PRIVACY POLICY
Within the framework of the management mandates entrusted to us, we pay the utmost attention to the processing of personal data of both our clients and the users of our services in general, in accordance with the General Data Protection Regulations.
This Policy applies to all of TELMMA's relationships with its contractors, in the absence of a more specific agreement, and the persons concerned.
1. Definitions
Within this policy, the following terms take the definitions given hereafter and related terms shall be interpreted accordingly:
« Personal data », hereinafter « PD »: means any information permitting the direct or indirect identification of a natural person that the Agent and/or the Principal and/or a service provider processes in the capacity of "Data Controller" or "Subcontractor".
« Materials » means any material, system, equipment, tools communicated, owned by TELMMA or transferred or made available to TELMMA by its contractor.
« Regulation » means, for the purposes hereof, all laws and regulations applicable in France with regard to the protection of personal data, i.e. aimed at protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with regard to the processing of their PD and, in particular, with regard to the General Data Protection Regulation No. 2016/679 ("GDPR") and the French Data Protection Act of 6 January 1978 as amended.
« Data subject », « Controller », « Joint controller », « Subcontractor », « Processing », « Supervisory Authority », « Violation of personal data », « Impact assessment » retain the meaning attributed to them in the aforementioned Regulation.
2. General principles
Within the framework of execution of the mandates entrusted to it, TELMMA is required to obtain and process personal data.
TELMMA agrees to comply with the legal obligations incumbent upon it with respect to applicable laws and the aforementioned Regulation, and to allow its contractor to comply with applicable laws and the Regulation.
TELMMA carries out all the formalities required by the regulation, or any other legal or regulatory provisions applicable to the protection of privacy and personal data with the competent authorities.
TELMMA adopts technical and organizational measures of security and confidentiality that are appropriate for the risks and in accordance with the state of the art, and provides mechanisms for the management of authorizations, making it possible to limit access to PD only to those persons who need to know it.
In any event, TELMMA and its contractors are each liable for any breach of their obligations, as far as they are concerned. Under no circumstances may they be held liable for a breach committed by the other party, since solidarity is excluded.
TELMMA, in cases where it acts as a subcontractor, may only be held liable for any damage caused by the processing of PD if it has not respected its legal or contractual obligations, or if it has acted outside or contrary to the instructions of the Principal.
TELMMA guarantees its Principals against any claim and/or procedure, whatever the form, purpose and nature, initiated by any third party and invoking a violation of privacy exclusively linked to a failure by TELMMA in its obligations resulting from this contract, and/or by one of its subcontractors.
TELMMA agrees to intervene, at its own expense, in any amicable or legal proceedings initiated against one of its Principals and due to a breach by TELMMA itself and/or by one of its subcontractors.
Media containing PD and transmitted to TELMMA by the Principal remain the property of the Principal. Media containing PD collected by TELMMA remain the property of the latter party.
TELMMA agrees to only keep the PD processed within the framework of its Mandates for the duration necessary for the processing, plus the legal time limit during which the information will be archived in view of any accounting, tax or legal claim.
TELMMA agrees:
- That it will not use PD for purposes other than to carry out mandated obligations or for proper management of the real property assets under management;
- That is will not disseminate, communicate, sell, assign, license or otherwise provide the PD to third parties (with the exception of advisors, auditors, representatives or managers);
- That it will not use the PD for commercial purposes.
3. Processing of personal data by TELMMA
3.1 General obligations by TELMMA
TELMMA agrees:
- To process PD in strict compliance with regulations in effect on the subject;
- To ensure that confidentiality of this information is respected by its employees who need to know it;
- To process PD within the European Economic Area or in a country considered adequate by the European Commission or offering sufficient guarantees in terms of security and data protection, such as the Privacy Shield for the United States.
- To inform data subjects about the processing operations performed and about their rights;
- To respond to requests from data subjects;
- To notify data subjects of any data breach that may affect their rights and freedoms;
- To make available to the Principal, and upon request, the information and documents permitting the latter to demonstrate the Principal's compliance with the Regulation.
3.2 Types of processing
Because of its professional expertise, TELMMA may act as joint controller or sub-contractor of its Principal, depending on its autonomy within the framework of its assignment, the type and scope of assignment entrusted to it.
