Personal data protection policy
As part of their activities, the various companies of the Altarea Group process personal data concerning you (“You”) through their respective websites.
When browsing the different websites of the Altarea Group, you are invited to consult each site’s Personal Data Protection Policy and Cookie Policy in order to identify the data controller and the specific data processing activities carried out by each entity.
Indeed, depending on the entity within the Group and the services offered, the purposes of the data processing may vary. All entities within the Group that carry out personal data share a single Data Protection Officer (DPO) whose contact details are provided in section 4 below.
Your personal data is protected under the applicable data protection laws and regulations which include the provisions of the amended French Data Protection Act No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms, as amended, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (“General Data Protection Regulation”, or “GDPR”), hereinafter collectively referred to as the “Regulations.”
We take great care to ensure that the collection and processing of your data complies strictly with these Regulations.
1. WHO IS THE DATA CONTROLLER?
For the pages of the website altarea.com (hereinafter the “ Website ”): the data controller of your personal data is ALTAREA, a company having its registered office at 87 rue de Richelieu – 75002 PARIS, registered with the Paris Trade and Companies Register under number 335 480 877.
2. WHY DO WE COLLECT YOUR PERSONAL DATA?
When using our Website , we may collect and process your personal data, either electronically or otherwise, for specific and clearly stated purposes as outlined in the table below.
| Purpose | Data Collected | Legal Basis for Processing | Retention Period |
| Ensure optimal navigation on our Websites, in particular through the use of technical cookies. | For more details, please refer to our Cookie Policy. | Legitimate interest | The data retention period is detailed in the Cookie Policy. |
| Improve the performance of the Website, the quality of our services, and provide you with personalized content and services, particularly through the use of trackers and cookies | For more details, please refer to our Cookie Policy. | Consent | The data retention period is detailed in the Cookie Policy. |
| Respond to specific or general requests made by you through our Website. | Identification data | Legitimate interest | Retention for administrative management of the request, extended by any applicable legal limitation periods. |
| Send you event invitations with your prior consent. | Identification data | Consent | Retention for 3 years from the date of last contact with you. |
3. WHO HAS ACCESS TO THIS INFORMATION?
Your personal data is processed by the Data Controller designated in §1 above, by its internal services as necessary to respond to your request, and by its service providers and/or partners who are involved in the relevant processing activities. We implement all necessary measures to ensure the security and integrity of your personal data.
Our processors are contractually bound by reinforced obligations of security, protection, and confidentiality with regard to Personal Data. Under no circumstances will we sell, lease, or disclose your personal data to any third party without your prior consent.
However, your personal data may be disclosed to authorized third parties (i.e., police or judicial authorities), in accordance with applicable laws, upon formal request from such authorities for instance, in the context of fraud prevention measures on the Website (anti-fraud services).
We make every effort to limit personal data processing activities to the territory of the European Union. If such processing must take place outside the UE, we ensure that appropriate safeguards are implemented, such as the use of the European Commission’s standard contractual clauses, to guarantee an adequate level of data protection.
4. YOUR RIGHTS
In accordance with the Regulations, you have the following rights concerning your Personal Data
:
- Right of access (Article 15 GDPR): Any individual may requests confirmation as to whether their personal data is being processed and, if so, obtain a copy of such data and related information.
- Right to rectification (Article 16 GDPR): You have the right to request the rectification of inaccurate or incomplete personal data concerning you.
- Right to erasure (Article 17 GDPR): You may request the erasure of your personal data, subject to certain exceptions (e.g., compliance with legal obligations, performance of a contract, or establishment, exercise or defence of legal claims).
- Right to restriction of processing (Article 18 GDPR): You may request the temporary suspension of processing of your data under the circumstances set out in Article 18.
- Right to data portability (Article 20 GDPR): You may request that your personal data be transferred to another data controller, where technically feasible.
Right to object (Article 21 GDPR): You may object at any time, on grounds relating to your particular situation, to the processing of your personal data.You also have the right to define instructions regarding the storage, erasure and disclosure of your personal data after your death.
For all processing mentioned in §2, you are informed that you may withdraw your consent at any time. To exercise you may contact the Data Protection Officer by writing to 87 rue de Richelieu – 75002 PARIS or by email at dpo@altarea.com.
In case of a dispute, you also have the right to lodge a complaint with the CNIL (French Data Protection Authority). Please feel free to contact us with any questions addressed to the attention of the DPO.