Um crédito compromete-o e deve ser reembolsado. Verifique as suas capacidades de reembolso antes de se comprometer.
Iniciar sessão Quero ser parceiro

FLOA Bank Privacy policy

Conditions in effect at April 2025

Download the PDF file Summary

Introduction

We take the protection of your personal data very seriously; accordingly, the BNP Paribas Group has adopted strong principles in its Personal
Data Protection Notice available at https://group.bnpparibas/protection-donnees.

FLOA ("We"), as a controller, is responsible for collecting and processing your personal data in relation to its activities.

Our business is to help all our customers – individuals – in their day-to-day banking activities and in achieving their projects thanks to our
financing.

As a member of an integrated banking-insurance Group in collaboration with the various entities of the Group, we provide our customers with
a complete range of banking products and services.

The purpose of this Privacy Notice is to explain how we process your personal data and how you can control and manage them.

Further information may be provided where necessary at the time of collection of your personal data.

1. ARE YOU SUBJECT TO THIS NOTICE?

This Privacy Notice applies to you if you are ("You"): 

• one of our customers or in a contractual relationship with us ;
• a member of our customer family. Indeed, our customers may occasionally share with us information about their family when it is
necessary to provide them with a product or service or to get to know them better;
• a person interested in our products or services when you provide us with your personal data ( on our websites and applications, on
social networks, during events or sponsorship operations) so that we can contact you.

When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of their personal data and invite them to read this Privacy Notice. We will ensure that we will do the same whenever possible (e.g., when we have the person's contact details).

2. HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?

You have rights which allow you to exercise real control over your personal data and how we process them.

We draw Your attention to the fact that these rights may be limited where regulations so provide. This is the case with the regulations relating
to the fight against money laundering and the financing of terrorism, which prohibit us from allowing You to exercise Your various rights with
regard to Your personal data processed for this purpose. In this case, You must exercise Your right of access with the supervisory authority of
Your country, which will request the data from us.

If you wish to exercise the rights listed below, please submit a request
• by mailing a letter to the following address: Service consommateur – FLOA – 36 rue de Messines – 59 686 Lille Cedex 9 or
• by email to the following address: crc@services.floa.fr

Where We have reasonable doubts, We may request the provision of additional information necessary to confirm Your identity.

If you have any questions relating to our use of your personal data under this Privacy Notice, please contact our Data Protection Officer at the
following address dpo@floa.com.

2.1. You can request access to your personal data

You can directly access some data from Your client account on our website www.floapay.pt or via the FLOA mobile applications (if available).

If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information
relating to their processing.

2.2. You can ask for the correction of your personal data

Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed
accordingly. In some cases, supporting documentation may be required.

2.3. You can request the deletion of your personal data

If you wish, you may request the deletion of your personal data, to the extent permitted by law.

2.4. You can object to the processing of your personal data based on legitimate interests

If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your
personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defence of legal claims.

2.5. You can object to the processing of your personal data for commercial prospecting purposes

You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.

2.6. You can suspend the use of your personal data

If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request.
You may request that we suspend the use of your personal data while we review your request.

2.7. You have rights against an automated decision

As a matter of principle, you have the right not to be subject to a decision based solely on automated processing based on profiling or
otherwise that has a legal effect or significantly affects you. However, we may automate such a decision if it is necessary for the entering into
or performance of a contract with us, authorised by regulation or if you have given your consent.

In any event, you have the right to challenge the decision, express your views and request the intervention of a competent person to review
the decision.

2.8. You can withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.

2.9. You can request the portability of part of your personal data
You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format.
Where technically feasible, you may request that we transmit this copy to a third party.

2.10. How to file a complaint with the competent data protection authority ?

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, which is usually the one in
your place of residence, Comissão Nacional de Proteção de Dados (CNPD) in Portugal.

3. WHY AND ON WHICH LEGAL BASIS DO WE USE YOUR PERSONAL DATA?

In this section we explain why we process your personal data and the legal basis for doing so.

3.1. Your personal data are processed to comply with our various regulatory obligations

Your personal data are processed where necessary to enable us to comply with the regulations to which we are subject, including banking and
financial regulations.

