For a better browsing experience and to benefit from all the features of credit-agricole.com, we advise you to use the Edge browser.
Main menu Go to content Footer
  • Text Size
  • Contrast
  • Text Size
  • Contrast

CREDIT AGRICOLE SA Personal Data Protection Policy - December 2025

WHY A PERSONAL DATA PROTECTION POLICY AND WHY ARE YOU CONCERNED?

As data controller, “we”, Crédit Agricole S.A., process your personal data in accordance with the regulations in force and in particular the General Data Protection Regulation. The purpose of this Personal Data Protection Policy is to inform you, in a clear and detailed manner, about the processing we carry out on your personal data.

Crédit Agricole S.A. is the central institution of the Crédit Agricole Group, in accordance with the provisions of the French Monetary and Financial Code.

  • We ensure the cohesion and smooth functioning of the Crédit Agricole Regional Banks network.
  • We guarantee the liquidity and solvency of both the entire network and each of its affiliated institutions.
  • We exercise administrative, technical and financial control over the organisation and management of affiliated institutions.
  • We ensure that these institutions comply with the laws and regulations.
     

In addition to its role as a central institution, Crédit Agricole S.A. also acts as a holding company of the Crédit Agricole Group. 

  • We hold stakes in the Group’s subsidiaries and coordinate their strategies.
  • We are responsible for the Group’s financial management and the consolidation of its financial statements.
  • We define and implement the Group's overall strategy.
  • We centralise and manage relationships with investors, analysts and shareholders.
  • We supervise and coordinate the activities of the various Group entities internationally and ensure the consistent application of the Group's policies, including the protection of personal data.
     

This “You” Policy applies to one or more of the following reasons:

  • You are a potential customer of a Crédit Agricole Group entity, your personal data is processed even though you do not have an established contractual relationship.
  • You are a “Shareholder”: we process your data when you hold shares in our company or one of our subsidiaries. You may be an individual or institutional shareholder, and your data is used to manage your relationship with us as an investor, including for sending financial reports, convening general meetings, and distributing dividends.
  • You are in contact with an entity of the Crédit Agricole Group, which shares your data with Crédit Agricole S.A. in the context of its activities as a central institution and holding company.
     

This Policy supplements and clarifies the information contained in the contracts you have signed with one of the Group entities or contained in other media (websites, forms, reply coupons, etc.). In the event of a conflict between the provisions of this Privacy Policy and the provisions contained in these contracts or other media, the provisions of the Privacy Policy shall prevail unless otherwise stipulated in the contracts.

Certain specific treatments or treatments that concern a limited number of people are not mentioned in this Data Protection Policy. They are then the subject of particular information addressed to these persons by appropriate means of communication.

 

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data through different channels and in different ways:

  • Directly to you when you use our services, fill out a form or reply coupon, or browse our websites and mobile applications, etc.
  • Indirectly, through Group entities, when you are in contact with them;
  • Indirectly by external sources, public or private, which allow us, in compliance with your rights and regulations, to know you better (browsing on third-party sites, sponsorship operations, databases, publications made accessible by official authorities, etc.).
     

You can find more details about these collection sources in the tables and inventory available by link.

 

WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data on the basis of the following legal bases, as appropriate:

  • Execution of contracts relating to products and services you have subscribed with us;
  • Our legal obligations;
  • Our legitimate interests or those of third parties, while respecting your rights;
  • Your consent;
     

We use your personal data mainly for the following purposes (objectives):

Some processing of personal data is carried out jointly with another controller(s). In such a case, you are informed of this joint responsibility, by us and/or by these joint responsible(s), as well as the modalities of exercising your rights. Details are provided in the tables.

Based on your data, including transaction and banking data when you are a customer of a Group entity, we may use targeting, profiling or rating (“score”) operations to meet our legal and regulatory obligations, and enable the management of our risks. These treatments also aim, in accordance with your interests and rights, to manage the marketing activities of the Crédit Agricole Group, develop new offers, in order to provide customers of the Crédit Agricole Group Entities with a higher quality service.

 

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We store and process your personal data for the period necessary to achieve the purpose pursued. These durations are further detailed in the tables above.

