Personal Data

Caisse des Dépôts et consignations (hereinafter “Caisse des Dépôts”), a special institution created by the French Act of 28 April 1816, whose registered office is at 56 rue de Lille – 75007 Paris, complies with all applicable French and European legislation and regulations on personal data protection.

Caisse des Dépôts therefore applies a strict policy to guarantee personal data protection:

Personal data are processed in a secure and transparent manner in compliance with the rights of persons.
Caisse des Dépôts applies a continuous process to protect personal data in accordance with the French data protection Act of 6 January 1978, as amended, and Regulation (EU) on data protection of 27 April 2016 (GDPR).
Caisse des Dépôts has a Data Protection Officer (DPO) declared to CNIL and a dedicated personal data protection team.

This general privacy notice (“Privacy Notice”) describes the types of personal data that Caisse des Dépôts may collect and how Caisse des Dépôts, as publisher of the www.caissedesdepots.fr website, the secondary websites and the proposed services (hereinafter referred to collectively as the “Website”), may use them.

This Privacy Notice may be amended, completed or updated particularly to comply with any legislative, regulatory, jurisprudential or technical changes. You should refer to the latest version of the Privacy Notice prior to browsing.

We aim to keep you fully informed of the categories of data that we collect, how we use them, and the circumstances in which they may be disclosed.

1 - Who collects Personal Data (Identity of the data controller)?

2 - What are the purposes and lawful bases of Personal Data processing?

3 - Which Personal Data are processed?

4 - Who are the recipients and processors of your Personal Data?

5 – How long do we retain your Personal Data?

6 – What rights do you have and how can you exercise them?

7 – What technical and organisational measures do we implement to protect your Personal Data?

8 – How are your Personal Data used via Social Media?

9 – How are the Personal Data of minors processed?

10 – How are cookies saved on the Website processed?

11 - How are you informed of changes to our Privacy Notice?

12 – How can you contact us – DPO?

1 - Who collects Personal Data (Identity of the data controller)?

Unless otherwise indicated on our Website, Caisse des Dépôts is the Controller of the personal data processing carried out from our Website.

2 - What are the purposes and lawful bases of Personal Data processing?

The following lawful bases mainly apply for personal data collected by Caisse des Dépôts:

A legal obligation to which the controller is subject or necessary to perform a mission in the public interest or relating to the exercise of public authority such as managing consignments and special deposits, the Ciclade service created pursuant to the Act of 13 June 2014 (“Eckert Act”).
The performance of a contract and compliance with the respective contractual obligations such as the supply of banking services;
Users’ consent when required by applicable regulations particularly as regards cookies or registration for events.

Personal data collected on the Website may be collected for different purposes, depending on the Website pages and the collection forms concerned.

Caisse des Dépôts shall only collect personal data for specified, explicit and legitimate purposes and shall only process them in accordance with the purposes listed in our information notices. Information notices, hereinafter referred to as “Information Notices”, means:

information notices relative to forms and questionnaires published on the Website;
information notices contained in the Special Terms and Conditions of Use of Private Sections or in our sector-specific privacy statements.

On a subsidiary basis, your personal data are also collected to prevent and combat computer fraud (spamming, hacking) and improve Website browsing.

3 – Which Personal Data are processed?

“Personal Data” means any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to them.

When Caisse des Dépôts collects your personal data, they are collected fairly and in a transparent manner thanks to the inclusion of information notices on the exercise of your rights or referrals to this Privacy Notice.

Unless otherwise indicated in our information notices, we collect your data directly from you.

In this case, whatever means we use for the collection, all compulsory answers are indicated in the forms. If you do not wish to provide such information, you may not be able to access certain services or features of the Website. The other information is collected to learn more about you and is therefore optional.

4 - Who are the recipients and processors of your Personal Data?

Authorised members of Caisse des Dépôts staff may access your personal data.

Caisse des Dépôts may use processors (any company or legal entity processing personal data according to instructions given by Caisse des Dépôts) for the processing of all or part of personal data to the extent necessary to provide their services. Caisse des Dépôts shall not sell, rent out or assign your personal data to any third parties without your consent.

Unless otherwise indicated in our Information Notices, personal data of Website users are stored on French territory and are not transferred outside the European Union.

Caisse des Dépôts may transfer your personal data without your prior agreement to comply with a legal requirement. In this respect, you agree that Caisse des Dépôts may transfer personal data if it considers it necessary in order to comply with a court summons, warrant, court decision or order, or to a competent authority in the context of a particular investigation and particularly to defend its rights.

5 – How long do we retain your Personal Data?

Caisse des Dépôts processes and stores personal data in a secure environment for the period necessary to achieve the purposes for which they were collected. This period is specified in our Information Notices.

6 – What rights do you have and how can you exercise them?

In accordance with applicable regulations and particularly the European Regulation (EU) of 27 April 2016, you have the following rights:

right of access to your personal data and the right to have them corrected, updated and completed;
right to have your personal data deleted when they are inaccurate, incomplete, ambiguous or out of date;
right to object to the processing of your personal data;
right to the portability of your personal data when these data are processed on the basis of your consent or the performance of a contract;
right to define directives concerning the post-mortem management of your personal data and to choose who Caisse des Dépôts shall send your personal data to (or otherwise);
right to withdraw your consent at any time.

You may change or revoke your instructions and directives concerning the post-mortem management of your personal data at any time. As soon as Caisse des Dépôts is informed of the death and absent any instructions or directives, Caisse des Dépôts shall destroy your data, unless their storage is necessary for probative purposes, to meet a legal obligation or for scientific research, historical or statistical purposes.

To exercise the rights defined above, you may contact Caisse des Dépôts by writing to: Caisse des Dépôts – Données Personnelles - Etablissement de Bordeaux – 5 rue du Vergne – 33059 BORDEAUX CEDEX or by email to mesdonneespersonnelles@caissedesdepots.fr.

You must indicate the personal data that Caisse des Dépôts must correct, update or delete and identify yourself by enclosing a copy of a valid ID document (ID card or passport). Requests for deletion shall be subject to the legal obligations applicable to Caisse des Dépôts particularly concerning document archiving.

You may also lodge a complaint with the competent supervisory authority (CNIL) or seek redress in the competent courts if you consider that Caisse des Dépôts has not respected your rights.

7 – What technical and organisational measures do we implement to protect your Personal Data?

Caisse des Dépôts implements all appropriate technical and organisational measures to guarantee the security of personal data processing and data confidentiality.

In this respect, Caisse des Dépôts takes all appropriate precautions, in light of the type of data processed and the risks of the processing, to protect the security of personal data and to prevent them from being altered, damaged or accessed by unauthorised third parties.

Depending on the risks of each personal data processing operation, Caisse des Dépôts implements physical protection of the hosting premises and centres, authentication processes with secure, individual access, connection logging and encryption of certain categories of personal data.

Caisse des Dépôts implements appropriate organisational measures having regard to the status of our institution, particularly through crisis management drills in order to test readiness for external attacks and by raising staff awareness of personal data security.

8 – How are your Personal Data used via Social Media?

You may click on icons dedicated to the Twitter, Facebook or Linkedin social media featured on the Website.

When you use social media, Caisse des Dépôts may have access to personal data that you have marked as public or accessible from Twitter, Facebook or Linkedin profiles.

Caisse des Dépôts does not use and does not create any independent social media database based on information posted on social media accounts and Caisse des Dépôts does not process any personal data or any data concerning the private life of persons by this means.

9 – How are the Personal Data of minors processed?

The Website is mainly intended for adults capable of subscribing for bonds in accordance with French and European legislation. However, certain private sections may be accessible to minors.

A minor user under 16 years of age must obtain the consent of their legal representative prior to entering their data on the Website. Unless otherwise required by law, Caisse des Dépôts may directly inform the legal representative of the specific categories of data collected from the minor and the possibility of objecting to the collection and storage of personal data.

10 – How are cookies saved on the Website processed?

A cookie is a small text file that may be placed on your device when you visit a website. A cookie enables its issuer to identify the device (e.g. computer, tablet or mobile phone) in which it is saved, while the cookie is valid or saved.

By using the Website, you consent to cookies as described below being placed on your device in accordance with this document (box to be ticked for certain website traffic analysis cookies). For the Website, the Opt-Out feature available for the cookies defined in the section “Statistics and website traffic analysis cookies” below can be used to inhibit the collection of browsing information.

For your full information, certain cookies are essential to use the website, and others serve to optimise and customise the content displayed. Cookies placed on the Website may be placed by Caisse des Dépôts or by third parties.

10.1 Cookies placed by Caisse des Dépôts

Caisse des Dépôts uses four categories of cookies for the purposes described below:

Matomo statistics and website traffic analysis cookies

To provide you with an optimal service and improve the user experience of our Website, we use Matomo cookies to analyse browsing and website traffic. The information concerning your use of the Website (including your IP address) generated by these cookies is sent to and stored on a server located in France.

These cookies are intended solely to measure Website traffic, in order to assess the content published and the user-friendliness of the Website.

The cookie deposited is used strictly to produce anonymous Website traffic statistics. Use of these cookies does not identify individuals. The data collected are not therefore combined with any other personal data processing.