In particular, the following processing may be done:
- Lease management (signature, collection of rents and charges, management of unpaid rent, follow-up for necessary work, lease renewal, termination, etc.);
- The transfer of a building;
- The fight against money laundering and terrorism in the selection of the commercial tenant;
- The transfer of mandate;
- Rendering of accounts;
- Management of pre-litigation or litigation arising in the context of execution of the mandate between the Principal and TELMMA, etc.
3.3 Type of personal data processed
In order to fulfil the above-mentioned purposes, TELMMA may notably be required to process, directly or through a subcontractor:
- Identification data (surname, first name, ID, image, license plates, badges with or without biometric identification, etc.), contact data (email address, postal address, telephone number, etc.) of visitors, applicants, purchasers, tenants, subtenants, representatives, employees of tenants or subtenants;
- Data related to rental of the property (detailed information on the lease, rental fees, important dates, etc.);
- The data of prospects and tenants of the real estate assets under management and their employees (excluding rental and re-rental of commercial or office premises);
- Data of suppliers and other service providers providing services relating to common property equipment;
- Data related to the private life of individuals (lifestyle habits, family situation, specific requests for services, etc.);
- Economic and financial data (income and expenses, loans, etc.);
- Data collected for reporting purposes, etc.
4. Subcontracting and further subcontracting
If TELMMA, acting as joint controller or processor, intends to call upon a subsequent processor or sub-processor, it informs, except in cases of extreme urgency, its Principal of the name and contact details of this sub-processor as well as its function. If the Principal wishes to object to the proposed sub-processing, it must indicate this within one month of receiving the information and propose another sub-processor. Otherwise, it is deemed as accepting it.
In accordance with the Regulation, TELMMA ensures that each of its subcontractors guarantees at least the same level of protection of PD as that specified in this Policy and complies with the Regulation.
Each subcontractor agrees to provide at least the same level of protection for PD as that specified in this Policy and to comply with the Regulation.
In addition, TELMMA ensures that its personnel and that of its subcontractors respect the confidential nature of the information to which they have access.
If the applicable laws to which Property Managers are subject require them to act otherwise, then TELMMA must, to the extent permitted by applicable laws, inform the Principal of this legal requirement before processing this personal data.
In accordance with article 35 of the European General Data Protection Regulation, TELMMA agrees to assist the Principal in performing an impact analysis in the event that the processing required by the real estate management mandate is likely to represent a high risk for the rights and freedoms of individuals.
If processing exposes individuals to high risk, TELMMA agrees to follow the impact analysis procedure provided for by the French administrative authority, the CNIL.
5. Information and exercise of the rights of data subjects
Taking into account the information made available and/or collected by TELMMA, TELMMA ensures that data subjects are informed as provided for in Article 13 of the European Data Protection Regulation.
It is pointed out in this respect that each natural person concerned has:
- A right to access his/her data, i.e. the right to request communication of the data concerning him/her;
- A right of rectification of erroneous or incomplete data which may be implemented by means of an additional declaration;
- A right to have his/her his data deleted, unless TELMMA has a legitimate and compelling reason to continue processing the data in question;
- A right to limit the processing of his/her data. This right consists of the possibility for the User to ask TELMMA to discontinue the use of his/her personal data. Implementation of this right must take place simultaneously with the exercise of the right of rectification;
- A right to data portability. This right notably consists of transmission of the User’s data, upon request, in a structured, commonly used and machine-readable format;
- The right to withdraw consent for data processing at any time for processing operations relying on this legal basis, without affecting the lawfulness of the consent prior to withdrawal;
- The right to issue instructions on the fate of his/her data after his/her death.
TELMMA agrees to respond to requests from data subjects within one month following receipt.
Where necessary, its contractors are asked to assist TELMMA in replying to data subjects wishing to exercise their rights of access, opposition, rectification, deletion, limitation of processing, data portability or to issue instructions on the fate of PD concerning them in the event of death. Contractors collaborate with TELMMA to implement these rights.
Any data subject may exercise his or her rights by contacting TELMMA's Data Protection Officer at the following addresses:
By post: DPO TELMMA - 66 Quai du Maréchal Joffre CS 40064 | 92415 Courbevoie Cedex
By email: dpo@telmma.com
Proof of identity is required in order to protect the confidentiality of personal data.
