Personal data protection policy
Given below is our policy on the processing of personal data (the “Data”).
- WHO IS THE DATA CONTROLLER IN CHARGE OF COLLECTING YOUR PERSONAL DATA?
In pursuance of Regulation (EU) 2016/679 of 27 April 2016, the “General Data Protection Regulation” (hereinafter the “GDPR”), PAREF, a public limited company incorporated under French law, registered in the Paris Companies Register under number 412 793 002, having its registered office at 153 boulevard Haussmann, 75008 Paris (hereinafter “the Company”), is the data controller for your personal data (within the meaning of the GDPR).
When you fill out a form on the website (hereinafter the “Website”) or when you enter a business or investment relationship with the Company, some Data may be collected by or on behalf of the Company.
- WHAT CATEGORIES OF PERSONAL DATA ARE COLLECTED AND WHY ARE THEY COLLECTED?
- The personal data collected to communicate with you
In order to answer when you fill out a contact form on the Website, the Company may collect the following Data:
- surname, first name,
- contact details (email address, postal address, phone number).
This Data is gathered for the sole purpose of responding to your information request and its processing is subject to your consent.
- The personal data collected for the purposes of registering and managing your investment
As part of your investment, we collect data from your personal profile in order to identify and contact you. When appropriate, your information will also help us manage your investments and pay the related dividends. In this context, the Company may collect the following Data:
- surname, first name,
- copy of your ID card, passport or residence permit,
- contact details (email address, postal address, phone number),
- bank identifier (RIB, IBAN, BIC),
- residence proof,
- family situation (marital status, number of children, etc.),
- assets and liabilities (any component of your assets and liabilities, information on any securities),
- financial and fiscal data (income and other resources, means of payment, company registration certificate, balance sheets, tax assessment notice),
- data on your professional activity (occupation, type of employment contract, employer’s name and address, role in the organisation, representation of a legal entity).
We use this Data for the study of the solvency of our clients as well as the management and follow-up of our relationship, notably the management of contracts, of invoices and cash collection, the management of the claims, the recovery of unpaid debts and the management of litigation. The collected data is essential for these operations.
If you are a legal entity, we also collect the Data of your management and employees, whose details are required for the purposes of concluding and executing your investment contract.
When you visit the Website, we collect the data transmitted by your browser to our server. This processing is executed for the legitimate purpose of improving the stability and features of the Website. The Data will not be transmitted or used for any other purpose under any circumstances.
We use Google Analytics to analyse our web traffic. This is a Google tool for analysing internet audiences, enabling better understanding of the behaviour of our users. This tool generates statistics of use of the Website without the users being personally identified.
For information about cookies, please click on this link.
- LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process your Data in accordance with our legal and regulatory obligations, including:
- when you have freely granted us your consent;
- when the processing is necessary for executing pre-contractual measures or for executing a contract;
- when the Company must comply with legal or regulatory obligations;
- when a legitimate interest of the Company justifies the processing.
We do not process your Data for any other purpose (unless you have expressly given your consent in a specific writing); in particular, we do not use your Data for commercial purposes that are unrelated to the investment you have made or to those you wish to make in the future.
- HOW LONG IS YOUR PERSONAL DATA STORED?
Your Data is stored for a limited duration corresponding to purpose of use for which it was collected, in accordance with the regulations in force and in compliance with the legal, regulatory and contractual obligations of the Company.
Hence, in the case of investors, the Data is stored for the entire duration of the equity interest and for a maximum of five years after the end of the investment period, except for the Data that the Company is obliged to retain for regulatory, legal or fiscal obligations and which have to be stored for a longer duration. In this context, the Data is stored in compliance with this legal, regulatory or fiscal duration of retention. If you wish to cancel your investment or waive your equity interest by withdrawal or transfer, we pledge, on request, to erase or return your Data, unless it has to be stored for archiving purposes, in accordance with the legal, regulatory or fiscal requirements of the Company.
For tenants, the data is stored for the entire term of the contractual relationship and for three years afterwards for residential tenancy, or for five years afterwards for commercial or civil tenancy, following the end of the relationship.