Internet users are informed that part of the Website uses other types of statistics and traffic analysis cookies.

Statistics and website traffic analysis cookies used

Part of the Website uses other statistics and traffic analysis cookies than the Matomo cookie.

Part of the Website using other cookies than Matomo	Type of cookies used
www.retraitesolidarite.caissedesdepots.fr Pensions portal	Google Analytics

Part of the Website using other cookies than Matomo

Type of cookies used

www.retraitesolidarite.caissedesdepots.fr

Pensions portal

Google Analytics

These cookies collect and store the following information in an anonymous form:

(i) where a user comes from (search engine, search keywords, link)

(ii) number of visits of each user, and the date of the first visit, the previous visit and the current visit;

(iii) how long the user stays on the Website: when a visit starts and when it ends.

By using this Website and ticking the “I get it” box, you expressly consent to the above-mentioned data processing by Caisse des Dépôts, in the manner and for the purposes described above.

These cookies expire a year at the most after their first insertion.

You may inhibit the setting of these browsing and traffic analysis cookies. However, if you do so, you will not be able to use all the features of this Website.

To inhibit these cookies, click on the "Manage Cookies" page of the Website.

You can find more information about analytics cookies, and particularly how to inhibit them, by following the links below:

For cookies deposited by Google Analytics:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

https://tools.google.com/dlpage/gaoptout?hl=fr

For cookies deposited by Matomo

https://fr.matomo.org/docs/privacy/

Authentication Cookies

This cookie is installed when you log in to your account. When you next log in on the Website, the cookie identifies you as an existing user, so you do not need to enter your login again. We use these cookies to recognise you, show you the right information and personalise your use.

If you would rather not receive this cookie, you can delete it by changing your browser’s settings. We draw your attention to the fact that limiting the Website’s use of cookies can affect Website use.

Preference cookies

We use these cookies to help your browser remember your preferences on our Website, such as:

the language you prefer,
your communication preferences, etc.

We draw your attention to the fact that most browsers accept cookies by default. However, you may decide to block these cookies or ask your browser to notify you when a website attempts to install a cookie on your device.

To change your browser’s management of cookies, you can change the settings in the privacy tab. As indicated above, please note that certain features of the Website may no longer work.

The configuration of each browser is different. It is described in your browser’s help menu which will tell you how to change your cookie preferences.

For Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en

For Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-Cookies

For FireFox: http://support.mozilla.org/fr/kb/cookies-informations-sites-enregistrent?redirectlocale=fr&redirectslug=G%C3%A9rer+les+cookies

For Opera: http://help.opera.com/Windows/10.20/fr/cookies.html

10.2. Cookies deposited by third parties

For cookies deposited by third parties, they are third-party cookies placed by external companies under their responsibility.

10.3. Managing Cookies

You can manage cookies in different ways.

At any time, you may choose to inhibit these cookies. You may accept or refuse them on an individual basis or refuse them all systematically once and for all.

Remember that the settings you choose can affect your access to our services that require the use of cookies.

Depending on the type of cookies you wish to inhibit, you may make your choice:

From the “Manage cookies” page of our Website

Caisse des Dépôts provides you with a module to accept or refuse our cookies individually or systematically. This module is accessible via our cookies information banner or via the “Manage Cookies” tab.

Using your browser settings

Most browsers accept cookies by default. However, you may decide to block these cookies or ask your browser to notify you when a website attempts to install a cookie on your device.

To change your browser’s management of cookies, you can change the settings in the privacy tab.

Please note that certain features of the Website may no longer work.

The configuration of each browser is different. It is described in your browser’s help menu which will tell you how to change your cookie preferences.

For Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en

For Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-Cookies

For FireFox: http://support.mozilla.org/fr/kb/cookies-informations-sites-enregistrent?redirectlocale=fr&redirectslug=G%C3%A9rer+les+cookies

For Opera: http://help.opera.com/Windows/10.20/fr/cookies.html

11 - How are you informed of changes to our Privacy Notice?

If this Privacy Notice is changed by Caisse des Dépôts, it will be published on the Website and will be effective immediately. Please read it every time you visit to refer to the latest version available on the Website.

12 – How can you contact us – DPO?

If you have any questions concerning the use of your personal data by Caisse des Dépôts, you may contact the Data Protection Officer (DPO) by email at dpo@caissedesdepots.fr

A cookie is a small text file that may be installed on your device when you consult a website. A cookie file enables its issuer to identify the device on which it is saved during the period in which said cookie is saved or valid.

https://www.caissedesdepots.fr/ (the Website) to improve the Website’s interactivity and its services.

Cookies may be installed on the Website by Caisse des Dépôts as data controller or by its processors, i.e., the technical service providers that process your browsing data on behalf of Caisse des Dépôts.

Cookies used by Caisse des Dépôts

Technical cookies strictly necessary for the Website’s functioning:

Technical cookies enable the website to function optimally.

Cookie name	Purpose	Storage period
nlbi_*	Ensures cohesion of the firewall session.	Session
incap_ses_*	Maintains the firewall session to secure browsing on the Website.	Session
font	Accessibility cookie to display the specific font for dyslexia if this option has been selected by the user.	6 months
contrast	Accessibility cookie to display the website in high contrast if this option has been selected by the user.	6 months
line-space	Accessibility cookie to increase interline spacing if this option has been selected by the user.	6 months
X-SessionID	Cookie generated by the application server. It identifies the session used for exchanges based on a HTTP protocol.	Session
JSESIONID	Cookie generated by the application server. It identifies the session affinity.	Session
X-CSRF-TOKEN	Security token preventing cross-site request forgery attacks.	Session
XSRF-TOKEN	Security token preventing cross-site request forgery attacks.	Session
UNIQUE_SESSION_ID	Maintains a unique identifier for all sessions currently running.	Session
DelaiDeleteDemandeAfinaliser	Displays information messages for the user.	Session
USER-CONSIGNATION	Stores the user’s chosen language and business data (consignment category and direction of consignment).	Session
timerPopin	Manages inactivity of a connected user after a certain period of time.	Session
didomi_token	Manages cookie consent.	6 months
Euconsent_v2	Manages cookie consent.	6 months

Customisation cookies:

These cookies allow us to optimise and customise the content displayed. You can choose to disable these cookies at any time by clicking on the "Cookie management" link. However, your user experience may be negatively affected.

Cookie name	Purpose	Storage period
DYDU_CLIENTID	This is a random value generated to recognise a user that returns to use the virtual support solution.	1 year
DYDU_PUSH_SESSION	Contains the number of pages viewed, the time lapsed since the last page viewed.	24h
CICLADE_LANG	Stores the user’s chosen language.	Session

Matomo audience measurement and statistics cookies

To be able to serve you more effectively and improve users' experiences on our Website, we use Matomo audience measurement and browser analysis cookies. The information concerning your use of the Website (including your IP address) generated by these cookies is forwarded to a server in France and stored there.

The sole purpose of these cookies is to measure the audience on the Website's pages, so as to be able to assess the contents published and the user-friendliness of the Website.<

Use of the cookie installed is strictly limited to the production of anonymous viewing statistics. Cookies cannot be used to identify people. As a result, the data collected is not cross-linked with other personal data processing.

You can choose to disable these cookies at any time by clicking on the "Cookie management" link.

Cookie name	Purpose	Storage period
_pk_id.*	Matomo – Website use statistics. This cookie stores a unique user identifier.	13 months
_pk_ref.*	Matomo – Website use statistics. This cookie stores the user’s website of origin.	6 months
CAT_CLI	Enables Matomo to identify which category the client belongs to (legal professions, territorial authorities, etc.).	12 months
_pk_ses., _pk_cvar. et _pk_hsr.*	Matomo – Website use statistics. These cookies are used to store browsing data.	30 minutes

Third-party cookies

The Website relies on certain services provided by third party websites which may install cookies. These cookies may be installed on your browser, with your consent, by third party partners acting in the capacity of data controllers. Caisse des Dépôts does not manage the cookies installed by these third party partners and has no control or responsibility over such cookies and the use of the data collected by them. As such, we advise you to read the policies of these third-party partners as regards these cookies. At any time, you may configure these cookies by accepting or refusing them by clicking on the “Cookie management” link. In any case, no cookie will be installed on your browser as long as you do not use these services. By activating a third-party service, you accept that its publisher installs cookies.

Caisse des Dépôts declines all liability for any consequences relating to the deteriorated functioning of the Website and any of the services offered which arises from (i) the refusal of cookies by the user, (ii) the Website manager’s inability to view the cookies required for their functioning as a result of the user’s choice.

To exercise your rights over the data collected by third parties or for any questions relating to these processing operations, you may contact them directly.

Below is a list of third-party cookies used on the Website.

Security:

Google reCAPTCHA: this is a programme that differentiates between natural persons and robots by analysing their behaviour on the Internet and their ability to recognise images, sounds or other complex tasks. We use this technology to protect the Website’s forms from robots that scan the Internet and send spam or phishing messages. If you would like to learn more, you may consult Google’s cookie policy.

Social networks:

The Website may use share buttons for social networks provided and operated by third parties. Consequently, said third party may have access to information that you view on a given part of the Website. If you are not connected to your account with the third party, the latter will not be able to identify you. If you are connected to your account with the third party, the latter may link the information or actions relating to your interaction with the Website to the account you have with the third party in question.

