Icon-logo-blue

PRIVACY POLICY FOR REAL ESTATE PROFESSIONALS

At Garantme, the protection of your personal data is a priority.

During your use of the website https://console.garantme.fr (hereinafter the "Site"), we may collect personal data about you.

The purpose of this policy is to inform you about the ways in which we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter the "GDPR").

 

Data Controller

The data controller is GARANTME, a simplified joint-stock company registered with the RCS of Paris under number 832 523 344, with its registered office at 9 rue des Colonnes, 75002 Paris (hereinafter "We").

 

What data do we collect?

Personal data is information that directly or indirectly identifies an individual. We collect data falling into the following categories:

  • Identification data (including your name, first name, email address, phone number);

  • Data related to your professional life (including your position, professional status);

  • Data related to authentication to your email and Google account when you synchronize your account (emails, calendar, contacts). Details about synchronization with Gmail are provided in point 5 of the privacy policy;

  • Economic and financial information (including bank account details);

  • Connection data (e.g., connection logs, encrypted passwords);

  • Browsing data (e.g., IP address, pages viewed, connection date and time, browser used, operating system, user ID, IFA).

Mandatory data is indicated when you provide us with your information. They are marked with an asterisk and are necessary to provide our services.

 

Legal bases, purposes, and retention periods for your personal data:


Purpose

Legal Bases

Retention Periods

Registering on Our Site and Creating an Account

Execution of pre-contractual measures and/or contract performance.

Your data is retained for the entire duration of your account.

In case of account inactivity for 1 year, your personal data will be deleted if no response is received from you in relation to our reactivation email.

Connection data is retained for 6 months from collection.

Your data may be archived for probative purposes for a duration of 5 years.

To provide you with our services, including enabling you to collect and store documents from your tenants and clients, send messages to tenants, and schedule visits.

Execution of the contract you have entered into with us.

Execution of the contract you have entered into with us.

To carry out operations related to the management of our clients, including contracts, transactions, invoices, and maintaining the contractual relationship with our clients.

Execution of the contract you have entered into with us.

Personal data is retained for the entire duration of the contractual relationship. Additionally, your data (excluding your bank details) is archived for evidentiary purposes for a period of 5 years.

To create a database of clients and prospects for the purpose of developing and promoting our business.

Our legitimate interest in business development and promotion.

For clients: Data is retained for the entire duration of the contractual relationship.

For prospects: Data is retained for a period of 3 years from your last contact, for the purpose of prospecting.

To send newsletters, solicitations, and promotional messages to clients and prospects.

For clients: Our legitimate interest in maintaining customer loyalty and informing clients about our latest news.

For prospects: Your consent.

Data is retained for a period of 3 years from your last contact with us or until you withdraw your consent.

To create commercial and usage statistics of our services.

Our legitimate interest in analyzing customer composition and improving our services.

Data is retained for a period of 3 years.

To manage and review feedback from individuals about our services and content.

Our legitimate interest in understanding customer opinions and enhancing our services.

Data is retained for a period of 3 years.

To customize our responses to your inquiries.

Our legitimate interest in addressing your requests.

Data is retained for the duration of processing your information request and is deleted once the request has been handled.

To adhere to legal and regulatory requirements pertinent to our activities.

Fulfillment of legal and regulatory obligations.

In relation to invoices, they are archived for a period of 10 years.

To address unpaid accounts and potential disputes arising from the use of our services.

Our legitimate interest in managing unpaid accounts and resolving potential disputes with our clientele.

The data is retained for a duration of 5 years from the date of collection.

To handle requests for exercising data subject rights.

Our legitimate interest in addressing your requests and maintaining a record of them.

Retention Period for Identity Verification Documents: We retain identity verification documents only for the necessary time to verify your identity. Once verification is completed, the document is deleted.

Retention Period for Opposition to Prospecting: If you exercise your right to object to receiving marketing materials, we retain this information for a duration of 3 years.

 

Who are the recipients of your data?

