Privacy charter – VINCI Immobilier – KYC Form
Personal data – Data collection by VINCI Immobilier, the data controller, when collecting data via KYC forms
20 December 2021
In accordance with its legal obligations to know its customers, VINCI Immobilier is required to carry out checks prior to the signing of the proposed contract and as such, collects personal data.
The purpose of the processing is to allow VINCI Immobilier to comply with its legal obligations on anti-money laundering and counter terrorist financing pursuant to the provisions of the French Monetary and Financial Code.
1.2. Legal basis
Article 6 (1)(c) of the General Data Protection Regulation – GDPR: c) processing is necessary for compliance with a legal obligation to which the controller is subject
Categories of data processed
- Marital status
- Last name
- First name
- E-mail address
- Phone number
- Postal address
- Politically exposed person status of the spouse / ascendant(s) / descendant(s) and relevant country
- Politically exposed person status of the data subject and relevant country
- Name of the banking institution and source of the funds contributed
- Occupation of the joint buyer where applicable
2.1. Data source
Data is disclosed to VINCI Immobilier, by the data subject, when the data subject completes the data collection form available at the following address: https://pes.docapost-bpo.com/backend/token/vinci
2.2. Mandatory nature of data collection
The collection of data is mandatory under French law: otherwise, VINCI Immobilier would not be able to finalise the contractual process.
2.3. Automated decision-making
Processing does not include automated decision-making.
Data processing only concerns prospective clients who meet the legal criteria specified in the French Monetary and Financial Code on anti-money laundering and counter terrorist financing.
4.1. Recipient categories
The data recipients are as follows:
- the Internal Audit Department of VINCI Immobilier
- the Sales Department of VINCI Immobilier
- the authorised employees of any subcontractors, it being understood that the conditions under which subcontractors access data are contractually managed in accordance with legal and regulatory requirements.
4.2. Data transfers outside the EU
No data is transferred outside the European Union.
Data is kept for the statutory limitation period to allow VINCI Immobilier to establish its due diligence in the event of an inspection by the competent authorities.
VINCI Immobilier Promotion implements the necessary resources for data security and confidentiality, and in particular, in relation to technical measures and organisational security measures:
- Business continuity is regularly tested
- An IT charter is defined and given binding force by the company
- Specific authorisations are granted to anyone with access to data collected via the website.
- Third-party operations are contractually managed
- A DPO has been appointed
- VINCI Immobilier applies the ISSP (Information Systems Security Policy)
You can access and obtain a copy of your personal data, object to the processing of such data for legitimate reasons, have your personal data corrected or have your personal data erased under legal conditions. You also have the right to restrict the processing of your data.
Understanding your rights
You also have the right to issue specific and general guidelines on the retention, erasure and disclosure of your data after your death.
Specific guidelines are communicated for after your death and these rights are exercised by sending a letter, by post, to the DPO, whose contact details are below. Requests regarding the fate of your data after your death must be accompanied by a copy of an identity document in order to be processed.
7.1. Exercising your rights
The VINCI Immobilier Promotion data protection officer (DPO) is your point of contact regarding any request to exercise your rights related to data processing.
- Contact the DPO by e-mail
- Contact the DPO by post
Jean-Maxime PEYRAT H&P Avocats,
26 rue Saussier Leroy, 75017 PARIS,
Phone: +33 (0)1 86 95 08 58
7.2. Complaint to the CNIL
If you believe, after contacting us, that your rights to your data have not been respected, you may send a complaint to the CNIL.