The purpose of the cookies installed using social network buttons is to enable website users to easily share content and improve conviviality.

Twitter (list of tweets and content sharing): If you would like to learn more, you may consult Twitter's cookie policy.
Facebook (content sharing): If you would like to learn more, you may consult Facebook's cookie policy.
LinkedIn (content sharing): If you would like to learn more, you may consult LinkedIn's cookie policy.

Multimedia content management, distribution and sharing services:

Youtube (distribution of videos) If you would like to learn more, you may consult Youtube's cookie policy.
Keepeek (distribution of images and videos) If you would like to learn more, you may consult Keepek's cookie policy.
SoundCloud (distribution of audio content) If you would like to learn more, you may consult .
Ausha (distribution of podcasts): If you would like to learn more, you may consult Ausha’s general terms and conditions of use.

Advertising cookies:

Advertising cookies may be used on the Website by the abovementioned third parties. They may be used by these third parties to create a profile of your interests and offer your personalised and relevant ads on other websites. If you do not authorise this category of cookies, these third parties cannot personalise the ad that they offer based on your browsing and your interests.

How to disable the cookies installed through your browser

You can disable cookies at any time by changing your browser's settings. We remind you that changing the settings is likely to alter your conditions of access to our services which need cookies to operate properly.

Most browsers accept cookies by default. That said, you can decide to disable these cookies or ask your browser to notify you when a website tries to install a cookie on your device.

To change the way cookies are managed by your browser, you can change the settings under Confidentiality.

All browsers are configured differently. Their configuration is described in your browser's Help menu; this will tell you how to change your cookie preferences. For your information, the steps that must be followed to configure your browser software to object to cookie files being stored on your device are available at the following addresses:

In case of changes to this Policy, the new version will be published on the Website and apply from said publication.

Read our General Personal Data Policy to learn more about how to exercise your rights and how we process your personal data: https://www.caissedesdepots.fr/en/personal-data

Caisse des Dépôts et consignations (hereinafter “Caisse des Dépôts”), a special institution created by the French Act of 28 April 1816, whose registered office is at 56 rue de Lille – 75007 Paris, takes special care to protect personal data.

Therefore, we particularly have:

A privacy policy that you will find on our website (https://www.caissedesdepots.fr/donnees-personnelles) and that we encourage you to read; and,
A Data Protection Officer (DPO) declared to CNIL and a dedicated personal data protection team.

This Privacy Notice is designed to inform you about how Caisse des Dépôts uses and protects your personal data during recruitment.

When we use the words “you” or “your”, we are referring to you and your representatives, where applicable.

This Privacy Notice applies to all the personal data that we collect directly or indirectly and that we use for recruitment.

The type de personal data that we collect from you or from third parties involved in the recruitment process (including our partner recruitment agencies or temporary employment agencies) depends on the job you are seeking or the position you have applied for.

1 - Who collects personal data?

2 - Which Personal Data are processed?

3 - What are the purposes of Personal Data processing?

4 - Who do we share your personal data with?

5 - How long are your personal data stored?

6 - How do we protect your personal data?

7 - What rights do you have concerning your personal data?

8 - How can you contact us?

9 - Privacy Notice update

10 - Cookies

1 - Who collects personal data?

Caisse des Dépôts is the controller of your data in the context of recruitment.

2 - Which Personal Data are processed?

In the context of the recruitment process, we process personal data necessary for hiring, such as:

Identification data (for example your last name and given name, postal or email address, phone number)
Data concerning your work life (e.g. academic level, qualifications and certifications or other diplomas, grades and results obtained, year of award, language skills, prior experience)
Economic and financial data (e.g. your current salary and expected salary)
Login and Internet data
Other types of data (e.g. details of a previous job you had applied for at Caisse des Dépôts and the result of your application; your interests or preferences provided due to their relevance to your application; your answers to questions about specific skills asked during the application process, personality tests).

In our forms, compulsory answers are marked with an asterisk. If you do not wish to provide the requested information marked as compulsory, you will not be able to access certain services. The other information is designed to learn more about you and is therefore optional.

3 - What are the purposes of Personal Data processing?

Your personal data are processed for the purpose of recruiting our staff:

Receiving and recording the applications sent to us;
Managing our recruitment procedures;
Replying to applications and questions.

The legal bases of the processing are the legal obligation laid down by Articles L.1221-6 et seq. of the French Labour Code and Act 83-634 for public officers, and our legitimate interest for staff recruitment needs.

When the recruitment process leads to an employment contract, you will be asked to provide other personal data for specific processing relating to the administration of your HR record.

4 - Who do we share your personal data with?

Your data are intended for us. We may use IT service providers and recruitment or temporary employment agencies. These service providers may then access your data.

Your data will not be shared with any third party, unless (i) you have given your consent, (ii) it is lawful, or (iii) it is required by legislation or competent authorities.

5 - How long are personal data stored?

Caisse des Dépôts processes and stores your data in a secure environment for the period necessary to achieve the purposes for which they were collected.

Caisse des Dépôts keeps the data collected for a period proportionate to the purpose of the processing:

	Retention period
Data from the Recruitment section	Two (2) years after the last contact
Non-selected applicant	Directly deleted
Trace of connection to the Recruitment section	One (1) year

Your data may also be used in the following processing activities:

Management of litigation,
Staff administration in the event of recruitment.

Pursuant to the French Heritage Code, we may be required to keep certain documents concerning you after the retention period if they are useful for administrative, scientific, statistical or historical purposes.

6 - How do we protect your personal data?

Caisse des Dépôts implements various physical, technical and organisational measures designed to provide reasonable protection against loss or wrongful use of or unlawful access to your personal data, and their disclosure, alteration or destruction.

However, we cannot guarantee the security of information on or sent via Internet.

7 - What rights do you have concerning your personal data?

In accordance with applicable regulations and particularly the European Regulation (EU) of 27 April 2016, you have the following rights:

right of access to your personal data and the right to have them corrected, updated and completed;
right to have your personal data deleted when they are inaccurate, incomplete, ambiguous or out of date;
right to object to the processing of your personal data;
right to define directives concerning the post-mortem management of your personal data and to choose who Caisse des Dépôts shall send your personal data to (or otherwise).

You may change or revoke your instructions and directives concerning the post-mortem management of your personal data at any time and through your post-mortem rights holders. As soon as we are informed of the death and absent any instructions or directives, we shall destroy your personal data, unless their retention is necessary for probative purposes, to meet a legal obligation or for scientific research, historical or statistical purposes.

To exercise the rights defined above, you may contact us by writing to: Caisse des Dépôts – Données Personnelles - Etablissement de Bordeaux – 5 rue du Vergne – 33059 BORDEAUX CEDEX or by email to mesdonneespersonnelles@caissedesdepots.fr. You must enclose proof of your identity with any request.

Caisse des Dépôts shall process your request within one (1) month of receiving it.

We may limit or deny access to personal data when providing such access would be excessively expensive or complex, or in any other manner permitted by law. In certain circumstances, we may charge reasonable fees, when permitted, for the access to your personal data.

For more information about your rights, you will find a link below to the website of the Commission nationale de l'informatique et des libertés which is responsible for data protection in France: www.cnil.fr

8 - How can you contact us?

If you have any questions concerning the use of your personal data by Caisse des Dépôts, you may contact the Data Protection Officer (DPO) by writing to: dpo@caissedesdepots.fr

9 - Privacy Notice update

This Privacy Notice may be updated at any time. Therefore, the applicant is encouraged to read the latest applicable version.

10 - Cookies

Article 10 of the Privacy Policy defines the cookies policy introduced by Caisse des Dépôts. The User should therefore refer to this Policy, at the following link: https://www.caissedesdepots.fr/donnees-personnelles.

Caisse des Dépôts et consignations [hereinafter “Caisse des Dépôts”], a special institution created by the French Act of 28 April 1816, whose registered office is at 56 rue de Lille – 75007 Paris, takes special care to protect personal data.

In our capacity as administrative manager of pension schemes and funds, Caisse des Dépôts collects personal data of members, pensioners, claimants, beneficiaries and any entitled persons.

Caisse des Dépôts implements procedures and IT tools to guarantee the protection of personal data:

Personal data are processed in a secure and transparent manner in compliance with the rights of persons;
Caisse des Dépôts applies a continuous process to protect personal data in accordance with the French data protection Act of 6 January 1978, as amended, and Regulation [EU] on data protection of 27 April 2016 [GDPR];
Caisse des Dépôts has a Data Protection Officer [DPO] declared to CNIL and a dedicated personal data protection team.

This privacy notice is designed to inform you about how Caisse des Dépôts processes and protects your personal data within the framework of its Pensions Management, Payment of disablement and disability compensation rights and Social Welfare Benefits Management activities for which it is responsible.

1 – Who collects personal data?

2 – Which Personal Data are processed?

3 – For what purposes and on which legal bases are your Personal Data processed?

4 – Who are the recipients and processors of your Personal Data?

5 – Will your Personal Data be transferred outside the European Economic Area?

6 – How long do we retain your Personal Data?

7 – What rights do you have and how do you exercise them?

