Privacy Policy

Privacy Policy

Last updated: May 27, 2025

1. Introduction

This Privacy Policy (hereinafter "Policy") defines the principles and commitments of Tilvest regarding the protection of personal data in accordance with the General Data Protection Regulation (hereinafter "GDPR") and Law No. 2018-493 of June 20, 2018, asamended.

2. Data Controller

At Tilvest, the data controller for personal data processing is Julien Romon, its President and co-founder.

For any questions relating to the protection of your data, you may contact us at the following address: donneespersonnelles@tilvest.com.

3. Scope of Application

This Policy applies to all personal data processed by Tilvest in the course of its activities, including those of our clients, partners, and service providers.

4. Categories of Personal Data Collected

We collect and process only the personal data necessary for our activities and services, including:

  • Data related to your identity (surname, first name, postal address, email address, telephone number, etc.);
  • Data relating to your professional life (professional situation, sector of activity, etc.);
  • Some of your financial and asset data (IBAN, income and asset composition, etc.);
  • Data relating to your family life (marital status, number of dependent children, etc.);
  • Connection and browsing data (IP address, logs);
  • Content of messages you send to us.

5. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

  • Primarily, compliance with our legal, regulatory, or declaratory obligations (including anti-money laundering and counter-terrorism financing measures, or the assessment of the adequacy of our products and services to your situation, etc.);
  • As an extension and more generally, the management of our contractual relationship;
  • In connection therewith, the signing and secure archiving of your contracts;
  • Sending emails and SMS messages (initially to enable the opening of your account and your first access, etc.);
  • Management of IT access;
  • Management of transactions entrusted to us;
  • Management of payments we process;
  • Management of our subcontractors;
  • Marketing activities for our commercial offering (marketing and prospecting);
  • Traceability of account opening refusals we may encounter;
  • Management of your potential complaints and requests for exercising your rights.

6. Personal Data Retention Period

The personal data you entrust to us is retained for the period necessary to achieve the purposes defined above.

We ensure that we provide them with a sufficient level of security to guarantee their confidentiality, integrity, and availability at all times.

For example, personal data necessary for managing our contractual relationship (customer knowledge) is retained for 5 years from the end of such relationship.

For more details regarding the retention period of your personal data and concerning a specific processing purpose, we remain at your disposal at the email or postal addresses mentioned below.

7. Rights of Data Subjects

In accordance with the regulations, you have rights regarding your personal data.

For the relationship that specifically concerns us, your rights are as follows:

  • A right of access, to consult and know what personal data we process for you;
  • A right of rectification, to modify them when they would no longer be accurate, for example;
  • A right to erasure, or "right to be forgotten";
  • A right to object, to inform us of your potential refusal for us to process your personal data;
  • A right to restrict processing, to always minimize the use of your personal data as much as possible;
  • A right to data portability, to be free to "export" such data;
  • A right not to be subject to a decision based exclusively on automated processing; and
  • A right to define directives regarding the fate of your data in case of death.

All requests related to the exercise of any of these rights must be addressed to the email address donneespersonnelles@tilvest.com or, by postal mail, to the company's headquarters (Tilvest - Personal Data, 120 rue Jean Jaurès, 92300 Levallois-Perret).

To ensure that you are indeed the legitimate holder, we reserve the right to ask you, when you request to exercise rights regarding personal data, to justify your identity by transmitting a copy of an identity document.

8. Data Security

Tilvest implements technical and organizational measures to ensure the protection of your personal data. We aim to constantly preserve their confidentiality, integrity, and availability.

Our organization thus deploys, depending on the personal data in question, among others, the following measures:

Access control;

Data encryption (in transfer and/or storage);

Regular backups; or

Regular audits (penetration testing, source code review, etc.).

9. Sharing and Transfer of Personal Data

Tilvest may share personal data of its clients with its subcontractors. We can provide you with a list of these upon request.

In this context, some of your data may be transferred outside the European Union.

In accordance with the regulations, Tilvest must then ensure the implementation of appropriate safeguards (adequacy decisions, standard contractual clauses, certifications, codes of conduct, etc.).

10. Data Breach Management

In case of a personal data breach, Tilvest follows a strict protocol including, among others and potentially:

Notification to the National Commission for Information Technology and Civil Liberties (CNIL) within 72 hours; and

Information dedicated to you detailing the corrective actions taken by Tilvest and the recommendations we might make to you.

11. Cookies

Cookies are files delivered to be stored in your browser when you browse our website.

In our case, we only use legitimate cookies that are strictly necessary for the operation of our website. They thus serve to prevent potential fraud (in payment or in completing the enrollment form).

That said, you can always manually delete your cookies in your browser (by clearing your cookie history).

12. Updates and Contact

This Policy is regularly updated in light of legal and regulatory developments or those of our policies and procedures.

These modifications take effect upon the online publication of the new version of the Policy, of which you will be informed.

And again, for any questions relating to your personal data, please do not hesitate to contact us at the following email address: donneespersonnelles@tilvest.com.