Privacy policy

Privacy policy

Inovalis-Advenis Group Compliance Policy
with the European Regulation on the Protection of Personal Data

Presentation

The Inovalis-Advenis Group (hereinafter “the Group”) informs any data subject or any controller concerned of the compliance policy for the processing of personal data that it applies in the course of its activities.
The Inovalis-Advenis Group undertakes to make its best efforts to ensure the protection, confidentiality and security of the personal data it collects or, where appropriate, only the framework of the obligations provided for by the European regulation on the protection of personal data known as “RGPD”.
The content of this compliance policy constitutes general information without prejudice to conditions, commitments or the implementation of means specific to certain entities of the group and presented in the general conditions of use available on the websites of the entities concerned (or on request the Data Protection Officer sent by mail to the address of the company concerned or by email to the address dpoadvenis@advenis.com).

Main processing of personal data and purposes

The personal data processed by Group entities are those collected in the context of the business relationships they establish (customers, investors, principals, tenants …), collected for prospecting purposes, if necessary on the initiative. people concerned (web forms for contacts, calls from the customer relations center, etc.) or to meet their operational and development needs (service providers, recruitment, etc.).
The processing of this data may thus serve different purposes, whether or not the consent of the persons concerned is involved. In all cases, these persons are subject to the required regulatory information and in particular the procedures for exercising their rights.
Even without the consent of the persons concerned, the processing is based on the fulfillment of a legal or regulatory obligation (in particular and in a non-restrictive way: rules applicable to collective investment management, financial investment advice, activities falling within scope of Hoguet law, the fight against money laundering and the financing of terrorism, the fight against tax evasion …), contractual or the pursuit of a legitimate interest (according to the GDPR prospecting is the pursuit of a legitimate interest).
Data whose treatments do not fall into the above categories are subject to prior collection of the data subject’s consent. In the event of a request for opposition or deletion they shall cease to be the subject of the processing in question and / or they shall be deleted. Those which are not processed within three years are deleted.

Conditions of exercise of their rights by the persons concerned

Each Processing Manager within the Group:

  • the identity and contact details of the controller
  • the contact details of the data protection officer
  • the purposes of the treatment
  • the legitimate interests pursued by the controller
  • the recipients or categories of recipients of the personal data
  • the retention period of the personal data
  • the existence of the right of access to personal data, rectification or erasure, withdrawal, limitation, the right to object or the right to portability
  • the right to lodge a complaint with a supervisory authority
  • where applicable, the existence of a regulatory or contractual requirement for the collection of data or the pursuit of a legitimate interest derogating from the obligation to collect consent

The exercise of these rights is done by sending the request to the Data Protection Officer of the entity responsible for processing or to the following address: dpoadvenis@advenis.com.

Cookies, plotters and IP addresses

A cookie is a file deposited on the hard disk of a User by the server of the site he visits. This file does not identify it but is used to record information about the navigation of it on the site. The purpose of the use of cookies is to conduct audience analysis and audience measurements to improve the quality of the site. The setting of the browser software makes it possible to be informed of the presence of the connection indicator and possibly to refuse it. In case of refusal of cookies, some services are no longer accessible.
Learn more : http://www.bfdi.bund.de/
The User is informed that during his visits to the site, a cookie may be automatically installed on his browser.
The cookies deposited and / or read from the website of Advenis Gestion Privée fall into the following categories only:
– Cookies whose sole purpose is to enable or facilitate electronic communication;
Cookies whose purpose is limited to the audience measurement of the content viewed and used to produce anonymous statistics not cross-checked with other treatments
– Cookies strictly necessary for the provision of a service expressly requested by the User;
These cookies are exempt from the consent request of the persons concerned.
In addition, in accordance with the applicable regulations, we inform you that:
The use of the IP address is not used to geotag a user with greater accuracy than the city ;
The lifetime of our cookies is 13 months maximum ;
you have a right of opposition that you can exercise by sending your request to the DPO (dpoadvenis@advenis.com).

Device for managing treatments and associated risks

Personal data collected is stored on servers located in France and whose applications are hosted remotely.
The Group’s RGPD compliance processes stipulate that each control step is documented to justify the approach, the means used and the robustness of the solutions implemented.
As for the entities whose personal data pose a specific risk, they implement the impact analysis tools.
Regarding any subcontractors selected to carry out personal data processing activities on their behalf, the Group requires the latter to apply the same obligations regarding the protection of personal data as those which apply to it.
The security device (password rules, antivirus network security and firewall, partitioning of directories and applications according to entities, services, personal profiles or special authorizations) includes a plan for periodic monitoring of the network activity as internally with the outside to detect any theft or hacking of personal data.
In case of proven or suspected failure, the security plan provides for the implementation of the regulatory procedure for informing the persons concerned and, where applicable, the information of the Supervisory Authority.