8 – How are you informed of changes made to this Privacy Notice?

9 – How can you contact us?

10 – Cookies

11 – Lawful bases

1 – Who collects personal data?

Caisse des Dépôts et consignations whose registered office is at 56, rue de Lille, 75007 Paris, is the controller of personal data relating to Pensions Management, Payment of disablement and disability compensation rights and Social Welfare Benefits Management.

2 – Which Personal Data are processed?

Personal Data means any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to them.

Caisse des Dépôts collects and processes data relating to your identity as well as your contact details, your personal and professional situation, your financial and tax situation, your social security number, medical data in some specific cases [disablement, disability, etc.], and any information necessary to justify the rights you may be granted.

Personal data of members, pensioners, claimants, beneficiaries and any entitled individuals may be collected:

directly from you, particularly via our forms, Websites and hotline and correspondence received from you;
from public employers of members and pensioners;
from organisations and partners in the social sector in the context of exchanges authorised by applicable legislation and regulations.

In our forms, all compulsory answers are indicated. If you do not wish to provide the requested information, you will not, in principle, be able to access certain services. The other information is collected to learn more about you and is therefore optional.

3 – For what purposes and on which legal bases are your Personal Data processed?

Caisse des Dépôts shall only collect personal data for the following purposes:

Personal data are processed for Pension Management to enable Caisse des Dépôts to:

1° - Create and manage individual retirement accounts and the pensions of members and pensioners;

2° - Inform members and pensioners of their rights, recover amounts due, pay pensions [main pensions, increases and refunds];

3° - Check that all benefits are rightly established;

4° - Examine complaints and disputes;

5° - Produce statistical studies alone or in partnership with third parties;

6° - Levy income tax at source;

7° - Grant members and pensioners access to their individual retirement account via a dedicated website;

8° - Conduct studies and surveys to obtain opinions about the services and content provided to members and pensioners.

Personal data are processed for the Payment of disablement and disability compensation rights to enable Caisse des Dépôts:

1° - To pay disablement and disability compensation to members, pensioners and claimants;

2° - In respect of disablement rights, validate the contribution payment periods, determine additional rights [children, spouses, military service], checks periods of coverage by the Caisse nationale d’assurance vieillesse [CNAV - National pension fund];

3° - In respect of disability compensation rights, check status as beneficiary of the relevant fund;

4° - Calculate rights earned, pay due pensions and benefits while ensuring that they are rightly established;

5° - Examine complaints and disputes;

6° - Levy income tax at source;

7° - Produce and complete anonymised statistical studies on disablement risks and disability compensation, alone or in partnership with third parties;

8° - Enable members, pensioners, claimants and beneficiaries to consult disablement and disability compensation rights via a dedicated website;

9° - Conduct studies and surveys to obtain opinions about the services and content provided to members, pensioners, claimants and beneficiaries.

Personal data are processed for Social Welfare Benefits Management to enable Caisse des Dépôts to:

1° - Manage the social welfare benefits [benefits and social loans] of persons receiving pensions under the different pension schemes and funds managed;

2° - Collect, analyse and manage requests in accordance with rules defined by the relevant fund or scheme;

3° - Calculate rights;

4° - Pay benefits;

5° - Recover any amounts due;

6° - Check that all benefits are rightly established;

7° - Examine complaints and disputes;

8° - Produce anonymised statistical studies alone or in partnership with third parties;

9° - Enable pensioners and beneficiaries to consult social welfare benefits via a dedicated website;

10° - Conduct studies and surveys to obtain opinions about the services and content provided to pensioners and beneficiaries.

The lawful basis for this processing is:

a legal obligation to be fulfilled by the controller Caisse des Dépôts or necessary to provide a service in the public interest or relating to the exercise of public authority;
Caisse des Dépôts’ legitimate interest in proving operations or transactions completed, preventing fraud, recovering outstanding amounts, recording telephone calls for staff training or creating anonymised statistical models;
users’ consent where it is required by applicable regulations particularly regarding the management of cookies.

4 – Who are the recipients and processors of your Personal Data?

Caisse des Dépôts may need to transfer your data.

For Pension Management personal data processing:

1° - to public employers of members and pensioners;

2° - to organisations and partners in the social sector in the context of exchanges authorised by applicable legislation and regulations;

3° - to the Caisse Autonome nationale de la sécurité sociale dans les mines for the management of its welfare action;

4° - to third-party organisations responsible for statistical surveys.

Medical data may not, on any account, be transferred in any manner by Caisse des Dépôts to the recipients identified in points 2, 3 and 4.

For Payment of disablement and disability compensation rights personal data processing:

1° - to public employers of members, pensioners and claimants;

2° - to organisations and partners in the social sector in the context of exchanges authorised by applicable legislation and regulations;

3°- to the Établissement public des fonds de prévoyance militaire et de l’aéronautique created by decree no. 2008-1219 of 28 November 2008 on the creation, organisation and operation of the Etablissement public des fonds de prévoyance militaire et de l’aéronautique in their respective roles;

4° - to third-party organisations responsible for statistical surveys.

Medical data may not, on any account, be transferred in any manner by Caisse des Dépôts to the recipients identified in points 2 and 4.

For Social Welfare Benefits Management personal data processing:

1° - to personal services agencies;

2° - to organisations and partners in the social sector in the context of exchanges authorised by applicable legislation and regulations;

3° - to third-party organisations responsible for statistical surveys.

Medical data may not, on any account, be transferred in any manner by Caisse des Dépôts to the recipients identified in points 2 and 3.

Caisse des Dépôts may use processors [any company or legal entity processing personal data according to instructions given by Caisse des Dépôts] for the processing of all or part of personal data to the extent necessary to provide their services. Caisse des Dépôts shall not sell, rent out or assign your personal data to any third parties without your consent.

Caisse des Dépôts may transfer your personal data without your prior agreement to comply with a legal requirement. In this respect, Caisse des Dépôts may transfer personal data if it considers it necessary in order to comply with a court summons, warrant, court decision or order, or to a competent authority in the context of a particular investigation and particularly to defend its rights.

5 – Will your Personal Data be transferred outside the European Economic Area?

Personal data are stored on French territory. The processing of your Personal Data does not give rise to any transfer outside the European Economic Area.

If personal data may be transferred outside the European Economic Area, Caisse des Dépôts shall inform you by any means and shall implement adequate safeguards as required by Regulation [EU] 2016/679 of 27 April 2016 and by the French data protection Act.

6 – How long do we retain your Personal Data?

Caisse des Dépôts processes and stores personal data in a secure environment for the period necessary to achieve the purposes for which they were collected.

Caisse des Dépôts retains data collected for the management of pension schemes and funds for a reasonable period having regard for the purposes of the processing.

Therefore, the personal data collected and processed are retained from the date of the death or extinguishment of the rights of members, pensioners, claimants and any entitled persons until the end of the limitation periods defined by regulations applicable to the pensions schemes or funds, or otherwise, by the rules of ordinary law. In the event of litigation, this period is extended until a final court decision is handed down.

Regarding records of connections to the Website of Caisse des Dépôts, this period may not exceed one [1] year.

7 – What rights do you have and how do you exercise them?

In accordance with applicable regulations and particularly the European Regulation [EU] of 27 April 2016, you have the following rights:

right of access to your personal data and the right to have them corrected, updated and completed;
right to have your personal data deleted when they are inaccurate, incomplete, ambiguous or out of date;
right to define directives concerning the post-mortem management of your personal data and to choose who Caisse des Dépôts shall send your personal data to [or otherwise];
right to withdraw your consent if it has been requested.

To exercise the rights defined above, you may contact Caisse des Dépôts by writing to: Caisse des Dépôts et consignations – Données Personnelles - Établissement de Bordeaux – 5 rue du Vergne – 33059 BORDEAUX CEDEX or by email to mesdonneespersonnelles@caissedesdepots.fr.

You must indicate the personal data that Caisse des Dépôts must correct, update or delete and identify yourself by enclosing a copy of a valid ID document [ID card or passport]. In this regard, please note that requests for erasure will be subject to the legal obligations applicable to Caisse des Dépôts particularly relating to the retention and archiving of documents.

You may also lodge a complaint with the competent supervisory authority [CNIL] or seek redress in the competent courts if you consider that Caisse des Dépôts has not respected your rights.

8 – How are you informed of changes made to this Privacy Notice?

Caisse des Dépôts may update this document to reflect technical and digital developments. If this Privacy Notice is changed by Caisse des Dépôts, it will be published on the Website https://politiques-sociales.caissedesdepots.fr/ and will be effective immediately. Please read it every time you visit the Website to refer to the latest version available.

9 – How can you contact us?

If you have any questions concerning the use of your personal data by Caisse des Dépôts, you may contact the Data Protection Officer [DPO] by completing the contact form at www.caissedesdepots.fr/protection-des-donnees-personnelles.

10 – Cookies

This website uses browsing statistics and traffic analysis cookies deposited by Google Analytics.

These cookies collect and store the following information in an anonymous form:

[i] where a user comes from [search engine, search keywords, link];

[ii] number of visits of each user, and the date of the first visit, the previous visit and the current visit;

[iii] how long the user stays on the Website: when a visit starts and when it ends.

