Data Policy


Today, data is central to customer relations and the Societe Generale Group organisation. In a digital environment, the Bank improves its services to its clients, its risk management, and its operational efficiency, thanks to data use while ensuring its quality, security and protection.

With 75 million digital contacts every month in France, digital is becoming customers’ main point of entry with the Bank. With new technology, these ever-multiplying data are analysed more closely, enabling Societe Generale to offer its customers more personalised and relevant service, by pairing the best of human and digital resources. At the same time, data is central to the concept of trust. French people are concerned about the protection of their data, and only the banks have the trust of more than half of all French people in this regard*. Societe Generale’s role as a trusted third party is a real competitive advantage that the Group must retain.


Data management has always been in Societe Generale’s DNA. New technology is moving us closer to our customers, where we play our advisory role by pairing the best of our human and digital resources. We are transforming in depth, to better optimise and protect this strategic asset for the Group. To respond to these two issues, the Group is rising to many challenges:

  • Optimising data to provide a better service to customers through more than 200 data usage development initiatives, some of which are still in the experimental phase (closer analysis of the consumer credit risk), while others are already in production (personalised customer solutions).
  • Setting up data use conditions, while ensuring their security and protection, with a decentralised organisation that is close to the businesses and the spread of a data culture, in respect of regulations, notably General Data Protection Regulation. Ensuring the technological and human resources for our ambition. Societe Generale invested in a big data platform to put data at the centre of its information systems. To attract and internally promote the top data-processing talent and skills, the Group relies on a targeted recruitment approach with traditional schools, the Grande Ecole du Numérique and an internal training programme known as Big Data Academy.


What is GDPR?

In response to the proliferation of uses on personal data in all economic sectors, the European legislator published a new regulation called General Data Protection Regulation (GDPR).

From May 25th, 2018, all the processing of personal data (collection, analysis, storage, transfers, etc.) in Europe or carried out on European residents are governed by this regulation which reinforces:

  • The rights individuals such as the need to obtain their consent to carry out certain treatments or the right to be forgotten
  • Corporate accountability for data processing and penalties for non-compliance.

The GDPR at Societe Generale

The Group’s business lines have always collected, used and stored certain personal data about their clients so they can propose services that meet clients’ requirements and continually improve their product and service offering. In the age of the digital revolution, the volume of available data is growing, enabling the Group’s businesses to offer ever more personalised products and services.

Societe Generale is aware of the importance for its clients to be able to retain control of their personal data, and it reaffirms its commitment to processing these data responsibly. This document explains its policy in this area and the key principles it follows in terms of protecting and using its clients’ personal data. The policy and principles will be adapted for each of the businesses and regions in which the Group operates, in accordance with local regulations.

To be compliant with this regulation and strengthen the trust of our customers and employees, Societe Generale group is committed to 25 guiding principles that constitute the common framework for all Group entities and departments. They are divided into 4 major themes:

  • Objectives & commitments
  • Consent management
  • Roles and responsibilities
  • Standards & Security

Read the data policies :

What’s a DPO ?

At the heart of the new European regulation, the Data Protection Officer (DPO) is a genuine “driving force” behind data protection compliance. His or her main tasks are:

  • to inform and advise the data controller or subcontractor and their employees;
  • to monitor compliance with the regulation and national data protection laws;
  • to advise the organisation on carrying out impact studies on data protection and to verify their implementation;
  • to co-operate with the supervisory authorities and to be their point of contact.

Societe Generale’s DPO

The DPO role is to ensure the Group is compliant with the European General Data Protection Regulation (GDPR). The DPO supports and advises the Group’s Business Units and Service Units in terms of personal data protection, notably clients and employees data. The DPO will be the privileged interlocutor for the French data protection authority (CNIL) and will be responsible for the leading and supervision of Data Protection Officers appointed across the Societe Generale Group.

Personal Data

During a visit to the website, Societe Generale – FORGE may collect your personal data, as controller, in order to manage alerts, notifications, sends information and / or respond to your requests for information, through notably form, contact page.   The personal data are processed by automated means, with your consent.

Your personal data are intended to Direction of the Communication as well as, if necessary, the services in capacity to answer your request and their subcontractors, and only to the extent strictly necessary to fulfil their duties.

Unless otherwise stipulated by legal or regulatory provisions, the personal data are stored for a duration no longer than necessary for the purposes for which they are processed, within the legal statute of limitations in force.To the extent necessary for the fulfillments of the above purposes, Societe Generale – FORGE may communicate some information to the entities of the Societe Generale Group, service providers as well as to its partners that are not members of the European Economic Area. These transfers are processed in a manner and guarantees that ensures appropriate security and confidentiality of the personal data (authorisation by the competent data protection authority, contractual clauses signed between the service provider concerned and/or Binding Corporate Rule of Societe Generale Group). For more details, you may send your request to

You are entitled to access to your personal data, to obtain rectification and erasure, a right to restriction of processing, a right to object as well as a right to data portability, in the conditions defined by the applicable regulations, from the following email address:

Your rights may be also exercised with the Data Protection Officer, by email: You have the right to lodge a complaint with the Commission Nationale Informatique et Liberté (“CNIL”), the supervisory authority in charge of compliance with obligations regarding personal data.


This website is protected by one of the highest levels of technical security, and it is under permanent monitoring. The algorithms and mechanisms, used to protect your communications with Societe Generale – FORGE and the information that pertains you, comply with the French regulations in effect.