Privacy Policy
This privacy policy outlines the DA Investment Protection policy regarding personal data, in accordance with the regulations in force in France on personal data, as set out in Law No. 78-17 of January 6, 1978 relating to data processing, files, and freedoms, known as the “Informatique et Libertés” law, and EU Regulation 2016/679 of May 25, 2018 on data protection, known as the “GDPR.”
The purpose of this privacy policy is to inform
any client of DA Investment Protection
(hereinafter the “Client”):
• of the processing of the Client’s personal data
carried out by DA Investment Protection as the
data controller (I); and
• of the processing of third-party personal data
transmitted by the Client to DA Investment
Protection and processed by DA Investment
Protection as the data processor (II).
I. Processing of Clients’ Personal Data by DA Investment Protection as Data Controller
1. Categories of Personal Data
Collected
In the course of the engagement entrusted to DA
Investment Protection by the Client, DA Investment
Protection may collect and process personal data
concerning Clients, in particular relating to
civil status (name, surname, age, postal address,
email address), family situation, professional
life (position, etc.), and economic and financial
information (hereinafter “Client Data”).
2. Contact Details of the Data
Controller
The data controller of the Client Data is DA
Investment Protection, operating in Paris as an
association of lawyers with individual
professional liability, with its registered office
at 51, rue François 1er, 75008 Paris, France,
registered under SIRET No. 793 138 942 000 24.
Telephone: +33 7 45 46 76 56
Fax: +33 7 45 46 76 56
The representative of the data controller can be
contacted at:
responsable-traitement@bdgs-associes.com
3. Legal Basis and Purposes of
Collection
Client Data is collected exclusively in connection
with the execution and management of the contract
between the Client and DA Investment Protection,
in compliance with legal or regulatory obligations
(accounting, tax obligations, etc.) applicable to
DA Investment Protection, to meet DA Investment
Protection’ legitimate interests (monitoring and
maintaining the business relationship), or based
on the Client’s consent (e.g., invitations to
events).
4. Data Processing Actors
4.1. DA Investment Protection Staff
Client Data is intended for members of DA
Investment Protection authorized to process it as
part of their duties.
4.2. DA Investment Protection
Subcontractors
In the course of its activities and service
provision, DA Investment Protection uses
subcontractors located in the European Union, who
process Client Data on behalf of, under the
instruction of, and under the authority of DA
Investment Protection.
In compliance with the GDPR, DA Investment
Protection requires its subcontractors to provide
sufficient guarantees regarding the implementation
of appropriate technical and organizational
measures to ensure the security and
confidentiality of Client Data.
4.3. Third Parties
In the course of its activities and service
provision, DA Investment Protection may transmit
Client Data to other lawyers (for legal document
exchanges, litigation, etc.) or to formalists (for
carrying out formalities related to registering
company directors).
5. Retention and Archiving of Client
Data
DA Investment Protection only collects Client Data
strictly necessary for the purposes described
above and retains it for the period strictly
necessary for the intended purpose. Specifically,
Client Data is kept in active storage for the
duration of the mission entrusted to DA Investment
Protection. At the end of this period, the data
will either be deleted or archived for the
necessary duration (i) to comply with legal and
regulatory obligations and/or (ii) to establish,
exercise, or defend legal claims.
6. Security of Client Data
DA Investment Protection implements all necessary
technical and organizational measures to ensure
the confidentiality and security of Client Data
and to prevent it from being damaged, deleted, or
transmitted to unauthorized third parties.
In the event of a data breach likely to result in
a risk to the rights and freedoms of the Client,
DA Investment Protection undertakes to notify the
competent supervisory authority (CNIL) within 72
hours of becoming aware of it, in accordance with
Articles 33 and 34 of the GDPR, and to notify the
Client as soon as possible.
7. Client Rights Regarding Personal
Data
Under Articles 15 to 22 of the GDPR, and where
compatible with the purposes of the processing,
the Client has the right to access, rectify,
delete, and port their personal data, as well as
the right to restrict processing. The Client may
also object to processing for legitimate
reasons.
The Client can exercise their rights by sending a
request to:
responsable-traitement@bdgs-associes.com.
