Personal Data Protection Policy

1. Data Controller

The Crédit Agricole Personal Finance & Mobility corporate website (hereinafter the “Website”) is published by Crédit Agricole Consumer Finance S.A., which acts as the data controller for the personal data collected via the Website, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (“Loi Informatique et Libertés”).

2. Data Collected

As part of the use of the Website, only data that is strictly necessary is collected.

Data provided directly

The following data may be collected via the contact forms:

  • last name;
  • first name;
  • email address;
  • any information the user chooses to provide in the free-text field of the form.

Users are invited not to communicate sensitive data, within the meaning of applicable regulations, via the free-text field.

Data collected via cookies

The Website uses cookies and other trackers, in particular:

  • audience measurement cookies (AT Internet);
  • cookies related to the integration of YouTube videos via iframe.

3. Purposes of Processing

The personal data collected is used for the following purposes:

  • processing and responding to requests submitted via the contact forms;
  • measuring and analyzing Website traffic in order to improve its operation;
  • displaying and playing video content integrated via YouTube.

4. Legal Basis for Processing

The processing operations carried out are based on:

  • the legitimate interest of the data controller in responding to requests received via the contact forms;
  • the user’s consent for the placement of audience measurement cookies and cookies related to YouTube videos.

5. Recipients of the Data

The data collected is intended exclusively for the authorized internal departments of Crédit Agricole Consumer Finance S.A.

When the user accepts cookies related to embedded videos, certain data may be transmitted to YouTube (Google LLC), acting as an independent data controller, in accordance with its own privacy policy.

6. Data Retention Period

Data transmitted via the contact forms is retained for the duration necessary to process the request, then archived for a maximum period of 12 months from the date of the last exchange, before being deleted.

Cookies are retained for a period in compliance with applicable regulations and the settings of the tools used.

7. Data Storage and Security

Personal data collected via the contact forms is transmitted by email and stored on the secure messaging systems of Crédit Agricole Consumer Finance S.A., located within the European Union.

Appropriate technical and organizational measures are implemented to ensure the security and confidentiality of the data and to prevent any unauthorized access, disclosure, alteration, or destruction.

8. Exercise of Rights

In accordance with applicable regulations, you have the right to access, rectify, erase, restrict, object to, and request the portability of your personal data.

You may exercise these rights by sending your request:

by post:

Crédit Agricole Consumer Finance S.A. – DPO

1, rue Victor Basch – CS 70001

91068 Massy Cedex

A response will be provided within a maximum period of one month from receipt of your request. In case of reasonable doubt regarding your identity, supporting documentation may be requested.

You also have the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL).

9. Policy Updates

This personal data protection policy may be amended at any time to reflect legal, regulatory, or technical developments. The version in force is the one published on the Website.