Data protection notice


The protection of personal data is important to the BNP Paribas Group(1) and, in particular, to BNP Paribas Factor. That is why we have adopted the common principles contained in the BNP Paribas Group’s Data Protection Policy, which is available on the website.

BNP Paribas Factor, a société anonyme , with registered office at RUEIL-MALMAISON (92506), 12-14 rue Louis Blériot, France (“we”), is responsible for processing your personal data. The purpose of this Data Protection Notice is to inform you of how we use and protect your personal data and the reasons for which we process this data.

It applies uniformly to all factoring products and services of BNP Paribas Factor, it being specified that additional information may be communicated to you if needed should you subscribe to a specific product or service.

1. What personal data do we process?

We collect and use personal data to the extent necessary in the context of our activities to propose quality factoring products and services that are tailored to your needs.

We may collect various types of personal data about you, including:

  • Identification and contact information (first name, last name, place and date of birth, photo, ID card and passport numbers, postal and email address, phone number, gender and signature)
  • Family situation (marital status, matrimonial regime, number of children, age of children)
  • Banking and financial information and transaction data (bank details, value of your assets)
  • Identification and authentication data, in particular when using online services (technical logs, digital traces, information on the security and use of the terminal, IP address)

We will never ask you for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex life or sexual orientation, unless we are required to do so under a legal obligation.

The data we use may either be directly provided by you or obtained from the following sources in order to verify or enrich our databases:

  • Publications and/or databases made available by official authorities (e.g. the official gazette)
  • Our clients, prospects or service providers
  • Third parties such as credit reference and anti-fraud agencies, in accordance with data protection regulations
  • Websites and/or social media pages containing information made public by you and databases made public by third parties

2. Specific cases of personal data collection, including indirect collection

BNP Paribas Factor may collect information concerning you, even if you are not a client of the BNP Paribas group.

BNP Paribas may collect personal data from, for example, the following persons that are not clients:

  • Prospects, guarantors, agents
  • Legal representatives, company officers and authorised persons of a legal entity that is a BNP Paribas Factor client
  • Beneficial owners and shareholders of a legal entity that is a BNP Paribas Factor client
  • Ordering parties or beneficiaries of transactions undertaken in connection with a BNP Paribas Factor client
  • Debtors
  • Introducers and brokers
  • Employees of our service providers

3. Why and on what basis do we use your personal data?

a. To comply with our legal and regulatory obligations

We use your personal data to comply with various legal and regulatory obligations, including:

  • Prevention of money laundering and financing of terrorism
  • Compliance with legislation relating to international sanctions and embargoes
  • Combating fraud
  • Financial regulations in compliance with which we:
    - assess your financial solvency
    - prevent non-payments
    - monitor and report the risks to which the establishment could be exposed
  • Responding to official requests from duly authorised public or judicial authorities

b. To perform a contract entered into with a company to which we are obliged to provide pre-contractual information and on whose behalf we are obliged to process your personal data

We use your personal data to enter into and perform our contracts, including:

  • Proving transactions
  • For you to subscribe to (in particular via electronic signature) factoring products and services distributed by BNP Paribas Factor
  • In connection with managing customer relations, for us to:
    - manage and execute factoring products and services
    - assess your needs and your understanding of factoring
    - secure the online services you use

c. To serve our legitimate interests

We use your personal data in order to deploy and develop our products and services, to improve our risk management and to defend our legal rights, including for the purposes of:

  • Proving transactions
  • IT management, including infrastructure management (e.g.: exchange platforms) and business continuity, including IT security
  • Fraud prevention (security measures, detecting transactions that deviate from the normal patterns)
  • Debt recovery
  • Creating statistical models, based on analysis of your transactions, to determine your credit risk rating
  • Developing anonymised statistical models, tests, research and development, for the purpose of optimising BNP Paribas Factor’s risk management processes and improving our offer
  • Customising BNP Paribas Factor’s commercial offers:
    - by improving the quality of our factoring products and services
    - by proposing factoring products and/or services corresponding to your needs as defined by us

