Politique relative à la protection des données personnelles
Last update november 28th 2023
Primonial REIM France, a company of the Primonial group, attaches great importance to the protection of privacy and is careful to ensure the protection of your Personal Data.
The companies of the Primonial group are subject to the rules applicable to the protection of Personal Data and in particular, the European General Regulation on the protection of Personal Data n°2016/679 of 27 April 2016 (known as "RGPD") as well as all the rules of national law adopted in application thereof, on a subsidiary basis.
This document reflects and describes in a clear and simple manner our policy in this regard and informs you of the conditions under which Primonial REIM France collects and uses your Personal Data in accordance with the data protection principles of the companies in the group and the means available to you to control this use and exercise your rights relating thereto.
Personal data: any information or data relating to an identified or identifiable natural person.
Processing: any operation or set of operations performed on Personal Data, whether or not by automatic means: collection, recording, organisation, storage, modification, reconciliation, retrieval, consultation, extraction, use, or making available, alignment, combination, blocking, erasure or destruction of such Personal Data.
Data controller: the natural or legal person who determines the means and purposes of the processing.
Sub-processor:the natural or legal person, public authority, department or other body that processes Personal Data on behalf of the data controller.
Cookie and tracer: refers to a block of data which is not used for identification purposes, but which is used to record information relating to the customer's browsing of the service. The purpose of cookies and tracers is to collect information relating to your browsing on the sites. These files record information that will be used to facilitate your browsing, adapt your content and optimise certain functions.
2. Who is responsible for processing?
Primonial REIM France determines the purposes for which your Personal Data is collected as well as the manner in which your Personal Data is used. In this respect, Primonial REIM France acts as the controller of your Personal Data.
3. What personal data is processed?
In strict compliance with current regulations, Primonial REIM France handles:
- Declarative personal data, i.e. data collected directly from you or from partners with whom we have a contractual relationship;
- Personal Data generated in particular when using online services or in the course of our commercial relationship.
More specifically, here is an exhaustive list of the Personal Data and categories of Personal Data that we collect and use:
- Identification details: first name, surname, e-mail address, postal address, marital status, telephone number;
- Data relating to your professional situation: e-mail address, company, etc.
- Economic and financial data: bank details, RIB ;
- Data from the contact forms you fill in on our website, including your choice of commercial prospecting;
- Information relating to the history of our commercial relationship;
- Any other information you would like us to know;
- Data relating to your connection and your browsing on the Internet, such as your user name or information collected by means of cookies and tracers deposited on your terminal.
4. What are the purposes of Data processing?
The Personal Data that we process is used in accordance with the principle of minimisation. Primonial REIM France therefore limits the collection of Data to that which is strictly necessary for the purposes defined below:
- Receipt of contact forms;
- Management of the website and social networks;
- Managing subscriptions to our newsletters and/or e-mail alerts;
- Management of communications and promotional emails;
- The implementation of operations relating to sales management and marketing campaigns;
- Sending information about changes or developments to our services.
- Prospecting and sales management;
- The development of new products and services;
- Processing your requests for information;
- Managing customer relations and the contracts to which you are party;
- Managing complaints and disputes;
- The creation of an account, including the validation and security of this account;
- Use of Data for statistical purposes;
Primonial REIM France is also likely to offer you satisfaction surveys to gather your needs and improve our offer.
As part of our commercial relationship, and subject to obtaining your express consent, your Personal Data may also be used for canvassing purposes for products or services distributed by Primonial REIM France, the Primonial group and our commercial partners.
The legal bases justifying the collection and processing of this Data are:
- Your consent: you have the right to withdraw your consent to the processing of your Data at any time;
- The performance of a contract between you and Primonial REIM France requires us to process the Personal Data concerned;
- The existence of a legitimate interest on the part of Primonial REIM France justifies the processing of Personal Data in compliance with your fundamental rights and freedoms;
- Compliance with a legal or regulatory obligation to which Primonial REIM France is subject which requires the processing of Personal Data, in particular its obligations to combat money laundering and the financing of terrorism (LCB-FT).
5. Who are the recipients of the Data collected?
The Personal Data that we collect may be processed by authorized persons within Primonial REIM France within the limits of their respective responsibilities. In addition, this Data may be combined, pooled or shared between all the entities of the Primonial group exclusively in order to achieve the purposes of this policy.
Primonial REIM France may be required to communicate information relating to clients to the competent administrative and legal authorities in order to fulfil our legal, regulatory or contractual obligations.
We may also share certain Personal Data with our service providers or business partners, in order to carry out services entrusted to them. In this case, we take appropriate measures to ensure that all sub-contractors process your Personal Data in accordance with the Regulations. These measures include, in particular, signing an agreement setting out precisely how the Data will be processed and requiring subcontractors, among other things, to process your Personal Data only on our instructions, not to engage a second-tier subcontractor without our agreement, to take appropriate technical and organisational measures to guarantee the security of your Data, to ensure that the persons authorised to access the Data are subject to confidentiality obligations, to return and/or destroy your Data at the end of their assignment or contract, to submit to audits
and to provide us with assistance in following up your requests regarding the exercise of your rights in relation to your Personal Data.
