Privacy Policy
Last update: 21 October 2025
The purpose of this privacy policy (the"Policy") is to inform you, in accordance with the General Data Protection Regulation ("GDPR") and the French DataProtection Act, of how FIPAM collects and processes personal data in the context of its relationships with:
- prospects and tenants of the Proudreed group,
- partners and suppliers, and
- users of the website www.proudreed.com (the "Website")
(here in after referred to as "you,""your," or "yours").
1) Who are we?
FIPAM, whose registered office is located at 7 rue de l'Amiral d'Estaing – 75016 Paris, and which is registered with the Paris Trade and Companies Register under number 438 302 044, is the data controller of your personal data ("we,""us," or "our"), meaning the entity that determines why and how your personal data is used.
2) What personal data do we collect?
Depending on the nature of your relationship with FIPAM and the purposes of processing described in Section 3 below, we collect and process the following categories of data:
- Identity data, for example: surname, first name, gender, date and place of birth;
- Data relating to your professional life, for example: company name, job title, work email address, work postal address, work telephone number;
- Economic and financial data, for example: bank details;
- Data collected automatically via our website, for example: IP address, browsing data, Website connection data, cookies, and other trackers (for more information, see our cookie policy).
We collect this data directly from you or indirectly through our partners. In most cases, the processing of the information we collect is necessary for the performance of your agreement with us. Failure or refusal to provide this information could prevent us from entering into a contractual relationship with you or from properly performing our agreement.
3) For what purposes and on what legal bases do we use your personal data?
Belowis an overview of the purposes for which we process your personal data and the reasons why we need to process it (the legal basis):
We will only use your personal data for the purposes outlined above, unless we reasonably believe that it is necessary to use it for another purpose that is compatible with the original purpose (for example, for the preservation of specific evidence or in the context of statutory limitation periods).
If we need to use your personal data for a different purpose that is not related to the original purpose, we will inform you in advance and provide you with the necessary information via a dedicated privacy notice.
4) Who do we share your personal data with?
Your personal data maybe shared with the following recipients, strictly within the limits of their respective roles and for the purposes specified above:
- Any authorized person within FIPAM for the purposes of managing your current or future business relationship with us (e.g., accounting and treasury department, marketing and communications department, asset management department, credit control department);
- Our suppliers and third-party service providers who will act in accordance with our instructions (e.g., communication and marketing service providers);
- FIPAM's expert advisors, such aslawyers, accountants, and notaries;
- Competent courts;
- Experts responsible for financial audit and control, such as statutory auditors and financial auditors;
- Persons who need to have access to this information in connection with any actual or potential sale of our company or any assets belonging to our company.
We will also respond to requests for information if we are required todo so by law, or if such disclosure is necessary to protect our rights and/orcomply with judicial proceedings, court orders, regulatory requests, or any other proceeding against us.
5) Do we transfer your personal data outside the European Economic Area?
Your personal data may be transferred to recipients located outside the European Economic Area ("EEA") for the purposes listed in Section 2 above. This includes, in particular:
- service providers located in the United States, who are certified under the EU-US Data Protection Framework ("DPF") and are thus recognized as offering a level of personal data protection equivalent to that of the EEA; and
- partners located in the United Kingdom, which is considered, pursuant to an adequacy decision by the European Commission, to offer a level of personal data protection equivalent to that ofthe EEA.
In the event that your data is transferred to recipients who are not certified under the DPF or located in countries that are not recognized as offering a level of data protection equivalent to that of the EEA under an adequacy decision, we will implement appropriate mechanisms to protect such transfers, including the European Commission's standard contractual clauses. These transfer mechanisms may be supplemented by additional measures as necessary.
You can obtain details of the transfer mechanism we rely on by contacting us using the contact details below, under "How to contact us".
6) How long do we keep your personal data?
We only keep your personal data for as long as necessary to fulfill the purposes for which it was collected.
In particular:
We may need to retain your personal data in archived form beyond the period indicated above in order to comply withour legal obligations, or where necessary in light of applicable statute of limitations, to assert or defend our rights.
Once your personal data is no longer needed for the purposes indicated above or in archived form to meet our legal obligations or comply with the applicable statute of limitations, we ensure that it is completely deleted or anonymized.
7) What are your rights?
In accordance with applicable data protection laws, you have a number of rights relating to your personal data:
- Access. You may request confirmation as to whether we process personal data about you and, if so, obtain a copy of such data along with relevant information regarding the nature and characteristics of the processing.
- Rectification. You may request us to rectify or complete inaccurate or incomplete personal data.
- Erasure. You may request us to erase yourpersonal data in the following cases: if it is no longer necessary for the purposes for which it was collected; if you have withdrawn your consent; if you have objected to the processing of your personal data; if your personal datahas been processed unlawfully; or to comply with a legal obligation. We are not required to comply with your request, in particular if the processing of your personal data is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Restriction. You may request us to restrict the processing of your personal data (meaning to store your personal data without using it) when: you contest the accuracy of your personal data, to allow us to verify such accuracy; the processing is unlawful, but you do not want your personal data to be erased; you need it for the establishment, exercise, or defense of legal claims; you have exercised your right to object and the verification of overriding grounds is ongoing. We may continue to use your personal data following a request for restriction: when we have your consent; for the establishment, exercise, or defense of legal claims; or for the protection of the rights of another natural or legal person.
- Portability. You may request us to provide your personal data in a structured, commonly used and machine-readable format, or totransfer it directly to a third-party, but only where the processing is based on your consent or on the performance of a contract and if the processing is carried out using automated means.
- Objection. You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests or those of a third-party. We will then no longer process your personal data for the purposes to which you have objected, unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to the processing of your personal data for marketing purposes, without condition.
- Digital legacy. You have the right to define general or specific guidelines regarding the fate of your personal data after your death.
- Withdrawal of consent. You may withdraw your consent at any time for any processing of personal data based, where applicable, on your consent, without compromising the lawfulness of the processing carried outprior to such withdrawal.
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable law. In France, the competent supervisory authority for the protection of personal data is the Commission Nationale de l'Informatique et des Libertés ("CNIL")- 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - www.cnil.fr
To exercise your rights, please contact us using the contact details provided below, in the section "How to contact us?".
If we have doubts about your identity, we may ask you to provide proof of identity, such as a copy of your ID card. In the event of a manifestly unfounded or excessive request to exercise your rights, we may charge you for the costs incurred in responding to that request.
8) How to contact us?
To exercise your rights or if you have any questions, concerns, or complaints about this Policy or the processing of your personal data, please contact our Data Protection Officer at the following email address: dpo@proudreed.com.
9) Changes to this Policy
This Policy may be updated at any time, notably following legal, technical, or commercial changes. We will notify you of any substantial changes. Nevertheless, we recommend that you consult this Policy regularly to to stay informed of its most recent version.