BNPP Supplemental Supplier Terms

Last Updated: October 25, 2022


C2FO will provide certain data to BNP Paribas as part of this program. BNPP is governed by and acts in compliance with the terms of the Data Protection Acts 1988 – 2018 and the General Data Protection Regulation 2016/679 (“GDPR”). Supplier acknowledges that for the performance of its services, BNPP may be required to collect personal data in respect of the Supplier, and that BNPP may, as controller (as this term is defined in the GDPR):

    1. record, retain, use and otherwise process records and information about the Supplier and any individual whose personal data is disclosed to BNPP by or on behalf of the Supplier (each a “Data Subject”); and
      1. use and otherwise process information about the Supplier’s accounts and transactions, for the purposes of providing the services or other purposes reasonable ancillary thereto or otherwise states in BNPP’s Data Protection Notice located on its global CIB corporate website ( as amended from time to time (the “Data Protection Notice”) and or to comply with applicable laws.

The Data Protection Notice sets out the obligations of BNPP and each Data Subject’s rights regarding this collection, use and other processing and provides the legally required information in this respect, including information regarding the legal basis for the processing, the sources and categories of the collected Personal Data, the categories of recipients of the Personal Data and the criteria used to determine the period for which the Personal Data will be stored.



Unless legally or contractually obliged to do so, the Supplier and its Data Subjects are not subject to any obligation to provide the Bank or any of its Affiliates with its or their Personal Data. However, access to and use of any services provided by BNPP or any of its Affiliates under the C2FO program may not be able to commence or continue if the Supplier or its Data Subjects do not provide Personal Data on request.