If, despite all our efforts, data subjects consider our response unsatisfactory, they are reminded that they have a right of complaint before the French regulatory body, the CNIL. This right may be exercised by sending a letter to the following address: CNIL- 3 Place de Fontenoy - TSA 80717- 75334 PARIS CEDEX 07.
6. Security
6.1 Security program
TELMMA takes all necessary and appropriate technical and organisational measures to ensure the confidentiality, security, availability and integrity of the PD and Materials, both its own and those made available by its principals.
TELMMA takes all reasonable measures to guarantee the reliability of any employee, agent or service provider who may have access to the PD processed for the execution of the real estate management mandate and, in particular, to ensure that they respect the confidentiality of the information of to which they become privy.
TELMMA has adopted an information security program ("Information Security Program") that incorporates appropriate and proportionate administrative, technical and physical safeguards, such as:
- Pseudonymisation, insofar as this is proportionate to the means and risks and insofar as TELMMA's computer tools allow it, and/or encryption of the PD processed,
- The means to ensure the confidentiality, integrity, availability and continued resilience of PD and Materials;
- The means to restore availability and access to PD and Materials within a reasonable time frame in the event of a technical or physical incident;
- A process to test, evaluate and assess the effectiveness of technical and organisational measures to ensure the security of data processing;
- Active physical and digital archiving.
TELMMA is committed to regularly auditing and reviewing the Information Security Program to ensure its continued effectiveness and to determine whether adjustments are necessary in light of circumstances, including technological, regulatory, industry practices or industry changes in threats and risks that may affect PD and Materials.
TELMMA agrees to respond as quickly as possible to any request for information on its Information Security Program.
6.2 Security breach
Upon occurrence of an incident or upon TELMMA's suspicion that an incident has occurred relative to a security breach or any other breach of the provisions relative to the processing of personal data by or in respect of TELMMA (the "Security Breach"), it agrees to:
- Inform the Principal or the supervisory authority, as provided for in the Contract, of the Security Breach.
- Do whatever is within its power, as soon as possible, to minimize the impact or any other damage that the breach is likely to cause to the Principal, or to any individual who could be affected by the Security Breach, and to prevent, to the extent possible, the occurrence of similar breaches in the future.
6.3 Audit
TELMMA allows its principals to conduct compliance audits with regard to the processing of personal data, including inspections by the Principal, its representatives or any third party mandated by the Principal, as long as TELMMA is notified about this Audit fifteen (15) days in advance and as long as it is conducted during normal working hours.
7. Transfers of personal data
TELMMA does not process or transfer the PD that it collects outside the European Economic Area, or from any country deemed adequate by the European Commission, or from any country offering sufficient guarantees within the meaning of the Regulation, without first obtaining the written consent of the Principal and without implementing adequate protection of the PD in accordance with the requirements of the Regulation.
TELMMA ensures that any such agreement includes security obligations imposed upon the recipient of PD that are at least equivalent to those of this Policy.
8. DELETION OF PERSONAL DATA
TELMMA ceases to process PD under subcontracting at the end of the real estate management mandates or, if this date is earlier, at the end or upon expiry of the service to which it relates.
If preservation proves necessary, TELMMA ceases processing as soon as possible and either destroys the PD processed or returns the media containing it to its Principals, depending on the option determined, and deletes the PD concerned from its systems.
TELMMA retains the PD supplied by the Principal only to the extent required by applicable laws and ensures that this PD is only processed for the purpose or purposes specified in the applicable laws imposing or making it necessary to retain it.
TELMMA agrees to keep the PD processed only within the limit of the duration required for processing, plus the duration of the statute of limitations, during which the information will be archived for the purpose of any accounting, tax or legal claim.
9. Website
In order to guarantee the quality of its services and to be able to ensure that its website functions as well as possible, TELMMA processes the personal data of the User when the User browses the www.telmma.com website, hereafter "the Website".
The owner of the Site is SAS TELMMA PROPERTY GROUP.
The data controller of the Site is TELMMA, which agrees to comply with the General Data Protection Regulation (RGPD no. 2016/679, law no. 2004-575 of 21 June 2004 on trust in the digital economy, law no. 78-17 (LIL) amended by law no. 2018-493 of 20 June 2018 and the regulations resulting therefrom).
The terms and the Site's Cookies Policy are available online at www.telmma.com.
10. Changes to the privacy policy
This Privacy Policy may be modified. TELMMA will post any new version on its site or provide it upon first request.