1. SCOPE
While using the API STORE by BNP Paribas Site, BNP Paribas SA, whose contact information is given in Article 3 below, may process personal data on its Users (“Personal Data”).
This Personal Data Protection Policy (the “Policy”) aims to inform Users who visit the Site of how Personal Data is used by API STORE by BNP Paribas, in accordance with Act no. 78-17 of 6 January 1978 on Information Technology, Data Files, and Civil Liberties (the “Information Technology and Liberties” Act), of the (EU) Regulation 2016/679 made by the European Parliament and Council of the European Union adopted on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the Data Protection Directive 95/46/EC (the “GDPR”) (together the “Applicable Regulations”).
The Policy is an integral part of the API STORE by BNP Paribas’ Terms of Service (the “Terms of Service” or “TOS”) and must be read along with the TOS.
API STORE by BNP Paribas may modify the Policy at any time, to reflect all legislative, regulatory, judicial, editorial, and technical changes. Users must refer to the latest version of the Policy before browsing or using the Site.
2. DEFINITIONS
“ Site “ refers to the software interface, Internet site, mobile application or any other electronic communication service used to access the Service.
“ Services “ refers to all or part of the features that are usable and offered by API STORE by BNP Paribas on the Site, such as those described in Article 2 (article on the service features) of the TOS.
“ User “ refers to all persons visiting the Site and using its features.
“ Member “ refers to all Users who have created an account.
“ Profile “ refers to the profile of a User, which is automatically compiled by algorithms created and operated by API STORE by BNP Paribas, and which result from the use of the Service by the User. The Profile is based on an analysis of User Data by API Store by BNP Paribas and may be given to BNP Paribas SA to offer Users services that are adapted to their profiles.
“ Third parties “ refers to all natural or legal persons who are a third party to API STORE by BNP Paribas, a User, or to BNP Paribas.
“ User Data “ refers to all user data and information that has been sent to and analysed by API STORE by BNP while the User uses the Service, including all Personal Data in the scope of Article 8 (article on personal data) of the TOS.
3. IDENTITY OF ENTITY RESPONSIBLE FOR PERSONAL DATA PROCESSING AND PROCESSING PURPOSES
Personal Data is collected and processed by BNP Paribas for the purposes of Site registration, the provision of services offered by the Site, the management of API STORE by BNP Paribas customer service, as well as for informing Users of future changes, news, and offers from API STORE by BNP Paribas. For these purposes only, the entity responsible for processing Personal Data is the company BNP Paribas SA, a public limited company registered with the Paris Trade and Companies Register under number 662 042 449, with a capital of €2,496,865,996, located at 16 Boulevard des Italiens - 75009 Paris, telephone number 01 73 06 25 91 (“API STORE by BNP Paribas”). API STORE by BNP uses sub-contractors for the provision of services.
4. WHAT PERSONAL DATA DOES BNP Paribas COLLECT?
In the context of the use of the Site, BNP Paribas may collect, process, and store Personal Data for the purposes described in article 3. In particular, the following Personal Data may be collected:
- The identifying data that is collected during the creation of a Profile, including the User’s surname, first name, and e-mail address.
5. THE RECIPIENTS OF PERSONAL DATA
The Personal Data is sent to:
(i) BNP Paribas
(ii) Authorized employees of API STORE by BNP Paribas who, due to their functions, require access to the data for processing purposes,
(iii) Service providers hired by API STORE by BNP Paribas to provide Site content,
(iv) and, if required, the public authorities to fulfil legal obligations or to comply with a court injunction.
Measures have been put in place with these recipients to protect the Personal Data, including contractual provisions. Furthermore, the Personal Data will never be sent outside of the European Union.
6. USER RIGHTS
On the condition of an express request and proof of identity to BNP Paribas, Users have the right to access, rectify, or object to their Personal Data, as well as the right to erase the data, in accordance with the Applicable Regulations, by contacting BNP Paribas at the mailing or email address cited in Article 9 of the Policy. Users also have the right to Personal Data portability, as well as the ability to give BNP Paribas direct instructions regarding the use of Personal Data after their death.
In the event that the right to object is exercised, BNP Paribas will stop processing Personal Data, with the exception of processing done for legitimate or overriding reasons, or to ensure the observance, exercise or defence of its legal rights, in accordance with the Applicable Regulations. Where necessary, BNP Paribas will inform Users of the reasons for which their rights cannot be wholly or partially fulfilled.
7. PERSONAL DATA RETENTION PERIOD
User Personal Data will not be stored for any longer than the strictly required period for its intended use, as stated in Article 3 of the Policy, in accordance with the Applicable Regulations.
Including:
- Personal Data collected to manage data processing objection requests are stored for a maximum of 3 (three) years starting from the date of acknowledgement of the right of objection;
- The Personal Data processed to manage Personal Data access and rectification requests are stored for a maximum of 1 (one) year starting from the receipt of the request;
- User Personal Data is stored for the entire length of the commercial relationship with API STORE by BNP Paribas and for a maximum of 90 (ninety) days following the closure of the User’s account;
- User Personal Data is stored for a maximum of 1 (one) year following the suspension of a User account;
- Personal Data on payment may be stored for the period provided for by article L. 133-24 of the Monetary and Financial Code, and in any event, for a maximum of fifteen (15) months. API by BNP Paribas undertakes to archive or delete Personal Data when the processing purposes have been fulfilled and the retention period has expired.
8. SECURITY
In accordance with the Applicable Regulations, API STORE by BNP Paribas processes Personal Data with total security and confidentiality.
In particular, API STORE by Paribas uses all the required technical and organizational measures to guarantee the security and confidentiality of the Personal Data collected and processed. These measures are used to prevent data from being altered, damaged, or shared with a non-authorized Third party. This ensures an appropriate level of security for the risks involved with processing and the nature of the Personal Data to be protected, with respect to technology and the cost of implementation.
Users recognize that the Policy only applies to the Service and use of the Site, and does not, in any case, cover the information collected and/or processed by external sites or sources, whose links appear on the Site. Consequently, API STORE by BNP Paribas cannot be held responsible for external sites or sources’ practices concerning the collection and processing of personal data, which are determined by the personal data policies of these external sites or sources.
Please note that Users help protect their own Personal Data by observing the rules outlined in the TOS, in particular those regarding login details.
9. CONTACT AND CLAIMS
For all questions or in the event of a dispute between API STORE by BNP Paribas and Users regarding the processing of their Personal Data, please contact API Store by BNP Paribas at the following email address: apistore@bnpparibas.com
API STORE by BNP Paribas will do their best to find a satisfactory solution to ensure the observance of the Applicable Regulations.
In the event that API STORE by BNP Paribas does not respond, if the issue persists despite the solution proposed by API STORE by BNP Paribas, or at any moment, Users may lodge a complaint with CNIL or the supervisory authority of the European Union Member State in which the User resides.