Privacy Policy

ROREGIS makes respect for privacy and the protection of personal data a priority. The present document testifies to the commitment to implement appropriate technical and organisational measures, when collecting and using the personal data of natural persons acting on behalf of a legal entity (legal representative, employee…) or the data of natural persons who are transmitted to us for the execution of the contract/service signed (hereinafter referred to as “data subjects”), when subscribing to products and/or services and throughout our relationship, for a responsible use of personal data.

The personal data of individuals acting for professional purposes (sole proprietorships, craftsmen, etc.) are covered by the personal data protection policy for individuals.

All natural persons whose personal data are transmitted to us must be informed, in particular of their rights. This personal data protection policy may be sent to the persons concerned in order to present them with the methods of processing their data by ROREGIS.

In this policy, when we refer to personal data as “your data”, we mean the data of the natural persons concerned.

ROREGIS undertakes to respect all the obligations incumbent on it resulting from the regulations applicable to the processing of personal data, especially :

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable since 25 May 2018 (hereinafter, “the European Data Protection Regulation” or “EDPR“)
  • the French Data Protection Act n°78-17 of 6 January 1978 as amended
  • opinions and recommendations of the supervisory authorities, the Working Party on the Protection of Individuals with regard to the Processing of Personal Data (“G29 Group”) or the European Data Protection Committee.

Personal data is also protected by the professional secrecy to which we are bound.


  • Personal data” means any information relating to a natural person who is identified or can be identified directly or indirectly by an identifier such as a name, telephone number, postal address, e-mail address, identification number, location data, etc.
  • Processing of personal data” means any operation carried out on personal data such as collection, recording, organization, storage, adaptation, modification, retrieval, consultation, use, interconnection, limitation, deletion, destruction…
  • Data controller” means the natural or legal person, public or private, or the department, which alone or together with others determines the purposes and means of the processing.
  • Processor“: the natural or legal person, public or private, or the service that processes personal data on behalf of the data controller.


ROREGIS has appointed a Data Protection Officer. Specialized in personal data protection, his mission is to inform and advise the data controller, to ensure compliance with the applicable regulations and in particular to ensure that the rights of individuals are respected (see paragraph 9 below). The Data Protection Officer is also the main contact for the French National Commission for Information Technology and Civil Liberties (CNIL).


The personal data we collect or hold is strictly necessary for our business to enable us to offer you suitable products and/or services.

We are required to collect :

  • Identity-related data such as first name(s), last name(s), date and place of birth…
  • Contact information such as postal address, business e-mail address, telephone number(s),
  • Identification and authentication data such as the specimen signature…
  • Occupational status data such as job title,
  • Banking and financial data such as card number.

Data may be collected directly from the data subjects or indirectly from external sources such as :

  • publications or databases such as the Journal Officiel, the Bulletin Officiel des Annonces Civiles et Commerciales
  • publications or databases such as the Journal Officiel, the Bulletin Officiel des Annonces Civiles et Commerciales
  • websites, social networks concerning data that you have made public
  • sponsorships
  • the use of prospect files
  • databases made publicly accessible by third parties.

Finally, we also collect personal data in order to advise you in the best possible way and to set up products and services from other companies in our group, in order to meet your expectations and needs, particularly in terms of insurance, remote surveillance or telephony.


The processing carried out by ROREGIS is for specific, explicit and legitimate purposes.

Personal Data may be processed for :

  • comply with our legal and regulatory obligations such as :
    • knowledge of natural persons (manager, beneficial owner or other interlocutors of legal entities whose accounts we manage), the fight against money laundering and the financing of terrorism,
    • to combat tax fraud,
    • of tax audits and returns,
    • obligations related to the financial markets and the security of the transactions carried out,
    • for determining tax status,
    • official requests from duly authorized public or judicial authorities.
  • to take pre-contractual steps, to conclude and execute contracts concluded with the legal person
    • present the characteristics of the products and services,
    • Establish the contract and manage the banking relationship, the granting of credit, the collection of guarantees,
    • to manage and execute our services for the products and services to which you have subscribed, such as payment transactions (transfers, direct debits, etc.),
    • to collect our receivables.

When the data collected is necessary for the execution or management of the contract or for compliance with legal and regulatory obligations, if it is not possible to collect this data, ROREGIS may be required to terminate the banking relationship.

