Protection of personal data

Information Notice relating to the Processing of Personal Data on the Groupe BPCE API Store website

BPCE SA, in its capacity as data controller, collects personal data concerning you and implements appropriate technical and organisational measures to ensure that the processing of such data is carried out in accordance with the applicable legislation.

The purpose of this information notice is to inform you about how your personal data are processed and protected, and about the procedures available to you to exercise your rights.

1.    Purposes of the Processing and Legal Bases

BPCE SA, in its capacity as data controller, processes your personal data for the following purposes:

  • Responding to enquiries submitted by users on the website apistore.groupebpce.com. This purpose is based on the legitimate interests of BPCE SA.
  • Ensuring the security of the website. This purpose is based on the legitimate interests of BPCE SA.
     

2.    Categories of Data Collected and Processed via the Website 

The categories of personal data collected and processed are as follows.

Personal contact details:

  • Surname
  • First name
  • Email address

Professional contact details:

  • Company name

Content of the request

If some or all of the above-mentioned data are mandatory, the field used to collect such data will be marked with an asterisk. If you do not provide these data, your request cannot be taken into account or its processing may be delayed.

3.    Recipients of the Data

The data are disclosed to the following recipients:

  • Staff of BPCE SA, as well as its processors involved in the provision of the services.
     

4.    Data Retention Period

The personal data will be retained for one year from the closure of the request.

Once the retention periods indicated above have expired, the data are deleted or anonymised.

5.    Data Transfers

In the context of the provision of the service, the processing of personal data carried out may result in transfers of personal data to countries located outside the European Economic Area (EEA). These data transfers are governed by appropriate safeguards to ensure that personal information is protected when it is transferred outside the EEA to countries that do not have the same level of data protection.

6.    Your Rights

In accordance with the GDPR and the French Data Protection Act (“Informatique et Libertés”), you have the following rights: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object.

You also have the right to withdraw your consent at any time where the processing of your personal data is based on this legal basis.

Furthermore, you have the right to define instructions regarding the fate of your personal data after your death.

Please note that the exercise of some of the above-mentioned rights, such as the right to erasure, the right to object or the right to restriction of processing, may result in certain services no longer being accessible.

The above rights may be exercised either directly via the Bank’s mobile application, or at any time by contacting the following email address:  delegue-protection-donnees@bpce.fr, indicating “APISTORE GROUPE BPCE” in the subject line, or by sending a letter by post to:

BPCE
Data Protection Officer
APISTORE GROUPE BPCE
7, Promenade Germaine Sablon
75013 PARIS CEDEX 13
France

In case of doubt as to your identity, proof of identity may be requested in order to process your request to exercise your rights.

If, after contacting us, you consider that your “Informatique et Libertés” rights have not been respected, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 place de Fontenoy, TSA 80715, 75334 PARIS Cedex 07, France.

This information notice may be amended. The current version in effect is dated April 30, 2026.