Mastercard loyalty program

About Login

Gift catalog Mastercard

Online chat

Online consultant

The expectations of the operator...

Online consultant

Credit Agricole / About us / Notice on the processing of personal data

Notice of JSC "CREDIT AGRICOLE BANK" on the processing of personal data

Dear customers, potential customers, counterparties, shareholders (members) of JSC "CREDIT AGRICOLE BANK" (hereinafter referred to as "the Bank") and its managers, founders/members/owners, employees, representatives and other persons with whom the Bank maintains business relations, in accordance with the requirements of the Law of Ukraine "On Personal Data Protection" and the Regulations of the National Bank of Ukraine on the Provision of Information by Banks to Customers on Banking and Other Financial Services, the Bank hereby informs you, as the personal data subject, about:

the personal data controller,
the composition and content of the personal data collected,
the rights of the personal data subject in connection with the inclusion of his/her personal data in the personal data base (PDB) of the Bank in accordance with the Law of Ukraine "On Personal Data Protection",
the purposes of processing personal data and the persons to whom personal data is transferred,
procedures for protecting the personal data of customers (excerpts).

In case of changes in the applicable legislation of Ukraine or significant changes in the processes of personal data processing, the Bank will amend this Notice accordingly and inform you by publishing the relevant information on the Bank's website.

The controller of your personal data is JSC "CREDIT AGRICOLE BANK", a banking institution registered in Ukraine, licence of the National Bank of Ukraine No. 99 dated 12.10.2011, registration No. 149 in the State Register of Banks, address: 42/4, Yevhena Chykalenka Str., Kyiv, Ukraine, 01024.

If you have any questions regarding the processing of your personal data, you may contact the Bank through any of the communication channels indicated on the Bank's official website at https://credit-agricole.ua/en/o-banke/yakist-obslugovuvannya

Composition and content of personal data collected:

The composition and content of personal data processing by the Bank depends on the type of relationship between you and the Bank, including for the Bank’s customers - the composition and content of personal data processing depends on the products and services provided by the Bank.

The content of the personal data processed by the Bank corresponds to the information received from the persons – subjects of the personal data, or lawfully received from their representatives or third parties, including from credit history bureaus, from the NBU credit register, from the NBU BankID System, from the persons represented by the subjects of the personal data, or received by the Bank from publicly available sources, and also includes the information that is known/became known to the Bank in connection with the performance of contractual and other legal relations with you.

The Bank processes the following types of the personal data:

data processed in the personal data base “Customers”:
- Personal details: information on the surname, name and patronymic (if any) of the person; date of birth; place of birth; citizenship; gender; marital status; information about children (surname, name and patronymic (if any), date and place of birth, gender, citizenship, place of residence); information about dependents (surname, name and patronymic (if any), date and place of birth, gender, citizenship, place of residence); information about the Customer's authorised persons; information on the place of work and position; information on the registration of the Customer as a private entrepreneur; information on the Customer's affiliation with politically exposed persons; information on the Customer's financial situation; information on the place of registration/actual residence or place of stay/temporary residence; information on means of communication (contact telephone numbers, e-mail addresses, postal address); information on the availability of accounts, special payment instruments (payment cards), issued banking products; information on the Customer's financial transactions;
- Passport or other identity document data: information on the series (if any) and number of the passport or other identity document; information on the date of issue and the authority (authority code) that issued the passport or other identity document; information on the registration of the place of residence/actual residence or place of stay/temporary residence;
- Data on the taxpayer’s registration card: information on the registration number of the taxpayer’s registration card; information on the date of issue and the issuing authority of the document confirming the taxpayer’s registration in the State Register of Individual Taxpayers;
- Data on the state registration of a private entrepreneur / information from the Unified State Register of Legal Entities, Private Entrepreneurs and Public Associations or of a person engaged in independent professional activity (if the Customer is a private entrepreneur or a person engaged in independent professional activity): information on the document confirming the right of an individual to engage in independent professional activity (registration certificate / permit / certificate, etc.); information on the date of issue of the document and the issuing authority.
Data processed in the personal data base “Counterparties”:
- Personal details in the “Counterparties” personal database: information on a person’s surname, name and patronymic (if any); citizenship; marital status; place of employment and position, speciality, qualifications and information on documents confirming them; information on authorised persons of the counterparty; information on place of residence or place of stay/temporary stay; information on means of communication (contact telephone numbers, e-mail addresses, postal address).
- Passport or other identity document data: information on the series (if any) and number of the passport or other identity document; information on the date of issue and the authority (authority code) that issued the passport or other identity document; information on the registration of the place of residence/actual residence or place of stay/temporary stay;
- Data on the taxpayer’s registration card: information on the registration number of the taxpayer’s registration card (hereinafter referred to as the "RNOKPP"); information on the date of issue and the issuing authority of the document confirming the taxpayer’s registration in the State Register of Individuals – Taxpayers.
- Data on state registration of a private entrepreneur / information from the Unified State Register of Legal Entities, Private Entrepreneurs and Public Associations аor a person engaged in independent professional activity (if the Counterparty is an private entrepreneur or a person engaged in independent professional activity): information on the document confirming the right of an individual to conduct independent professional activity (registration certificate / permit / certificate, etc.); information on the date of issue and the issuing authority.