By using this Website and ticking the “I get it” box, you expressly consent to the above-mentioned data processing by Caisse des Dépôts, in the manner and for the purposes described above.

These cookies expire a year at the most after their first insertion.

You may inhibit the setting of these browsing and traffic analysis cookies. However, if you do so, you will not be able to use all the features of this Website.

To inhibit these cookies, click on the "Inhibit Cookies" button below.

You can find more information about analytics cookies, and particularly how to inhibit them, by following the links below:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

https://tools.google.com/dlpage/gaoptout?hl=fr

11 – Lawful bases

List of funds and schemes for “Pensions Management” processing

Fund name	Acronym	Legal basis
Caisse Nationale de Retraite des Agents des Collectivités Locales	CNRACL	Decree no. 2003-1306 of 26 December 2003 and Decree no. 2007-173 of 7 February 2007
Retraite des Mines	MINES	Decree no. 46-2769 of 27 November 1946 on the organisation of social security in mines [Art. 15]
Régime du Personnel Statutaire CANSSM	Statutaires CAN	Decree no. 2009-1147 of 23 September 2009
Retraite Additionnelle de la Fonction Publique	RAFP	Decree no. 2004-569 of 18 June 2004
Régime d'Allocations Viagères des Gérants de Débit de Tabac	RAVGDT	Decree no. 63-1104 of 30 October 1963 [Art. 6]
Fonds Spécial de Pension des Ouvriers des Etablissements Industriels de l'Etat.	FSPOEIE	Decree no. 2004-1056 of 5 October 2004 [Art. 2.I]
Service de l'Allocation de Solidarité aux Personnes Agées	SASPA	Articles L. 815-7 et seq. of the French Social Security Code Article D. 815-16 of the Social Security Code Agreement of 31 December 2007
Allocation Temporaire Complémentaire des Ingénieurs de Contrôle de la Navigation Aérienne	ATC-ICNA	Decree no. 98-1096 of 4 December 1998 [Art. 3]
Caisse de Retraite des Régies Ferroviaires d'Outre-Mer	CRRFOM	Management agreement of 31 July 2006
Caisse de Retraite du Personnel du Département du Haut-Rhin	PREF HR	Regulations approved by the Commissioner General of the Republic of 11 July 1924 and Prefectural Order of 17 December 1938 [Art. 3 and 4]
Complément de Pension de la Compagnie Générale des Eaux	CP-CGE	Decree no. 91-408 of 26 April 1991 and management agreement of 1 March 1997 [Art. 1]
Complément de Pension de la Société des Eaux de Versailles et Saint-Cloud	CP-SEVESC	Management agreement of 17 November 1997
Régime Spécial de Pension du Personnel de l'Imprimerie Nationale	IMPRIMERIE NATIONALE	Agreement of 14 April 1995 between Imprimerie Nationale, the Government [Budget Ministry] and CDC
Régimes de retraite des Conseillers Généraux du Lot et Garonne, Bouches du Rhône, Creuse, Gard, Haute Savoie.	Conseils Généraux	Management Agreements for - Bouches du Rhône General Council of 8 December 1997; - Gard General Council of 26 January 1999; - Creuse General Council of 15 July 1999; - Lot-et- Garonne General Council of 22 November 1999; - Haute-Savoie General Council of 12 November 2012.
Institution de Retraite Complémentaire des Agents Non Titulaires de l'État, des Collectivités Locales et de leurs Établissements	IRCANTEC	Decree no. 70-1277 of 3 December 1970
Caisse de Retraite du Personnel Sédentaire des Sociétés du Groupe de la Compagnie Générale Maritime et Financière	CRCGMF	Agreement of 16 December 2014
Banque de France	Banque de France	Decree no. 2007-262 of 27 February 2007 on the pension scheme of officers of the Banque de France [Art 1] and agreement of 28 June 2016
Fonds d’Assurance Mutuelle, Différentielle de Retour à l’Emploi des Députés [FAMDDRED]	FAMDRE	Order no. 11 -103 of 19 October 2011 of the President and questeurs of the French National Assembly and agreement of 22 December 2011
Fonds d'Allocation des Élus en Fin de Mandat	FAEFM	Article 70 of act no. 2002-276 of 27 February 2002
Fonds National de Prévention	FNP	Decree no. 2003-909 of 17 September 2003 [Art. 2]

List of funds and schemes for “Payment of disablement and disability compensation rights” processing

Fund name	Acronym	Legal basis
Fonds de Prévoyance de l'Aéronautique Fonds de Prévoyance Militaire	EPFP	Article R. 3417-21 of the French Defence Code
Complément de Pension de la Société Urbaine de Distribution d'Air Comprimé	SUDAC	Decree no. 46-2769 of 27 November 1946 on the organisation of social security in mines [Art. 15]
Fonds de la Mairie de Fort de France	FMFF	Agreement of 26 January 2004
Compensation des Prestations Familiales pour les Départements d'Outre-Mer	CNAF	Decree no. 71-612 of 15 July 1971
Fonds de Compensation de Cessation Progressive d'Activité des Agents des Collectivités Locales	FCCPA	Decree no. 84-1021 of 21 November 1984 [Art. 2]
Fonds National de Compensation du Supplément Familial de Traitement des Agents à Temps Complet	FNC-TC	Decree no. 2004-1056 of 5 October 2004 [Art. 2.I]
Fonds National de Compensation du Supplément Familial de Traitement des Agents à Temps Non Complet	FNC-TNC	Decree no. 85-886 of 12 August 1985 [Art. 1] and Art. L.413-13 of the French Municipalities Code [Code des Communes]
Fonds pour la Modernisation des Établissements de Santé Publics et Privés	FMESPP	Decree no. 98-951 of 26 October 1998 and Decree no. 98-1221 of 29 December 1998
Fonds pour l'Emploi Hospitalier	FEH	French Act no. 94-628 of 25 July 1994 Art. 14-I
Fonds pour l'Insertion des Personnes Handicapées dans la Fonction Publique	FIPHFP	Decree no. 2006-501 of 3 May 2006
Remboursement du Congé de Paternité	RCP or RCOPA	Article D.223-1 of the Social Security Code
Fonds Spécial d'Invalidité	FSI	Article L.815-26 of the Social Security Code
Allocation Temporaire d'Invalidité pour les Agents des Collectivités Locales	ATIACL	Decree no. 63-1346 of 24 December 1963
Fonds Commun des Accidents de Travail	FCAT	Decree no. 55-1388 of 18 October 1955
Fonds Commun des Accidents du Travail Agricole	FCATA	Decree no. 57-1360 of 30 December 1957
Régime d'Indemnisation des Sapeurs-Pompiers Volontaires	RISP	Decree no. 92-620 of 7 July 1992 [Art. 10 to 17]
Rentes d'Accidents du Travail des Ouvriers Civils des Établissements Militaires	RATOCEM	Decree of 26 February 1897 amended by decree 70-209 of 12 March 1970
Rentes de la Mairie de Paris	M-PARIS	Act of 3 July 1941 on the reform of pension schemes of employees and officers of départements, communes, institutions and concessionary, leased or local services of these local authorities
Rentes de l'Assistance Publique de Paris	A-PARIS	Law no. 2776 of 3 July 1941 [Art.6]
Rentes du Département de Paris	D-PARIS	Act of 3 July 1941 on the reform of pension schemes of employees and officers of départements, communes, institutions and concessionary, leased or local services of these local authorities
Caisse Nationale de Retraites des Agents des Collectivités Locales	CNRACL	Decree no. 2003-1306 of 26 December 2003 and Decree no.°2007-173 of 7 February 2007
Régime d'Allocations Viagères des Gérants de Débit de Tabac	RAVGDT	Decree no. 63-1104 of 30 October 1963
Retraite des Mines	MINES	Decree no. 46-2769 of 27 November 1946 on the organisation of social security in mines

List of funds and schemes for “Social Welfare Benefits Management” processing

Fund name	Acronym	Legal basis
Caisse Nationale de Retraites des Agents des Collectivités Locales	CNRACL	Decree no. 2003-1306 of 26 December 2003
Institution de Retraite Complémentaire des Agents Non Titulaires de l'État, des Collectivités Locales et de leurs Établissements	IRCANTEC	Decree no. 70-1277 of 3 December 1970

CDC / CDC-Placement

Caisse des Dépôts et consignations (hereinafter “Caisse des Dépôts”), a special institution created by the French Act of 28 April 1816 whose registered office is at 56 rue de Lille – 75007 Paris, and CDC Placement, a company belonging to the Caisse des Dépôts Group, with capital of €3,510,000 registered on the Paris Trade and Companies Register under number 392 142 030 and located at 56, rue de Lille 75356 Paris 07 SP take special care to protect personal data.

They therefore implement procedures and IT tools to guarantee the protection of personal data:

- Caisse des Dépôts has a privacy policy published on its website at https://www.caissedesdepots.fr/donnees- personnelles;

- personal data are processed in a secure and transparent manner in compliance with the rights of persons;

- they apply a continuous process to protect personal data in accordance with the French data protection act of 6 January 1978, as amended, and Regulation (EU) on data protection of 27 April 2016 (GDPR);

- Caisse des Dépôts has a Data Protection Officer (DPO) declared to CNIL and a dedicated personal data protection team.