6. Do we transfer Data outside the EEA?
Primonial REIM France has chosen not to transfer Personal Data outside the European Economic Area ("EEA").
In the event that your Personal Data is transferred to countries outside the EEA, Primonial REIM France Partenaires will ensure, on a case-by-case basis, the following guarantees:
- Ensure that the country to which Personal Data is transferred has received an adequacy decision from the European Commission under Article 45 of the GDPR;
- In the absence of an adequacy decision from the country in question, ensure that appropriate safeguards are put in place in accordance with Article 46 of the RGPD ;
- In the event of a transfer to the United States, ensure that the entity receiving the Data is certified with regard to the adequacy decision issued by the European Commission on 28 February 2023. In the absence of certification, implement the transfer control tools provided for in Article 46 of the RGPD and inform the Data Subjects concerned by these transfers;
- Enter into an agreement containing the standard personal data protection clauses adopted by the European Commission pursuant to Article 47 of the GDPR.
7. How long is the Data collected retained?
We have established a data retention policy to ensure that your personal data is only retained for the time strictly necessary for the proper performance of the processing carried out.
To determine these periods, we take into account the various purposes for which the Data is collected, the Persons concerned by the collection and compliance with legal, regulatory or professionally recognised obligations to which we are bound.
Data that is subject to an archiving obligation pursuant to a legislative or regulatory provision will be archived under the conditions set out in the text(s) in force, such as article L.6353-1 of the French Labour Code, which requires us to keep essential documents proving the reality of the training in the event of an administrative inspection for a period of three years, or article L.123-22 of the French Commercial Code, which requires us to keep invoices and documents relating to invoicing data for a period of ten years.
8. QWhat safety measures have been implemented?
In addition to applying the requirements of the Regulation on the protection of personal data, Primonial REIM France considers that all the data concerning you constitutes confidential data covered by the professional secrecy to which we are subject.
To this end, we implement the appropriate technical and organisational measures to secure our information system and protect your Personal Data, taking into account the state of knowledge as well as the risks, the degree of probability and seriousness of which varies, to the rights and freedoms of individuals, to preserve the security of this Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.
The following is a non-exhaustive list of security measures implemented by Primonial REIM France:
- Apply pseudonymisation and data encryption methods;
- Implement authentication procedures consisting of personal and secure access rights via confidential identifiers and passwords, as well as logging of connections;
- Guaranteeing the confidentiality, integrity, availability and resilience of information systems and processing services;
- Guarantee the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- Implement a process for regularly testing, evaluating and assessing the effectiveness of these technical and organisational measures;
- Apply best practice in incident response management;
- Ensuring the physical protection of premises;
- Apply the principles of privacy by design and privacy by default, which consist of ensuring that data protection and security are taken into account in the planning and development of services;
- Ensure that subcontractors and service providers implement and maintain a security system that complies with our requirements and current standards.
We are also affiliated to a CERT (Computer Emergency Response Team) and regularly carry out a series of tests on websites and applications exposed on the internet in order to correct any vulnerabilities or loopholes identified.
9. What rights do you have?
In accordance with the General Data Protection Regulation and the Data Protection Act, you have the following rights:
- Right of access and rectification: At any time, you may request access to your Personal Data and ask for it to be rectified if it is inaccurate or incomplete.
- The right to erasure ("right to be forgotten") You have the right to obtain the erasure of your Personal Data. However, the right to erasure is not absolute and is subject to specific conditions. We may retain your Personal Data if we are authorised to do so by an applicable law, if its processing remains necessary for compliance with a legal obligation to which we are subject or for the establishment, exercise or defence of legal claims.
- The right to limit processing: You have the right to obtain the limitation of processing, in certain circumstances. In this case, the Data, with the exception of its conservation, may only be processed with your consent or for the establishment, exercise or defence of legal claims.
- The right to portability: You have the right, in certain circumstances, to receive the Personal Data concerning you that you have provided to [Name of entity] in a structured, commonly used and machine-readable format and to transmit it to another data controller.
- The right to object to processing: You have the right to object to certain types of processing if there are no compelling legitimate grounds for doing so, provided that you give reasons relating to your particular situation;
- The right to withdraw consent: : If the processing of your Data is based on your consent, you have the right to withdraw it at any time.
- The right to define directives concerning the fate of your Data after your death: You may define directives concerning the conservation, deletion and communication of your Personal Data after your death. These directives may be general or specific. General directives are registered with a trusted third party. Specific directives are registered with the data controller.
To exercise your rights, please contact the person responsible for the protection of personal data:
- By e-mail to the following address: email@example.com
- By post to the following address: Primonial – DDP – 6 rue du Général Foy – CS 90130 – 75008 Paris.
In the event of a dispute, you may lodge a complaint with the supervisory authorities, in particular the CNIL.