BE A RESPONSIBLE COMPANY

• Ethics, anti-corruption, anti-money laundering and terrorist financing
• Personal Data Protection
• Cybersecurity
• Sustainable purchasing

Mobilize Financial Services does not directly engage in lobbying activities with public authorities, as it is a subsidiary of Renault Group. Renault Group oversees its advocacy activities through its anti-corruption code and a dedicated code of ethics, ensuring compliance with legal procedures and adherence to the highest ethical standards. 

Our Group does not finance religious institutions or political parties and is not involved in sponsoring political campaigns, in accordance with Renault Group’s Ethics Charter.

We apply principles of responsibility to external collaborations and supplier relationships. This responsible purchasing approach includes: 

• A Responsible Purchasing Charter that commits Mobilize Financial Services and its suppliers to mutual obligations
• A program to enhance the skills of our buyers in addressing new challenges related to responsible procurement

To conduct its activities and provide secure services to customers, Mobilize Financial Services addresses the growing threat of cyberattacks by regularly providing mandatory reminders, tests, and training to all employees. 

Our cybersecurity policies and procedures, based on established standards such as ISO 27001, are continuously strengthened through regular internal and external assessments and audits. Audits are conducted on a regular basis, several times a year, both at the corporate level and within subsidiaries, ensuring continuous and strengthened monitoring.

We have also implemented an incident response system and a Disaster Recovery Plan to ensure effective management of cyber incidents and operational continuity. A dedicated governance structure oversees cybersecurity management, including regular reporting to the Board of Directors, demonstrating commitment at the highest level. 

This comprehensive approach aims to safeguard our assets, ensure service continuity, and maintain lasting trust with our customers and partners.

Authority responsible for overseeing personal data protection

Within RCI Banque S.A., the highest authority responsible for overseeing the company's strategy and performance in terms of personal data protection and data security is the Chief Executive Officer (CEO) of RCI Banque S.A., who is designated as the data controller with the French Data Protection Authority (CNIL).

RCI Banque S.A. has established a dedicated team responsible for managing data privacy.

At the local level, the General Director of each entity is designated as the data controller, ensuring accountability and compliance with applicable data protection regulations. Where required by local regulations, data protection correspondents are appointed in each country where Mobilize Financial Services operates.

Publicly available data protection policy and notices

Mobilize Financial Services has a publicly accessible Data Protection Policy, available here:

Ethics and Compliance – Mobilize Financial Services 

This policy:

- Applies to all Group activities;

- Describes the processes implemented to identify, manage, and remediate personal data breaches that may negatively impact consumers;

- Covers suppliers and business partners that process the company’s data or have access to its network;

- Recalls the obligation to integrate the principles of “privacy by design” and “privacy by default” into every project.

In addition, a personal data protection notice is made available to customers and employees of each entity within the Mobilize Financial Services Group (example of a data protection notice for customers of RCI Banque S.A.’s savings activity: Data Protection Policy – Renault Bank).

Each personal data protection notice:

Ensures transparency regarding the methods and purposes of data collection;

Specifies how data is shared, including with third parties, as well as the associated purposes;

Defines individuals’ rights, enabling them to control their personal data;

Details the rights granted to customers and other individuals, particularly regarding access to, correction, and deletion of their data (free of charge);

Presents the organizational and operational measures implemented to reduce the risks of data breaches and to respond to security incidents.

Access control and data protection measures (including data anonymization)

Mobilize Financial Services has implemented both organizational and technical measures to protect personal and sensitive data.

These measures include limiting data collection, deploying a data classification policy, anonymizing databases, encrypting data both in transit and at rest, implementing data loss prevention mechanisms, as well as ensuring the secure and timely deletion of data to mitigate risks.

Training and awareness

Mobilize Financial Services Group entities regularly provide training to their employees on risks related to data protection and information systems security, with a target of 100% completion by 31 December each year.

These training sessions apply to all employees, including those on permanent contracts, fixed-term contracts, interns, and apprentices.

Following the initial training, refresher sessions are organized periodically to maintain a high level of awareness over the long term.

Mobilize Financial Services is fully compliant with the variable remuneration policy set forth by the European Central Bank to ensure that remuneration is consistent with sound and effective risk management.