PERSONAL DATA PROTECTION POLICY

This personal data protection policy, applicable on 29/10/2024, sets out the manner in which the personal data (hereinafter referred to as "Personal Data") of prospects and business customers as well as customers acting in a personal capacity (hereinafter referred to together as "Users") are collected and processed by Welcome Account :

for the supply of Welcome Account products and services under contracts entered into with them;

when they visit the website https://welcomeaccount.com/ (hereinafter referred to as "the Site") and

when they connect to the Welcome Account Application (hereinafter referred to as "the Application").

The Personal Data collected are processed in accordance with the European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (referred to as the "RGPD"), to the Law no. 78-17 of January 6, 1978 relating to information technology, files and freedoms (known as the "Informatique et Libertés"), and this Personal Data Protection Policy (hereinafter referred to as the "PPD").-

Data controller and purposes

Personal Data, collected through various communication channels (the Site, the Application, by telephone or by e-mail), are collected by Welcome Account in its capacity as data controller within the meaning of the RGPD.

The nature of the operations carried out on Personal Data is the collection, recording, consultation, reconciliation, consolidation, storage and communication by transmission in order to ensure compliance with the legal and regulatory obligations applicable to Welcome Account, as a payment services agent.

Goals	Legal basis
If you use the payment services offered by Welcome Account
To manage our business relationship with Users for the provision of Welcome Account products and services in order to : Subscribe to and open a payment account (including the provision of means of payment) and other products and services (in particular payment services); Manage the payment account and other products and services (including payment transaction processing and related pricing) directly or through third-party payment service providers, including related communication; Provide you with the means of payment so that you can use them. Ensure proper execution of payment transactions (credit and debit). Process changes in the customer's situation that have an impact on the management of the account and other products and services (including the closure of products and services), and the related communication; Handle incidents relating to transactions on the payment or e-money account	The performance of the contract between Welcome Account and Users.
Allow you to access the Application (and authenticate yourself)	Our legitimate interest in being able to provide Users with a functional Application.
To develop our offers : Subscription and dispatch of personalized commercial communication; Sales relationship management ; Customized offers and services.	If you are a User and you use our products and services: our legitimate interest in offering you similar products and services. If you are a prospect: we will ask for your consent. In both cases, you can object to prospecting by clicking on the dedicated link in the e-mails we send you.
Record telephone and session calls to improve service quality. Conduct satisfaction surveys and respond to other feedback on Welcome Account's products and services. Carry out statistical studies. Develop, maintain and improve the Application.	Our legitimate interest in improving our products and services.
Handle, monitor and/or settle claims, pre-litigation and litigation and collection operations.	Our legitimate interest is to provide you with satisfaction, and where we have been unsuccessful, to protect our interests.
Assess and manage the risk of failure, ensure the safety of goods and people, and prevent fraud.	Our legitimate interest in protecting our and your financial interests and guaranteeing the security and integrity of our services.
To provide you with an automatic personal conversational agent, able to help you navigate the Application and carry out your tasks.	The performance of the contract between Welcome Account and Users.
If you are acting on behalf of the User sponsor
To manage our commercial relationship, send you invoices, draw up our accounts and give you access to the application that tracks the use of our services.	The execution of the contract concluded between Welcome Account and the sponsor.
If you are applying for a job
When you apply for a job, process your application and conduct interviews.	The execution of pre-contractual measures in the majority of cases. Your consent when we wish to keep your CV in our candidate database.
When you browse the Site
Use cookies and other tracers on the Site for : content and personalized advertising, enrich customer/prospect knowledge, sharing (social networks), and technical measures.	Our legitimate interest in operating the Site, in the case of a functional cookie. Your consent, when required, in particular for advertising cookies.
In any case
Subscribe and make our declarations to authorized third parties; Combating money laundering and the financing of terrorism and complying with asset freezing measures and other international sanctions; Respond and take the necessary measures following your requests to exercise rights made under the RGPD.	Our legal and regulatory obligations.
Respond to your questions and complaints (relating to the operation of the Site or the Application and to the products and services offered by Welcome Account).	Depending on the purpose of your request, the legal basis is either : If your request is not related to a product / service already purchased / subscribed to at Welcome Account: Welcome Account's legitimate interest, more specifically its economic interest in offering a quality service / customer care. If your request is related to a product / service already purchased / subscribed at Welcome Account: The execution of the contract between you and Welcome Account.
Carry out all types of capital transactions (including in particular acquisitions, disposals, mergers, demergers, contributions, partial contributions of assets, universal asset transfers, restructuring or any other transactions involving the transfer of securities or the merger of companies), whether partial or total, at Welcome Account.	Welcome Account's legitimate interest, more specifically its interest (social and economic) in carrying out the planned operation.

