Privacy Policy

1. Introduction

This privacy policy describes how Branteloravista SAS ("we", "our", "us") collects, uses, and protects your personal data when you use our website branteloravista.com and our financial and administrative consulting services.

We are committed to complying with the General Data Protection Regulation (GDPR - EU Regulation 2016/679), the French Data Protection Act (Loi Informatique et Libertés No. 78-17 of January 6, 1978, as amended), and the European Digital Services Act (DSA) which came into force in 2024.

2. Data Controller

Branteloravista SAS, a company with share capital of €50,000, registered with the Paris Trade and Companies Register under number B 912 345 678, with its registered office at 42 Rue de la Paix, 75002 Paris, France.

Data Protection Officer (DPO): You may contact our DPO at dpo@branteloravista.com or by post to our registered office address.

3. Data Collected

We collect the following data as part of our services: identification data (surname, first name), contact details (email address), browsing data (IP address, browser type, pages visited), and information you provide through our contact form.

This data is collected directly from you when you fill in our contact form or browse our website. No sensitive financial data is collected through the website.

4. Purpose and Legal Basis

Your data is processed for the following purposes: responding to your inquiries (legal basis: consent), providing our consulting services (legal basis: contractual performance), improving our website and services (legal basis: legitimate interest), and complying with our legal and regulatory obligations.

In accordance with Article 6 of the GDPR, each processing activity is based on an appropriate legal basis. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Retention

Your personal data is retained for the period necessary to fulfill the purposes for which it was collected: contact data (3 years after the last exchange), browsing data (13 months in accordance with CNIL recommendations), contractual data (duration of the contract plus 5 years for evidentiary purposes).

Upon expiry of these periods, your data is deleted or irreversibly anonymized.

6. Your Rights

Under the GDPR and the French Data Protection Act, you have the following rights: right of access (Article 15 GDPR), right to rectification (Article 16), right to erasure (Article 17), right to restriction of processing (Article 18), right to data portability (Article 20), and right to object (Article 21).

To exercise these rights, contact our DPO at dpo@branteloravista.com. We will respond within one month. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), 3 Place de Fontenoy, 75007 Paris.

7. Data Transfers

Your personal data is hosted within the European Union. No data transfers to third countries are made without appropriate safeguards in compliance with Chapter V of the GDPR, including European Commission adequacy decisions or standard contractual clauses.

8. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction: SSL/TLS encryption, strict access controls, regular backups, and ongoing staff training.

In the event of a data breach likely to result in a high risk to your rights and freedoms, we will inform you without undue delay in accordance with Article 34 of the GDPR.

9. Changes

We reserve the right to modify this policy at any time. Any significant changes will be notified through a visible notice on our website. The date of the last update is shown at the top of this document.