Access the presentation of the AMF
Access our missions: regulate, supervise, inform and protect
The Autorité des Marchés Financiers (hereinafter also referred to as "the AMF") ensures compliance with European Regulation n° 2016/679 on the protection of natural persons with regard to the processing of personal data ("GDPR") and with the French Data Protection Act No. 78-17 of 6 January 1978, the provisions of which have been rewritten by Order No. 2018-1125 of 12 December 2018.
The Personal Data Protection Policy (hereinafter the "Policy") sets out the information relating to the personal data (hereinafter the "data") processed by the AMF, the purposes and basis for such processing, the sharing of such data with third parties, your rights relating to your data and the security measures put in place by the AMF to protect such data.
This Policy applies to data collected directly or indirectly within the framework of the AMF's missions and to data collected via the www.amf-france.org website (hereinafter the "AMF Website").
The Autorité des Marchés Financiers (the AMF) (17 place de la Bourse 75002 Paris) is the data controller for your data. This means that the AMF determines the purposes of and means by which your data are processed.
The AMF has appointed a Data Protection Officer (DPO) who is your point of contact for all questions or requests relating to the processing of your data. You will find the contact details of the DPO below in the section “What are your rights and how to exercise them”.
The AMF is an independent public authority whose missions consist of ensuring the protection of savings invested in financial instruments, overseeing investor information and ensuring the proper functioning of markets in financial instrument (Article L. 621-1 of the French Monetary and Financial Code).
Within the framework of its missions, the AMF collects your data in several ways:
Data may be obtained from third parties (investment services providers, electronic communications operators, Tracfin, etc.) as part of public interest duties and the exercise of the AMF’s public authority. It includes, for example:
The AMF collects, stores and uses your data:
The AMF keeps the data collected for as long as is strictly necessary for the purpose of the data processing and within the limits provided for by European and national legislation if it allows for a longer storage period. For example, data collected in the context of the approval and monitoring of market participants and asset management players are kept for 10 years after the end of the activity.
The AMF processes data only for the specific purposes for which they were collected or for purposes compatible with them, in accordance with the rules on further processing of data laid down in European and national regulations on the processing of personal data. The collected data are under no circumstances used for commercial purposes.
The AMF may share your data:
In the case of data provided to it by a whistleblower, the AMF may only transmit such data to a third party under the conditions provided for in the Sapin 2 Act No 2016-1691 of 9 January 2016 and Instruction No 2018/13 specifying the procedural rules applicable to the receipt and processing of reports of offences.
 Articles L. 631-1, L. 631-2-1, L. 621-21-1, L. 632-1, L. 632-4, 632-6-1, L. 632-16 and the article L. 632-11-2 of the French Monetary and Financial Code.
Given the international dimension of our oversight and investigation missions, the AMF may transfer your personal data to its counterparts located in the European Economic Area (EEA) and outside the EEA.
As a matter of principle, the AMF collects and processes personal data solely for the purpose of carrying out the duties entrusted to it, pursuant to Article L. 621-1 of the Monetary and Financial Code.
In the context of international cooperation with its foreign counterparts, the AMF undertakes to implement the guarantees set out in the Administrative Arrangement of 7 January 2019 for the transfer of personal data among the financial supervisory authorities of the European Economic Area (EEA) and the financial oversight authorities of non-EEA countries, without prejudice to the European Commission’s adequacy decisions with respect to certain countries.
In particular, when the AMF collects and processes personal data transferred in accordance with the Administrative Arrangement, it guarantees that it will:
With regard to the personal data transferred under the Administrative Arrangement, you may send a written request to the AMF in order to be informed by the AMF about the processing of your personal data, to access them, correct any inaccurate or incomplete personal data, as well request for their deletion, the limitation of their processing, or oppose their processing:
Nevertheless, due to the sensitive nature of our public interest mission and the professional secrecy to which we are bound, these guarantees could be limited in certain situations, in particular when they are likely to compromise the purposes of the processing operations concerned (Article 14(5)(b) of the GDPR), when they affect the professional secrecy to which the AMF is subject (Article 14(5)(d) of the GDPR and Articles L. 621-4 and L. 612-24 of the French Monetary and Financial Code) or when they compromise our oversight and enforcement actions (Article 48 of the French Data Protection Act).