Personal data processed

The Personal Data collected and processed by Welcome Account are :

Data category	Processed data
Civil status, identification, identification data, image (surname, first name, pseudonym, date of birth, identification number, postal or e-mail address, image...)	Surname(s), first name(s), gender, date and place of birth, postal address, e-mail address, telephone number, nationality, proof of identity (identity cards, residence permits, passport, receipt of application for residence permit or asylum, visa), authentication videos (video selfie), proof of address.
Personal life (lifestyle, family situation, etc.)	Family situation, marital status, lifestyle and consumer habits (via financial data and data from correspondence and communications between Welcome Account, the User and any intermediary).
Professional life (CV, education, professional training, awards...)	Profession, employer or any legal entity under private or public law (sponsor), including associations governed by the law of 1er July 1901, business sector.
Economic and financial information (income, financial situation, tax situation, etc.)	Financial situation (resources and income, supporting documents), tax situation (tax residence).
Banking and payment information	Bank details, RIB, transaction data (amount and wording of payment transactions, issuer and beneficiary, means of payment, sources of payment, value date, receipts), connection data, account synchronization and aggregated account history data, and any other information or document required to trace the origin and destination of funds from payment transactions made with your account.
Information derived from your use of the Site and the Application.	When you use the conversational agent, any information revealed by the questions you ask it. The information revealed in the reviews you leave on our services and, where applicable, in the video and telephone extracts we have recorded. Information resulting from your complaints sent to our customer service department.
Connection data (IP address, logs, etc.)	Logs, cookies and other tracers (SDK etc.), IP address (city, country), merchant location data (payment transactions).
Data processed in connection with a capital transaction	The nature of the data depends on the legal nature of the planned operation.

Personal data retention and storage

Processing activities	Shelf life
Management of the business relationship with the customer for the supply of Welcome Account products and services and related communication	5 years from : - the payment transaction for data relating to this transaction, - At the end of the contract for data relating to this contract. 10 years for accounting and tax documents, and associated supporting documents (account statements, invoices, etc.) from the end of the relevant accounting period.
Access to the application	For the duration of the contract between Welcome Account and Users.
Developing our offers	3 years from the end of the commercial relationship for the customer and from the last contact from the prospect, in the case of data relating to commercial prospecting.
Improving our Application (recording telephone calls and sessions, satisfaction surveys, statistical studies)	The information resulting from your feedback on our products is kept for 3 years from the date of collection, to give us time to draw the necessary conclusions. Recordings of telephone calls are kept for 6 months, and analysis documents for 1 year.
'Risk assessment and management, security, fraud prevention	5 years from the closure of the proven fraud file or the issue of a relevant alert From the date of the offence and for the applicable statutory limitation periods.
Automatic conversational agent made available	The discussions you have with the conversational agent are kept for 12 months from the end of our contractual relationship.
Processing your applications	Your data is processed for the duration of the recruitment process. If your application is rejected, your data will be kept for 3 months, until we can explain the reasons for our refusal. Your data may be kept on file for 6 years for evidential purposes.
Deposit of cookies and other tracers for audience measurement and advertising purposes.	13 months maximum for strictly necessary cookies (25 months for data collected via these cookies) and 6 months maximum for cookies that are not strictly necessary.
Compliance with legal and regulatory obligations	5 years from account closure or termination of contractual relationship. 5 years from completion of the operation.
All types of capital transactions	Data processing from the start of the legal audit phases (i.e., due diligence) through to completion of the planned transaction.
Answering your questions and complaints	If your request is not related to a product/service already purchased/subscribed at Welcome Account, we will keep your personal data for 5 years after the request has been closed (except for very basic requests for which your personal data will not be kept). If your request is related to a product/service already purchased/subscribed at Welcome Account, we will keep your personal data for 5 years from the end of the contractual relationship.

Personal Data retention periods are necessarily extended for the legal period of foreclosure or prescription as evidence in the event of litigation. In the latter case, the retention period for Personal Data is extended for the duration of the dispute.