Data received and created in the course of servicing by the Bank and when visiting the Bank’s ATMs, including: sound/voice recordings (for example, telephone records), photo and video images (for example, when performing photo and/or video verification of customers), messages and letters sent by the Bank or to the Bank; any other analytical or statistical data about the Customer, and other data;
data relating to the use of the Bank’s websites and mobile applications: cookies, data on user interaction with websites and mobile applications, session duration, operating system information, device information, browser information, screens viewed by the user in the application, information on failures when using the application. The Bank receives such data from the Web browser you use when using the Bank’s websites, and from your device;
other information, data that became known to the Bank in connection with the provision of banking services or the implementation of legal relations with an individual, in compliance with the requirements of the legislation of Ukraine and internal documents of the Bank.

The purpose, grounds and other specifics of personal data processing may be supplemented and specified in the agreement with the Bank.

Your rights under the Law of Ukraine “On Personal Data Protection”:

to know about the sources of collection, location of your personal data, the purpose of their processing, location or place of residence (stay) of the data controller and administrators or to give a corresponding order to obtain this information to persons authorised by you, except in cases established by law;
to receive information on the conditions for granting access to personal data, including information about third parties to whom your personal data is transferred;
to have free access to your personal data;
to receive a response on whether your personal data is processed in the Database no later than thirty calendar days from the date of receipt of the request, except as provided by law, and to receive the content of your personal data;
to submit a reasoned request to the data controller with an objection to the processing of your personal data;
to submit a reasoned request to change or destroy your personal data by any data controller and administrator, if this data is processed illegally or is unreliable;
to protect your personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision of such data, as well as to protect against the provision of information that is inaccurate or discrediting to the honour, dignity and business reputation of an individual;
to file a complaint against the processing of your personal data with the Commissioner or the court;
to apply legal remedies in case of violation of the legislation on personal data protection;
to make reservations regarding the restriction of the right to process your personal data when giving consent;
to withdraw consent to the processing of personal data;
to know the mechanism of automatic processing of personal data;
to be protected against an automated decision that has legal consequences for you.

The full text of the Law of Ukraine "On Personal Data Protection" is available on the official website of the Verkhovna Rada of Ukraine at https://www.rada.gov.ua/

For more detailed information on the scope and application of the Law of Ukraine "On Personal Data Protection", please visit the official website of the Ministry of Justice of Ukraine at https://minjust.gov.ua/ or on the official website of the Ukrainian Parliament Commissioner for Human Rights at https://ombudsman.gov.ua/

Purpose of processing your personal data:

The Bank hereby informs you that your personal data will be entered into the Personal Database "Customers/Counterparties" (hereinafter referred to as the Database) in order to:

exercise rights, obligations and interests in establishing legal relations with the Bank in the provision of banking and financial services in accordance with the current legislation of Ukraine, as well as to ensure the maintenance/storage of the necessary statistical information;
ensure the implementation of civil, economic, administrative, legal, tax, financial, accounting and other areas of relations that are directly related to the establishment of your legal relations with the Bank and require the processing of personal data in accordance with the Law of Ukraine "On Personal Data Protection", the Civil Code of Ukraine, the Commercial Code of Ukraine, the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine", the Law of Ukraine "On Banks and Banking», the Law of Ukraine "On Prevention and Counteraction to Legalization (Laundering) of Proceeds of Crime, Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction", the Law of Ukraine "On Organization of Formation and Circulation of Credit Histories", other laws and regulations, including those of the NBU, the National Securities and Stock Market Commission, other regulations governing the banks' activities, as well as the Bank's Charter and internal documents of the Bank;
comply with the requirements of the applicable laws and the Bank’s internal regulations when concluding, registering, executing and maintaining agreements, including agreements on banking operations, etc.;
provide information about the Bank’s products and services, conduct surveys on the quality of services, identify needs, opinions and considerations;
for automated data processing to assess various aspects of the behaviour and interests/preferences of the Bank's customers/partners, to draw up development strategies, to develop and offer the Bank's products and services, to analyse and target advertising, including on the basis of anonymous data;
ensure the Bank’s operations, protect and realise its rights and interests and/or take actions necessary to ensure the fulfilment of its obligations, including the transfer to foreign parties to the relationship (provided that the relevant state ensures proper protection of personal data in cases established by law or international treaty of Ukraine).

