Teychené Invest Belgique SPRL, a company incorporated in Belgium, registered office: 480 Avenue Louise, 1050 Brussels, Belgium, registered with the Banque-Carrefour des Entreprises, registration number: BE 0835.701.817, and/or its subsidiaries and affiliates, (hereafter “Teychené Financial Group”, “we”, “us”, “our”) is committed to protecting and upholding your privacy. For details of Teychené Financial Group subsidiaries and affiliates, click here.

This Privacy Policy (hereafter the “Policy”) explains how we process personal data (hereafter “personal data”, “data”, “information”) relating to our Clients, job applicants, prospects, partners and suppliers (hereafter “you”, “your”). This Policy applies to both data that we collect, and data that you provide (see section 2 below). In the case of conflict or ambiguity between the translations, the provisions of the French privacy policy document shall prevail.

Please read this Policy carefully to understand how we use your personal data.

Our Policy tells you:

1. Who the controller is?

Teychené Financial Group acts as the controller for personal data processing purposes. If you have any questions or want to know more about our Policy or how we process your personal data more generally, please contact us using the details in section 15 below.

2. Who this Policy is for?

This Policy is for our:

• Clients (i.e. our developers, operators, institutional and other investors, real-estate vendors (banks, insurance firms, funds, real-estate companies, other natural and legal persons), project managers, and leading national and international brands, as well as tenants of our commercial, business, office, residential and student accommodation properties) (hereafter our “Clients”);

• Prospects (i.e. developers, operators, institutional and other investors, real-estate vendors (banks, insurance firms, funds, real-estate companies, other natural and legal persons), project managers, brands or tenants who may be interested in entering into a contractual relationship with us);

• Partners (i.e. any person or company involved in facilitating our Clients’ operations);

• Job applicants (i.e. individuals applying for a vacancy with us);

• Suppliers (i.e. any company that supplies services to us in the course of our business).

3. How do we collect your data?

All information that we collect is stored, used and protected in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereafter the “GDPR”), including amendments thereto;

• The French Data Protection Act (Act no. 78-17 of 6 January 1978);

• The Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

And in any event, insofar as they remain applicable and in force, including any amendment (by decree, ordinance, order, or otherwise), modification or replacement from time to time (hereafter referred to collectively as “data protection law”).

Depending on the nature of your relationship with Teychené Financial Group, we may collect your personal data (i.e. any data concerning a directly or indirectly identifiable individual) in one of a number of ways:

• When you interact with one of our departments (sales, acquisitions, management, accounts, facilities, HR, etc.), our real-estate brokers, or our service providers;

• When you fill in a contact form (on paper or electronically);

• When you visit one of our websites (http://www.financiere-teychene.com/; https://www.campusdebissy.com/; http://www.residencedebissy.com/ (the “Websites”);

• When you contact us directly by email, telephone, post, instant messaging (Messenger or other instant messaging app), our Website, or another channel;

• When you use a website belonging to one of our service providers or partners (IT broker, student accommodation website, etc.);

• When you submit your tenancy application;

• When you interact with us at a business event or fair (such as a real-estate fair).

We also collect information on third-party websites (such as Facebook and Codata), for instance when you leave a review or comment about our services.

4. What data do we collect?

We collect and process the following data:

• Your personal details (given name(s), surname, email address, phone number, ID card number/social security number/passport number/national directory of natural persons identification number, date of birth, household composition, postal address, etc.);

• Whenever you visit our Websites, we will automatically collect technical information including your IP address, your browser type and version, your time zone, your browser plug-in type(s) and version(s), your operating system and platform, your device ID, and more;

• Details of your education and career background (qualifications);

• Your financial details (published balance sheets, certificate of incorporation, etc.);

• Images (your profile photo);

• Your payment details (account numbers, payment methods, other payment information);

• Information about you contained in messages that you post on third-party websites or in comments/reviews, or when you contact us by email, post, phone or another channel.

5. Cookies and tracers

We use cookies on our Websites. Cookies help us provide you with a better browsing experience.

For more information about how and why we use cookies, please refer to our Cookie Policy.

6. How do we use your data?

In accordance with the legitimate bases explained in section 7 below, we may only use and process your data for a specific purpose. We collect and use your data for the following purposes:

1. To fulfil a contract or pre-contractual arrangements

• To examine your lease financing application (on paper/online);

• To manage disputes and disagreements with our Clients, suppliers and partners;

• To manage and deliver a service, including managing your lease financing, and managing the purchase of existing or off-plan real estate;

• To manage share acquisition operations;

• To manage your complaints;

• To manage our real-estate assets;

• To manage our guarantees and deposits;

• To manage our contracts with our suppliers and partners.

