General Personal Data Protection Policy

This policy spells out the commitments applied in Groupama Immobilier’s day-to-day activities for the responsible use of personal data.

Basic rights and freedoms, particularly privacy and the protection of personal data, are values to which the Groupama Group companies – including Groupama Immobilier – are particularly committed.

Our Data Protection Officer (DPO)

To ensure everyone’s privacy and the protection of personal data, the Groupama group appointed an “IT & Liberties Correspondent” (CIL) in 2007. Now known as the Data Protection Officer (DPO), he carries out his duties independently and for all of the Group’s French companies.

The DPO is a badge of trust. He is the specialist contact for personal data protection, responsible for ensuring the proper application of data protection rules, and is the main contact for French data privacy regulator CNIL and all persons concerned by the collection and processing of personal data.

Principles applicable to the protection of personal data

Groupama Group companies process personal data in compliance with the laws and regulations in force, and in particular the General Data Protection Regulation (GDPR), the amended French Data Protection Act of 6 January 1978 and the reference documents issued by the CNIL.

Personal Data Governance Policies are implemented in the companies and compliance with their provisions is monitored.

  1. Defined, explicit and legitimate purpose of data processing

Personal data is collected for specific purposes, which are brought to the attention of the persons concerned. This data may not then be used in a manner incompatible with these purposes.

The data is collected in fairness; no collection is carried out without the knowledge of the persons concerned and without their being informed.

  • Proportionality and relevance of the data collected:

The personal data collected is strictly necessary for the purpose of the collection. Groupama Group companies strive to minimise the data collected and to keep it accurate and up to date by facilitating the rights of the persons concerned.

  • Limited storage period for personal data:

Personal data is kept for a limited period of time which does not exceed the time required for the purposes for which it was collected. Data retention periods are made known to the persons concerned and vary according to the nature of the data, the purpose of the processing, and legal or regulatory requirements.

  • Data privacy & security:

Groupama Group companies implement Information Security Policies (ISPs) adapted to the nature of the data processed and to their activities.

Appropriate physical, logical and organisational security measures are put in place to guarantee data privacy – and in particular to prevent any unauthorised access.

Groupama Group companies also require all subcontractors to present appropriate guarantees to ensure the security and privacy of personal data.

Personal data may be transferred to countries within or outside the European Union. If this is the case, the persons concerned are precisely informed and specific measures are taken to regulate these transfers.

  • Personal rights

All necessary means are implemented to guarantee the effectiveness of everyone’s rights to their personal data:

  • Clear and complete information on the data processing carried out, easily accessible and understandable by all.
  • Easy access to data: everyone has rights to the data concerning them, which they can exercise at any time and free of charge.

Individuals can therefore access all their personal data and in some cases have it rectified (when inaccurate or incomplete), erased, or request to request to set a time limit for its use. Individuals also have a right to portability with regard to data that they have personally provided and where such data has been provided on the basis of the individual’s explicit consent or of the performance of a contract.

These rights are enabled online or made possible by any other means according to the procedures brought to the individual’s attention. Such requests may also be addressed to the DPO.

Complementary information of the Personal Data Protection Policy

This policy, which is accessible to all on the Groupama Group companies’ websites, is regularly updated to take into account legal & regulatory developments and any changes in the Groupama Group’s organisation or in the products & services it provides.

This General Personal Data Protection Policy is completed by:

  • Detailed information on the purposes of the data processing operations, the recipients of the data, their retention periods and the practical arrangements for exercising personal rights.
  • A Cookies Notice.
  • And, where relevant, general recommendations on security rules for users/customers, particularly regarding usernames and passwords.

Personal Data Protection Policy approved on 23 March 2017 by the common DPO (updated in May 2018). To contact the DPO France: write to Groupama Assurances Mutuelles – Data Protection Officer – 8-10 rue d’Astorg – 75383 Paris – France or e-mail