The Data that is communicated to us by our clients or prospective clients for the purpose of receiving business offers is retained for as long as the client or prospective client remains active, and for a maximum of three years after the last contact with the said person.
For potential tenants, if a lease agreement cannot be established, the information is stored for three months after it is collected.
For business relationships, the collected Data is stored for the duration of the business relationship.
Concerning Data collected to respond to one of your requests, this Data is stored for the duration of handling of your request.
After expiration of these time periods, the corresponding data is erased or de-identified, provided that it is no longer required for executing a contract, for complying with a legal obligation or for serving as proof of right and/or provided that there is no longer any legitimate interest in retaining it.
- HOW IS YOUR PERSONAL DATA PROTECTED?
We have implemented appropriate technical and organisational security measures to protect personal data from accidental or illegal destruction, accidental loss, alteration and unauthorised disclosure or access, in accordance with the provisions of the GDPR.
- TO WHOM IS YOUR PERSONAL DATA DISCLOSED?
To carry out its tasks, the Company must disclose your Data to the following entities:
- The companies affiliated to PAREF group for management requirements,
- The banks involved in the management process,
- The tax authorities on request,
- Our consultants from whom we seek advice if necessary,
- The service providers who intervene in the strict framework of the implementation of our processing, for:
- managing the investment relationship;
- managing the immovable property;
- managing the pre-litigation and litigation procedures;
- managing the documents required by the regulations or for legal reasons;
- operations of maintenance and administration of websites.
- WHAT TRANSFERS OF PERSONAL DATA ARE EXECUTED OUTSIDE THE EUROPEAN ECONOMIC AREA?
Your Data is not transferred to countries located outside the European Economic Area (hereinafter the “EEA”), where the laws on data protection do not offer an adequate level of protection, especially as regards the processing, hosting or granting of remote access to the Data. If data has to be transferred within the EEA, we guarantee (i) that every transfer shall be covered under appropriate guarantees in accordance with the applicable laws and regulations on data protection and (ii) that the applicable rights of the data subject and the effective legal remedies shall remain available.
- WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA, HOW CAN YOU EXERT THEM AND HOW TO CONTACT US?
- Your rights regarding the processing of your personal data
Regarding the processing of your Data, you have the right:
- to obtain a copy of the Data that we possess about you and to receive information on its processing;
- to request an update or a correction of any inaccurate or incomplete Data;
You also have the right:
- to oppose the processing of your Data or restrict it;
- to request the deletion of your Data;
- to request the transmission of some of your Data or the transfer of your Data to another data controller.
- Contacting us to exert your rights
If you wish to exert your aforementioned rights or if you have any questions regarding the use of your Data, you may contact the Company using one of the following options:
- You may send us an email at the following address: firstname.lastname@example.org
- You may write to us at the following postal address:
Personal data processing division
153 boulevard Haussmann
Please clearly specify the information that you wish to obtain, modify or delete, or for which you wish to limit processing.
You may also contact us if you have any questions regarding our processing of your Data, using one of the above contact options.
Your requests will be processed as soon as possible. In addition to your request, we request that you attach a photocopy of a document proving your identity.
- RIGHT TO FILE A CLAIM WITH A COMPETENT AUTHORITY IN MATTERS OF PERSONAL DATA PROTECTION
You may file a claim with the French Data Protection Agency (“CNIL” – Commission Nationale d’Informatique et des Libertés), which is the regulatory authority charged with ensuring compliance with the Regulation on the protection of personal data in France, if you believe that your personal data is being processed in a manner constituting a breach of the GDPR, directly on the website https://www.cnil.fr/fr/agir or by post at the following address: Commission Nationale de l’Informatique et des Libertés, 3 Place de Fontenoy – TSA 80715, 75334 PARIS CEDEX 07.
- MODIFICATION OF THIS PERSONAL DATA PROTECTION POLICY
This policy reflects our current protection standards, and may be subject to modifications. Any change shall become effective starting from the publishing of the latest updated version of this Data protection policy.
In the event of any modification, we shall publish these changes on this page and wherever we deem appropriate, depending on the purpose and importance of the changes.
Insert a link to the “General Terms and Conditions of Use” page