Personal data policy
The Primonial Group attaches great importance to the protection of privacy and ensures that your personal data is protected.
The companies of the Primonial Group are subject to applicable rules on the protection of personal data and, in particular, the European Data Protection Regulation no. 2016/679 of 27 April 2016 (known as the "GDPR") as well as all the rules of domestic law in application of the latter, in a subsidiary capacity.
This document reflects and describes our policy in this area in a clear and simple manner and informs you of the conditions under which the Primonial Group, in its capacity as data controller, collects and uses your personal data in accordance with the data protection principles of the group companies and the means at your disposal to control this use and exercise your rights relating thereto.
• Personal data: any information or data relating to an identified or identifiable individual (e.g. name, address, contract references, telephone number, photograph, date of birth, IP address, etc.).
• Processing: any operation or set of operations which is performed on personal data, whether or not by automatic means: collection, recording, organisation, storage, alteration, rectification, retrieval, consultation, extraction, use, or provision, alignment, combination, blocking, erasure or destruction of such personal data.
• Cookie et trackeur : means a block of data that is not used for identification purposes, but is used to record information about the customer's browsing through the service. The purpose of cookies and trackers is to collect information relating to your browsing on the sites. These files record information that will be used to facilitate your browsing, adapt your content and optimise certain features.
• Data Processor: the individual or legal entity, public authority, service or other body that processes personal data on behalf of the controller.
WHO ARE THE DATA CONTROLLERS WITHIN THE PRIMONIAL GROUP?
Primonial Real Estate Investment Management: PLC with a Board of directors and Supervisory Board with share capital of 825 100 euros. Registered under no. 531 231 124 00045 RCS Paris - at 37 rue de Liège - 75008 PARIS. Registered office: 36, rue de Naples, 75008 Paris -Telephone: +33 (0)1 44 21 70 00 -Telefax: +33 (0)1 44 21 71 11. Postal Address: 36, rue de Naples, 75008 Paris.
WHAT CATEGORIES OF PERSONAL DATA ARE PROCESSED BY THE PRIMONIAL GROUP?
In strict compliance with current regulations, we mainly process the following personal data:
- Personal data known to be declarative, that is to say collected directly from you or from partners with whom we have a contractual link;
- The personal data generated, in particular, during the use of online services;
- Personal data in the public domain (public part of social networks for example).
In the framework of the processing of personal data for the purposes set out below, Primonial may, for example, be required to process personal data relating to:
- Identification of persons;
- Professional, economic and financial status ;
- The operation of the account, the financial transactions or the products subscribed to.
WHY DO WE COLLECT YOUR PERSONAL DATA?
The personal data collected and processed by the Primonial Group is used in accordance with the principle of minimisation, limiting the collection of personal data only to the purposes defined below:
-Management of a contract to which you are a party;
-Management of compliance with legal obligations concerning the fight against money laundering and corruption;
-Management of oversight by the Autorité de Contrôle Prudentiel et de Résolution and the Autorité des marchés financiers, as applicable ;
-Transactions relating to the commercial management and carrying out of marketing actions;
-Management of the activity of the companies of the Primonial group.
Within the framework of our commercial relationship, and subject to your express consent, your personal data may also be used for prospecting purposes for products or services distributed by the Primonial Group and its business partners. Finally, we may also propose satisfaction surveys to establish your needs and improve our offer. In the event of processing for purposes other than those mentioned above, the Primonial group will agree to specify these purposes and obtain your prior consent if regulations require it. Primonial will only carry out data processing if at least one of the following conditions has been met:
- Consent has been obtained;
- Primonial has a legitimate interest which justifies Primonial processing the personal data concerned ;
- The performance of a contract that binds Primonial to the Customer requires Primonial to process the personal data concerned;
- Primonial is bound by legal and regulatory obligations that require the processing of the personal data concerned, in particular its duty of vigilance under obligations to combat money laundering and the financing of terrorism.
WHO ARE THE RECIPIENTS OF THE PERSONAL DATA PROCESSED BY THE PRIMONIAL GROUP?
The personal data that Primonial collects, as well as that which is collected subsequently, is intended for Primonial in its capacity as data controller.
Primonial ensures that only authorised persons have access to this data. Primonial's providers may be recipients of this data in order to render the services that Primonial entrusts to them. Certain personal data may be sent to third parties (business partners) or to legally authorised authorities to meet Primonial's legal, regulatory or contractual obligations.