In each case, the AMF will assess whether the restriction imposed is appropriate. The restriction imposed should be necessary and provided for by law, and will be maintained only for as long as the reason for the restriction remains.
If you consider that your personal data have not been used in accordance with these guarantees, you may make a complaint to the authority that transferred the data, the authority receiving the data or both authorities. To do this, you can contact the AMF’s Data Protection Officer, whose contact details are given below. In this case, the authorities concerned shall endeavour to settle the complaint or dispute amicably as soon as possible.
Should the dispute remain unresolved, other means may be used to resolve it, unless the request is manifestly unfounded or excessive. These means include participation in mediation, as well as in other non-binding dispute resolution procedures initiated by the natural person or authority concerned.
Should the dispute fail to be resolved by cooperation of the authorities, mediation or by other non-binding dispute resolution procedures, and if the AMF considers that the receiving authority has not acted in accordance with the guarantees set out in the Administrative Arrangement, it will suspend the transfer of personal data to this authority, until it considers that the issue raised has been satisfactorily resolved by the receiving authority and will inform you accordingly.
For all questions or requests for information about these recourses, you may contact the AMF:
 Non-EEA countries recognised as presenting equivalent guarantees are: Switzerland, Argentina, Faroe Isles, Guernsey, Israel, Japan, Isle of Man, Jersey, New Zealand and Uruguay (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)
The AMF implements technical and organisational security measures to protect your data and to prevent all destruction, loss, alteration or modification, as well as any unauthorised access or disclosure, whether accidental or illegal.
Pursuant to Article L. 621-4 of the French Monetary and Financial Code, AMF staff and employees are bound by professional secrecy and may not disclose to any person or authority whatsoever the confidential information of which they have become aware (subject, however, to the exceptions mentioned in the answer to the “With whom do we share your data?” question in this Policy).
The AMF also asks its service providers who process data on its behalf to take the necessary security measures.
Under the GDPR, you have the rights specified in Articles 12 to 21 of the GDPR.
However, given the sensitive nature of our public interest mission and the professional secrecy to which we are bound, the exercise of these rights is likely to compromise the purposes of the processing operations concerned. Your guarantees may therefore be limited in certain situations in accordance with Article 14(5)(b) and (d) of the GDPR, Article 48 of the French Data Protection Act and Articles L. 621-4 and L. 612-24 of the French Monetary and Financial Code, for example for reasons of professional security or the proper conduct of an investigation.
Except in these cases, you may, at any time exercise your right of access to your personal information in order to complete, modify, correct, delete or oppose its processing for legitimate reasons in accordance with applicable data protection laws.
You may also sometimes request that the processing of your data be limited and, in some cases, you may ask us to transfer your data (if this is technically possible and within the limits of the AMF’s professional secrecy obligations) or to send them to another processing officer.
When the processing of your data is based on your consent, you may withdraw your consent at any time. This withdrawal will not affect the validity of the processing of your data prior to the withdrawal.
If you wish to exercise these rights, you must send a request with a copy of your ID card, passport or any other identity document:
We ask you for proof of your identity in order to ensure that we respect your data and do not send it to a third party.
If you contact us to exercise your rights, we will inform you within one month as from the receipt of your request of the action taken on it. If necessary, this period may be extended by two months, taking into account the complexity and number of requests (Article 12(3) of the GDPR). In this case, we will inform you within one month as from the receipt of your request. We reserve the right not to respond to request that are clearly unfounded or excessive. Your request will be kept as long as an appeal is possible.
At any time, if you consider that your rights have not been respected, you may also file a complaint with the French Data Protection Committee (Commission Nationale Informatique et Libertés, CNIL).