2. To comply with our legal obligations

• To conduct due diligence checks on our Clients;

• To tackle money laundering and terrorist financing;

• To manage fire, accidental damage and casualty insurance policies;

• To prevent fraud;

• To conduct internal and external audits;

• To verify and complete financial transactions relating to your payments.

3. To pursue Teychené Financial Group’s legitimate interests

• To manage and monitor our prospects;

• To learn more about our Clients, and to select and target specific Clients (including for market research/analytics purposes);

• To conduct prospecting and marketing campaign operations;

• To manage and monitor our suppliers;

• To manage and monitor our partners;

• To provide you with information about other services that might interest you;

• To prevent fraud and manage risks;

• To examine and assess your job application, whether submitted via our Websites or via a third-party website (e.g. LinkedIn);

• To answer any questions or requests you may have when you contact us of your own accord;

• To administer our Websites for internal operational reasons, including troubleshooting, analytics, testing, research, statistics and surveys;

• To improve our Websites and social media accounts and ensure that we deliver content in the best possible way for you and your computer/device;

• To help us keep our Websites secure and prevent fraud;

• To measure and understand whether our advertising and marketing campaigns are effective, and to serve you relevant ads.

4. To obtain your consent

• For (direct) marketing purposes: to contact you to invite you to events (such as business events, real-estate fairs, etc.), and to serve you appropriate, personalised marketing content that might interest you.

7. Legitimate basis for processing your data

We collect and process your information on the following legitimate bases:

• We collect and process your information if we need to do so to pursue our legitimate interests, provided that doing so does not infringe your fundamental rights and freedoms (e.g. we use your information to help us learn more about our Clients);

• We collect and process your information to fulfil a contract between us and you (e.g. a lease agreement or a contract with a supplier or partner);

• We collect and process your information if we need to do so to comply with a legal obligation;

• We collect and process your information if you have given us consent to do so (e.g. we may use your contact details (such as your email address) to send you marketing communications if you have given us explicit consent to do so).

8. How we share your data?

We may share your data, for the above-mentioned purposes (see section 6), with:

• other entities (branches or subsidiaries) belonging to Teychené Financial Group so they can contact you to offer specific services and keep you updated about their activities (e.g. Financière Teychené SAS);

• our business partners;

• public authorities (including judicial authorities and the police);

• banks and insurance companies;

• our professional advisers (e.g. regulated professions);

• our IT service providers;

• service providers and subcontractors to whom we outsource certain operations or services;

• our marketing service providers;

• online payment service providers;

• analytics service providers and search engines helping us to improve and optimise our website (e.g. Google Analytics).

We will also share information with third parties:

• We reserve the right to share your data with the seller or buyer in connection with a business or asset purchase or sale;

• if, in the course of such transactions, Teychené Financial Group or its entire assets are purchased by a third party, in which case the transferred assets will include information about its Clients;

• if we are required to disclose or share your data in order to comply with a legal obligation or to protect the rights, property or security of Teychené Financial Group, our Clients, or other parties; this includes sharing information with public authorities (including the judicial authorities and the police) in connection with criminal, administrative or extra-judicial proceedings, including cases brought before a regulatory authority, or in the event of a cyber security incident;

• if we need to do so for one of the purposes mentioned in section 6 of this Policy.

9. How do we transfer your data?

We may transfer your data outside the European Economic Area (EEA), including to the United States, where necessary, in order to: (i) fulfil one of the objectives mentioned in section 6 and/or (ii) share your information with a third party in accordance with section 8 of this Privacy Policy.

If we transfer your information outside the EEA, we will ensure that such transfers are protected by the following safeguards:

• the laws of the country to which your information is transferred provide an adequate level of protection (Art. 45 GDPR), or

• the transfer is governed by data protection safeguards approved by the European Commission (Art. 46.2 GDPR) or is protected by the EU-US Privacy Shield.

If you would like to know more about how your data is transferred and/or what safeguards we provide (including how to obtain a copy of this information), please contact us using the details in section 15 below.