Persons to whom personal data is transferred:

Your personal data may be provided to state and local authorities, as well as enterprises, institutions, organisations and individuals, including foreign legal entities and individuals, in accordance with the Law of Ukraine “On Personal Data Protection” and in accordance with the Consent to the processing of personal data provided by you and in accordance with the procedure established by the current legislation on banking secrecy.

The legal grounds for processing your personal data are:

the consent of the data subject to the processing of his/her personal data;
the authorisation to process personal data granted to the Bank in accordance with the law, solely for the purpose of exercising its powers;
the conclusion and execution of a transaction to which the data subject is a party or which is concluded for the data subject's benefit or for the purpose of taking steps, at the data subject's request, prior to the conclusion of a transaction;
the protection of the vital interests of the personal data subject;
the need to comply with the Bank's legal obligations;
the need to protect the legitimate interests of the Bank or a third party to whom personal data is transferred, except when the need to protect the fundamental rights and freedoms of the personal data subject in connection with the processing of his/her data outweighs such an interest.

Deletion or destruction of personal data:

The Bank deletes or destroys personal data in accordance with the requirements and procedure established by the legislation of Ukraine and internal documents of the Bank.

Storage of your personal data:

The databases of personal data processed by the Bank are located on servers in Ukraine. To ensure the continuity of critical business processes, your personal data may also be processed using Amazon Web Services and Office365 cloud technologies on servers located within the European Economic Area.

Procedures and procedures for the protection of your personal data (excerpts from them)

Bylaws on the procedure for processing personal data at JSC "CREDIT AGRICOLE BANK" (Excerpt)

Information Classification Policy of JSC "CREDIT AGRICOLE BANK" (Excerpt)

Features of personal data processing in the payment application of the Bank СА+:

1. Where the data is processed and stored

The Bank processes and stores the provided personal data in data centres established in accordance with the requirements of the legislation of Ukraine.

2. Purpose of personal data processing

The purposes of personal data processing include, but are not limited to:

Provision of banking and financial services, establishment of business relations and contractual relations;
Analysis of the customer (potential or existing) within the framework of the "Know Your Customer" programme to comply with the requirements of the current legislation of Ukraine in the field of financial monitoring;
conducting payment transactions on the account/card;
targeting of advertising and/or information materials;
conducting statistical research;
creating and implementing bonus and loyalty programmes;
sending mailings by post, e-mail, telephone number, including for the purpose of sending commercial offers, notifications of promotions and news of the Bank;
improving the quality of banking and/or financial services;
analysing the activity of the Customers;
analysing and forecasting preferences and interests of the Customers to formulate the most relevant and beneficial personal offers or promotional offers;
conducting research and analytical activities.

3. The list of data that the Bank receives from the user through CA+ and further processes, includes inter alia:

Identification data: Full name, information specified in the passport/foreign passport, RNOKPP, driver’s licence, temporary/permanent residence permit, citizenship, place and date of birth.
Contact details: registration/residence address, email address, mobile phone number.
Financial situation and social status: average monthly income, sources of income, property owned, presence of a spouse.
Education and employment information: e.g., official employment, information on entrepreneurial activity, place of work, position.
Information on transactions: details of payment instruments, data of payers and beneficiaries (including identification data), or other persons whose data are specified in the payment instruction.
Information about accounts with the Bank (in particular, account numbers, information about account holders and users, account balances).
Information about the products and services received by the Customer at the Bank.
Data on user actions in CA+: duration of use of the payment application, list of actions performed in the payment application.
Technical data: information about the mobile device (operating system (name and version), device model, etc.
Sensitive data: Biometric videos and photos for the use of face recognition technology (liveness detection) and comparison of a photo image of a person created by him/her using the CA+ payment application with the digitised face image of the relevant person in the Unified State Demographic Register (PhotoID) received from the State Enterprise Diia; information on political, religious or ideological beliefs, membership in political parties obtained as a result of financial monitoring and identification of politically exposed persons.

