Our website uses cookies to make your navigation experience more personal as well as for operational purposes, statistical analysis and to analyse the performance of our content. Your consent is given freely and may be retracted or given at any time by clicking on the link below:

• Modify my consent concerning cookies

CGEFI (the “Company”) is committed to respecting confidentiality and, more generally, protecting any personal data concerning you and those close to you, regardless of whether you are clients or prospective clients (hereafter referred to as the “Persons Concerned”), this being any data collected and processed within the context of our exchanges, and where applicable, service provisions covered by any contract you have signed, or will sign, with the Company (hereafter referred to as the “Contract”).

To this effect, the Company respects European and French legislation concerning the protection of personal data, mainly European regulation EU n°2016/679 or the “GDPR” and ordinance n°78-17 also known as the “Freedom of Information” act.

This Personal Data Charter sets out the information required for the processing of personal data implemented within the framework of your dealings with the Company.

The Company will remain fully responsible for the processing of personal data as detailed in article 4 of the GDPR within the framework of these services. The purposes and legal basis for processing are as follows :

• Purpose 1 : Managing commercial relations with clients within the framework of the Contract:  this processing is necessary for the operation of the Contract (article 6 (b) of the GDPR);
• Purpose 2 : Respecting legal and regulatory obligations to which the Company is subject, especially regarding money laundering and the financing of terrorism (article 6 (c) of the GDPR);
• Purpose 3 : Managing relations with prospective clients as part of the commercial prospecting process and the organisation of events related to the Company’s activity: this processing is necessary for the legitimate interests of the Company (article 6 (f) of the GDPR).

In the event of any further processing of your personal data for purposes other than those for which the personal data has been collected and as set out above, the Company will provide you with advance information regarding this additional purpose along with any other legally relevant information that may be necessary.

The data of the Persons Concerned will be processed, more specifically the contact data (full name, postal address, etc.) along with the asset, financial and professional data of Company clients.

The Company will keep the personal data of the Persons Concerned for no longer than the duration necessary for the achievement of the purposes for which it has been processed, and, more specifically, applying the following retention periods :

• Purpose 1 and 2 : during the contractual relation, then archived for a period of five years as of the termination of any business relations with the client, this period may be extended in the event of any dispute and up to the ultimate expiry of any appeal possibilities;
• Purpose 3 : three years after the last contact with the prospective client.

The company communicates this personal data to its internal services depending on the purpose and may communicate it to other Group companies depending on the client scope (ex-pats, returning ex-pats or French residents). 

The Company may also communicate this personal data to outside bodies or recipients but only within the framework of and for the needs of the service provided to the Concerned Persons :

• Banks and other product suppliers (insurance companies, management companies, etc.) depending on the contractual solution proposed to clients;
• Regulatory and inspection bodies (especially AMF, ACPR, Professional Associations, taxation and corporate administrations);
• Regulated professions (Lawyers, Notaries, etc.);
• Mandated agents.

Finally, the Company may communicate this personal data to sub-contractors (as defined by the GDPR) :

• CRM software publishers;
• Communication software publishers;
• Invoice management and accountancy software publishers;
• EU-based data server hosts.

These sub-contractors will only have access to your data to complete their services and will be themselves subject to the same security and confidentiality obligations as the processing manager.

To find out more about these recipients, the list of the Company’s sub-contractors can be requested by sending an email to: clientele@groupe-crystal.com

In all cases your data will not be shared with any outside bodies for commercial prospection purposes without the company requesting your permission beforehand.

Should any personal data be transferred to a third party country outside of the European Economic Space, this will be completed subject to appropriate guarantees which will be contractual, technical and organisational whilst also compliant with the applicable personal data protection regulations.

Compliant to ordinance n°78-17 dated 6 January 1978 and the GDPR, the Concerned Persons will have a right of access, correction or suppression for any personal data that concerns them and, where applicable, a right of data portability for the data in question. You can request the restriction or oppose the processing of your data or, where applicable, retract your consent. You can also issue instructions concerning what will be done with your data post-mortem, by application of article 32 6° of modified Ordinance n°78-17 dated 6 January 1978.

To exercise these rights, you can contact the Company’s Data Protection Officer (DPO) at the following email address: clientele@groupe-crystal.com or by post at the Company’s head offices, for the attention of the Company DPO, including your full-name, email address and postal address. Compliant to the currently applicable regulations, this request must be signed and supported by a photocopy of a valid proof of identity bearing your signature and the address to which any response must be sent. A response will be issued within one month of receiving the request.

In the absence of supply, or in the event of opposition or a request for suppression or restriction, the Company will no longer be able to provide all or part of the services covered by this Contract and will not be held liable for the consequences of any requests concerning the execution of their contractual obligations.

As regards the processing of data to ensure appropriate monitoring of the risk of money laundering and the financing of terrorism, by application of article L.561-45 of the (French) ‘monetary and financial code’, your requests for access to these files must be addressed to the Data Protection Commission (Commission Nationale Informatique et Libertés - CNIL), 3 place de Fontenoy, 75007 Paris.

According to the law, you have the legal right to make any claim before the appropriate regulatory body, this being the CNIL in France:  https://www.cnil.fr/.

Compliant to the applicable personal data protection legislation and regulations, the Company commits to take all technical and organisational measures necessary to maintain the security of the data processing covered by this chapter and more specifically to avoid any alteration or damage to the data and any disclosure to unauthorised persons. The Company will ensure that any sub-contractors involved in the processing referred to in this chapter also take on the same commitments, notably by the act of signing the sub-contractor’s agreement, compliant to article 28 of the GDPR.

This Charter may be modified over time. It will be regularly updated and you will be able to consult it on our web-site or by sending a request in writing to the Company’s head offices.