The company Primonial REIM (hereafter Primonial REIM) and all its subsidiaries (hereafter the Primonial REIM Group) attach great importance to the protection of privacy and will ensure that your personal data are protected.
The Primonial REIM Group is subject to the applicable personal data protection rules, and particularly European General Data Protection Regulation No. 2016/679 of 27 April 2016 (the “GDPR”) and all the national legal rules implementing it, on a subsidiary basis.
This document clearly and simply reflects and describes our policy in this area and informs you about the conditions under which Primonial REIM, in its capacity as data controller, will collect and use your personal data, in accordance with data protection principles, and the means that you have at your disposal to monitor this use and exercise your related rights.
any information or data relating to an identified or identifiable individual (e.g. name, address, telephone number, photograph, date of birth, IP address, etc.).
Cookies and trackers:
refers to a block of data that is not used for identification purposes, but to record information about browsing within websites by clients. Cookies and trackers are used to collect information about your browsing behaviour on websites. These files record information used to make your browsing experience easier, adapt the content you are shown and optimise certain functionalities.
the individual or legal entity, public authority, agency or other body that processes personal data on behalf of a data controller.
any operation or set of operations performed on personal data, whether or not they are automated (the collection, recording, organisation, retention, alteration, alignment, retrieval, consultation, extraction, use, making available, combining, restricting, erasure or destruction of such personal data).
Primonial REIM is the entity that determines the means and purposes for the collection and use of personal data and therefore acts as data controller.
We mainly process the following personal data, in strict accordance with current regulations:
- Declarative data: in other words data directly collected from you or partners to whom we are contractually bound;
- The personal data generated particularly when using online services/the website;
- Personal data relating to the identification of individuals.
WHY DO WE COLLECT YOUR PERSONAL DATA?
The personal data collected and processed by Primonial REIM are used in line with the principle of minimisation limiting the collecting of personal data solely to the purposes defined below:
- The management of requests through the contact form;
- Operations relating to business management and marketing actions
Your personal data may also be used in the context of our business relationship, provided that you have given your express consent, for the products or services distributed by companies within the Primonial REIM Group and its business partners. Primonial REIM only processes personal data if at least one of the following conditions has been met:
- consent has been given,
- the existence of a legitimate interest on Primonial REIM’s part justifies its processing of the personal data in question,
- the performance of a contract binding you to Primonial REIM requires that Primonial REIM process the personal data in question.
WHO ARE THE RECIPIENTS OF THE PERSONAL DATA PROCESSED BY THE PRIMONIAL REIM GROUP?
The personal data that Primonial REIM collects, and any data subsequently collected, are intended for Primonial REIM in its capacity as data controller.
Primonial REIM ensures that only authorised people are able to access these data. Primonial REIM’s service providers may receive these data in order to provide services that Primonial REIM has asked them to perform. Some personal data may be sent to third parties (business partners) or legally authorised authorities, to meet Primonial REIM’s obligations in accordance with the law, regulations or agreements.
Personal data may be aligned, pooled or shared with all the Primonial REIM Group’s entities.
Furthermore, Primonial REIM takes the measures necessary to ensure that our data processors process your personal data in line with current data protection laws.
If your personal data are transferred to countries outside the European Economic Area (EEA), the Primonial REIM Group will verify the following:
- That the country towards which the personal data are being transferred has benefited from an adequacy decision by the European Commission as set out in Article 45 of the GDPR (for more information, please follow the link below: https://www.cnil.fr/en/node/120492)
- That an agreement has been signed containing the standard personal data protection clauses adopted by the European Commission as set out in Article 47 of the GDPR (for more information, please follow the link below: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commision-europeenne).
WHAT SECURITY MEASURES ARE TAKEN BY THE PRIMONIAL REIM GROUP?
The regulations require that we ensure a certain level of security and confidentiality for your personal data. As such, we consider the data regarding you collected to be confidential data falling under the professional secrecy requirements to which we are subject. These data may be transmitted, mined or retained in accordance with the security framework described below:
Primonial REIM implements and maintains a series of logical, organisational and physical security measures within its IT environments in order to keep the data stored in its information system secure.
We have subscribed to a CTI (Cyber Threat Intelligence) service and regularly complete a series of tests on our websites and applications that are exposed to the internet so as to eliminate any vulnerabilities or weaknesses identified. We follow best information system security practice with regard to backups, access to data and responses to incidents.
Primonial REIM verifies that its data processors and service providers implement and maintain a security system that complies particularly with the GDPR.
If we detect an incident with an impact on personal data, we make sure, in accordance with the framework imposed by the regulations, that the French Data Protection Commission (CNIL) and the data subjects affected are informed as promptly as possible after the incident’s detection.
HOW LONG WILL YOUR PERSONAL DATA BE RETAINED FOR?
