(B2B – FrenchPropertyPortal.com operated by Bravo Marketing SAS)
1) Who we are (Data Controller)
Bravo Marketing SAS (SIREN 921 045 803), registered with the RCS of Brive, having its registered office at 1169 route du Sol, 19130 Saint-Cyprien, France, operates the website www.frenchpropertyportal.com (the “Site”) and acts as data controller for the processing described in this policy.
Contact (privacy): support@frenchpropertyportal.com
We are subject to the EU General Data Protection Regulation (GDPR) and French law, under the supervision of the CNIL (Commission Nationale de l’Informatique et des Libertés).
2) What this policy covers
This policy explains how we collect, use, retain, secure and share Personal Data of visitors, enquirers and advertisers using the Site and our related services. It complements our Terms of Use and our Cookies Policy.
3) Personal Data we collect
• Account & profile data: name, email, phone, password (hashed), preferred language.
• Enquiries & communications: message content, email address/phone, timestamps, marketing preferences.
• Advertiser/business data (if applicable): company/contact details, listing content (texts, photos, prices, diagnostics), billing details.
• Marketing data: newsletter/SMS opt-in, open/click metrics, unsubscribe status.
• Technical data: device/browser info, IP, pages viewed, referrers, approximate location (city/ region), cookie identifiers, log data.
• Administrative/financial (limited): invoice details, payment confirmations (payments are handled by third-party processors; we do not store full card details).
• Public or third-party sources: where necessary (e.g., to validate a business advertiser or to investigate abuse).
We do not intentionally collect special categories of data (e.g., health, political opinions). Please do not include such information in enquiries or listings.
4) Purposes & legal bases
We process Personal Data only where a lawful basis applies:
| Purpose | Examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Operate the Site & services | account creation, hosting, security, display of listings | Contract (6(1)(b)) or Legitimate interests (6(1) (f)) |
| Enquiry handling & customer | responding to enquiries replying to contact forms/ emails/SMS | Contract/ Legitimate interests |
| Advertiser services | creating/managing listings, (invoicing), billing, service messages | Contract / Legal obligation |
| Marketing communications | email newsletters, SMS alerts (property updates) | Consent (6(1)(a)); you may withdraw at any time |
| Analytics & site improvement | audience measurement, UX performance | Consent via cookies (see Cookies Policy) or Legitimate interests for strictly necessary analytics allowed by CNIL |
| Security & fraud prevention | access logs, abuse detection, protecting accounts | Legitimate interests |
| Compliance & disputes | tax/accounting retention,responding to authorities | Legal obligation (6(1)(c)) / Legitimate |
| Business | due diligence and transfer of assets/users to a buyer/controller and must inform you interests | Legitimate interests; buyer becomes new controller |
5) Cookies and similar technologies
We use cookies and similar tools for essential functions, analytics and (if you consent) marketing. On your first visit, our banner lets you accept, refuse, or customise non-essential cookies. You can change choices at any time. Details appear in our Cookies Policy.
6) Who receives your data (recipients/processors)
We share data only when necessary and under contracts that include confidentiality and data protection obligations:
• Hosting & infrastructure: Hosting.com (website/servers).
• CRM: Podio (Citrix) – managing enquiries/advertiser records.
• Email marketing: MailerLite – newsletters and campaign metrics.
• SMS: TextMagic – sending opted-in SMS.
• Security tools: Immunity360 (vulnerability protection), KernelCare (live patching).
• Advisers/Authorities: professional advisers (lawyers/accountants) and competent authorities when legally required.
Payment providers:
• Stripe (Stripe Payments Europe, Ltd. and its affiliates) – card payment processing, fraud screening, receipts.
• GoCardless (GoCardless SAS / GoCardless Ltd) – SEPA/Direct Debit payment processing, fraud screening, mandates.
We share only the data necessary to process your payments and manage billing. We do not store full card or bank details.
7) International transfers
Some processors may process data outside the EU/EEA (e.g., U.S. or other countries). Where this occurs, we rely on European Commission adequacy decisions or implement Standard Contractual Clauses (SCCs) and, where appropriate, Transfer Impact Assessments and supplementary measures.
8) How long we keep data (retention)
We keep Personal Data only as long as necessary for the purposes above, then delete or anonymise it:
• Enquiries & support: up to 3 years after last contact.
• Marketing (email/SMS): until you withdraw consent or after 3 years of inactivity.
• Advertiser & contractual records: duration of contract + up to 5 years for limitation, or 10 years for accounting documents as required by French law.
• Technical logs (security): typically 6–12 months;
• Cookies/analytics identifiers: as set in the Cookies Policy (e.g., audience measurement cookies ≤ 13 months per CNIL guidance).
9) Your rights
Subject to conditions and legal limits, you have the right to:
• Access your data and obtain a copy
• Rectify inaccurate or incomplete data
• Erase data (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interests or to direct marketing • Withdraw consent at any time (for marketing/cookies)
• Portability of data you provided to us in a structured, commonly used format • Define instructions on the fate of your data after death (French law)
To exercise rights, email support@frenchpropertyportal.com. We may need to verify your identity. We aim to respond within one month (extendable in complex cases).
You also have the right to lodge a complaint with the CNIL (www.cnil.fr, 3 Place de Fontenoy, 75007 Paris).
10) Children
Our services are not directed to children. In France, the age of digital consent is 15. If we learn that we have collected data from someone under the applicable age without the required consent, we will delete it.
11) Security
We take appropriate technical and organisational measures, including: TLS/SSL encryption, access controls and least-privilege access, password security, regular updates and patching (Immunity360, KernelCare), backups, and vendor due-diligence/DPAs. No internet service can be 100% secure, but we strive to protect your data against unauthorised access, alteration, disclosure or destruction.
12) Direct marketing & your choices
• Email/SMS marketing is based on your consent. You can unsubscribe at any time via the link in each email or by contacting us.
• Service communications (e.g., account notices, security alerts) are not marketing and may still be sent.
13) Social media & external links
Our Site may include links to third-party sites or social platforms. Their privacy practices are governed by their own policies. We are not responsible for those third-party practices.
14) Business changes
If we undergo a reorganisation, merger or asset sale, Personal Data may be transferred to the acquiring entity as part of the transaction. The new controller will continue to protect your data and inform you of any material changes.
15) Changes to this policy
We may update this policy from time to time. Material changes will be highlighted on this page with a new “Last updated” date. We encourage you to review it periodically.
16) How to contact us
Questions or requests about this policy or your Personal Data: support@frenchpropertyportal.com
Postal: Bravo Marketing SAS, 1169 route du Sol, 19130 Saint-Cyprien, France