At the end of this, personal data may be stored in intermediate storage (i.e. with restricted access), for the purposes of evidence management, at most for a period corresponding to the duration of the contractual relationship or the business relationship, plus the periods necessary for the liquidation and consolidation of rights, the legal retention periods and limitation periods and the exhaustion of legal remedies.

 

TO WHOM DO WE TRANSMIT YOUR PERSONAL DATA?

As a credit institution, we are bound by professional secrecy. However, we may, in compliance with our banking secrecy obligations, disclose your personal data to recipients.

Thus, we may be required to disclose documents or information that may include personal data to legally authorised authorities. These transmissions are carried out in compliance with the "Collection of "authorised third party" procedures" published by the CNIL and accessible here
 

We may also use subcontractors, whether or not they are part of the Crédit Agricole Group, who process your personal data on our behalf and according to our instructions, without being able to use this data for any other purpose than the performance of the subcontracted transactions.

Your data may also be communicated to other data controllers belonging or not to the Crédit Agricole Group, in particular in the context of our regulatory obligations as a central body and holding company.

You can find more details about these collection sources in the tables and inventory available by link.

 

HOW DO WE PROCESS YOUR PERSONAL DATA IN CASE OF TRANSFER OUTSIDE THE EUROPEAN UNION? 

For the purposes of the processing described in this Data Protection Policy, personal data may in certain cases be transferred to a country outside the European Union.

In the event of such a transfer, Crédit Agricole S.A. ensures that the recipient is subject to compliance with local legislation ensuring an adequate level of protection or guarantees to ensure this level of protection.

These guarantees may be Standard Contractual Clauses for the protection of personal data adopted by the European Commission, which are effectively applied in the importing country (i.e. a transfer contract between the controller and a recipient specifying the obligations of the controller and the recipient in the case of a transfer of personal data outside the European Union).

 

WHAT ARE YOUR RIGHTS AND HOW DO YOU EXERCISE THEM?

You may, at any time, under the conditions and limits provided by law:

  • Access your personal data: obtain information about the processing of your personal data and their communication;
  • Have them rectified: request the rectification of your personal data that would be inaccurate or incomplete;
  • Oppose:
    • their processing for reasons relating to your particular situation, when the legal basis for the processing is the legitimate interest of Crédit Agricole S.A. or third parties (except that Crédit Agricole S.A. proves that there are legitimate and compelling reasons for this processing that prevail over your interests and your rights and freedoms, or for the establishment, exercise or defence of legal claims);
    • at any time and without justification, to their processing for commercial prospecting purposes by the Regional Bank or by third parties.
  • Request their erasure: request the deletion of your personal data, and in particular when the data are no longer necessary for the purposes for which they were collected, with the exception in particular of the processing necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims;
  • Request the limitation of their processing: request the suspension or restriction of the processing of your data when you dispute their accuracy, or when we do not use them but have the legal or regulatory obligation to keep them. In such cases, they may be used only for the exercise and defence of legal rights or for the protection of the rights of another natural person;
  • Request their portability: where processing is carried out using automated processes and is based on consent or performance of the contract or pre-contractual measures, you may request to receive in a structured format the personal data you have provided to us and/or their transfer to a third party;
  • Communicate instructions on their fate in the event of death: define guidelines on the retention, erasure and communication of your personal data, applicable after your death.
     

Finally, where the legal basis for the processing is consent, you can withdraw this consent for the future and thus terminate the processing of your data, it being specified that the withdrawal of consent does not call into question the lawfulness of the processing carried out until then.

You can exercise these rights by writing by simple letter to the registered office of Crédit Agricole S.A. publisher of the Website, whose address is as follows:

 

Crédit Agricole S.A.
For the attention of the Data Protection Officer
12 place des Etats-Unis 92127 Montrouge cedex France
Or by email: donnees.personnelles@credit-agricole-sa.fr 

 

You can, in case of dispute, file a complaint with the CNIL via the link:  https://www.cnil.fr/fr/plaintes or by post by writing to: CNIL - Complaints Department - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

Direct access

Follow info

If you wish to exercise your right to object to the processing of personal data for audience measurement purposes on our site via our service provider AT internet, click on refuse