Worldline - Registration Document 2016

A

Corporate and social responsibility report Annex III - Being an ethical and fair good player in business

Data protectionPolicy A.4.1.2.3 The first pillar is the Worldline Data Protection Policy. It sets up the most stringent personal data protection principles. 95/46 on personal data protection; these are considered to be protection principles based on the provisions of EU Directive Directive 95/46/EC of October 24, 1995 (the “Data Protection European Union, Iceland, Norway and Liechtenstein). In France, European Economic Area (the “EEA,” which includes the Directive”) is the point of reference on the matter within the amendment having been adopted through law no. 2004-801 of information technology, data files and civil rights, with the main amendments to law no. 78-17 of January 6, 1978, which relates to the Data Protection Directive was implemented through various August 6, 2004. Directive by the EEA member states has given rise to a certain throughout the EEA, the implementation of the Data Protection Although personal data legislation has to be harmonized been established, some of which are more restrictive than those degree of variation among the regulatory regimes that have established by the directive itself. In order to guarantee entities and their employees, founded on three key elements: adopted a consistent policy which is obligatory for all of its compliance with all applicable national laws, the Atos group has implemented; and A set of procedures that ensure that such principles are (ii) positions and responsibilities. A training program for all Group employees, tailored to their (iii) payment value chain to reduce risks, facilitate competition and the entire payment ecosystem to define and improve the for the benefit of the consumer and the merchant. transparency while encouraging innovation and standardization Worldline is working closely with the European Commission and management of the topic. Security, significant resources have been allocated to the close cooperation by the Group LCM department and Group The Atos group Chief Data Protection Officer, who reports Personal Data & Privacy Protection Organization, established in Management (“LCM”) department and an 80-member strong executives of the Group Legal, Compliance and Contract directly to the Group Head of compliance – one of the key policies, practices and tools is a fundamental element in the improve its efficiency and the reach of personal data protection cooperation with the Group Security Organization in order to This organization, which has been restructured in close continued implementation and extension of this strategy. A set of principles based on the Data Protection Directive; (i) Governance A.4.1.2.4

personal data a high level of protection. legal regime. The business opportunities created by the their employer compliance with the strictest applicable local data is a key topic for Worldline’s employees who expect from First of all, as a fundamental right, the protection of personal commitments as well as to implement strong organizational and processing of personal data requires Worldline to adopt formal big data demonstrates. For these very important reasons, the processing of personal data are tremendous, as the debate on security measures to guarantee to employees’ and customers’ protection approach based on three pillars: Worldline has implemented a comprehensive personal data Data protection policy; ● Data protection procedures; ● Raising employee awareness of personal data protection ● issues. internally as externally. on the highest European standards of regulations, deployed Worldline’ comprehensive approach to data protection based data). This approval constitutes an official recognition of and as a data processor (i.e. for the processing of its customers’ personal data both as a data controller (i.e. for its own purposes) Atos group Binding Corporate Rules for the processing of European data protection authorities in coordination with the This approach has been strengthened by the approval of located in. same obligations and processes, whatever the country they are Directive. All Atos group entities worldwide are bound by the high level of protection as defined in the European Union that the personal data processed by Worldline benefits from a data processing on behalf of its clients and for itself. This means authorities of its Binding Corporate Rules (BCR) for personal obtained the approval of the European data protection On November 4, 2014, the Atos group, including Worldline, European personal data protection authorities have recognized The approval of the Binding Corporate Rules means that the personal data protection, as further explained in Chapter 6.9.5 of and validated Atos group’s global and stringent approach to the Registration Document on personal data protection. same level of protection when acting as a data processor for all employees’ personal data only, Worldline is able to ensure the More than offering such highest level of protection to its employees. regarding personal data of end users, customers and customer requirements in terms of security and compliance its customers’ personal data. Consequently, Worldline meets Binding Corporate Rules: the first IT clients’ personal data company certified for the processing of A.4.1.2.2

322

Worldline 2016 Registration Document