The Customer's personal data may be reconciled, pooled or shared between all entities of the Primonial Group.
In addition, Primonial takes appropriate measures to ensure that our subcontractors process your personal data in accordance with applicable data protection legislation.
These measures include, in particular, the signing of an agreement determining the precise scope of the data processing, and requiring data processors, among other things, to process your personal data only under our instructions, not to engage a second-tier data processor without our consent, to take appropriate technical and organisational measures to guarantee the security of your data, to ensure that the persons authorised to access the data are subject to non-disclosure obligations, to return and/or destroy your data at the end of their assignment or contract, to undergo audits and to provide us with assistance in responding to your requests to exercise your rights in relation to your personal data.
Where your personal data is transferred to countries outside the EEA, the Primonial Group will ensure that the following safeguards are taken:
-Ensure that the country to which the personal data is transferred is the beneficiary of an adequacy decision from the European Commission under Article 45 of the GDPR (for more information, please consult the following link: https://www.cnil.fr/fr/la-protection-des-donnees-dans-le-monde) ; or
-Conclude an agreement containing the standard clauses for the protection of personal data adopted by the European Commission under Article 47 of the GDPR (for more information, please consult the following link: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commisioneuropeenne) ; or
-In the event of a transfer to the United States, ensure that the transfer meets the conditions of the EU-US Privacy Shield under Article 45 of the GDR (for more information, please consult the following link: https://www.cnil.fr/fr/le-privacyshield).
If you would like more information about the guarantees provided by the Primonial group for the transfer of personal data outside the EEA, please contact our Data Protection Officer by email at DDP@primonial.fr ou or by post at Primonial – DDP – 6 rue du Général Foy – CS 90130 – 75008 Paris.
WHAT SECURITY MEASURES ARE IMPLEMENTED BY THE PRIMAL GROUP?
Regulations require us to ensure a level of security and confidentiality of your personal data. In this respect, we consider that all data concerning you constitute confidential data subject to the professional non-disclosure requirement binding on us. This data may be transmitted, used or stored according to the security framework described below.
Primonial Group implements and maintains a series of logical, organisational and physical security measures on its IT environments to maintain the security of the data stored in its information system.
We are affiliated with a CERT (Computer Emergency Response Team) and regularly carry out a series of tests on our websites and applications exposed to the web to correct any identified vulnerabilities or flaws. We comply with best information system security practices in terms of backups, data access and incident response.
The Primonial Group ensures that its data processors and providers implement and maintain a safety system that complies with the GDPR.
If we observe an incident with an impact on personal data, we shall, according to the framework imposed by regulations, notify it to the Commission Nationale Informatique et Libertés (CNIL) as soon as possible after becoming aware of it, and inform the persons concerned.
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We have established a data retention policy to ensure that your personal data is kept only for as long as necessary for the purposes for which it is processed.
To determine these durations, we take into account the different purposes for which the data is collected, the persons concerned by the collection, and the compliance with legal, regulatory or professionally recognized obligations to which we are bound. These do not exceed what is strictly necessary for the proper execution of the processing.
The data that is subject to an archiving obligation pursuant to laws or regulations provision will be archived under the conditions provided for by the text(s) in force, in particular Article L.561-12 of the Monetary and Financial Code which imposes a retention period for documents and information, regardless of the medium, relating to the identity of Primonial's regular or occasional customers, of five years from the close of accounts or the termination of relations with the Customer.
For any question concerning the processing of your personal data by the Primonial group, you can contact the Data Protection Officer by email at DDP@primonial.fr ou or by post at Primonial – DPD – 6-8 rue Général Foy – 75008 Paris
WHAT ARE YOUR RIGHTS?
Pursuant to current data protection legislation, you have the right to access, correct and delete your personal data, the right to object to or limit the processing of your personal data, the right to the portability of personal data and the right to set guidelines on the fate of your personal data after your death.
The right to be informed: You have the right to obtain clear, transparent and understandable information about how we use your personal data and how you can exercise your rights. That is why we provide you with the information contained in this Personal Data Policy.
The right of access and rectification: At any time, you may request access to your personal data and its rectification if it is inaccurate or incomplete.
