Societe Generale Bank & Trust (SGBT) is committed to protecting all personal data of its customers, employees and partners, in accordance with the legal framework of the European and Luxembourg law governing SGBT's data protection and banking and financial activities and internal policies and procedures supporting the protection of personal data, including Societe Generale Group's Data Charter.
With the entry into force of the General Data Protection Regulation (GDPR), SGBT, whose activities lead it to deal with a large number of personal data, strengthens the protection of personal data.
SGBT's data protection commitments apply to all personal data processed by SGBT within the conditions defined by the personal data protection policy. The people concerned are:
- Clients and other Individuals, representatives of legal persons, contact persons, prospects;
- Employees of the company (staff), external service providers, apprentices, trainees or candidates.
Societe Generale Bank & Trust (SGBT), as a legal person, it assumes the responsibility of controller for the processing of the personal data entrusted to it, within the meaning of the Regulation (GDPR). The controller is responsible for ensuring that the necessary steps are taken to comply with the legal requirements for the protection of personal data.
In some cases, SGBT itself is processor, processing personal data on behalf of a client (controller in the meaning of GDPR). In this context, SGBT also commits to comply with all the requirements of Article 28.
Contact information :
Societe Generale Bank & Trust, a public limited company under Luxembourg law
Mr Arnaud Jacquemin, Chief Executive Officer
Societe Generale Bank & Trust
11 avenue Emile Reuter
Welcome Adress :
18 Boulevard Royal
Mailing adress :
B.P. 1271 - L-1012 Luxembourg
Tel. : +352 47 93 11 1
Fax : +352 22 88 59
RCS Luxembourg B 6061
Our Data Protection Officer
At SGBT, Mrs Bieneke Russon is data protection officer pursuant to Article 37 of GDPR.
Contact information :
Mrs Bieneke Russon, Data Protection Officer
Societe Generale Bank & Trust
18 Boulevard Royal
Employees and external contractors, subcontractors
Specific training regarding data protection is provided to all SGBT's staff.
Any person working for SGBT, as an employee or as an external service provider, must respect the personal data protection measures, as well as the obligations related to the Luxembourg and European banking and financial legal framework.
Subcontractors who deal with data processings on behalf of SGBT (within the meaning of Articles 4.8 and 28 of the GDPR), are also subject to compliance with the data protection measures. In particular, they must respect the obligations of the Regulation, article 28, which are notified to them by SGBT. In particular, they must respect a confidentiality clause as well as contractual obligations of security.
The processings of your Personal Data conducted by SGBT
Clients, Employees or Third Parties, you entrust information to the Bank. These Personal Data (ie any information relating to an identified or identifiable natural person) that you transmit to us, are necessary for the execution of the operations and services prided to you by the Bank .
These processings correspond to any transaction or set of transactions carried out with or without using automated processes and applied to data or set of personal data such as collection, registration, structuring, preservation, processing adaptation, or modification ... (within the meaning of GDPR article 4-2) ...
Processings performed by the Bank are for the particular purposes of:
- managing the banking relationship with the Client, the account(s) and/or products or services purchased, including through marketing and statistical analyses for overseeing the Bank's relationship with the Client,
- managing human resources
- carrying out opinion, statistical, satisfaction, and wealth-related surveys,
- managing, analysing, and granting loans, selecting risks,
- combating fraud,
- adhering to legal and regulatory obligations, particularly for managing operational risk (including the security of computer networks and transactions, as well as the use of international payment networks,
or the custody or sub-custody of financial instruments), anti-money laundering and terrorist financing, obligations related to financial markets, and determining tax status,
- identifying the accounts and safe deposit boxes of deceased persons,
- the Processing of disputes, recovery, or transfers of debt, and more generally managing payment incidents,
- the Processing of Personal Data generated by behaviours or actions that are extremely reprehensible,
- business prospecting, carrying out business meetings and advertising campaigns,
- recording conversations and communications with the Client, regardless of their medium (e-mails, faxes, phone interviews, etc.), for the purposes of improving call handling, adhering to legal and regulatory obligations related to financial markets, and ensuring the security of the transactions.
SGBT, in compliance with the requirements of the GDPR (Article 30-1), keeps a record of the processings of personal data.
For all processings of personal data, SGBT implements retention rules (retention duration and disposition) so that the processed data are not kept in the production systems longer than necessary.
SGBT guarantees the exercise of the rights of data subjects in accordance with the GDPR. Any client, any employee any third party, and more generally any natural person concerned has in accordance with articles 13 to 22 of the GDPR a right of information, access and rectification, erasure, restriction of processing, as well as the right to data portability.
Any data subject may object at any time, for reasons relating to his particular situation, that its personal data are subject to processing.
It is specified that exercising of certain rights may entail SGBT being unable, on a case-by-case basis, to provide the product or service. In addition, some of these rights may not be exercised if this should imply the destruction or alteration of information for which there is otherwise a legal or contractual obligation to declare or retain.
No payment is required to provide information to data subjects and to carry out any communication and take any action in the exercise of the rights of individuals.
Nevertheless, in accordance with Article 12.5 of the GDPR, in the case of manifestly unfounded or excessive requests, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
The data subjects are informed in particular by this page of our WEB site and by the General Conditions (if applicable) of the processings of their personal data and the rights that they can assert.
The Client or the persons concerned may, at any time and at no cost, without needing to justify their request, object to their Personal Data being used for business prospecting purposes.
The Client may exercise these rights by contacting the Bank's personal data protection officer by:
- contacting his normal advisor,
- sending a letter or e-mail under the same terms as those which exist for complaints as set out in Article 19 of General Terms and Conditions (if applicable),
- logging in to his e-banking system.
The Client or any person concerned also has the ability to file a complaint with the Commission Nationale pour la Protection des Données (CNPD), the controlling authority in charge of adherence to personal data obligations, at the mailing address: 1, avenue du Rock’n Roll, L-4361 Esch-sur-Alzette or via their website www.cnpd.lu
Your personal data protection and security
Risk analyzes are carried out and the necessary measures are taken to eliminate or limit the identified risks. A procedure for the management of personal data breaches is implemented and allows the notification, within the legal deadlines, to the supervisory authority of a possible violation, as well as to the data subjects if this is required under GDPR.
SGBT also uses technical and organizational systems for the processing of personal data which, by design and by default, guarantee the protection of these data.
SGBT communicates information relating to the protection of personal data to the persons concerned:
- To its Customers and third parties: in particular via its external website: https://www.sgbt.lu/fr/rgpd-charte-donnees/, its General Terms and Conditions (if applicable)
- To his employees: in particular via its intranet site
Contact for further information on data protection
Mrs. Bieneke Russon
Data Protection Officer