GDPR

Personal Data Privacy Policy

Last updated: September, 2025

At Groupe Gontard, our aim is to be your trusted partner by offering a wide range of solutions in real estate and finance. Data has always been central to our activities, and securing our processes, along with protecting our databases, reflects our expertise in risk management.

Your trust is our most valuable asset. In the digital age, processing the personal data you entrust to us is crucial for providing you with the best services and helping you make informed decisions. We do everything in our power to continue earning that trust by being completely transparent about how we use your data.

We respect the trust you place in us, and protecting your privacy is important to us.

1. Who is the data controller of your data?

The data controller responsible for your personal data is:

Groupe Gontard Société à Responsabilité Limitée (Limited Liability Company) with a capital of €165,000
RCS Paris 493 029 037
Registered Office: 123, rue du Faubourg Poissonnière, 75009 Paris, France
Phone: +33 1 43 18 06 70
Email: contact@oryx-reim.com

2. What personal data do we collect?

We collect and process various categories of personal data, depending on the services you use and your interactions with us:

Identification Data: Name, surname, title, date of birth, contact details (postal address, email, phone number).
Professional Data: Job title, company name.
Financial Data: Bank information (RIB/IBAN), information necessary for managing real estate or financial transactions.
Connection and Navigation Data: IP address, login credentials, browsing history, information about the browser and device used, cookies.
Data Related to Your Requests: Content of messages sent via our contact forms, information requests, history of our exchanges.
Data Related to Your Use of Our Services: Information about the Groupe’s products and services you use, your customer history.

3. Why do we collect your data (purposes and legal bases)?

We process your personal data only when we have a valid legal basis. Here are the main purposes for which we collect your data:

Purpose of Processing – Data Concerned – Legal Basis for Processing

Managing your information and contact requests
Identification, contact details, message content
Performance of pre-contractual measures / Your Consent

Managing our commercial and client relationship
Identification, contact details, contractual data, history
Performance of a contract / Legitimate Interest (client follow-up)

Personalizing our offers and communications (marketing)
Identification, contact details, service usage data
Your Consent / Legitimate Interest (if direct client prospecting)

Sending newsletters and commercial communications
Email, name
Your Consent

Improving our services and website
Navigation data, technical data
Legitimate Interest (audience analysis, improvement)

Complying with our legal and regulatory obligations
All necessary data
Legal Obligation

Fraud prevention and dispute management
Identification data, financial data
Legitimate Interest

We only process data strictly necessary to achieve these purposes. You can always choose not to receive commercial offers from us.

4. Who do we share your data with?

We do not sell your personal data, nor do we disclose it to companies outside the Group for commercial purposes.

However, your data may be shared with:

Groupe Gontard subsidiaries: For managing your customer relationship and offering relevant services within the Group.
Our technical service providers: Host, web agency, IT solution providers involved in the maintenance or evolution of our systems and website.
Our carefully selected commercial partners: Only if you request their products or services. In such cases, you will always be explicitly informed.
Administrative or judicial authorities: If required by law or to defend our rights.

5. Transfer of data outside the European Union

In some cases, your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA).

If such a transfer occurs, we ensure that appropriate safeguards are in place to protect your data, in accordance with the GDPR.

The use of Standard Contractual Clauses (SCCs) adopted by the European Commission.
Transfer to countries recognized as providing an adequate level of protection by the European Commission.
The implementation of Binding Corporate Rules (BCRs) if our providers or subsidiaries have them.

6. Data retention period

Your personal data is kept only for the time necessary to achieve the purposes for which it was collected.

For example:

Client data (contract, invoicing): Retained for the duration of the commercial relationship plus 5 years for evidentiary purposes.
Prospect data: Retained for 3 years from the last contact if no commercial relationship is established.
Connection / cookie data: Retained for up to 13 months.

7. What are your rights? – How to exercise them?

In accordance with applicable data protection regulations, you have the following rights concerning your personal data:

Right of access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (“right to be forgotten”, Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to object (Article 21 GDPR)
Right to withdraw your consent (Article 7.3 GDPR)
Right to define post-mortem directives (Article 85 French Data Protection Act)

To exercise these rights, you can contact our Data Protection Officer (DPO):

Groupe Gontard – Data Protection Officer
Contact: Yann Gontard
Address: 123, rue du Faubourg Poissonnière – 75009 Paris, France
Email address: contact@oryx-reim.com

8. Your right to lodge a complaint with the CNIL

If, after contacting us, you believe that your “Data Protection” rights have not been respected, you have the option to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).

CNIL Contact Details: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, France
Website: www.cnil.fr