The right to erasure ("right to be forgotten"): You have the right to have your personal data erased. However, the right to erasure (or the "right to be forgotten") is not absolute and is subject to specific conditions. Thus, we may retain your personal data to the extent permitted by applicable law, and in particular when its processing is necessary to comply with a legal obligation to which the Primonial Group is subject, or to establish, exercise or defend a right in court.
The right to limitation of processing: You have the right to limit processing under certain circumstances. In this case, the data may only be processed with your consent or for the establishment, exercise or defence of a legal claim, with the exception of its retention.)
The right to portability: You have the right, under certain circumstances, to receive the personal data about you that you have provided to the Primonial Group in a structured, commonly used, machine-readable format, and to pass it on to another controller.
Right to object to processing: You have the right to object, for legitimate reasons, to certain types of processing (unless the processing carried out by the Primonial Group meets a legal obligation).
The right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw it at any time.
The right to set guidelines on the fate of your data after your death: You can set guidelines on the storage, deletion and disclosure of your personal data after your death. These guidelines may be general or specific. General guidelines are stored with a trusted third party. Special guidelines are stored with the data controller.
Any request relating to the exercise of your rights should be sent to us by email to email@example.com ou or by post to Primonial – Service Réclamations 6 rue du Général Foy – CS 90130 – 75008 Paris.
MANAGEMENT OF COOKIES AND TRACKERS
When you visit our sites, information may be recorded in "cookies" or tracking files installed by us.
A cookie is a small file placed on your computer, tablet or smartphone when you browse a website. Its purpose is to collect information relating to your browsing on the sites.
These files record information that will be used to facilitate your browsing, adapt your content and optimise certain features in order to improve.
They allow us to collect usage data such as, for example, your IP address, keywords used, the origin or length of the visit.
The different types of Cookies:
When you visit our sites, three types of cookies are deposited on your machine:
- Technical cookies
Cookies are essential for the smooth running of a website. They facilitate your browsing, ensure the security of the sites and allow you to access our various services. They are stored for a short period of 30 minutes after the end of your browsing.
- Audience measurement cookies
These are cookies deposited by other companies such as Google Analytics that allow us to measure the performance of our site (number of visits, origin of visits, visitor profile...) and to optimise your customer experience.
With a view to transparency, we would also like to point out the existence of a tracking objection system provided by Google Analytics. For more information, we invite you to visit the Google web page.
The maximum retention period of these cookies is 13 months.
- ClickDimensions Cookies
Cookies are used to determine unique visitors to the site and are updated with each page viewed. In addition, this cookie is provided with a unique identifier that the application uses to ensure both the validity and accessibility of the cookie as an additional security measure.
The maximum retention period of these cookies is 13 months.
- Advertising cookies
Like third party cookies, advertising cookies deposited by our partners such as Google, Facebook, ... allow us to show you and adapt the advertising you see on our sites to your user profile.
How do you set your cookies?
You can therefore accept or oppose the saving of cookies and trackers by selecting the desired parameters in our preference centre, which allows you to modify the default setting or get more details on each type of cookie or tracker.
When connecting to our sites a banner is displayed with the following message:
There are also different ways of managing cookies:
- Configure your Internet browser to prompt you to accept or decline Cookies before a Cookie could be stored on your device.
- Configure your Internet browser so that certain Cookies are saved on your device or rejected, either systematically or according to sender.
For more information on cookies, visit the CNIL website at this address: http://www.cnil.fr/vos-droits/vos-traces/les-cookies/
USE OF CHATLIVE
Live chat is an online service that allows you to connect to Primonial REIM customer service via written conversations on a dedicated interface to ask a question, solve a problem or send feedback.
You can access our Live Chat on your reserved area www.primonialreim.fr/group/extranet-associes
When you log in, you have 2 options regarding the storage of the data exchanged:
- Indicate Option 1
- Indicate Option 2
If you opt for Option 1: the data will be kept in accordance with our retention policy - please refer to the paragraph "How long will your personal data be kept?
If you opt for Option 2: the data will be kept for 1 month in our systems for technical reasons and then permanently deleted.
In accordance with current data protection law, you have rights to your data. For more information, please refer to the "What are your rights?" section of this policy.
For any questions concerning the processing of your personal data by the Primonial group, please contact the Data Protection Officer by email at DDP@primonial.fr ou or by post to – DPD – 6 rue du Général Foy – CS 90130 – 75008 Paris.
You can also submit a complaint to the competent supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).
Version updated on 30 October 2019