Data Protection Policy | Management And Governance

��ѻ��ý is committed to protecting the privacy of its clients, employees and partners. In order to do so, ��ѻ��ý has adopted Binding Corporate Rules (BCR) as its global data protection policy.

��ѻ��ý BCR apply to all ��ѻ��ý entities and their employees, ensuring a strong standard of protection for all personal data processed by ��ѻ��ý, whether on its own behalf and on behalf of its clients. ��ѻ��ý BCR include both its EU and UK BCRs.

In addition to being ��ѻ��ý’s global data protection policy, BCR allow ��ѻ��ý to safely transfer personal data among entities of the Group, in compliance with the EU General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (UK GDPR).

Download EU BCR (Controller activities)

Download EU BCR (Processor activities)

��ѻ��ý EU Binding Corporate Rules (EU BCR) for Controller & Processor activities were initially approved by the European Data Protection Authorities in March 2016 and subsequently updated in January 2019 to comply with the General Data Protection Regulation (GDPR).

��ѻ��ý EU BCR for Processor activities were last updated in April 2023 to align with additional obligations stemming from the so-called Schrems II decision.

��ѻ��ý EU BCR for Controller activities were last updated in April 2025 to comply with the updated European Data Protection Board (EDPB) requirements.

These updates were reviewed and approved by the European data protection authorities as required.

��ѻ��ý is actively collaborating with the CNIL, as its lead data protection authority, to ensure its EU BCRs are kept up-to-date and comply with the latest requirements from the EDPB.

Download UK BCR (Controller activities)

Download UK BCR (Processor activities)

��ѻ��ý UK Binding Corporate Rules (UK BCR) for Controller & Processor activities were approved in March 2022 by the ICO, the UK Data Protection Authority, following the Brexit.

Our objective

As part of our Environmental, Social and Governance policy, we have set ourselves the objective to:

Embed data protection into our culture, operations and clients’ delivery.