  • pursue the legitimate interests of Crédit Mutuel and in particular to :
    • to keep proof of our exchanges, operations and transactions,
    • Route business-to-business communications to the appropriate contact person,
    • assess its risks, particularly in terms of security, prevention of non-payment and fraud.
  • to follow the treatments for which we have consent and in particular for :
    • to communicate and propose our offers to you by electronic means (e-mail, alerts on mobile sms, virtual assistant…). These communications concern our existing services and products as well as new services and exclusive offers that may be of interest to you. You can let us know at any time that you no longer wish to receive commercial communications. If you request that we no longer receive communications from you, or if you wish to receive such communications again, we will keep a computer record of such requests as evidence,
    • new processing operations set up for purposes other than those described above. In this case, we will inform you and if necessary ask for your consent.


Your personal data will only be passed on to authorised and specified recipients.

The following may be recipients:

  • Our institution as the data controller,
  • Our staff is empowered by the sales network and the sales management,
  • The establishments and companies in the group to which we belong and our partners,
  • Service providers and subcontractors performing services on our behalf,
  • Guarantors,
  • Brokers and insurers,
  • Duly authorized judicial and/or administrative authorities,
  • Regulated professions (e.g. notaries, lawyers, bailiffs).

In terms of data sharing, the institutions, member companies of the group to which ROREGIS belongs, partners, guarantors, brokers and insurers, and service providers may be recipients as subcontractors or for the needs of the institution, the conclusion and management of contracts, to facilitate the necessary updates and rectifications and, where applicable, to meet their regulatory obligations.


(the data of the directors will follow the same regime as those of legal entities in terms of conservation)

Your personal data is kept for the duration of the relationship as long as the legal entity uses our products and services. It may be retained beyond the end of the relationship, in particular to comply with applicable regulations, to enforce our rights or defend our interests.

Your data may be archived for a longer period of time for the management of claims and/or litigation, to meet our regulatory obligations, to satisfy the request of duly authorized judicial or administrative authorities.

With regard to customers, depending on their nature and the applicable legislation, data may be kept for up to 11 years after the end of the relationship or the transaction.

Your personal data is therefore kept for the time necessary to achieve the purposes for which it is collected and processed. It will be securely destroyed or anonymized.

Where personal data are collected for more than one purpose, they are kept until the longest retention or archiving period has expired.


Your personal data may be transferred in limited cases and for strictly defined purposes to a country outside the European Union. We will ensure that they are protected:

  • By the existence of an adequacy decision issued by the European Commission which recognizes the recipient country as having an adequate level of protection,
  • If the level of protection has not been recognised as equivalent by the European Commission, we rely on the implementation of appropriate safeguards such as standard contractual clauses approved by the European Commission.


You have rights concerning the collection and processing of your personal data, which may be exercised under the conditions set out in the regulations in force, namely:

  • The right to be informed in a comprehensible and easily accessible way about the purposes of the processing and the length of time they are kept as specified above,
  • The right to access your data,
  • The right to rectify and obtain the modification of your data which would be inaccurate or incomplete,
  • The right to have your data erased unless we have legal or legitimate reasons to retain it,
  • The right to object to the processing when it is based on the legitimate interest of the controller,
  • The right to object, at any time and at no cost, without having to give reasons, to your data being used for commercial prospecting purposes aimed at the legal entity,
  • The right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 or on the website

We would like to point out that the exercise of some of these rights may result in ROREGIS being unable to provide the service on a case-by-case basis.

You may exercise any of the rights listed above by writing to the following address MR DELEGUE Á LA PROTECTION DES DONNEES, 63 chemin Antoine Pardon, 69814 TASSIN CEDEX.


We implement technical and organisational measures to protect your data, including the implementation of appropriate physical, logical and organisational security measures, encryption and anonymisation to guarantee the confidentiality and integrity of your data and to prevent unauthorised access.


Our privacy policy will be regularly updated to take into account legislative and regulatory changes.

We invite you to take note of the latest version available on our sites.

Votre demande a été envoyé envoyer avec succès

Vous allez bientôt recevoir un message de ROREGIS, veuillez consulter vos spams si vous ne trouvez pas ce mail dans votre boîte email. Merci pour votre demande