3.1.1. We use your personal data to:
• monitor operations and transactions to identify those which deviate from the normal routine/patterns;
• manage and report risks (financial, credit, legal, compliance or reputational risks etc.) that the BNP Paribas Group could incur in the
context of its activities;
• record, in compliance with the regulations relating to distance selling when apply, communications in any form relating to products
or services purchased;
• assist the fight against tax fraud and fulfil tax control and notification obligations;
• when mandatory, record transactions for accounting purposes;
• prevent, detect and report risks related to Corporate Social Responsibility and sustainable development;
• detect and prevent bribery;
• when applicable, comply with the provisions applicable to trust service providers issuing electronic signature certificates;
• exchange and report different operations, transactions or orders or reply to an official request from a duly authorized local or foreign
financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, law enforcement, state agencies or public
bodies;
• respond to requests relating to the exercise of your rights, addressed to FLOA in accordance with article 2.

3.1.2. We also process your personal data for anti-money laundering and countering of the financing of terrorism purposes
As part of a banking Group, we must have a robust system of anti-money laundering and countering of terrorism financing (AML/TF) in each
of our entities managed centrally, as well as a system for applying local, European and international sanctions.

In this context, we are joint controllers with BNP Paribas SA, the parent company of the BNP Paribas Group (the term "We" in this section also
includes BNP Paribas SA).

The processing activities performed to meet these legal obligations are detailed in Appendix 1.

3.2. Your personal data are processed to perform a contract to which you are a party or pre-contractual measures taken at your request

Your personal data are processed when it is necessary to enter into or perform a contract to:
• define your credit risk score and your reimbursement capacity;
• evaluate (e.g., on the basis of your credit risk score) if we can offer you a product or service and under which conditions;
• provide you with the products and services subscribed to under the applicable contract;
• keep proof of operations or transactions, including in electronic format;
• manage existing debts (identification of customers in arrears) including payment incidents, overdue payments and amicable or
judicial recovery of any credit granted.
• respond to your requests and assist you;
• ensure the settlement of your succession;
• take into account your registration for the competitions organised by or in partnership with FLOA, manage your participation, enter
You in the prize draws and send You your winnings, where applicable.

3.3. Your personal data are processed to fulfil our legitimate interest or that of a third party
Where we base a processing activity on legitimate interest, we balance that interest against your interests or fundamental rights and freedoms
to ensure that there is a fair balance between them. If you would like more information about the legitimate interest pursued by a processing
activity, please contact us at the following address: Service consommateur – FLOA – 36 rue de Messines – 59 686 Lille Cedex 9.

3.3.1. In the course of our business as a bank, we use your personal data to:
• manage the risks to which we are exposed:
o when mandatory, we monitor your transactions to manage, prevent and detect fraud;
o we handle legal claims and defences in the event of litigation;
o we develop individual statistical models in order to help define your creditworthiness.

• enhance cyber security, manage our platforms and websites, and ensure business continuity.
• use video surveillance to prevent personal injury and damage to people and property.
• enhance the automation and efficiency of our operational processes and customer services (e.g., automatic filling of forms,
tracking of your requests and improvement of your satisfaction based on personal data collected during our interactions with
you such as phone recordings, e-mails or chats).
• to assist you in managing your budget by automatic categorization of your transaction data]
• If necessary, carry out financial operations such as debt portfolio sales, securitizations, financing or refinancing of the BNP
Paribas Group.
• conduct statistical studies and develop predictive and descriptive models for:
o commercial purpose: to identify the products and services that could best meet your needs, to create new offers or
identify new trends among our customers, to develop our commercial policy taking into account our customers'
preferences
o safety purpose: to prevent potential incidents and enhance safety management;
o compliance purpose (e.g., anti-money laundering and countering the financing of terrorism) and risk management;
o anti-fraud purposes.

• organize promotional operations, conduct opinion and customer satisfaction surveys.

3.3.2. We use your personal data to send you commercial offers by electronic means, post and phone

As part of the BNP Paribas Group, we want to be able to offer you access to the full range of products and services that best meet your needs.

Once you are a customer and unless you object, we may send you these offers electronically for our products and services and those of the
Group if they are similar to those you have already subscribed to.

We will ensure that these commercial offers relate to products or services that are relevant to your needs and complementary to those you
already have to ensure that our respective interests are balanced.

We may also send you, by phone and post, unless you object, offers concerning our products and services as well as those of the Group and
our trusted partners.

3.3.3. We analyse your personal data to perform standard profiling to personalize our products and offers
To enhance your experience and satisfaction, we need to determine to which customer group you belong. For this purpose, we build a
standard profile from relevant data that we select from the following information :
• what you have directly communicated to us during our interactions with you or when you subscribe to a product or service;
• resulting from your use of our products or services such as those related to your accounts including the balance of the accounts,
regular or atypical movements, the use of your card abroad as well as the automatic categorization of your transaction data (e.g., the distribution of your expenses and your receipts by category merchants (e.g. purchases made from a travel retailer));
• from your use of our various channels: websites and applications (e.g., if you are digitally savvy, if you prefer a customer journey to
subscribe to a product, or service with more autonomy (selfcare);

Unless you object, we will perform this customization based on standard profiling. We may go further to better meet your needs, if you
consent, by performing a tailor-made customization as described below.

3.4. Your personal data are processed if you have given your consent
For some processing of personal data, we will give you specific information and ask for your consent. Of course, you can withdraw your
consent at any time.

In particular, we ask for your consent for:
• tailor-made customization of our offers and products or services;
• any electronic offer for products and services not similar to those you have subscribed to or for products and services from our
trusted partners;
• personalization of our offers, products and services based on your account data at other banks;
• use of your navigation data (cookies) for commercial purposes or to enhance the knowledge of your profile in accordance with our
Cookie Management Policy.
You may be asked for further consent to process your personal data where necessary.

4. What are the purposes of the Processing that We carry out and their legal bases?

Your Personal Data is processed by FLOA Bank for the following purposes:

4.1 Compliance with the legal and regulatory obligations of FLOA Bank :


We Process Your Personal Data to comply with our legal and regulatory obligations in the following cases:

  • Making declarations to authorized third parties, in particular to the State, administrative or judicial authorities, Banco de Portugal or the national financial authorities ;

  • Fight against money laundering and terrorist financing. These processes aim at setting up appropriate surveillance and the detection of operations that could constitute money laundering or terrorist financing;

  • Physical, logical and IT security of the FLOA Bank network and information system. This Processing allows Us to protect Your personal Data (examples: identification data, password, etc.) as well as Ours and Our entire information system. It allows Us, for example, to detect suspicious behaviors on the websites and applications that We publish, a massive connection, an extraction from Our databases, an attempt of fraud, etc.

  • Management of administrative and judicial procedures. Examples: responses to the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados (CNPD));
     
  • Management of the rights arising from the Data Protection Laws. This Processing allows Us to respond to the requests that You address to Us concerning the rights listed in article 10 of the Privacy Policy. 

4.2 Execution of pre-contractual measures or a contract to which You are or wish to be a party:

We Process Your Personal Data for the purpose to carry out pre-contractual measures or a contract to which You are or wish to be a party in the following situations:

  • Credit granting and management. The purpose of this Processing is to collect, at the time of Your request, the Personal Data necessary for the study of Your file and, if necessary, for credit management (payment, reimbursement, etc.).

  • Evaluation of credit risk. To this end, when You make a credit request to FLOA Bank, We use automated Decision Support Processes based on information available to Us, particularly related to Your financial situation and/or based on scoring models. When You make a credit application, this Processing allows Us to study it and evaluate the statistical risk of default attached to You. If Your application is refused, You may ask Us to re-examine Your file and present Your observations, in particular on Your financial situation.
     
  • Establishment of proof of transactions. This Processing may consist of the recording of postal, electronic, chat and SMS correspondence between You and Us and the retention of all elements necessary to establish proof of transactions between You and Us.

  • Customer relationship management. This Processing allows, in particular, to provide information and assistance relating to the management operations of your account (e.g.: changes of contact details, status, retractions, etc.), to process postal, electronic, chat, SMS and telephone correspondence between You and Us, to manage disputes, litigation and complaints.

  • Management of payment incidents, unpaid bills and amicable or judicial recovery of any credit granted. This Processing allows Us to identify the sums that You owe, to manage Your possible unpaid debts and to approach You to recover them in an amicable or legal manner. If necessary, We may request the registration of information concerning You in the relevant files in the event of a payment incident occurring in the context of the reimbursement of credits.

4.3 Pursuit of the legitimate interests of FLOA Bank:


We Process Your Personal Data for the purpose of pursuing our legitimate interests in the following cases:

  • Prevention and fight against external fraud. This Processing ensures :

     -  The detection of acts carried out within the framework of activities presenting an anomaly, an inconsistency or having been reported as potentially fraudulent (e.g. communication of false proof of income or contradictory information);

    - Management of external fraud alerts leading to checks, requests for explanations or additional supporting documents;

    - Taking appropriate measures in the event of external fraud or attempted external fraud, after verification, including the creation of lists of persons duly identified as perpetrators of acts qualified as fraud.

  • Building of statistics and score models. In order to evaluate the credit risk and to optimize risk management, We build score models based on statistics, notably from data related to previously granted credit, Your Personal Data, and information related to payment incidents that may have occurred on Your account.

  • Prospecting and sales promotion, including through social networks. This Processing allows You to be informed of Our news (example: subscription to Our newsletter or to Our Facebook or Instagram page) as well as to receive Our offers by email, SMS, postal mail (according to Your choices). We draw Your attention to the fact that You may withdraw Your consent to this processing at any time in accordance with article 10 ;

  • Anonymization and aggregation of data in order to establish scoring models or statistics.


4.4 Other purposes pursued with Your consent: 


On the basis of Your consent, We Process Your Personal Data for the following purposes:

  • Prospection and sales promotion, including through social networks. This Processing allows You to be informed of Our news (example: subscription to Our newsletter or to Our Facebook or Instagram page) as well as to receive Our offers by email, SMS, postal mail (according to Your choices). We draw Your attention to the fact that You may withdraw Your consent to this Processing at any time in accordance with article 10.

  • Personalization / optimization of the path and offers that are proposed to You on the websites and applications that We publish. This Processing allows Us to analyze Your browsing path, to know the searches that You have made, the products or services that We distribute and that are likely to interest You, in order to improve Your experience and Your satisfaction ;

  • Realization of statistics, surveys, satisfaction surveys and study of the results based of anonymized data, to increase Our knowledge about Our customers, about their use of the websites and applications published by FLOA, about the products and services that We distribute, and the relevance and performance of our promotional campaigns, with objective to improve Our customers experience and their satisfaction ;

  • Collection of customer opinions. The purpose of this Processing is to collect Your opinions concerning the products and services distributed by FLOA Bank and thus to improve Your experience and Our offer. Your opinions may be posted on Our websites and applications as well as on the websites and applications of our partners.
     
You will be informed of any Processing of Personal Data for purposes other than those listed above, and if necessary We will obtain Your consent to such Processing.

5. Are your Personal Data transferred outside the European Union?

In principle, Your Personal Data is processed within the European Union.


However, some of FLOA Bank 's service providers and banking agents, who assist Us in particular in the management and execution of Your request and, where applicable, Your contract, may be located outside the European Union. If this is the case, FLOA Bank ensures that this transfer is carried out in compliance with Data Protection Laws and guarantees an adequate level of protection of Your privacy and Your fundamental rights. 

6. What are the retention periods We apply to Your Personal Data?

The retention periods for Your Personal Data are as follows:

  • If You are a client of FLOA Bank (a current contract binds You to FLOA Bank), Your Personal Data will be kept for a period of 5 years from the date of termination of Your contract and the closing of Your client account. Your contract is kept for 10 years, in accordance with our legal obligations ;

  • If You are a prospective client of FLOA Bank (no contract binds You to FLOA Bank), Your Personal Data will be kept for 3 years from the date of collection or from the last contact made by You. 

  • If Your request for financing from Floa Bank is unsuccessful, Your Personal Data is kept for 6 months from the date of refusal of Your request by FLOA Bank.
     
  • Special case of fraud alerts and characterized frauds:

    - In the event of a fraud alert: any external fraud alert that is not qualified within 12 months of its issuance shall be deleted without delay;
    - In the event of serious fraud: data relating to serious fraud is kept for a maximum period of 5 years from the closing of the fraud file. Data relating to persons registered on a list of proven fraudsters are deleted after the 5-year period from the date of inclusion on the list.

  • Cookies and tracers: The methods for depositing cookies and other tracers are detailed in article 11.

When an administrative or judicial procedure is in progress, we keep the data until the end of the procedure. They are then archived in accordance with the applicable statutory limitation periods.

You will be informed of any Processing of Personal Data with a retention period other than those listed above.

7. Who are the recipients of Your Personal Data?

In order to achieve the purposes detailed in article 4, Your Personal Data may be transmitted:

  • to Our service providers, who perform services on Our behalf, including lawyers, bailiffs, auditing firms, etc. ;

  • to Our financial and commercial partners ;

  • to credit institutions bound by professional banking secrecy in accordance with the local regulation ;

  • subject to the conditions for the lifting of professional secrecy, to judicial, administrative, financial or other governmental authorities, in particular : 

    - the tax and customs authorities;
    - Banco de Portugal or the national financial authorities;
    - social security organizations;
    - the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados (CNPD)).

