DATA PROTECTION POLICY

Last update on November 17, 2021

At Garantme, protecting your personal data is a priority.

When you use the garantme.fr website (hereinafter "the Site"), we collect personal data about you.

The purpose of this policy is to inform you about how we process this data in accordance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

Who is the data controller?

The data controller is GARANTME, a simplified joint stock company, registered with the RCS of Bobigny under number 832 523 344 and with its registered office at 9 rue des colonnes, 75002, Paris, France (hereinafter "We").

What data do we collect?

Personal data is data that can identify an individual directly or by cross-referencing with other data.

We collect data in the following categories:

  • Identification data (including your name, first name, pseudonym, photograph, email and postal address, telephone number, date of birth, nationality, identity document);
  • Data related to your personal life (including the city of residence, the desired date, family status);
  • Connection data (including IP address, cookie ID, logs);
  • Data related to your professional life (including your professional status);
  • Data related to your guarantee application (including your supporting documents, your Eligibility Certificate®);
  • Economic and financial information (including your net monthly income, savings, maximum budget);

Mandatory data is indicated when you provide us with your data. They are marked with an asterisk and are necessary to provide you with our services.

On what legal basis, for what purposes and for how long do we retain your personal data?

Purpose 1: Register on our Site and create a Garantme account

  • Legal basis: ****Implementation of pre-contractual measures taken at your request
  • Retention period: Your data is retained for the duration of your account. If your account has been inactive for 1 year, your personal data will be deleted in the absence of a response to our reminder email. Connection data is retained for 6 months from the date of collection. In addition, your data may be archived for the purpose of proof for a period of 3 years.

Purpose 2: Provide you with our services (search for a rental, subscription to guarantee)

  • Legal basis: ****Performance of a contract
  • Retention period: Your data is retained for the duration of the contract and for a period of 3 years after the end of the contract. This period may be extended if required by legal, regulatory or contractual obligations.

Purpose 3: Perform operations related to the management of our customers regarding contracts, transactions, invoices, and follow-up of the contractual relationship with our customers

  • Legal basis: ****Performance of a contract that you have entered into with Us
  • Retention period: Personal data is retained for the duration of the contractual relationship. In addition, your data (except for your bank details) is archived for the purpose of proof for a period of 2 years.

Purpose 4: Constitute a file of customers and prospects

  • Legal basis: ****Our legitimate interest in developing and promoting our activity.
  • Retention period: For customers: data is retained for the duration of the contractual relationship. For prospects: data is retained for a period of 3 years from your last contact, for the purpose of prospecting.

Purpose 5: Send newsletters, solicitations, and promotional messages

  • Legal basis: ****For customers: our legitimate interest in retaining and informing our customers of our latest news. For prospects: your consent
  • Retention period: Data is retained for 3 years from your last contact with Us or until you withdraw your consent.

Purpose 6: Prepare commercial and usage statistics of our services

  • Legal basis: ****Our legitimate interest in analyzing the composition of our customer base and improving our services
  • Retention period: Data is retained for 3 years.

Purpose 7: Manage the management of people's reviews of our services and content.

  • Legal basis: ****Our legitimate interest in analyzing the composition of our customer base and improving our services
  • Retention period: Data is retained for 3 years.

Purpose 8: Personalize our responses to your information requests

  • Legal basis: ****Our legitimate interest in responding to your requests
  • Retention period: Data is retained for the time necessary to process your information request and deleted once the information request has been processed.

Purpose 9: Comply with legal obligations applicable to our activity

  • Legal basis: ****Comply with our legal and regulatory obligations
  • Retention period: For invoices: invoices are archived for a period of 10 years.

Purpose 10: Manage unpaid bills and any disputes related to the use of our services

  • Legal basis: ****Our legitimate interest in managing unpaid bills and any disputes with our customer base
  • Retention period: Data is retained for a period of ****5 years from the closing of the file.

Purpose 11: Managing requests for exercise of rights

  • Legal basis: Our legitimate interest in responding to your requests and keeping a record of them
  • Duration of retention: If we ask you for proof of identity: we will only keep it for the time necessary for identity verification. Once the verification is complete, the proof will be deleted. If you exercise your right to object to receiving direct marketing: we will keep this information for 3 years.

Who are the recipients of your data?

Will have access to your personal data:

  1. Our company's staff; the control services (auditors in particular);
  2. Our subcontractors: hosting provider, newsletter sending provider, reviews management provider, audience measurement tool, our visualization tool;
  3. Our Insurance Partners, who provide rental debt guarantees, with whom you enter into a guarantee act and who carry out their own processing, as described in their privacy policy;
  4. Real estate agencies to establish the lease elements;
  5. Landlords to establish the lease elements;
  6. Insurers or insurance brokers to establish supplementary insurance proposals, based on your request and specific consent with these establishments;
  7. As appropriate: public and private organizations, exclusively to meet our legal obligations.

Are your data likely to be transferred outside the European Union?

Your data is stored and retained for the duration of processing on servers of Amazon Web Services and Google Cloud Platform and storage and processing constraints within the European Union.

As part of the tools we use (see article on recipients concerning our subcontractors), your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured by means of the following tools:

  • either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection considered sufficient and adequate under the provisions of the GDPR;
  • either the data is transferred to a country whose level of protection of data has not been recognized as adequate under the GDPR: in this case, these transfers are based on appropriate guarantees provided by Article 46 of the GDPR, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or by virtue of an approved certification mechanism;
  • either the data is transferred on the basis of one of the appropriate guarantees provided for in Article 46 of the GDPR, such as binding corporate rules, standard contractual clauses, an approved code of conduct or an approved certification mechanism.

"What are your rights regarding your data?

You have the following rights regarding your personal data:

  • Right to information: this is the reason why we have written this policy. This right is provided by articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all of your personal data at any time, under Article 15 of the GDPR.
  • Right to rectification: you have the right to correct at any time your personal data that is inaccurate, incomplete or out of date in accordance with Article 16 of the GDPR.
  • Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: you have the right to require that your personal data be deleted, and to prohibit any future collection for the reasons stated in Article 17 of the GDPR.
  • Right to file a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 of the GDPR)
  • Right to define directives regarding the preservation, deletion, and communication of your personal data after your death, in accordance with Article 40-1 of the Data Protection Act.
  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. This withdrawal will not affect the legality of the processing carried out before the withdrawal.
  • Right to data portability: under certain specific conditions specified in Article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a machine-readable standard format and to require their transfer to the recipient of your choice.
  • Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, we may continue to process it despite this objection, for legitimate reasons or the defense of rights in court.

You can exercise these rights by writing to us at the coordinates below. We may ask you to provide us with additional information or documents to verify your identity."

What cookies do we use?

To learn more about managing cookies, please consult our Cookie Policy. 

Data protection contact point

Contact email: dpo@garantme.fr

Contact address: Garantme, attention DPO, 9 rue des colonnes, 75002, Paris, France