data policy


Today, data is central to customer relations and the Societe Generale Group organisation. In a digital environment, the Bank improves its services to its clients, its risk management, and its operational efficiency, thanks to data use while ensuring its quality, security and protection.

With 75 million digital contacts every month in France, digital is becoming customers’ main point of entry with the Bank. With new technology, these ever-multiplying data are analysed more closely, enabling Societe Generale to offer its customers more personalised and relevant service, by pairing the best of human and digital resources. At the same time, data is central to the concept of trust. French people are concerned about the protection of their data, and only the banks have the trust of more than half of all French people in this regard*. Societe Generale’s role as a trusted third party is a real competitive advantage that the Group must retain.


Data management has always been in Societe Generale’s DNA. New technology is moving us closer to our customers, where we play our advisory role by pairing the best of our human and digital resources. We are transforming in depth, to better optimise and protect this strategic asset for the Group. To respond to these two issues, the Group is rising to many challenges:

  • Optimising data to provide a better service to customers through more than 200 data usage development initiatives, some of which are still in the experimental phase (closer analysis of the consumer credit risk), while others are already in production (personalised customer solutions).
  • Setting up data use conditions, while ensuring their security and protection, with a decentralised organisation that is close to the businesses and the spread of a data culture, in respect of regulations, notably General Data Protection Regulation. Ensuring the technological and human resources for our ambition. Societe Generale invested in a big data platform to put data at the centre of its information systems. To attract and internally promote the top data-processing talent and skills, the Group relies on a targeted recruitment approach with traditional schools, the Grande Ecole du Numérique and an internal training programme known as Big Data Academy.

More information


What is GDPR?

In response to the proliferation of uses on personal data in all economic sectors, the European legislator published a new regulation called General Data Protection Regulation (GDPR).

From May 25th, 2018, all the processing of personal data (collection, analysis, storage, transfers, etc.) in Europe or carried out on European residents will be governed by this new regulation which reinforces:

  • The rights individuals such as the need to obtain their consent to carry out certain treatments or the right to be forgotten
  • Corporate accountability for data processing and penalties for non-compliance.

The GDPR at Societe Generale

The Group’s business lines have always collected, used and stored certain personal data about their clients so they can propose services that meet clients’ requirements and continually improve their product and service offering. In the age of the digital revolution, the volume of available data is growing, enabling the Group’s businesses to offer ever more personalised products and services.

Societe Generale is aware of the importance for its clients to be able to retain control of their personal data, and it reaffirms its commitment to processing these data responsibly. This document explains its policy in this area and the key principles it follows in terms of protecting and using its clients’ personal data. The policy and principles will be adapted for each of the businesses and regions in which the Group operates, in accordance with local regulations.

To be compliant with this regulation and strengthen the trust of our customers and employees, Societe Generale group is committed to 25 guiding principles that constitute the common framework for all Group entities and departments. They are divided into 4 major themes:

  • Objectives & commitments
  • Consent management
  • Roles and responsibilities
  • Standards & Security

Read the data policies :

What’s a DPO ?

At the heart of the new European regulation, the Data Protection Officer (DPO) is a genuine “driving force” behind data protection compliance. His or her main tasks are:

  • to inform and advise the data controller or subcontractor and their employees;
  • to monitor compliance with the regulation and national data protection laws;
  • to advise the organisation on carrying out impact studies on data protection and to verify their implementation;
  • to co-operate with the supervisory authorities and to be their point of contact.

Societe Generale’s DPO

Across the Societe Generale Group, Antoine Pichot is appointed DPO on 4 September. Antoine Pichot’s role is to ensure the Group is compliant with the European General Data Protection Regulation (GDPR), which will enter into force in May 2018. He supports and advises the Group’s Business Units and Service Units in terms of personal data protection, notably clients and employees data. Antoine Pichot will be the privileged interlocutor for the French data protection authority (CNIL) and will be responsible for the leading and supervision of Data Protection Officers appointed across the Societe Generale Group.

“We must identify all our processes that involve personal data. Rather than simply identifying these processes, this will also give us the opportunity to review the purpose and reason for our processing activities and how they are managed…”

Antoine Pichot
Societe Generale’s DPO

Personal Data

See Legal Mention

Who we are

Our website address is: http://corporate.local.

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements