Privacy Policy

1. Preamble

1.1 Purpose of the Policy

This privacy policy aims to inform users of the website about the conditions under which Sextant Prestige collects, uses, and protects their personal data (hereinafter referred to as the "Data").

It applies to all data processing activities carried out by Sextant Prestige, regardless of the method of collection (online, by telephone, by mail, or through partners).

1.2 Applicable Legal Framework

Data is processed in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (GDPR), as well as the provisions of French Law No. 78-17 of 6 January 1978, as amended, known as the "Data Protection Act".

Personal data refers to any information relating to an identified or identifiable natural person, directly or indirectly.

1.3 Context and Nature of the Data Processed

As part of its activities as a real estate agency specialising in high-end properties, facilitating connections between sellers and buyers, and managing and operating its website, Sextant Prestige may process personal data relating to:

• identification of individuals,
• contact details,
• real estate projects,
• financial and asset information when necessary,
• information useful for monitoring transactions and business relationships,
• website browsing data (cookies and technical data, subject to your choices).

1.4 Principles Applied by Sextant Prestige

Sextant Prestige undertakes to comply with the fundamental principles of the GDPR, including:

• Lawfulness and transparency: Data is processed on the basis of a valid legal basis and for specific purposes.
• Data minimisation: Only strictly necessary Data is collected.
• Limited retention periods: Data is kept only for a duration proportionate to the purposes and legal obligations.
• Security and confidentiality: Appropriate technical and organisational measures are implemented to protect Data.
• Respect for individual rights: Individuals have rights over their Data and may exercise them under the conditions provided by applicable regulations.

This policy may be updated to reflect legal, regulatory, or operational developments affecting Sextant Prestige.

2. Scope of Application

2.1 Data Subjects

This policy applies to any individual whose Data is processed by Sextant Prestige, including:

• seller and buyer clients, prospects, and property owners;
• website users and, where applicable, certain partners (business introducers, service providers, notaries, legal and tax advisors).

2.2 Data Controller

The data controller is Sextant Prestige, which determines the purposes and means of the processing activities carried out.

Depending on the services concerned, Sextant Prestige may act as:

• a data controller,
• a joint controller with certain partners,
• or a data processor acting on behalf of a partner where contractually agreed.

2.3 Data Protection Officer (DPO)

Sextant Prestige has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with applicable regulations and serving as the contact point for any questions relating to your Data.

2.4 Key Definitions

For the purposes of this policy:

• Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Data (collection, use, storage, transmission, deletion, etc.).
• User: Any person browsing the website https://sextant-prestige.com/
• Client: Any person who has an account or uses the services offered by Sextant Prestige.
• Processor: Any entity processing Data on behalf of Sextant Prestige or its partners, under documented instructions.

3. What Data is Collected by Sextant Prestige?

3.1 Introduction to the Data Collected, Purposes and Legal Bases

As part of its real estate brokerage and high-end property transaction activities, Sextant Prestige collects various categories of data either:

• directly from you (for example when creating an account, contacting us through a form, requesting a valuation, subscribing to alerts, or during a sales or acquisition process), or
• through technical tools necessary for the functioning of the website and measuring audience traffic (cookies, subject to your choices).

This data is used notably to:

• manage requests,
• connect sellers and buyers,
• organise property viewings,
• manage real estate transactions,
• comply with legal and regulatory obligations (particularly anti-money laundering regulations),
• and, where applicable, send information about Sextant Prestige offers.

Processing may rely on the following legal bases:

• Consent: when you expressly agree to receive marketing communications from our subsidiaries.
• Performance of a contract: when processing is necessary to provide the services you requested.
• Legitimate interest: when we have a legitimate interest that does not override your rights.
• Protection of vital interests: management of an emergency involving a minor.

Note: this privacy policy does not cover the collection and processing of employee personal data.

3.2 Data Categories Collected

4. How Long Does Sextant Prestige Retain Your Data?

Data retention depends on the nature of the Data, the purposes of processing, and applicable legal obligations. Data is retained only for the time necessary to fulfil the purposes for which it was collected and is then deleted or securely archived unless a longer retention period is required by law.

5. Security Measures Applied to Your Personal Data

Sextant Prestige implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks. These measures aim to protect Data against unauthorised processing, accidental loss, alteration, destruction, or disclosure.

Security measures include:

• access control and user permission management,
• user authentication mechanisms,
• protection of IT environments (workstations, servers, applications),
• regular backups,
• monitoring and traceability systems.

Organisational measures include:

• maintaining a data processing register,
• procedures for managing and notifying data breaches,
• staff awareness and training,
• designated personnel responsible for data protection and information security.

6. Where is Data Stored and Transferred?

6.1 Data Storage

Some data may be hosted by specialised service providers.

Hosting provider: Google – Location: Ireland

6.2 Transfers Outside the European Union

In certain cases, Sextant Prestige may transfer your personal data outside the European Union. Such transfers occur only when necessary and in compliance with GDPR requirements.

Safeguards may include:

• adequacy decisions by the European Commission,
• standard contractual clauses,
• other recognised transfer mechanisms.

For transfers to the United States, the EU-US Data Privacy Framework may apply where service providers are certified. Otherwise, Standard Contractual Clauses (SCCs) and additional safeguards are implemented.

7. Data Protection Impact Assessment (DPIA)

A DPIA is used to assess risks related to data processing activities that may significantly impact individuals' privacy.

Sextant Prestige undertakes to:

• conduct risk assessments for new projects,
• carry out DPIAs for high-risk processing,
• systematically consult the DPO,
• implement risk mitigation measures,
• consult the CNIL if risks cannot be sufficiently reduced.

8. Good Practice Rules

Sextant Prestige performs due diligence before contracting with processors and carries out regular audits to ensure GDPR compliance.

8.1 Personal Data Breach Procedures

In the event of a personal data breach, Sextant Prestige will notify the CNIL within 72 hours, in accordance with Article 33 GDPR.

Where the breach is likely to result in a high risk to individuals, the affected persons will also be informed.

8.2 Staff Training

Sextant Prestige ensures regular staff training and awareness regarding data protection obligations. Access to Data is restricted to authorised personnel only.

9. Rights of Clients and Users

9.1 Exercising Your Rights

You may exercise your rights by contacting the DPO:

Sextant Prestige may request proof of identity to verify the request. Responses are provided within one month, extendable by two months for complex requests.

9.2 Your Rights Under GDPR

You have the following rights:

• Right to information: obtain clear information about how your Data is collected and used.
• Right of access: obtain confirmation that your Data is processed and access it.
• Right to rectification: request correction of inaccurate or incomplete Data.
• Right to erasure ("right to be forgotten"): request deletion of your Data under certain conditions.
• Right to restriction of processing: request temporary suspension of processing.
• Right to object: object to processing of your Data for legitimate reasons.
• Right to data portability: receive your Data in a structured, readable format.
• Right not to be subject to automated decisions: not be subject to decisions based solely on automated processing.

9.3 Unsubscribing from Marketing Communications

You may withdraw your consent or object to marketing communications at any time:

• by clicking the unsubscribe link in emails
• or by contacting the DPO

10. Supervisory Authority

The competent supervisory authority in France is:

You may submit a complaint to the CNIL if you believe your data protection rights have not been respected.