Personal data protection

As a data controller, Mirova processes personal data in accordance with laws relating to the processing of personal data, including Act No. 78-17 (January 6, 1978) which pertains to information technology, data files and civil liberties, as well as Regulation 2016/679 of the European Parliament (April 27, 2016) (the General Data Protection Regulation, commonly referred to as the “GDPR”) which pertains to the protection of natural persons with regard to the processing of personal data and the free movement of such data and which came into force on May 25, 2018.

Mirova monitors changes to legislation pertaining to the protection of personal data to make sure that it is in compliance and that it processes data lawfully, fairly, and in a transparent manner.

Mirova maintains a register of processing activities under its responsibility.

The purpose of this notice is to define the terms and conditions for the processing of personal data by Mirova via its website and as part of the services it provides.


  •  Data processing purposes

Personal data shall be collected and processed for specific purposes and shall not be processed at a later date in a manner incompatible with those purposes, except in cases provided for by law. These purposes may include entering into a contractual relationship (with the customer’s knowledge), setting up operational processes, sending research updates to subscribers, and complying with our legal and regulatory obligations (particularly those which prevent money laundering and terrorist financing). The data processed shall be relevant and limited to only what is necessary for the purposes for which it is being processed.


  • Data processed

Mirova may need to process the following personal data:

  • Personal information (first name, last name, age, nationality, occupation, etc.)
  • Personal information issued by government agencies (identity documents, etc.)
  • Contact information (address, telephone number, email)
  • Bank information (account number)
  • Login information.

This data may be collected directly from you, or indirectly through one of our counterparties.

Mirova does not process data related to ethnicity, sexual orientation, political affiliation, religious or philosophical beliefs, or union membership. It does not process genetic, biometric, or health-related data, nor does it process data related to criminal convictions and offenses, unless necessary and required or permitted by applicable legislation.


  • Retention period

Data shall not be kept for longer than is required in order to provide the service requested and shall not exceed the limits imposed by the legislation in force. When Mirova no longer needs your data, we will ensure that it is safely destroyed or anonymized in accordance with our internal policy.                             
Some data may be retained for an additional period of time so that we can manage claims and pre-litigation and/or litigation, so that we can meet our commercial, legal, and regulatory obligations, or so that we can respond to requests from authorized authorities.


  • The sharing and transfer of data outside of the European Union

We may share your personal data, either with our subprocessors, or with regulatory organizations with whom we are legally obliged to share information. In the course of managing our commercial relations, we may disclose and/or transfer personal data to countries outside the European Union. We will do this only in order to execute a contract which you have signed, to fulfill a legal obligation, to protect the public interest, or to defend Mirova’s legitimate interests.


  • Data security and privacy

Mirova shall take necessary measures to ensure the data we collect is kept secure and confidential, that is, to ensure that only authorized associates tasked with processing data related to our services, will have access to your data and that their clearance is limited.


  • Procedure in case of a data breach

Mirova shall inform the National Commission of Informatics and Liberties (CNIL) of any breach of personal data within at least 72 hours of having become aware of the breach. If a data breach is likely to pose a high risk to the rights and freedoms of a natural person, Mirova shall inform the person concerned as soon as possible.


  • Your rights

Under the current legislation on data protection, you have the following rights:

  • The right to access all of your personal data,
  • The right to request that your data be updated, corrected, or deleted, subject to legitimate grounds,
  • The right to oppose your data being processed for legitimate reasons as well as for prospecting without any justification,
  • The right to request that your data be transferred, for data processing which is dependent on your consent or on the execution of a contract which has been, or will be, carried out.
  • The right to ask that Mirova limit the processing of your personal data,
  • The right to withdraw your consent at any time (for all data processing subject to your consent),
  • The right to lodge a complaint with a competent supervisory authority, namely that of the country in the European Economic Area where your habitual residence or your workplace is situated, or where the alleged violation of the regulations occurred (in France, the CNIL:

You may exercise your rights at any time by contacting our Data Protection Officer:

59 avenue Pierre Mendès-France
75013 Paris France