser-based data storage
  • Session replay tools: Understanding user interactions

Cookie management: You can manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific websites. Please note that disabling certain cookies may affect website functionality.

7. Your rights (GDPR/CCPA compliance)

7.1 Right of access

You have the right to request a copy of all personal data we hold about you.

7.2 Right to rectification

If you believe your personal data is inaccurate or incomplete, you have the right to request correction.

7.3 Right to erasure (right to be forgotten)

You can request the deletion of your personal data, subject to legal and regulatory restrictions.

7.4 Right to restriction of processing

You can request that we restrict the use of your personal data while we investigate a complaint.

7.5 Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to object

You can object to the processing of your personal data for marketing purposes at any time.

7.7 Right regarding automated decision-making

You have the right not to be subject to a decision based solely on automated processing.

How to exercise your rights: To exercise any of these rights, please contact us using the information provided in the "Contact" section. We will respond within 30 days and may request proof of identity.

8. Children's privacy

Our financial services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we discover that we have collected personal data from a child under 18 without parental consent, we will delete that data as soon as possible.

9. International data transfers

9.1 Safeguards

  • Adequacy decisions: Transfer to countries with adequate protection levels
  • Standard Contractual Clauses (SCCs): Binding agreements to ensure protection standards
  • Data processing agreements: Contractual obligations for third-party data processors
  • Regular compliance audits: Monitoring of international partners

9.2 Transfer destinations

  • European Union: Primary data storage and processing within the EU/EEA
  • United States: Cloud storage services with adequate safeguards
  • Other jurisdictions: Only when necessary and with appropriate safeguards in place

10. Data retention periods

Secure data disposal:

  • Electronic deletion: Secure overwriting, making data irrecoverable
  • Physical destruction: Industrial shredding
  • Backup purging: Systematic removal from backup systems
  • Disposal documentation: Records of data destruction

11. Third-party links and services

Our website and services may contain links to external websites or services operated by third parties. We are not responsible for the privacy practices or content of these external websites. We encourage you to read the privacy policies of third-party websites before providing them with your personal data.

When you click on third-party links or use integrated services, you leave our platform and are subject to the terms and conditions and privacy policies of those third parties.

12. Policy changes and updates

12.1 Amendment notification process

  • Website notice: Prominent notice on our homepage
  • Email notification: Direct communication with registered users
  • Account dashboard notification: In-app alert upon login
  • Explicit consent: Required for material changes affecting data processing

12.2 Staying informed

The most current version of this privacy policy will always be available on our website. We encourage you to periodically review the last updated date. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Contact information

Get in touch If you have any questions, concerns, or requests regarding privacy, please contact us at any time. We will handle your concerns promptly and transparently.

BPIFRANCE REGIONS 27/31 avenue du général Leclerc, 94700 MAISONS ALFORT Phone: +33 (0)1 45 18 85 03 Email: info@bpifrance-regions.eu Business hours: Monday – Friday: 9:00 AM – 6:00 PM Saturday – Sunday: Closed

Response commitment: We will respond to all privacy inquiries within 3 business days.

13.1 Submitting complaints

If you are not satisfied with our handling of your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority:

  • Germany: Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Address: Graurheindorfer Str. 153, 53117 Bonn
  • Phone: +49 (0)228 997799-0
  • Email: poststelle@bfdi.bund.de

14. Withdrawal of consent

14.1 Withdrawing marketing consent

  • Unsubscribe link: Click the unsubscribe link in any marketing email
  • Account settings: Manage your preferences through your online account
  • Customer service: Contact us to opt out of marketing communications
  • Written request: Send a signed letter to our business address

14.2 Account deletion process

  • Submit deletion request through customer service
  • Identity verification to ensure account security
  • Settlement of outstanding obligations
  • Notification of data retention for legal reasons
  • Confirmation of account closure and cessation of data processing

15. Conclusion

At BPIFRANCE REGIONS, protecting your data is not only a legal obligation but a core part of our commitment to providing trustworthy financial services. We understand that your financial data is among your most sensitive personal information, and we treat it with the utmost care and security.

This privacy policy reflects our dedication to transparency, compliance with German and European data protection laws, and respect for your rights as a valued customer. We continually review and update our privacy practices to ensure they meet evolving regulatory requirements and industry best practices.

If you have any questions about this privacy policy or our data handling practices, please do not hesitate to contact us. Building and maintaining your trust through responsible data management is our highest priority.

Thank you for choosing BPIFRANCE REGIONS as your financial partner. Your trust matters to us.