This privacy notice is designed to inform you about how Banque des Territoires of Caisse des Dépôts and CDC Placement use and protect your personal data in the context of their banking service and lending activities. Banque des Territoires (“BDT”) consolidates the offers of Caisse des Dépôts and its subsidiaries (SCET, CDC Habitat) for local authorities in consulting, engineering, housing and public sector loans, equity investments, banking services, consignments and special deposits, and operations.

When you send us data concerning natural persons, you are responsible for informing those persons of the existence of this notice and encouraging them to read it. When we use the words “you” or “your”, we are referring to you and your representatives (agents and authorised signees), and your employees, where applicable.

1 - Who collects Personal Data?

2 – Which Personal Data are processed?

3 - What are the purposes and lawful bases of Personal Data processing?

4 - Who are the recipients and processors of your Personal Data?

5 - Will your Personal Data be transferred outside the European Economic Area?

6 – How long do we retain your Personal Data?

7 – What rights do you have and how can you exercise them?

8 - How are you informed of changes made to this Privacy Notice?

9 – How can you contact us – DPO?

1 - Who collects Personal Data?

In the context of banking service and financing activities, Caisse des Dépôts is the Controller of Personal Data.

For securities account keeping, Caisse des Dépôts and CDC Placement as investment service provider, are joint Controllers of Personal Data.

2 – Which Personal Data are processed?

BDT and CDC Placement collect data relating to your identity as well as your contact details, your personal and professional situation, your economic, financial and tax situation and your assets and any information necessary to justify your rights at the start of a relationship, when you order any new product or service (account, loan, investment, related services) and during the performance of our contracts.

Using personal data collected or operating data, we may generate or calculate new personal data. This is the case of an application for funding when we analyse your application and calculate a score, or when we determine, in accordance with our legal and regulatory obligations, the credit risk, risk of fraud or any other evaluation. In addition, to learn more about you, adapt our products and services and tailor the offers that may be made to you, we may define customer profiles and segments.

When you take out borrower insurance, the insurer may require information concerning your health to grant you coverage and determine any exclusions. The procedures implemented aim to ensure full compliance with the privacy principle and a high standard of protection of your data.

Personal Data may be collected:

- directly from you via our forms and through your use of our services;

- Indirectly through:

Third-party suppliers, acting as processors, such as the Carte Bancaire, Visa and Mastercard networks;
Partners of BDT if their privacy policies so permit;
Other products or services provided by third parties that you have chosen and for which you authorise the sharing of your data with BDT;
Public authorities when authorised by legislation and regulations and in accordance with the specific rules on disclosure and reuse laid down by these provisions.

In our forms, all compulsory answers are indicated. If you do not wish to provide the requested information marked as compulsory, you will not be able to access certain services. The other information is collected to learn more about you and is therefore optional.

3 - What are the purposes and lawful bases of Personal Data processing?

We primarily process your personal data within the framework of our banking activity to provide the products and services you choose or would like to obtain.

Therefore, our processing for the purpose, respectively, of providing banking services, meeting needs for financing and managing securities accounts is implemented because it is necessary for the performance of a contract that you have signed with us or to take pre-contractual measures (such as providing advice, making an offer, doing a simulation) at your request. Without this processing, BDT and CDC Placement would not be able to enter into or perform the contract.

3.1 Purposes of processing implemented by BDT

Depending on the product(s) or service(s) you would like to use or have chosen, the processing implemented by BDT in the context of our relationship has the following purpose:

1° Provide banking services, and particularly keep your bank accounts and allow you to carry out transactions, manage your banking products and investments, produce and manage your payment instruments such as your bank card and secure payment transactions particularly when the payment instrument is subject to a stop payment order (or is blocked). In this context, BDT may also process your data to fulfil its legal obligations to deliver sums of money under French Act no.°2014-617 of 13 June 2014 on dormant bank accounts and unclaimed life insurance contracts;

2° Meet your needs for financing and particularly grant and manage your loans, give or obtain guarantees and sureties, prevent and manage defaults on payment and excessive debt, manage insurance contracts, collect debts and manage litigation.

3.2 Purposes of processing implemented jointly by CDC Placement and CDC

CDC Placement and BDT process your data to manage your securities accounts and in particular to:

- keep your securities accounts;

- process your transactions;

- provide you with the financial expertise of CDC Placement within the framework of your short-term

investments;

- fulfil our legal obligations to deliver sums of money under French Act no.°2014-617 of 13 June 2014 on dormant bank accounts and unclaimed life insurance contracts;

- CDC Placement provides you with the investment service of receiving and transferring orders.

3.3 Other purposes of processing that may be implemented by CDC or CDC Placement

In addition, Caisse des Dépôts and CDC Placement may also process your data to:

1° Fulfil our obligations to exercise due diligence and report and inform under anti-money laundering and terrorist financing regulations, within the limits of your interests and rights. In accordance with the provisions of Article L.561-45 of the French Monetary and Financial Code, natural persons have an indirect right to access their data that they may exercise by directly contacting CNIL, 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07.

2° Prevent and combat fraud as part of our missions in the public interest and our legitimate interests;

3° Meet our legitimate interests in:

- recovering amounts due and managing litigation;

- developing statistics;

- acquiring knowledge of our customers and their needs, particularly through satisfaction and customer surveys;

- improving our services, developing business and developing our products and services;

- training our staff by recording our telephone conversations.

4 - Who are the recipients and processors of your Personal Data?

The data collected by Caisse des Dépôts are intended for it. They may also be disclosed to:

1° The joint holder(s) of the account, and to your legal representative(s) and agent(s);

2° Other financial institutions and their customers in the case of a funds transfer;

3° Administrative and judicial authorities and to the tax administration;

4° Our payment service providers;

5° Our partners, with your prior consent;

6°CDC Placement for the management of your securities accounts;

7° Our department responsible for delivering funds pursuant to Act no. 2014-617 of 13 June 2014 on dormant bank accounts and unclaimed life insurance contracts;

Data collected by CDC Placement are intended for it. They may also be disclosed to:

1° Caisse des Dépôts for the management of your securities accounts and the delivery of sums pursuant to Act no. 2014-617 of 13 June 2014 on dormant bank accounts and unclaimed life insurance contracts;

2° Administrative and judicial authorities, the tax administration and the French financial markets authority (“AMF”);

3° Our independent service providers executing orders and fulfilling legal obligations to make regulatory declarations.

Caisse des Dépôts and CDC Placement may be required to transfer your Personal Data without your prior agreement to comply with a legal requirement. In this respect, you agree that Caisse des Dépôts and CDC Placement may transfer Personal Data to comply with a court summons, warrant, court decision or order, or to a competent authority in the context of a particular investigation and particularly to defend their rights.

Your data may also be made accessible to our technical and other service providers, strictly for the needs of their services.

5 - Will your Personal Data be transferred outside the European Economic Area?

Personal Data are stored in the European Union.

In the context of using international payment networks, your data may, however, be made accessible from or to other countries where the level of personal data protection is not always equivalent to the level in the European Union. These data are only transferred (i) pursuant to a contract signed with Caisse des Dépôts and CDC Placement or pre-contractual measures taken at your request, (ii) pursuant to an international agreement or a legal obligation, (iii) to prove, exercise or defend rights in courts or (iv) for compelling public interest reasons.

6 – How long do we retain your Personal Data?

Caisse des Dépôts and CDC Placement process and store Personal Data in a secure environment for the period necessary to achieve the purposes for which they were collected.

Caisse des Dépôts and CDC Placement keep the data collected for a period proportionate to the purpose of the processing:

	Retention period by processing purpose
Provide your banking services	6 months for requests to open an account which did not result in a signed contract
10 years after closure of an account
For dormant bank accounts within the meaning of Act no. 2014-617 of 13 June 2014: - 20 years if the account becomes dormant and the holder is still alive; - 27 years if the account becomes dormant due to the holder’s death.
Meet your needs for financing	6 months for loan applications which did not result in a signed contract
10 years after full repayment of the loan
Keep your securities accounts	6 months for requests to open an account which did not result in a signed contract
10 years after closure of the securities account 10 years for proof of Government coupon payments (unowned assets) and proof of remittance of assets in the Reserve Fund for pensions
For dormant securities accounts within the meaning of Act no. 2014-617 of 13 June 2014: - 20 years if the account becomes dormant and the holder is still alive; - 27 years if the account becomes dormant due to the holder’s death.
Anti-money laundering and counter terrorist financing, within the limits of your interests and rights	5 years after closure of the account or loan repayment or the termination of our relationship
Prevent and combat fraud	5 years after closure of the account or loan repayment or the termination of our relationship

In the event of litigation, these periods are extended until a final court decision is handed down.

Regarding records of connections to the Websites of Caisse des Dépôts and CDC Placement, this period may not exceed one (1) year.

7 – What rights do you have and how can you exercise them?