10. Your rights

You have a number of rights in relation to the personal data that we process. If you would like to exercise these rights, please contact us (see contact details below):

• You have the right to be informed about how we use your information, in clear, transparent and easy-to-understand language. That is why we have provided this information in this Policy;

• You have the right to access the data we hold about you. We want to make sure you know what personal data we hold about you and we want you to be able to check whether we are processing your data in accordance with applicable data protection law (see section 3);

• You have the right, in certain circumstances, to ask us to restrict how we process your information. If you exercise this right, we will retain your data but we will no longer use it;

• You have the right to ask us to rectify your data if it is inaccurate or incomplete;

• You have the right, in certain circumstances, to ask us to erase your information from our systems;

• You have the right to complain to the national data protection authority about the way we handle or process your data:

  • In Belgium: Data Protection Authority (DPA) https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte (FR) / https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen (NL).

  • In France: French Data Protection Authority (CNIL) https://www.cnil.fr/fr/plaintes.

  • For other countries, please see the list here.

• You have the right to object, for personal reasons, to us processing your personal data at any time. You can exercise this right if you believe that, by processing your data, we are infringing your privacy and/or causing you excessive harm. You have the right to withdraw your consent for us to process your data for direct marketing purposes. You cannot, however, prevent us from processing your data if we need to do so to enter into or fulfil your contract with Teychené Financial Group;

• You have the right, in certain circumstances, to obtain your data in a structured, commonly used, machine-readable and interoperable format so you can reuse it for your own purposes across different services (known as the right to data portability).

Please be aware, however, that we may retain some of your information for legal or administrative reasons (e.g. to maintain up-to-date accounting records).

If the French Data Protection Act applies to you, you have the right to give us general or specific instructions as to how and whether we should retain, erase and share your data after your death. You can also give these instructions to a CNIL-accredited trusted third party. You can appoint someone to carry out your instructions. Failing that, your heirs will be responsible for fulfilling your wishes.

If you wish to exercise any of the above rights, please write to us by email, with “Data protection request” as the subject line. For security reasons (to prevent someone else accessing, modifying or deleting your information without permission), you must attach a copy of your ID card or other proof of ID (e.g. your driving licence). We will get back to you as soon as we can. If we need more than one month (from the date we receive your request) to reply, we will let you know.

11. How do we keep your data secure?

We use various security measures on our Website to make sure the data we collect and/or receive is not unduly disclosed or accessed. We have taken every precaution to keep our Websites secure and reliable. Please be aware, however, that we cannot guarantee the confidentiality of any information transferred to us, or by us to third parties, via our Websites or by email. We cannot be held liable for the security of any information transferred via these channels.

We store all the information you share with us on secure servers. When you receive (or choose) a password that grants you access to certain areas of our Website, you are responsible for keeping your password confidential. Please do not share your password with anyone else.

12. How do we retain your data?

We retain the information that we collect for the legally prescribed retention periods as per data protection law. In any event, we will not retain your information for longer than is necessary to fulfil the objectives mentioned in this Policy.

How long we retain your data will depend on a number of criteria:

• The rights and obligations set out in any contract between us and you;

• How sensitive your data is;

• Any security imperatives that might apply;

• The maximum retention periods under applicable law(s);

• Guidance issued by the relevant data protection authorities (e.g. the European Data Protection Supervisor (EDPS), the CNIL, the DPA); and

• Applicable case law.

Except where:

• we need to process your data in connection with an actual or potential dispute (e.g. where we need the information to establish or defend our rights), in which case we will retain your data until any such dispute is resolved; and/or

• we need to retain your data in order to comply with a legal obligation (e.g. for tax purposes), in which case we will retain your information for as long as is necessary to comply with that obligation.

13. External websites

Our Websites may, from time to time, contain links to or from other websites belonging to our partners, advertisers or affiliates. Please be aware that, if you click on one of these links, the external website and/or app in question will have its own privacy policy, over which we have no control. Consequently, such external websites and/or apps are not covered by this Policy. We cannot be held liable for such policies. Please read the relevant policy before sharing information with such websites and/or apps.

14. How to find out whether this Policy has been updated?

When you use our Websites, you acknowledge that you have read this Policy and you agree to us collecting and using your information as explained above.

We may amend this Policy from time to time, in particular to reflect changes to the law. We will publish any such changes to our Policy on our Websites. Where necessary, we will send you an email to let you know that the Policy has been updated. We will detail any changes we have made in the “Change history” section.

Please refer back to this page regularly to check for updates and changes to our Policy. By continuing to use our Websites after we have published changes to our Policy, you signal that you accept such changes.

This Policy was last updated on February 7, 2019.

15. How to get in touch with us?

If you have any questions or comments about this Policy, please write to us by post to the following address: Teychené Invest Belgique SPRL, Legal Department, 480 Avenue Louise (5th floor), 1050 Brussels, Belgium. Alternatively, you can email us at: rgpd@financiere-teychene.com.