The following entities will have access to your personal data:

  • Our company's personnel; control services (such as auditors);

  • Our subcontractors: hosting provider, newsletter sending provider, review management provider, audience measurement tool, visualization tool, CRM provider;

  • Tenants;

  • As necessary: public and private entities, exclusively to comply with our legal obligations.

 

Details regarding synchronization with Gmail:

Certain data, such as your name, first name, email address, can be retrieved from Nylas for the synchronization of email boxes allowing the identification and processing of certain emails, as well as sending emails if you choose this method during your registration. By choosing this method, you agree that Nylas communicates this data to us. In the context of synchronization with Gmail for email and calendar access, the use of this data by GARANTME will be subject to the following restrictions:

  • We will use this access only to read, write, delete, or send emails (including attachments), metadata, and headers for reporting and monitoring in your interest and to improve the email experience for increased productivity.

  • Gmail data will not be transferred to third parties except for the purpose of providing and improving features, complying with applicable law, or in the context of a merger/acquisition or asset sale.

  • We will not use Gmail data for advertising purposes.

  • We will not allow human reading of Gmail data except with your explicit consent for specific messages where necessary for security reasons (such as investigating incidents), compliance with applicable law, or for the internal operation of the application, provided that the data has been aggregated and anonymized.

  • The use and transfer of Gmail data by GARANTME and Nylas to any other application, using Google APIs, will comply with Google's terms of use.

 

Could your data be transferred outside of the European Union?

Your data is stored and retained for the entire duration of processing on the servers of Amazon Web Services, located within the European Union.

In the context of the tools we use (see article on recipients regarding subcontractors), your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured using the following tools:

    • Either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR. In this case, this country provides a level of protection deemed sufficient and adequate to the provisions of the GDPR.

    • Or the data is transferred to a country whose data protection level has not been recognized as adequate under the GDPR. In this case, these transfers are based on appropriate safeguards indicated in Article 46 of the GDPR, adapted to each provider, including, but not limited to, the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or under an approved certification mechanism.

    • Or the data is transferred based on one of the appropriate safeguards described in Chapter V of the GDPR.

 

What are your rights regarding your data?

You have the following rights regarding your personal data:

  • Right to information: This is precisely why we have drafted this policy. This right is provided for by Articles 13 and 14 of the GDPR.

  • Right of access: You have the right to access all your personal data at any time, under Article 15 of the GDPR.

  • Right to rectification: You have the right to rectify inaccurate, incomplete, or outdated personal data at any time, under Article 16 of the GDPR.

  • Right to limitation: You have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.

  • Right to erasure: You have the right to demand that your personal data be erased and that any further collection be prohibited for the reasons stated in Article 17 of the GDPR.

  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of applicable laws (Article 77 of the GDPR).

  • Right to define directives regarding the retention, erasure, and communication of your personal data after your death, in accordance with Article 40-1 of the Data Protection Act.

  • Right to withdraw your consent at any time: For purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not affect the legality of processing carried out before the withdrawal.

  • Right to data portability: Under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided us in a machine-readable standard format and to demand their transfer to the recipient of your choice.

  • Right to object: Under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Note, however, that we may continue to process them despite this objection for legitimate reasons or the defense of rights in court.

You can exercise these rights by writing to us at the contact details below. On this occasion, we may ask you for additional information or documents to justify your identity.

 

Contact point for personal data matters:

Email contact: dpo@garantme.fr

Contact address: 9 rue des colonnes, 75002, Paris, France

 

Modifications:

We may modify this policy at any time, in particular to comply with all regulatory, jurisprudential, editorial, or technical developments. These modifications will apply from the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. However, we will inform you of any significant modifications to this privacy policy.

Effective date: April 19, 2023.

Garantme, société par actions simplifiée au capital de 12 001 €, 832 523 344 RCS Bobigny. Entreprise régie par le Code des Assurances et immatriculée à l’ORIAS №17006810, www.orias.fr. Siège : 9 rue des colonnes, 75002, Paris, France