After the deadlines set out above, Personal Data is either deleted or kept after being anonymized, notably for statistical purposes. Please note that deletion or anonymization are irreversible operations and that Welcome Account is no longer able to restore them.

Storage and transfer of Personal Data outside the EU

Welcome Account stores Personal Data on the servers of Microsoft Ireland Operations Limited located in Ireland.

Users' Personal Data (excluding data collected in compliance with legal and regulatory obligations, in particular for the purposes of combating money laundering and the financing of terrorism) may be transferred outside the European Economic Area to third countries. If this is the case, Welcome Account implements a precise and demanding framework that complies with applicable European regulations, in particular by relying on an adequacy decision from the European Commission or by signing dedicated contractual clauses (European Commission Standard Contractual Clauses) and security commitments offering the level of guarantee required by the RGPD.

Data may be transferred to the following countries:

United States.

You may obtain a copy of these guarantees at any time by contacting Welcome Account at the address and in the manner specified in article 11 of this PPD.

Recipient of Personal Data

The recipients are the natural or legal persons who receive communication of Personal Data (hereinafter referred to as the "Recipients").

Welcome Account ensures that Personal Data is only accessible to authorized internal and external Recipients, including in particular :

Welcome Account personnel authorized to manage the relationship with customers and prospects; in this context, Welcome Account decides which Recipients may have access to which Personal Data according to an appropriate authorization policy and ensures that they are subject to an obligation of confidentiality;

Welcome Account's service providers who process Personal Data on behalf of Welcome Account and according to its instructions, without being able to use this data for purposes other than carrying out the subcontracted operations;

Welcome Account's partners, who process Personal Data on behalf of joint customers and according to the terms of the contracts directly concluded with them;

national or regional subsidiaries of the Crédit Agricole Group, in particular Okali, in its capacity as an electronic money institution, Welcome Account's principal;

authorities legally authorized to have access to it; in this context, Welcome Account is not responsible for the conditions under which the personnel of these authorities have access to and use the Data. Such transmissions are carried out in compliance with - among other things - the "Compendium of procedures - authorized third parties" published by the Commission Nationale de l'Informatique et des Libertés (CNIL);

In the context of carrying out all types of capital transactions with this third party (including, in particular, acquisitions, disposals, mergers, demergers, contributions, partial contributions of assets, transfers of all assets and liabilities, restructurings or any other transactions involving the transfer of company shares), whether partial or total, at Welcome Account level.

profiling and fully automated decisions

In cases where Welcome Account implements data processing involving fully automated decision-making (including profiling) and producing legal effects concerning or significantly affecting Users, such processing is then based on Users' explicit consent, the performance of a contract or specific legal provisions. Such processing is carried out in accordance with the applicable regulations and is backed by appropriate guarantees.

Should this profiling have legal consequences for Users, they may request the intervention of a human being, in particular in order to obtain a re-examination of their situation, to express their own point of view, to obtain an explanation or to contest the decision taken.

remote identity verification

The purpose of the remote identity verification service is to validate that the identity documents presented by Users are authentic, and that Users are the legitimate holders of these documents. The verdict is determined on the basis of personal identification data, acquired and verified by Share ID as a remote identity verification service provider, certified by the Agence Nationale de la Sécurité des Systèmes d'Informations (the "ANSSI"). The verdict, as well as the identity attributes and credentials, are then communicated to Welcome Account.

The following identity attributes are deemed to characterize the uniqueness of an individual's identity and are therefore collected by Share ID and transmitted to Welcome Account: birth name, customary name (if present), first name(s), date of birth, place of birth, nationality, gender. Welcome Account invites Users wishing to verify identity to the identity verification service web page. Users are then invited to video-capture their identity document and face; Users are guided through this phase. Once the identification data has been captured, Welcome Account's compliance department and/or its agents (notably Okali) asynchronously verify the data.

Nota Bene : A specific technical processing of biometric data, captured during the facial video, is carried out by the above-mentioned service provider for the purpose of verifying the identity of Users. This specific technical processing of facial images makes it possible to confirm the unique identification of an individual based on his or her physical, physiological or behavioral characteristics. It also detects the "living" character of the individual's face, to check that it has not been physically or digitally altered. This biometric data is considered sensitive within the meaning of the RGPD. In order to use this processing in compliance with the RGPD, Welcome Account justifies a specific need to identify Users to enable access to its products and services, under the supervision of the CNIL.

