Societe Generale Global Solution Centre (hereinafter referred to as “SG GSC”), entity member of Societe Generale Group of companie, pays great attention to personal data protection so that your data should be safe and protected according to the legal requirements.
As part of the fundamental obligations related to personal data processing, SG GSC undertakes to appropriately protect and use the personal data information (hereinafter referred to as “personal data”) which has been collected both in electronic and physical format.
We hereby inform you about the total aspects concerning the processing of your personal data and concerning your rights according to the provisions of (EU) Regulation 2016/679 – General Data Protection Regulation (“GDPR”), to the Law for application of GDPR provisions(Law 190/2018), as well as to any other decisions which the National Personal Data Supervisory Authority may issue with regards to personal data protection.
SG GSC will collect only the personal data voluntarily offered by the online visitors of our website, data which are necessary to us in order to be able to provide services, to carry out contractual relations, to promote our services and to provide information about the employment opportunities.
In addition, in order to comply with the different legal obligations, we inform you that certain personal data are absolutely necessary to us.
By this Policy we wish to inform you about the personal data which we process, about the purposes for which we collect and process these data, the categories of recipients, the rights which you enjoy according to the EU Regulation no. 679/2016, the grounds on which this processing is based and so forth.
The legal basis on which the processing of your personal data is based
Generally, SG GSC collects only the personal data necessary for fulfilling your request. In case when optional additional personal data are necessary, you will be notified of this circumstance upon collection.
The law allows us to process personal data as long as we have a legal basis or a legitimate interest to do so. Therefore, when we process your personal data, we will rely on one of the following legal basis related to processing:
- Execution of a contract: when the processing of your personal data is necessary for us in order to take steps, upon your request, for the conclusion of a contract;
- Performance of a contract: when the processing of your personal data is necessary to fulfill our obligations arising out of a contract;
- Legal obligation: when we are obliged to process your personal data to fulfill a legal obligation, as well as to keep the records for tax purposes or to provide information to a public authority or a competent public institution;
- Legitimate interest: we will process personal data about you in case when this processing is carried out for our legitimate interest, during the development of a legal/business relationship, according to the legal provisions, to continue its development, as long as it does not override your interests or
- The consent of the data subject, your consent: in certain cases, we will request your specific permission in order to be able to process some of your personal data and we will process your personal data this way only if you agree. For any processing carried out by SG GSC based on your consent, you may withdraw your consent at any time by contacting SG GSC to the e-mail address firstname.lastname@example.org.
Examples of “legitimate interests” mentioned above are the following:
- Provision of information and/or services to the persons who visit our website or provision of information about the employment opportunities.
- Prevention of fraud or of criminal activity and protection of our IT systems.
- Fulfillment of our corporate and social responsibility obligations (CSR)
- Exercise of our fundamental rights in the EU pursuant to articles 16 and 17 of the Charter of fundamental rights, including our freedom to carry out a business and the ownership right.
- For ensuring the guard and security of SG GSC locations, staff and goods.
- For carrying out the risk management procedures.
Processing of personal data in the context of the provision of services, business activities and working relationships
- Categories of personal data subject to processing
The categories of personal data which may be processed by SG GSC are the following:
- Identification or contact personal data, such as name, date of birth, nationality, series and number of the identity card, personal identification number (PIN or other), place of birth, photo, address of domicile, residence or mailing address, e-mail address, phone number
- Personal data concerning professional training, such as certificates/attestations/diplomas and/or diplomas of graduation of professional training courses;
- Electronic identification data, such as the IP address, cookies, web beacons technologies, such as it is detailed below;
Regarding the special categories of data which we may process, we inform you that the legal basis on which we can rely is (i) your consent, (ii) the legal obligation which is incumbent upon us to process such data or (iii) the processing is necessary for the establishment, exercise or defense of a legal claim.