4. List of accesses we request from the user in СА+:

access to the device’s camera and media library to display the customer’s photo in the CA+ profile;
use of facial recognition technology (liveness detection) of the customer (potential and existing) when establishing business relations or providing banking services;
access to the customer’s geo-position in order to find the nearest branches and ATMs;
access to the phone book of a mobile device - use of the customer's contact list to create a payment “Top up mobile phone number”, as well as to make a transfer by mobile phone number (within the Visa Alias project);
access to the file storage of the mobile device - to download the file of the advanced electronic signature key in order to sign electronic payment instructions and statements on the accounts of the client of an individual entrepreneur;
customer’s e-mail - to display the customer's e-mail in the CA+ profile, send agreements concluded with the bank, statements, information and marketing messages to it;
access to autofill one-time passwords (OTP), phone numbers, cards from the clipboard of a mobile device.

5. Transfer of the User's personal data to third parties at the User's initiative in СА+:

for the purpose of remote identification of Customers on public and private resources by means of the NBU BankID System, the following data (including personal data) may be transferred from the Bank - the identifying subscriber:
- surname, name, patronymic;
- registration number of the taxpayer's account card (identification number);
- data of identification documents issued in the name of an individual (type of document, series, document number, who issued it, date of issue, validity of the document);
- gender;
- date of birth;
- place of birth;
- citizenship;
- address of registration (country, region, district, city, street, house number, apartment number);
- address of actual place of residence (country, region, district, city, street, house number, apartment number);
- mobile phone number;
- e-mail address.
to make transfers using phone numbers from the customer’s phone book on the mobile device to the recipient’s cards linked to Visa Alias, the Bank transmits to Visa IPS the information about the Customer’s card (from which the transfer is initiated) and the mobile (financial) phone number of the paying Customer;
processing of biometric video, photo and digitised facial image (PhotoID) for the use of face recognition technology (liveness detection) and comparison of a facial image is performed by Identomat Inc. at 60 Hazelwood Dr, Champaign, IL 61820, USA.
to payment systems, institutions that carry out identification, authorisation and processing of transactions, contractor banks for the provision of services to the Bank.

Collection and use of personal data of users of the Bank’s website https://credit-agricole.ua/ (hereinafter referred to as the “Website”):

Use of cookies

Cookies are small pieces of data contained in text files sent by a web server that websites store on a user’s device when they are visited and which are then sent to the original or another web server that recognises these files. Such devices include: mobile phones, computers, tablets, etc.

Cookies contain information about the user’s visit, such as settings, device information, preferences, etc., the collection and processing of which allows us to ensure the proper functioning of the website and improve the user experience.

How we use cookies

Our website collects necessary, functional, analytical and advertising cookies that allow us to optimise functionality and personalise your user experience. We receive anonymous information about your interaction with the site which, after analysis, is useful to:

improve the functionality of the Website: analyse traffic, identify technical problems and make the necessary changes to ensure uninterrupted operation;
personalise content: to remember your preferences and provide you with relevant information and advertising based on your previous visits and interests.

The types of cookies we use

We use all categories of cookies as classified by the International Chamber of Commerce Cookie Guidelines, including:

Strictly necessary cookies – these are essential to the operation of the Website and allow you to use its features.
Functionality cookies – allow the Website to remember your choices (language, currency, etc.).
Performance cookies – collect information about how you use the Website so that we can improve its performance.
Targeted advertising cookies – used to display relevant advertising, including Google Ads, Facebook, Instagram, LinkedIn, etc.

When you visit our Website, in addition to the cookies created by our Website, your device may be placed with cookies from third parties, including in the following cases:

The engagement of a third party company to provide certain services, such as the collection of Website statistics;
The availability of third party content on the pages of our Website (for example, advertisements or images or videos). When you access such content, your web browser will connect to and receive information from the third party's servers, which, when accessed, may store (and read) their own cookies on your device and collect information about your actions on websites and web services.

Cookie Management:

The web browsers listed below are configured to automatically accept cookies, which can be disabled by using the browser’s help function, which can be accessed via the menu or by pressing the F1 key.

Google Chrome – https://support.google.com/chrome/answer/95647?hl=uk

Microsoft Edge – https://privacy.microsoft.com/en-us/privacystatement

Mozilla Firefox – https://www.mozilla.org/en-US/privacy/websites/#cookies

Opera – https://help.opera.com/en/latest/web-preferences/#cookies

Safari – https://www.apple.com/legal/privacy/uk/

Disabling cookies may result in restricted access to content and limited functionality of the Website.