My Flat In Paris

Select Language

Personal Data Protection Policy

1. Purpose of the policy

The purpose of this policy is to define My Flat In Paris's (MFIP) commitments regarding personal data protection, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

The data controller is the person, public authority or body that determines the purposes, i.e. the use of the data and the means of processing.

My Flat In Paris | SAS Co Invest, 5 rue Frédéric Bastiat 75008 Paris is the data controller.

2. General principles

MFIP undertakes to comply with the following principles:

Lawfulness, fairness and transparency of processing.
Purpose limitation: data is collected only for specific, explicit and legitimate purposes.
Data minimisation: only data that is strictly necessary is processed.
Accuracy and updating of data.
Storage limitation: data is stored for a proportionate period of time and then deleted or anonymised.
Integrity and confidentiality: technical and organisational measures to ensure data security.

3. Categories of personal data processed

My Flat In Paris | SAS Co Invest processes the following categories of personal data:

Identification data: surname, first name, date and place of birth, address, email, telephone number, date and place of birth, copy (or photo) of an identity document
Personal details: languages spoken, specific requests
Data related to the rental agreement: rental address, move-in and move-out dates
Professional data: employer's contact details
Financial information: bank details

You are a tenant

—> See Tenant's personal data protection policy

You are a landlord

—> See Owner's personal data protection policy

You do not fall into any of the above categories

4. Purpose of personal data processing

Purposes	Data processed	Legal basis	Retention period for the purposes intended	Recipients of the data
Registration and management of applications	Identity data Data relating to the candidate's career	Processing is necessary for the performance of pre-contractual measures and for establishing a contractual relationship between My Flat In Paris \| SAS Co Invest and job or internship applicants.	3 months after collection	Agency management
Sending commercial offers by electronic means	Identity data	Legitimate interest of My Flat In Paris \| SAS Co Invest	3 years after last contact	Sales department
Billing	Identity data Bank details	Legal obligation Article L123-22 of the French Commercial Code	10 years from the end of the financial year.	Operations and accounting services
Partner and supplier relationship management	Identity data	Legitimate interest of My Flat In Paris \| SAS Co Invest	Duration of the contractual relationship - Except for invoices (10 years after the end of the contract) and contracts (5 years after the end of the contract)	Sales department

Purposes	Data processed	Legal basis	Retention period for the purposes intended	Recipients of the data
Registration and management of applications	Identity data Data relating to the candidate's career	Processing is necessary for the performance of pre-contractual measures and for establishing a contractual relationship between My Flat In Paris \| SAS Co Invest and job or internship applicants.	3 months after collection	Agency management
Sending commercial offers by electronic means	Identity data	Legitimate interest of My Flat In Paris \| SAS Co Invest	3 years after last contact	Sales department
Billing	Identity data Bank details	Legal obligation Article L123-22 of the French Commercial Code	10 years from the end of the financial year.	Operations and accounting services
Partner and supplier relationship management	Identity data	Legitimate interest of My Flat In Paris \| SAS Co Invest	Duration of the contractual relationship - Except for invoices (10 years after the end of the contract) and contracts (5 years after the end of the contract)	Sales department

5. Security measures

MFIP implements appropriate measures, including:

Encryption of identity documents upon receipt
Access control and personalised accounts.
MFA for critical systems.
Access logging and monitoring.
Regular encrypted backups.
Strict contractual clause with subcontractors.
Automatic deletion of copies of identity documents after a maximum of three months following the tenant's departure, unless legally required.

6. Subcontractor management

Our subcontractors are located in the European Union.

Any subcontractor with access to personal data collected by MFIP is subject to:

The signing of a data processing agreement (DPA) in accordance with Article 28 of the GDPR.
Prohibition on using data for one's own purposes.
Enhanced security obligations.
No contractual changes concerning personal data may be made without the written approval of the President of MFIP.

7. Rights of data subjects

In accordance with applicable regulations, you may request to obtain and verify the data that My Flat In Paris | SAS Co Invest holds about you, rectify inaccurate information, erase data concerning you, and take a copy of your data to reuse it elsewhere. You may also object at any time to the use of certain data and request that the use of your data be frozen. You have the right to define guidelines regarding the fate of your personal data after your death. You can exercise all of your rights directly with the Data Protection Officer (DPO) of My Flat In Paris | SAS Co Invest, who is your contact for any request to exercise your rights regarding this processing. These rights may or may not be applicable depending on the legal basis on which My Flat In Paris | SAS Co Invest processes your personal data.

Contact the DPO by email at dpo@myflatinparis.com
Contact the DPO by post:

The Data Protection Officer:

Société CO Invest / My Flat in Paris
5 rue Frédéric Bastiat
75008 Paris
Tel: +33 (0)1 44 53 98 09

If, after contacting us, you feel that your data protection rights have not been respected or that the video system does not comply with data protection rules, you can submit a complaint online to the CNIL or by post.

8. Internal responsibilities

The President of MFIP oversees GDPR compliance and the implementation of this policy. All employees are required to comply with internal rules and procedures.