DA Investment Protection may refuse to grant these
rights for one of the reasons provided for in
Articles 15 to 22 of the GDPR, particularly if
processing is necessary to comply with a legal or
regulatory obligation, or to establish, exercise,
or defend legal claims.
DA Investment Protection will inform the Client of
measures taken within one (1) month from receipt
of the request. This period may be extended by two
(2) months depending on complexity and volume of
requests.
If DA Investment Protection does not act on the
request, it will inform the Client within one (1)
month of the reasons for inaction and the
possibility of lodging a complaint with a
supervisory authority or seeking judicial
remedy.
Exercising these rights is free of charge;
however, in the case of manifestly unfounded or
excessive requests, DA Investment Protection
reserves the right to (i) charge a fee considering
administrative costs, or (ii) refuse to comply
with such requests.
8. Complaints to a Supervisory
Authority
Without prejudice to any other administrative or
judicial remedy, if the Client believes that their
data processing constitutes a violation of the
GDPR, they have the right to file a complaint with
the competent supervisory authority (CNIL).
II. Processing of Third-Party Personal Data Communicated by the Client to DA Investment Protection as Data Processor
1. In the course of the engagement, the Client may provide DA Investment Protection with third-party personal data (e.g., employees, customers of the Client) relating to civil status (name, surname, age, postal address, email address), family situation, professional life (position, etc.), and economic and financial information (hereinafter “Third-Party Data”).
2. The Client is the data controller of the Third-Party Data. DA Investment Protection, which collects and processes Third-Party Data on behalf of and according to the Client’s instructions, acts as a data processor.
3. As the data controller, the Client declares and guarantees compliance with their obligations regarding Third-Party Data protection, including: (i) ensuring the lawfulness of their processing; (ii) having informed and, where applicable, obtained consent from the individuals concerned; (iii) implementing all appropriate technical and organizational measures to ensure the security and confidentiality of Third-Party Data; (iv) enabling the effective and prompt exercise of the rights of individuals concerned; and (v) establishing an effective procedure in the event of a data breach.
4. The Client remains the owner of the Third-Party Data and is solely responsible for any breach of personal data regulations in the management of this data. DA Investment Protection assumes no liability in this regard. Likewise, as DA Investment Protection has neither knowledge of nor control over the Client’s use of Third-Party Data, it cannot be held liable for any violation of these personal data that the Client may commit.
5. As the processor of Third-Party Data, DA
Investment Protection undertakes, in accordance
with Article 28 of the GDPR, to:
– process Third-Party Data solely within the scope
of the mission entrusted by the Client;
– process Third-Party Data only on documented
instructions from the Client, and to inform the
Client of any instruction that would be contrary
to personal data regulations;
– ensure that persons authorized to process
Third-Party Data are bound by confidentiality
obligations;
– implement appropriate technical and
organizational measures to ensure the security and
confidentiality of Third-Party Data;
– apply data protection by design and by default
principles for tools, products, applications, or
services;
– assist the Client, as far as possible, in
fulfilling their obligation to respond to rights
requests from individuals concerned;
– notify the Client of any data breach as soon as
possible after becoming aware of it;
– assist the Client in ensuring compliance with
security, breach notification, and data protection
impact assessment obligations;
– make available all necessary information to
demonstrate compliance with these obligations and
allow for audits or inspections by the Client or a
mandated auditor, and contribute to such audits.
6. DA Investment Protection undertakes to ensure that Third-Party Data is stored within the European Union or in a country offering a level of protection equivalent to that of the EU. In the event of a transfer outside the EU to a country without such protection, DA Investment Protection undertakes to use standard contractual clauses approved by the European Commission or implement Binding Corporate Rules. DA Investment Protection may engage another processor for specific processing activities and undertakes to provide the Client with a list of such processors upon request. In all cases, DA Investment Protection will remain fully liable to the Client for any breach by a subsequent processor.
7. DA Investment Protection processes Third-Party Data under the conditions defined above for the entire duration of the mission entrusted by the Client. At the end of the mission, DA Investment Protection undertakes, in accordance with the Client’s instructions, to delete or return the Third-Party Data, unless a legal or regulatory obligation requires its retention.