We have established a data retention policy to ensure that your personal data are only retained for a period not exceeding that necessary for the purposes for which they are being processed.
To determine these periods, we take into account the various purposes for which the data are being collected, the data subjects and compliance with the legal, regulatory or professionally-recognised obligations that we must meet.
WHAT RIGHTS DO YOU HAVE?
In accordance with current data protection laws, you have the right to access, rectify and erase your personal data, the right to object to or restrict the processing of your personal data, the right to the portability of your personal data, the right not to be subject to automated processing, and the right to define instructions for the handling of your personal data after your death.
> The right to be informed
You have the right to obtain clear, transparent and comprehensible information about the way in which we are using your personal data and the exercising of your rights.
> The right of access and rectification
You may request access to your personal data and their rectification at any time if they are inaccurate or incomplete.
> The right of erasure
You have the right to have your personal data erased. The right of erasure (or the “right to be forgotten”) is not absolute, however, and is subject to special conditions. For instance, we may retain your personal data to the extent authorised by the applicable laws, especially if their processing remains necessary in order to comply with a legal obligation to which the Primonial REIM Group is subject, or for the establishing, exercising or defending of legal claims.
> The right to restrict processing
You have the right to restrict the processing of your personal data, in some circumstances. In such a case, the data may only be processed with your consent, or for the establishing, exercising or defending of legal claims, except for their retention.
> The right to portability
You have the right, in some circumstances, to receive personal data regarding you that you have provided to the Primonial REIM Group, in a structured format that is commonly used and machine-readable, in order to transmit them to another data controller.
> The right to object to processing
You have the right to object, for legitimate reasons, to certain types of processing.
> The right to withdraw consent
If you have consented to the processing of your personal data, you have the right to withdraw this consent at any time.
> The right not to be subject to automated processing
You have the right not to be subject to a decision based solely on automated processing (a decision often based on profiling) that produces legal effects or significantly affects you.
> The right to define instructions for the handling of your data after your death
You may define instructions for the retention, erasure and communication of your personal data after your death. These instructions may be general or specific. General instructions will be left with a trusted third party. Specific instructions will be left with the data controller.
COOKIE AND TRACKER MANAGEMENT
When you visit our websites, information may be recorded in cookie or tracker files installed by us.
A cookie is a small file installed on your computer, tablet or smartphone when you browse on a website. Its purpose is to collect information about your browsing behaviour on websites.
These files record information used to facilitate your browsing experience, adapt the content you are shown and optimise certain functionalities.
They allow us to collect use data, such as your IP address, keywords used, where you are visiting from and how long for.
THE DIFFERENT TYPES OF COOKIES
Cookies not subject to consent
> Operational cookies that are vital for browsing and enable browsing on the website, the use of functionalities and the securing of your session.
> General audience measurement cookies that do not require consent and are used to produce anonymous statistics.
Cookies subject to consent
> Audience measurement cookies: these measure our website’s performance (number of visits, where visitors have come from, visitor profiles, etc.) and optimise your client experience.
In the interests of transparency, we would also like to inform you of the existence of an opt-out functionality that you can use to prevent tracking by Google Analytics. Please visit Google’s web page to find out more. The maximum retention period for these cookies is set at 13 months.
> Advertising cookies: these allow Primonial REIM and its partners to show you adverts and adapt the adverts that you see on our websites to your user profile.
HOW DO YOU SET YOUR COOKIE PREFERENCES?
You may therefore agree to or oppose the saving of cookies and trackers by selecting the desired parameters through our preference centre, which allows you to change the default parameter or obtain more detailed information for each type of cookie or tracker.
When you log in to our websites a banner will appear showing the following message: “Cookies allow us to personalise content and adverts, offer social media-related functionalities and analyse our traffic. We also share information about the use of our website with our social media, advertising and analysis partners, who may combine it with other information that you have provided them with or that they have collected while you were using their services (reject all, validate the items selected or accept all)”.
Your cookie preferences will be saved for 6 months.
You also have various options for managing cookies:
> Configure your internet browser so that it periodically asks you to accept or reject cookies before a cookie is likely to be saved on your machine.
> Configure your internet browser so that some cookies are saved on your machine or rejected, either systematically or depending on their issuer.
You can visit the CNIL’s website at the following address for more information: https://www.cnil.fr/en/gestion-des-cookies.
If you have any questions about the processing of your personal data by Primonial REIM, we invite you to contact the Data Protection Officer by email to DDP@primonial.com, or by letter to: Data Protection Officer, Primonial REIM, 8 rue du Général Foy 75008 Paris.
You may also lodge a complaint with the relevant supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés or CNIL (Data Protection Commission).
We may amend this Personal Data Policy to adapt it to any changes in our practices or to explain them, and to ensure our compliance with the regulations.
Version updated on 24 March 2021