The company Victoires Haussmann SGP (hereafter referred to as "Victoires Haussmann SGP" or the "Company") hereby informs any individual concerned and any processing manager concerned of the personal data processing policy applied to this company website (for more information, please consult the "Legal notices" page).
The Company hereby undertakes to do its utmost to ensure the compliance, protection, confidentiality and security of any personal data collected or, if applicable, that it processes only once, according to the obligations set out in the European General Data Protection Regulation "GDPR".
Victoires Haussmann SGP is a management company with AIFM certification from the French financial market authority (AMF) whose capital is indirectly held by Victoire Holding SAS, the holding company of the Constructa group. Its IT resources are delegated to the company Constructa SA. The Company is responsible for processing in the sense of the GDPR, and as such, it defines the means and purposes related to the processing of personal data and implements appropriate technical and organizational measures to guarantee a level of security adapted to the risk.
Personal data processing and purposes
The personal data processed by the Company are notably those collected either in the context of the business relations established or, if applicable, at the initiative of the individuals concerned (web forms available depending on website updates) in response to operational and development requirements (service providers, recruitment, etc.).
Such data is therefore processed for various purposes that may or may not require collection of the consent of the individuals concerned. In all cases, these individuals receive the required regulatory information, notably concerning the procedure for exercising their rights.
Even without the consent of the individuals concerned, processing related to the execution of a legal or regulatory obligation (notably and not exclusively: rules applicable to the management of collective investments, financial investment advice, activities that come under the provisions of the Hoguet law, the fight against money laundering and terrorism financing, the fight against tax evasion, etc.), or a contractual obligation, or the pursuit of a legitimate interest (according to the GDPR, prospecting constitutes a legitimate interest) is lawful.
Prior consent is collected from the individuals concerned for any data whose processing does not come under the above categories. In the event of an opposition or deletion request, the data will not be processed as requested and/or be deleted. Any data not processed for three years will be deleted.
Conditions of exercise of their rights by the individuals concerned
As part of its processing responsibilities, the Company hereby informs the individuals concerned of the following:
- The identity and contact information for the processing manager;
- The contact information for the data protection officer;
- The purposes of processing;
- The legitimate interests pursued by the processing manager;
- The recipients or categories of recipients of personal data;
- The period of conservation of personal data;
- The existence of rights related to access, rectification or deletion, removal, limitation, opposition and portability concerning personal data;
- The right to file a complaint with an inspection authority;
- If applicable, the existence of a regulatory or contractual obligation to collect the data or the pursuit of a legitimate interest constituting an exception to the obligation to collect consent.
These rights can be exercised by sending a request to the Data Protection Officer (DPO) by email to firstname.lastname@example.org or by post to Victoires Haussmann SGP, 134 boulevard Haussmann, 75008 Paris, France.
Measures to control processing and the associated risks
The personal data collected are saved on servers located in France.
Internal control procedures require the documentation of each control step to justify the approach, means used and robustness of the solutions implemented.
For personal data presenting a specific risk, these internal procedures implement the conclusions of the impact analyses carried out by the Company.
Regarding any subcontractors selected to perform personal data processing actions on behalf of the Company, the Company requires such subcontractors to respect the same obligations in the area of personal data protection.
The security system (password rules, anti-virus network security and firewall, partitioning of directories and applications for each entity, department, personal profile or specific approval) includes a plan to ensure periodic monitoring of network activity both internally and externally to detect possible thefts or unlawful reproduction of personal data.
If any failures are identified or suspected, the security plan demands implementation of the regulatory procedure to notify the individuals concerned and the inspection authority (CNIL), if applicable.