- Personal data collected by means of SG GSC Careers dedicated website
- Identification data such as: surname, first name, e-mail address and phone number
- Your CV when you decide to apply for one of the vacant positions presented by SG GSC by means of its website
- Categories of data subjects and the purposes of personal data processing
The website visitors – Such as it is detailed below.
- Contact data of business partners/media partners/journalists
SG GSC collects and processes personal data of the potential, current and former business partners/media partners/journalists, as well as contact data directly obtained from such data subjects or from third parties in order to maintain, establish and renew the communication with the business partners/media partners/journalists either based on (i) the consent or on (ii) the legitimate interest.
- Suppliers and subcontractors
SG GSC collects and processes personal data related to its suppliers, including subcontractors and personal data of their representatives, the data of the contact persons strictly for the purpose of carrying out the contractual relationship.
SG GSC collects and processes personal data of suppliers / subcontractors for the following purposes: (i) provision of professional services to customers by means of subcontractors; (ii) performance of the contract concluded by SG GSC with the suppliers; (iii) fulfillment of the mandatory risk management formalities; (iv) for the provision to suppliers / subcontractors of newsletter materials and/or other marketing materials; (v) exercise or defense of our legal rights or compliance with court decisions; (vi) for compliance by SG GSC with the obligations imposed by law and by the competent regulatory institutions.
The processing for these purposes is based, where appropriate, on one or more of the following legal bases: (i) your consent; (ii) the conclusion or performance of a contract; (iii) the legal obligation that is incumbent on us to process such categories of data; (iv) our legitimate interest or (v) the processing is necessary for the establishment, exercise or defense of a legal claim.
- Candidates for employment
SG GSC collects and processes the candidates’ personal data such as they are included in the CV and cover letter or letter of recommendation sent to us, as well as any other possible information transmitted.
In this regard, SG GSC processes such personal data strictly for the purpose of carrying out the selection, recruitment and employment process or for organizing internships, based on your consent.
- The visitors of SG GSC offices
SG GSC has implemented security measures, including the visitors’ registration at reception, access restriction systems, video cameras and, according to the needs, visitors’ identification by the security personnel.
SG EBA collects and processes the visitors’ personal data in order to ensure the security of the SG GSC premises, goods and personnel. The processing for these purposes is based, where appropriate, one or more of the following legal bases: (i) the legal obligation that is incumbent on us to process such categories of data or (ii) our legitimate interest.
The processing of personal data for website utilization
- Personal data protection on our website
SG GSC gives particular importance to the protection of your personal data, this being the reason why we want to inform you, in as much transparent manner as possible about the data we process, the purposes of processing such data, their recipients, the rights from which you benefit and about other issues required by the European Regulation no. 679/2016. The protection of your privacy area during the utilization of our website represents an extremely important aspect for us. Therefore, we further inform you in detail about the personal data processing.
- Data security and integrity
SG GSC has adopted and implemented security policies and procedures to protect the personal data against unauthorized access, loss, misuse, unauthorized alteration or destruction.
However, despite the efforts made by SG GSC, the security cannot be absolutely guaranteed against all threats. The access to your personal data is limited to those who need to know them. The persons who have access to personal data are required to maintain the confidentiality of such information.
For the protection of your personal data, we have taken technical and organizational measures, especially against unauthorized access, loss or unlawful disclosure, unauthorized handling or destruction.
The measures adopted are regularly checked and are constantly adapted according to the applicable standards of modern technique.
The security measures applied by SG GSC include:
- Implementation and regular review of the Policies, Procedures and Work instructions for ensuring the security of personal data;
- Regular training, through dedicated courses, of the employees who process personal data;
- Limitation of the access to personal data in accordance with the need to know, the need to see and need to have principle;
- Securing access to the applications and files containing personal data;
- Monitoring of processes of personal data transfer carried out via the e-mail service;
- Encryption of the communications containing personal data, etc.
- Personal data collection and processing
- The data provided by you
SG GSC collects and processes personal data about you if you choose to provide them – for example, to contact us by mail or phone or to register for certain services / careers. In some cases, you have previously provided your personal information to SG GSC (if, for example, you are a former employee).