In accordance with applicable regulations and particularly the European Regulation (EU) of 27 April 2016, you have the following rights:

- right of access to your Personal Data and the right to have them corrected, updated and completed;

- right to have your Personal Data deleted when they are inaccurate, incomplete, ambiguous or out of date;

- right to object to the processing of your Personal Data;

- right to the portability of your Personal Data when these data are processed on the basis of your consent or the performance of a contract;

- right to define directives concerning the post-mortem management of your Personal Data and to choose who Caisse des Dépôts and/or CDC Placement shall send your Personal Data to (or otherwise);

- right to withdraw your consent at any time.

You may change or revoke your instructions and directives concerning the post-mortem management of your Personal Data at any time and through your post-mortem rights holders. As soon as Caisse des Dépôts and/or CDC Placement is informed of the death and absent any instructions or directives, they shall destroy your data, unless their storage is necessary for probative purposes, to meet a legal obligation or for scientific research, historical or statistical purposes.

To exercise the rights defined above, you may contact Caisse des Dépôts and CDC Placement by writing to: Caisse des Dépôts – Données Personnelles - Etablissement de Bordeaux – 5 rue du Vergne – 33059 BORDEAUX CEDEX or by email to mesdonneespersonnelles@caissedesdepots.fr.

You must indicate the Personal Data that Caisse des Dépôts and/or CDC Placement must correct, update or delete and clearly identify yourself by enclosing a copy of a valid ID document (ID card or passport). In this regard, please note that requests for erasure will be subject to our legal obligations particularly relating to the retention and archiving of documents.

You may also lodge a complaint with the competent supervisory authority (CNIL) or seek redress in the competent courts if you consider that we have not respected your rights.

8 - How are you informed of changes made to this Privacy Notice?

Caisse des Dépôts and CDC Placement may update this document to reflect technical and digital developments. If any change is made to this notice by Caisse des Dépôts or CDC Placement, the new version will be published on the Caisse des Dépôts website at https://www.banquedesterritoires.fr/france/ and will be effective immediately. Please read it every time you visit the Website to refer to the latest version available.

9 – How can you contact us – DPO?

If you have any questions concerning the use of your Personal Data by Caisse des Dépôts, you may contact the Data Protection Officer (DPO) by email at mesdonneespersonnelles@caissedesdepots.fr, or by writing to: Caisse des dépôts et consignations – Données personnelles – Etablissement de Bordeaux – 5 rue du Vergne – 33059 BORDEAUX CEDEX, or by completing the contact form at http://www.caissedesdepots.fr/protection-des-donnees-personnelles.

Consignment, specialised deposits and unclaimed assets

The Caisse des Dépôts et Consignations (hereinafter “Caisse des Dépôts”), special institution created by the Act of 28 April 1816, whose registered office is located at 56 rue de Lille – 75007 PARIS pays particular attention to personal data protection.

In this respect, it applies procedures and uses IT tools to ensure the protection of personal data:

The Caisse des Dépôts has adopted a personal data protection policy which has been published on its website at https://www.caissedesdepots.fr/en/personal-data.
Personal data are processed in a transparent and secure manner in compliance with data subjects’ rights and, where necessary, in accordance with any Data Protection Impact Assessments carried out.
It is committed to making continuous efforts to protect personal data in compliance with the French Data Protection Act of 6 January 1978 amended and Regulation (EU) on data protection of 27 April 2016 (GDPR).
The Caisse des Dépôts has a Data Protection Officer (DPO) declared to the CNIL (French Data Protection Authority) and a team dedicated to personal data protection.

The purpose of this policy is to inform you of how the Caisse des Dépôts uses and protects your personal data within the framework of its systems for the management of consignments and specialised deposits, and of unclaimed assets.

Consignment is a specific mechanism involving the Caisse des Dépôts as a trusted third party.

As such, its role is to receive, safeguard and return any consigned sums of money and securities. Failing restitution, and after a period set by law, these sums of money and securities are forfeited to the State or to French Overseas authorities, or to ACCOSS (Social Security Organisation Central Agency).

The Caisse des Dépôts receives all consignments that are based on a legislative or regulatory text or on a court or administrative decision, regardless of the capacity of the depositors and the value of the assets to be consigned.

A specialised deposit is a specific mechanism involving the Caisse des Dépôts as a trusted third party.

As such, its role is to receive, safeguard and return the sums of money and securities deposited because they are unclaimed or because their owner must be placed under special protection.

The legal regime of special deposits is different to that of consignments as the legal and regulatory provisions on which they are based are different (e.g., Eckert Act (unclaimed assets/Ciclade), remuneration of child entertainers and models, return-to-school allowance for children in care, etc.).

When you provide us with data concerning natural persons, you are responsible for informing those persons of the existence of this policy and for inviting them to read it. In fact, when we use the terms “you” or “your”, this means yourself, your representatives (authorised agents and signatories), as well as the persons you represent and any of your collaborators.

1 - Who collects Personal Data?

2 - What Personal Data are processed?

3 - What are the purposes and the legal grounds for the processing of your Personal Data?

4 - Who are the recipients and processors of your Personal Data?

5 - Are there plans to transfer your Personal Data outside of the European Economic Area?

6 - How long do we store your Personal Data?

7 - What are your rights and how can you exercise them?

8 - How can you learn about changes to this policy?

9 - How to contact Us – DPO?

1 - Who collects Personal Data?

As part of the management of consignments and specialised deposits including those governed by the Eckert Act, the Personal Data Controller is the Caisse des Dépôts.

2 – What Personal Data are processed?

The notion of "Personal Data" encompasses any information concerning a natural person, who is or may be identified, directly or indirectly, by reference to an identification number or one or more pieces of information specific to him or her.

The Caisse des Dépôts may collect data relating to your identity as well as your contact details, your personal and professional circumstances, your economic, asset, financial and tax circumstances, as well as any information which proves your rights or is required for the performance of our duties.

In particular, the Caisse des Dépôts is likely to process the following sensitive data:

Your registration number on the national natural person identification register (referred to as your “NIR” or “social security number”) when the consignment, specialised deposit or inactive account concerns your employee savings,
Data likely to reveal your religious or philosophical beliefs for the compensation of victims of spoliations,
Data relating to criminal sentences or offences, and related security measures for consignments made in the context of a judicial bond,
Bank details.

We also collect your connection data and data relating to the use of our online services.

Using the personal data collected or that relating to the operation of our services, we can generate or calculate new personal data. This is the case when we determine, in accordance with our legal and regulatory obligations, fraud risks, or when we perform any other evaluation. Furthermore, to learn more about you, to adjust our services and to personalise any offers we may send you, we may define client profiles and segments.

The procedures in place aim to ensure perfect compliance with the principle of confidentiality and a high level of protection for your data.

Personal Data may be collected:

Directly from you using our forms and based on your use of our services,

Indirectly via legal entities or natural persons, listed below, who may consign, deposit, request the release of sums of money or securities, request the return of assets or securities,

For the management of consignments and specialised deposits (excluding the Eckert Act)

Legal representatives, any interested party with legitimate interest;
Legal professionals (Notaries, Lawyers, Bailiffs, Judicial Administrator, Judicial Representatives (AJMJ), Court Clerks of Judicial Courts and Employment Tribunals, Administrators);
Public legal entities:
- The State [(DNID (National Directorate of Domanial Intervention), DGFiP (General Directorate of Public Finances)],
- Local authorities, or similar authorities,
- Hospitals or similar institutions;
Private legal entities:
- Companies (employers, experts, etc.);
Other organisations authorised by legislative or regulatory texts and in compliance with specific communication and re-use rules as set out in said texts [(CAF (Family Allowance Fund), MSA (Mutual health insurance fund for agricultural workers), FGTI (Guarantee fund for victims of acts of terrorism and other offences) etc.]

For the management of unclaimed assets (Eckert Act):

Depositing financial institutions;
Your legal representatives;
Legal professionals (Notaries, Lawyers, Bailiffs, Judicial Representatives for the protection of adults (MJPM), Judicial Administrator/Judicial Representatives (AJ/MJ);
Public legal entities:
- The State [(DNID (National Directorate of Domanial Intervention), DGFiP (General Directorate of Public Finances)],
- Local authorities, or similar authorities,
- Hospitals or similar institutions,
- Other organisations [(CAF (Family Allowance Fund), MSA (Mutual health insurance fund for agricultural worker)] in the context of debt recovery;
Private legal entities:
- Companies, associations, works councils, pension funds, etc.

In our forms, we specify the compulsory nature of the responses. If you would prefer not to provide such information marked as compulsory, you will not be able to access some services. The purpose of other information is for us to know more about you, and, as a result, is optional.

3 - What are the purposes and the legal grounds for the processing of your Personal Data?

Above all, we process your personal data as part of our management of consignments and specialised deposits and our management of unclaimed assets.

Depending on the service(s) in question, the purpose of the processing operations carried out by the BDT in the context of our relationship is:

To manage consignments and specialised deposits in accordance with our public interest duties, notably pursuant to the Order of 3 July 1816 on the Caisse des Dépôts et Consignations’ powers, and to Articles L518-2, L518-17 and L518-24 of the French Monetary and Financial Code, and to Articles 2241 and 2244 of the French Civil Code. Such processing includes the processing of your personal data required to receive the assets, keep the assets in view of their return or, where applicable, their forfeiture when the forfeiture procedure is applicable,
To manage unclaimed assets in order to meet its legal obligation of returning such sums of money pursuant to Act no. 2014-617 of 13 June 2014 relating to inactive bank accounts and unclaimed life insurance policies.

