Advenis notifies any individual or data controller involved about the conformity assessment regarding the process of personal data it applies as part of its activities.

Advenis agrees to do its best to ensure the protection, confidentiality, and safety of any personal data collected or, if need be, only processed, as part of the obligations set out in the European regulation on personal data protection, also known as “GDPR”.

The content of this conformity assessment constitutes general information without prejudice to the conditions, commitments, or implementation of specific means described below.

Collecting and processing personal data

As a financial investment consultant, Advenis and members of its network are subject to the following obligations requiring the collection of information, some of which can be personal:

– Prior knowledge of its clients (identification and verification of the identity of the client and the beneficial owner): articles L561-1 et seq. of the Monetary and Financial Code on the fight against money laundering and terrorism financing.

– Controlling the knowledge and experience of its clients in terms of investment: L541-8-1 et seq. of the Monetary and Financial Code on rules of conduct.

– We may collect personal data when you submit a request for information via our contact form, if you send an email to another company email address (whether it be a generic address or an employee individual address, including our consultants), if you contact our customer service, if you attend an event or a conference, if need be, by giving us a business card, if you ask to be called back by one of our consultants, etc.

The data corresponding to Advenis’ execution of its duty to advise and any personal data collected for prospecting purposes are not subjected to the prior consent of the people involved and are the subject of complete information to the people involved, per the procedure to establish a relationship.

The data whose processing does not fall into any of the above categories are subject to prior consent by the people involved. Should you ask for opposition or deletion, the data will cease to be processed and/or is to be deleted. Personal data unprocessed within three years will be deleted

Personal data collected as part of our business relationships are stored for five years starting from the end of these relationships, subject to the application of a specific legal period of which data can be stored, of which the people involved are then informed.

The data is intended for the services of Advenis or any authorized person within its network to carry out all agreed services. Only people authorized by Advenis and acting within the scope of their duties may access it, including members of our franchisee network.

The people involved can exercise the rights indicated below by sending a letter to the Data Protection Officer at the Advenis postal address or by sending an email to the following address: dpoadvenis@advenis.com

– Access and rectification of your personal data

– Right to object

– Limitation of the processing of your personal data

– Complaint submission to the CNIL

– Portability of your personal data.

Users are notified that some of these rights may be restricted for legal or regulatory reasons as specified above.

Processing and associated risk control system

The GDPR compliance of [name of the entity responsible for processing] provides that each control stage is being documented to justify the approach, the means used, and the sturdiness of the solutions implemented.

Personal data that present a specific risk are subject to impact analysis.

Regarding any subcontractors selected to carry out personal data processing activities on its behalf, [name of the entity responsible for processing] requires them to apply the same personal data obligations as that incumbent on it.

The security system (password rules, antivirus, and firewall network security, partitioning of directories and applications according to entities, departments, personal profiles, or special authorizations) includes a plan to periodically monitor the network activity, both internally and externally, to detect any theft or hacking of personal data.

In the event of a proven or suspected failure, the security plan provides the implementation of the regulatory procedure for the people involved and, if need be, the Control Authority.