When you register or send personal data to SG GSC, we will use this information in the way described in this Policy. Your personal data are not used for other purposes, except for the case in which we obtain your permission to this effect or in which it is otherwise provided or permitted by the law applicable to SG GSC. For example, if you register on the SG GSC website and you provide information about your preferences, we will use this information to customize your user experience. If you register or sign in using a unique authentication for third parties, we can recognize you as being the same user on all the devices you use and customize your user experience on the SG GSC website.
If you send us a CV to apply online for a position within SG GSC, we will use the information you provide to find the most suitable job opportunities available at SG GSC, in accordance with your experience and preferences.
- Automatic personal data collection
- IP addresses
Cookies are typically placed on your computer or device connected to the internet whenever you visit us online. This allows the website to remember your computer or device.
A notification requesting your consent to collect cookies will appear on our website. If you do not give your consent, the computer or device connected to the Internet used by you will not be tracked for marketing related activities. A secondary type of cookie called “cookies based on input from users” can still be requested by the necessary functionality. Such cookies will not be blocked by using this notification. Your selection will be saved in a cookie module and it will be valid for a period of 90 days. If you want to cancel the selection, you can do this through cookies deletion of your browser.
Although most browsers automatically accept cookies, you may choose to accept or not cookies via your browser settings (often presented in the Tools or Preferences menu of your browser). You can also delete cookies from your device at any time. However, please note that if you do not accept cookies, you may not be able to fully experience some of our websites functions.
Additional information about managing the cookie modules can be found in your browser’s help file or on websites like www.allaboutcookies.org.
Share and transfer of personal data
- Transfer within the entities of Societe Generale
We share personal data about you with other member companies of Societe Generale as part of the international commitments where necessary or desirable in order to meet our legal and regulatory obligations worldwide. Other entities of Societe Generale are also used to provide us and to provide you services such as hosting and support of IT applications, development of IT applications in order to ensure the continuity of the activity of SG GSC. These entities are the following:
BRD Groupe Societe Generale S.A
Societe Generale London Branch
BRD Finance IFN S.A
BRD Aigurari de Viata S.A
Societe Generale S.A.
BRD Fond de Pensii
BRD Groupe Societe Generale S.A
BRD Sogelese IFN
BRD Finance IFN S.A
BRD Asset Management SAI S.A
BRD Sogelese Asset Rental S.R.L
ALD Automotive S.R.L
Societe Generale Bank and Trust Luxembourg
Societe Generale Bank and Trust Luxembourg
Societe Generale Private Banking Suiss S.A
Societe Generale Paris Zurich Branch
Societe Generale Capitale Canada INC.
SG Consulting S.A.
- Transfers to third parties
We do not disclose personal data with third parties unless this is required for our legitimate professional and operational needs, to fulfill your requests and/or as required or permitted by applicable law.
If we make such transfer, this will operate to:
- The categories of our service providers: we transfer your personal data to our third party service providers such as our suppliers of (IT) systems, our hosting vendors, our consultants (such as legal advisors/attorneys), healthcare providers, training service providers, HR service providers, platform and IT system development and maintenance service providers, cloud service providers. SG GSC works with such suppliers so that they should be able to process your personal data on our behalf in compliance with all the legal requirements concerning the storage and protection of personal data.
- Competent public authorities, courts, tribunals, law enforcement or regulatory bodies.
- Internal and external auditors: the disclosure of personal data will also be necessary for carrying out audit activities to ensure the correct business continuity, the security of premises, goods and people and for the legitimate interest of SG GSC which cannot override the rights and freedoms of data subjects.
In addition, SG GSC will transfer certain personal data outside the EEA to the foreign companies working with us or on our behalf for the purposes described in this Policy. SG GSC will also store personal data outside the EEA. We usually transfer personal data to the following countries:
EU member states
If we do this, your personal data will continue to be protected by the contracts which we have with the organizations outside the EEA, containing standard data protection clauses which are formulated in a form approved by the European Commission.