These commercial proposals can be made through the:

  • Segmentation of prospects and customers
  • Analysis of your habits and preferences regarding the various channels (emails, visits to our website, etc.)
  • Transmission of your data to another BNP Paribas group company, in particular if you are – or become – a client of this other company
  • Adaptation of the offer of factoring products and services in view of the factoring products and services that your already have or use and data we hold

d. To respect your choice if we request your consent to specific processing

In some cases, your consent is needed to process your data, for example:

  • Where the above purposes lead to automated decision-making that produces legal effects that concern or significantly affect you, we will inform you separately of the underlying reason, as well as of the significance and envisaged consequences of such processing
  • If we carry out further processing for purposes other than those referred to in section 3, we will inform you and, where necessary, request your consent.

4. Who do we share your personal data with?

In order to fulfil the aforementioned purposes, we only disclose your personal data to:

  • BNP PARIBAS Group entities
  • Service providers and subcontractors that perform services on our behalf
  • Independent agents, intermediaries and brokers
  • Banking and commercial partners
  • Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law
  • Certain regulated professionals such as lawyers, notaries and auditors.

5. Transferring personal data outside the European Economic Area

In the event of international transfers originating from the European Economic Area (EEA):

  • Where the European Commission has recognised a non-EEA country as providing a level of data protection equivalent to that provided by EEA legislation, your personal data may be transferred on that basis
  • For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission as being equivalent, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary in order to perform our contract with you, such as when making an international payment) or implement suitable safeguards to ensure the protection of your personal data (standard contractual clauses approved by the European Commission, binding corporate rules))

To obtain a copy of these safeguards or find out where they can be accessed, you can send a written request as indicated in Section 9.


6. How long do we keep your personal data for?

We will retain your personal data for the period required in order to comply with applicable legal and regulatory provisions. We also take into account operational requirements, such as proper account maintenance, facilitating client relationship management and responding to legal claims or regulatory requests.

For instance, most of a client’s information is kept for the duration of the contractual relationship and for 10 years following the end of the contractual relationship.

For prospects, information is kept for a period of three years after it is collected or after our last contact with you.

7. What are your rights and how can you exercise them?

In accordance with applicable regulations, you have the following rights:

  • To access: You can obtain information relating to the processing of your personal data and a copy of such personal data.
  • To rectify: Where you consider that your personal data is inaccurate or incomplete, you can demand that such personal data be modified accordingly.
  • To erase: You can demand the deletion of your personal data, to the extent permitted by law.
  • To restrict: You can request that the processing of your personal data be restricted, to the extent permitted by law.
  • To object: You can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • Data portability: Where legally applicable, you have the right to have the personal data you have provided to us returned to you or, where technically feasible, transferred to a third party.
  • Right to define directives regarding the keeping of your data : You have the right to define directives, which will apply following your death, regarding the erasure or communication of your personal data.
  • Right to withdraw your consent: Where you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.

If you wish to exercise the rights listed above, please send a letter to the following address:

Délégué à la Protection des Données
BNP Paribas Factor
Seine Way - 12 à 14 rue Louis Blériot

In accordance with applicable regulation, you are entitled to lodge a complaint with the competent supervisory authority in France, such as CNIL (the French data protection authority).


8. How can you find out about any changes made to this data protection notice?

In a world where technology is constantly changing, we regularly update this Data Protection Notice.

We invite you to review the latest version of this notice online and will inform you of any material changes through our website or through our other usual communication channels.


9. How to contact us?

If you have any questions relating to our use of your personal data under this Data Protection Notice, please write to our Data Protection Officer, who will deal with your request, at the following address:

Délégué à la Protection des Données
BNP Paribas Factor
Seine Way - 12 à 14 rue Louis Blériot

10. Miscellaneous

Information relating to our cookie policy and IT security can be found on our websites.


(1) The list of BNP Paribas group companies can be found at
GDPR (General Data Protection Regulation) data protection notice – V1 Edition May 2018

Download the full notice