Protection of personal data collected by Sfil concerning persons outside Sfil
The Sfil Group, which is particularly attentive to the protection of personal data, applies a strict policy to ensure the protection of personal data:
- Personal data are processed transparently and securely in compliance with the rights of individuals;
- The Sfil Group is committed to a continuous personal data protection process, in accordance with the French Data Protection Act of January 6, 1978, as amended, and the Regulation (EU) of April 27, 2016 on Data Protection (GDPR).
- The Sfil Group has a Personal Data Protection Officer (DPO), as reported to the French Data Protection Authority (CNIL).
The privacy and cookie management policies available on our website in accordance with these laws should be read in conjunction with any other legal notices and conditions provided or made available by the Sfil Group. They may be amended, supplemented or updated in order to comply with any legislative, regulatory, judicial or technical changes. If these policies are amended, the new versions published on the website will become effective upon publication. Please refer to them each time you visit the website to make sure you are familiar with the most recent version available.
The Cookies Policy is intended to inform users of the website about the collection of cookies, trackers and/or login tags, their purpose and their maximum retention period.
Collection and processing
Sfil employees working on investor relations subjects collect contact data via the Sfil.fr website to send financial communications and invitations to financial communication events. They are not used for fully automated decision-making or profiling purposes. They may be transferred to Sfil’s partners for the purpose of sending invitations and organizing events.
Contact data of potential suppliers and service providers is collected in connection with the processing of calls for tender launched by the Sfil Group. They are not used for fully automated decision-making or profiling purposes. They do not undergo any subsequent processing, unless a contract is entered into.
Supplier and borrower contact data is collected in connection with the contractual relationships with the Sfil Group to ensure the proper performance of contracts. They are not used for fully automated decision-making or profiling purposes and do not undergo any subsequent processing.
If users access social networks, such as Twitter or LinkedIn, via the link on the Sfil.fr_website, the Sfil Group may have access to personal data that is indicated as being public or accessible from Twitter, LinkedIn or other profiles. The Sfil Group does not use or create any independent database of social networks based on information published on the accounts of each social network, and the Sfil Group does not process any personal data or data relating to individuals’ private life in this way.
The Financial Communications divisions of the Sfil Group, as well as the Sfil Group’s investor relations team, have access to the investor contact data collected.
The contact data of potential suppliers and service providers is intended for the Purchasing Department and the relevant operating staff of the Sfil Group.
The supplier contact data is intended for the Purchasing and Accounting departments of the Sfil Group.
Borrower contact data is intended for employees involved in the performance of Sfil Group loan agreements.
Candidate contact data is intended for employees of the Sfil Group’s HR Department.
Contact data for journalists is intended for employees of the Sfil Group’s Communications Department.
Communication to third parties
Personal data collected by the Sfil Group about persons outside Sfil is communicated to third parties in the following cases:
- Hosting of the Sfil Group’s servers and sites by subcontractors;
- Maintenance of systems and software by external suppliers;
- Cooperation with external service providers;
- Performance of legal or regulatory obligations.
In the event the Sfil Group transfers personal data it has collected about persons external to the Company outside the European Union, it will first obtain said persons’ consent.
Contact data (investors, potential suppliers) are updated annually and deleted if they are no longer relevant.
Personal data collected by the Sfil Group in connection with contractual relationships with borrowers is retained for five years after the end of the relationship.
This period may be extended for processing that is subject to a legal or regulatory obligation, in accordance with the laws in force.
This period may be shortened if it is not appropriate in light of the purposes for the processing operations.
Rights of data subjects
Subject to the laws in force and contractual obligations, you can exercise your right of access, rectification, opposition, restriction or deletion at any time by sending an email to firstname.lastname@example.org.
If your request relates to a withdrawal of consent to the processing of your personal data, please be aware that this is not retroactive and only affects actions carried out after your request.
If you are unsatisfied with the response given to your request to exercise your rights, you can contact the French Data Protection Authority (Commission nationale de l’informatique et des libertés – www.cnil.fr).
Contact details of data controller
Sfil is a société anonyme (corporation) with a board of directors, licensed as a credit institution by the French Prudential Supervisory and Resolution Authority (Autorité de contrôle prudentiel et de résolution – ACPR).
A French société anonyme with share capital of EUR 1,350,000,000
Nanterre Trade and Companies Register No. 428 782 585
Registered office: 1-3 rue du Passeur de Boulogne, 92130 Issy-les-Moulineaux
Phone: +33 (0)1 73 28 90 90
Legal representative: Philippe Mills, Chief Executive Officer
Last update 15/02/2023