This processing includes the processing of your personal data required to receive assets, which have been transferred to the CDC pursuant to the Eckert Act, to the Act of 1977 (inactive bank accounts, employee savings contracts and insurance policies), to Order 2018-95 and to the PACTE Act of 22/05/2019, to keep assets in view of their return to beneficiaries/rightsholders or holders, legal representatives, professionals, financial institutions; or, where applicable, their forfeiture when the forfeiture procedure is applicable, and to meet tax obligations.

Furthermore, the Caisse des Dépôts may also process your data to:

Meet vigilance, reporting and information requirements pursuant to regulations on the fight against money laundering and terrorist financing, within the limits of your interests and rights. In accordance with the provisions of Article L.561-45 of the French Monetary and Financial Code, natural persons have an indirect right of access to the data concerning them which they may exercise by directly contacting the CNIL, 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07;
Manage the mechanism to prevent and combat fraud in the banking and financial sector as part of our public interest duties or the pursuit of our legitimate interests;
Assess operational risks and ensure permanent monitoring to meet our legal obligations;
Manage pre-litigation and litigation cases to pursue our legitimate interests;
Carry out internal audits to pursue our legitimate interests;
Manage the security of information systems to pursue our legitimate interests.

4 - Who are the recipients and processors of your Personal Data?

The data collected by the Caisse des Dépôts are intended for:

Legal representatives, representatives and beneficiary heirs;
Banking establishments and financial institutions holding accounts for the beneficiaries of payments restituting the funds;
Administrative and judicial authorities and for the tax administration to meet our legal and regulatory obligations of forfeiture, monitoring of cases (consignment or release orders), publication of forfeited deposits, relations and exchanges relating to the processing of claims for compensation received by CIVS (Commission for the Compensation of Victims of Spoliation) and the calculation and recovery of tax, the fight against tax fraud.

The Caisse des Dépôts may need to forward your Personal Data without obtaining your consent beforehand to comply with a legal requirement. In light of this, you accept that the Caisse des Dépôts may transfer your Personal Data if it deems it necessary in order to comply with a writ, a mandate, a court decision or order, or with a competent authority as part of a specific investigation and particularly to defend its rights.

They will also be made available to our service providers and technical providers, strictly for the requirements of their task.

5 - Are there plans to transfer your Personal Data outside of the European Economic Area?

Personal Data are stored within the European Union.

6 – How long do we store your Personal Data?

The Caisse des Dépôts processes and retains Personal Data in a secure environment during the period of time necessary for achieving the goals for which said Data are collected.

The Caisse des Dépôts retains the data collected for a period of time that is proportionate to the purpose of the processing:

Finalité du traitement	Durée de conservation
Manage consignments and specialised deposits (excluding Eckert Act) For consignment or release requests	Maximum period of 70 years for acts dated prior to 01/01/2020 (PACTE Act), as from the date of consignment with the Caisse des Dépôts provided there is no interruption or stay of proceedings Maximum period of 60 years for acts dated after 01/01/2020 (PACTE Act) as from the date of consignment with the Caisse des Dépôts provided there is no interruption or stay of proceedings
For specialised deposit or restitution requests	Maximum period of 88 years for acts dated prior to 01/01/2020 as from the date of deposit with the Caisse des Dépôts provided there is no interruption or stay of proceedings Maximum period of 78 years for acts dated after 01/01/2020 (PACTE Act) as from the date of consignment with the Caisse des Dépôts provided there is no interruption or stay of proceedings
Manage unclaimed assets (Eckert Act) For restitution requests:	Maximum period of 67 years for acts dated prior to 01/01/2020 as from the date of deposit of the file with the Caisse des Dépôts et consignations, or from the date the information was provided by the user, provided there is no interruption or stay of proceedings. Maximum period of 57 years for acts dated prior to 01/01/2020 (PACTE Act) as from the date of deposit of the file with the Caisse des Dépôts et consignations, or from the date the information was provided by the user, provided there is no interruption or stay of proceedings.
Fight against money laundering and terrorist financing, within the limits of your interests and rights	5 years as from closure of the consignment file, of the unclaimed fund or the end of our relationship
Steer the mechanism to prevent and combat fraud in the banking and financial sector	12 months to characterise a warning 5 years as from the closure of the fraud file, in case of a relevant warning
Steer the permanent monitoring mechanism	10 years, annual basis. Annual basis: during a given year, we take account of the documents’ seniority date so as to only store documents with a seniority of less than 10 years (documents of over 10 years in seniority are purged).
Manage pre-litigation and litigation cases	For the management of pre-litigation cases: period strictly necessary to amicably settle the dispute or, in the absence of an amicable settlement, until prescription of the corresponding legal action. For the management of litigation cases: until expiry of the periods for appealing against the decision to render it enforceable. On expiry of these periods, the data are erased in a secure manner or archived under the conditions set out in the French Heritage Code. Decisions rendered may be stored as definitive archives for reasons of historical interest.
Conducting internal audits	By way of exception, audits required the transmission of Personal Data. After the audit, such Personal Data are erased, unless some are identified as needing to be retained, where applicable, pursuant to certain obligations (legal, regulatory, ligitation, etc.) and for a period limited by said obligations; at the end of this imposed period, the Personal Data are erased.
Steer information systems security	As regards traces of connections to the Caisse des Dépôts, Consignments and Specialised deposits, and Ciclade (management of unclaimed funds) websites, this period cannot exceed a period of 18 months in order to enable data subjects to use the service and the platform, and to ensure the security of transactions and track and manage incidents.

By application of the French Heritage Code, we may need to retain some documents concerning you after the retention period where they are of administrative, scientific, statistical or historical interest.

As regards traces of connections to the Caisse des Dépôts, Consignments and Specialised deposits, and Ciclade (management of unclaimed funds) websites, this period cannot exceed a period of 18 months in order to enable data subjects to use the service and the platform, and to ensure the security of transactions and track and manage incidents.

7 – What are your rights and how can you exercise them?

In accordance with regulations in force, and particularly with the European Regulation (EU) of 27 April 2016, you have the following rights:

The right to access, rectification, updating and completeness of your Personal Data;
The right to erasure of your Personal Data when they are inaccurate, incomplete, ambiguous or outdated;
The right to object to the processing of your Personal Data. It is specified that the right to object, save for a legitimate reason, does not apply to the processing required to manage unclaimed funds nor to that required to manage consignments and specialised deposits;
The right to decide the fate of your Personal Data after death and to choose who the Caisse des Dépôts should communicate (or not communicate) your Personal Data to.

You may change or withdraw your instructions and orders concerning the fate of your Personal Data after death at any time. As soon as the Caisse des Dépôts is made aware of your death, and failing instructions or orders, the Caisse des Dépôts undertakes to destroy your data, unless their retention is necessary for purposes of proof, to comply with a legal obligation or for purposes of scientific, historical or statistical research.

To exercise the rights defined above, you may contact the Caisse des Dépôts by writing to the following address: Caisse des Dépôts – Données Personnelles – Établissement de Bordeaux – 6 place des Citernes 33059 BORDEAUX CEDEX (FRANCE) or by e-mail to mesdonneespersonnelles@caissedesdepots.fr.

You must state which Personal Data the Caisse des Dépôts should correct, update or erase and provide your precise identity and a copy of a valid identity card (identity card or passport). In this regard, we specify that erasure requests are subject to the legal requirements imposed on the Caisse des Dépôts, particularly as concerns the archiving of documents.

Should you consider that the Caisse des Dépôts has not observed your rights, you possess the right to make a claim with the competent supervisory authority (CNIL) or to gain compensation before the competent courts.

8 - How can you learn about changes to this policy?

In light of technical and digital developments, the Caisse des Dépôts may update this document. If changes are made to this policy by the Caisse des Dépôts, the new version will be published on the Caisse des Dépôts’ websites at https://www.caissedesdepots.fr/en/personal-data.

This policy will be effective as from the date it is published. We invite you to refer hereto each time you visit the website to ensure you are up to date with the latest available version.

9 – How to contact Us – DPO?

Data subjects concerned by such processing may exercise the rights guaranteed to them under the Data Regulation by email to the following address: mesdonneespersonnelles@caissedesdepots.fr and may ask questions relating to the use of their Personal Data by the Caisse des Dépôts to the Data Protection Officer (DPO), by email to the following address: dpo@caissedesdepots.fr.

If your request does not relate to the processing of your personal data, your email will not be processed. For any requests for information relating to the services, you may contact us:

For the Ciclade service (unclaimed assets service) via your personal space or using the dedicated contact form: https://ciclade.caissedesdepots.fr/en/contact-us
For the Consignments – release – specialised deposits service, using the dedicated contact form: https://consignations.caissedesdepots.fr/contact

Personal Data

Cookies used by Caisse des Dépôts

Information

Research and documentation

Contact

Privacy Notice

Cookie Policy

Cookies used by Caisse des Dépôts

Recruitment Privacy Notice

Pension Management Privacy Notice

Privacy Notice – Banking, financing and account management

Personal data protection policy - Consignment and specialized deposits .

Information

Research and documentation