Alternative to remote identity verification: Users who do not wish or are unable to use the identity verification service under the proposed conditions may request an alternative method of identity verification from the compliance department of Welcome Account and/or its agents, without any additional constraints, incentives or special consideration. To take advantage of this service, Users are invited to contact Welcome Account's customer service department at the following e-mail address: [email protected] .

Share ID certification by ANSSI and its remote identity verification policy can be consulted at any time at the following addresses:

https://www.shareid.ai/privacy
https://www.ssi.gouv.fr/entreprise/produits-certifies/prestataires-de-verification-didentite-a-distance-pvid/. https://www.ssi.gouv.fr/entreprise/produits-certifies/prestataires-de-verification-didentite-a-distance-pvid/.

Security of Personal Data

Welcome Account reaffirms its commitment to ensuring that the security of Users' Personal Data is at the heart of all its actions. The solutions used by Welcome Account to store or process its Users' Personal Data are subject to our rigorous validation and certification procedures.

Failure to provide Personal Data

Users are not obliged to answer all the questions asked of them in the various collection media and contact forms offered by Welcome Account: fields marked with an asterisk are mandatory, others are optional.

However, failure to provide such Data may result in Welcome Account being unable to process the User's request, or prevent the User from benefiting from certain Welcome Account products and services.

rights to Personal Data

Users have rights to their Personal Data collected and processed by Welcome Account in connection with the provision and promotion of its products and services.

Their rights are as follows:

a right of access, rectification and deletion of Personal Data (inaccurate, incomplete, equivocal or outdated):

Welcome Account guarantees Users access to their Personal Data collected or processed as part of the commercial relationship;

a right to object to the processing of Personal Data at any time in the context of commercial prospecting:

Welcome Account allows Users to oppose commercial prospecting without justification.

a right to limit the processing of Personal Data in accordance with applicable regulations:

if Users no longer wish certain of their Personal Data to be processed, they have the option of limiting its use in accordance with applicable regulations.

a right to portability of Personal Data:

Welcome Account will return Users' Personal Data at their request, in a commonly used electronic format, so that they can, if necessary, transmit it to the organization of their choice.

the right to withdraw consent at any time:

Users may accept or refuse Welcome Account's processing of some of their Personal Data at any time. However, this may result in the termination of the registration process or access to the Site.

the right to lodge a complaint with a supervisory authority:

Users have the right to lodge a complaint at any time with the CNIL, the French data protection supervisory authority.

a right to communicate to Welcome Account as data controller their instructions concerning their Personal Data in the event of death:

Users can communicate their instructions on what to do with their data after their death.

Users may exercise their rights with the Welcome Account DPO by writing to the e-mail address [email protected] by post to the postal address: DPO Welcome Place - Station F

44 rue Eugène Freyssinet

75013 Paris

France

Welcome Account undertakes to respond to all requests within one month of receipt. This period may be extended by two (2) months if the request is particularly complex.

In this case, Users will be informed of any such extension and the reasons for it within a maximum period of one (1) month from receipt of the request.

In the event of a dispute, Users may lodge a complaint with the CNIL, whose Website can be accessed at the following address https://www.cnil.fr and its head office is located at 3 Place de Fontenoy, 75007 Paris.

Modification of ppd

The PPD may be modified or amended at any time in the event of changes in legislation, case law, decisions and recommendations of the CNIL (French Data Protection Authority), practices or changes in the processing of Personal Data by Welcome Account.

Any new version of the PPD will be brought to the attention of Users by any means that Welcome Account deems appropriate and relevant, including electronic means and publication on the Site.

Don't find what you're looking for?

Send us your question :

Welcome Account is a mission-driven company that provides simple, inclusive financial solutions to all newcomers who come to Europe to work, study or simply live.

Copyright © 2024. Welcome Place - SAS with share capital of €100.00 - 920 756 020 R.C.S. Paris - VAT FR 42 920 756 020 - 60 rue François 1er, 75008 Paris - registered with the ACPR under n°REGAFI 737375 as agent providing payment services for Okali, an electronic money institution approved under CIB 17448 - 890 111 776 R.C.S. Paris - 50 rue la Boétie 75008 Paris.

Welcome Account is a company with a mission to provide simple, incisive financial solutions to all newcomers who come to Europe to work, study or simply live.