SG GSC will not transfer the personal data which you provide to third parties for their own direct use for marketing purposes. All the processing activities mentioned in this section are carried out, where appropriate, based on one or more of the following legal bases: (i) your consent; (ii) the conclusion or performance of the contract; (iii) the legal obligation, (iv) our legitimate interest, (v) the processing is necessary for the establishment, exercise or defense of a legal claim.
If SG GSC processes personal data about you, you have the following rights:
- The right to Information: you have the right to be informed about the personal data processing operations carried out by SG GSC.
- The right of access: you have the right to access these data. If we agree that we are obliged to provide personal data to you, we will provide you for free. Before providing personal data to you, we may request proof of identity and sufficient information about your interaction with us so that we can find your personal data.
- The right to Rectification: If the information which we hold about you is incorrect, you have the right to ask us to correct any inaccuracy in terms of personal data.
- The right to Erasure: you have the right to request to SG GSC, without undue delay, to delete your personal data in the following situations:
- Your personal data are no longer needed for the fulfillment of the purposes for which they have been collected or initially processed by SG GSC;
- If you withdraw your consent based on which the processing was made;
- If you object to the processing of personal data on the basis of legitimate interests and there are no legal justified grounds to continue the processing;
- If you object to the processing of personal data based on direct marketing purposes, including profiling to the extent that it is connected to the performance of direct marketing activities;
- If your personal data have been unlawfully processed;
- If your personal data must be deleted to comply with a legal obligation by which SG GSC is bound.
- The right to restrict processing: you have the right to request SG GSC to restrict the processing in case when one of the following situations applies:
- The accuracy of your personal data is contested by you for a period which allows SG GSC to check the accuracy of the personal data;
- The processing is unlawful and you oppose your personal data deletion and you request the restriction of their use instead;
- SG GSC no longer needs the personal data for processing, but the data are requested by you for the establishment, exercise or defense of a legal claim;
- You object the processing based on legitimate interests, the processing being restricted for the time interval for checking whether the legitimate rights of SG GSC override your legitimate interests.
- The right to data portability: you have the right to receive from SG GSC the personal data relating to you and which you provided to SG GSC, in a structured format, commonly used and which can be automatically read and to send such data to another operator when the technical means allow it. You have this right only when the processing is based on your consent or when the processing is carried out by automated means.
- The right to object: you have the right to object, on grounds relating to your situation, to the processing based on the legitimate interests of SG GSC. SG GSC will no longer process the personal data unless it demonstrates that it has compelling and legitimate grounds which justify the processing and override your interests, rights and freedoms or that the purpose is the establishment, exercise or defense of a legal claim.
- Automated decision-making process, including profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon you or which affects you in a similar manner to a significant extent.
- The right to lodge a complaint with the competent authority responsible for protecting the personal data, the National Supervisory Authority for Personal Data Processing.
You can make a request or can exercise these rights by contacting SG GSC to the e-mail address email@example.com; or to firstname.lastname@example.org and we will make all reasonable and practical efforts to meet your request, as long as it is consistent with the applicable law and the professional standards.
SG GSC has implemented technical and organizational measures to keep your personal data safe. Thus, we will keep your personal data in accordance with the provisions of the Policy on the protection of personal data applicable at the level of SG GSC.
However, we will cease to process any of your personal data, just as long as they are necessary for the purposes established or until you withdraw your consent when it represents the legal basis for the processing and (i) there are legitimate compelling reasons for SG GSC to continue the processing, interests which override your interests, rights and freedoms or (ii) if the personal data are not necessary for the establishment, exercise or defense of a legal claim.
Amendment of this Policy
SG GSC may amend this Policy from time to time to reflect the applicable legal requirements and the processes carried out within SG GSC and which involve the processing of personal data.
National Supervisory Authority for Personal Data Processing
Bulevardul General Gheorghe Magheru 28-30, District 1
Postcode 010336, Bucharest, Romania