  • to financial institutions

The communication of Your Personal Data to the recipients listed above is carried out in compliance with the Data Protection Laws and the agreements that We have concluded with the recipients, if any.

8. What categories of profiling do We do ?

Profiling is defined by the RGPD as follows: "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects s concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements" (Article 4).


We carry out several categories of profiling:

  • Profiling for credit risk assessment and granting purposes, notably through Our Score Model. This type of profiling may have legal effects on you and may result in a decision such as a credit refusal. These decisions are, however, necessary for the conclusion or performance of the contract between You and FLOA Bank.

  • Profiling for "marketing" purposes, in order to send You personalized offers, to suggest services, products or complementary offers likely to correspond to Your preferences and this, on the basis of segmentation or selections or based on algorithms. This type of profiling may have legal effects on You, such as marketing segmentation leading to the non-reception of some of Our commercial offers. However, these decisions are necessary in order to improve the targeting of Our marketing campaigns and therefore, to Your satisfaction.

The profiling tools We use are based on different variables, including:
  • Your contact information; 
  • If applicable, the type of product or service being considered for financing;
  • Where applicable, a check with the relevant official records;
  • A score based on the Processing of Your Personal Data, including those collected from our partners (examples: customer account data and/or loyalty card(s), associated with Your purchase history).

 We may also aggregate and anonymize Your Personal Data in order to establish scoring models or statistics.

With regard to automated decisions and profiling, We assure You the right to obtain human intervention, to present Your observations and to contest the automated decision that will have been opposed to You, if necessary.

9. What security measures do we put in place to protect Your Personal Data?

FLOA Bank undertakes to implement the appropriate technical and organizational measures in order to guarantee the protection, confidentiality, non-alteration, availability, absence of access by an unauthorized third party, and therefore, in general, the security of Your Personal Data.

These measures are defined and implemented following the best market standards in terms of security and in particular the recommendations of the supervisory authorities regarding the protection of Personal Data.

10. What are Your rights regarding the Personal Data We collect?

In accordance with the Data Protection Laws, You have the following rights regarding Your Personal Data:

  • the right of access: You may obtain a copy of all of Your Personal Data processed by FLOA Bank;

  • the right of rectification: You may ask FLOA Bank to correct and/or complete Your Personal Data if it is inaccurate or incomplete;

  • the right of deletion: You can obtain the deletion of your Personal Data. Your Personal Data may however be retained by FLOA Bank when their Processing is necessary to comply with a legal obligation or to exercise a right before an administrative or judicial authority;

  • the right of opposition: you may ask FLOA Bank, for reasons concerning Your particular situation, to cease the Processing that are being made on Your Personal Data, unless FLOA Bank justifies that its legitimate and compelling interests prevail over Your rights and freedoms. With respect to commercial prospection, You have the right to object, without charge or reason, to the use of Your Personal Data for commercial prospection purposes.
      
  • the right to the limitation of the Processing: You may request a limitation on the Processing of Your Personal Data, for example when You dispute their accuracy, in order to allow FLOA Bank to carry out the appropriate verifications, or when You exercise Your right of opposition, during the time that FLOA Bank is studying Your request. Where applicable, Your Personal Data may only be processed with Your consent or for the defense of a right before an administrative or judicial authority;

  • the right to portability: You may obtain the Personal Data that you have provided to FLOA Bank in a structured, commonly used, machinereadable format, and if possible in open format, as well as their transmission to another service provider, where technically possible;

  • the right to withdraw consent: when the legal basis for the processing is your consent, you can withdraw it at any time without affecting the processing already performed based on your consent;

  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except if: (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; (b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or (c) is based on the data subject's explicit consent.

A copy of an identity document may be requested in order to exercise the above rights.

 Visit the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados (CNPD)) website for more information about Your rights.

If You have any questions regarding the Processing and collection of Your Personal Data or in order to exercise the above rights, You may contact FLOA Bank :

  • by e-mail at: contact@floa.com ;

  • or by post at: SERVICE CONSOMMATEUR – FLOA Bank – 36 rue de Messines – 59 686 Lille Cedex 9, France.

Or contact Our Data Protection Officer (DPO) by e-mail at: dpofloa@floa.fr.

You may, at any time, address a complaint to the competent supervisory authority (Portuguese Data Protection Authority) : Comissão Nacional de Proteção de Dados (CNPD).


11. What is our Cookie Policy?

 Click here to consult our Cookie policy.