Personal data protection policy
COUTOT-ROEHRIG in a context of digital society emphasises choice in the protection of personal data. The purpose of this notice is to provide the necessary information on how COUTOT-ROEHRIG, a company with its headquarters at 21 Boulevard Saint-Germain in PARIS (75005), protects personal data.
Under the RGPD[1] and the amended Loi Informatique et Libertés (LIL), we inform you that we are responsible for the collection and processing of personal data that we use in the framework of our activities detailed below.
The purpose of this notice is to provide information about the data we collect, how we obtain it, the purposes for which it is collected, to whom it may be transferred, how long it is kept and the various rights that individuals have under the above regulations.
Updated on 01/07/2020
[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Who is the data controller?
The data controller is :
COUTOT-ROEHRIG SAS
21 boulevard St Germain 75005 PARIS
01 44 41 80 80
Why we process personal data?
We collect and use the personal data strictly necessary for the performance of the tasks entrusted to us in the context of our activities of :
- Searching for heirs at the request of a principal.
- Management of estates as agents of the heirs
- Searching for beneficiaries of unclaimed accounts and life insurance policies fallen into escheatment in accordance with the Eckert Act[2].
- Estate devolution audits
- Research into the origin of title of vacant and unowned property
- Data enrichment and reliability
[2] The law on dormant bank accounts and life insurance policies fallen into escheatment, known as the Eckert Law, is a French law enacted in June 2014. It is the logical continuation of the State’s control over the management of dormant bank accounts, which began in 2008.
On what legal grounds do we process personal data?
In accordance with Article 6 of the GDPR, the processing of data is based on:
- A contractual basis for the disclosure of estates, assets or claims, mandates to represent heirs.
- The pursuit of our legitimate interests which include:
- The execution of a mandate received from a notary’s office, a bank, an insurer or any person with a direct and legitimate interest.
- Preservation of evidence of the settlement of an estate or other estate settlement transactions
- Management of databases and archives for genealogical research.
What personal data do we process in the course of our activities?
In order to carry out our mission, we may need to collect various categories of personal data on heirs, their families and principals. This includes the following information:
- Identification and contact information
- Proof of identity
- Family situation
- Relationship to heir
- Complete civil status (acts…)
- Financial elements related to the settlement (RIB…)
We process health data related to a possible disability with the prior consent of the data subject only when it is necessary for the settlement of an estate in order to take into account the related tax allowances.
How do we collect personal data?
The data we process may be collected directly from the data subject via our contact form on our website or our family information sheet.
The collection is also indirect via one of the family members of the person concerned who has been able to fill in our family information sheet or via our internal databases constituted from freely communicable administrative documents, documents lawfully acquired from third parties, in particular :
- Local archive databases (civil status registers, decennial tables, etc.)
- Basic press obituaries;
- Mortgage data ;
- The INSEE birth and death databases;
- Parentage files ;
- The population census bases ;
- Matriculation records ;
- The record (estate and absence data), estate tables ;
- Telephone directories ;
- Old electoral files ;
- An extract from the FSS.
COUTOT-ROEHRIG is approved (licence n°2019-165 dated 22 October 2019) by the Ministry of the Interior (art. L.330-5 of the Highway Code) and as such has a licence authorising it to process personal data from the SIV for the purposes of surveys and commercial prospecting.
Who are the recipients of the personal data?
In order to carry out the above purposes, we may disclose personal data only :
- Internally: To employees who are authorised to process personal data and who are bound by an obligation of confidentiality.
- To our subcontractors and principals, namely :
- Partners, service providers and subcontractors carrying out activities on our behalf, in particular correspondents carrying out searches abroad on our behalf, private agents for the search and location of a person or any other third party who has a direct or legitimate interest in the identification of heirs or the settlement of an estate
- INSEE for the identification of deaths from the National Register of Identification of Natural Persons.
- The notaries, banks and insurance companies that mandate us.
- To our IT service providers: in case of necessity (maintenance, repair)
- To a limited number of third parties:
- Public bodies on request and under the conditions provided for by law.
- Regulated professions such as lawyers, notaries or auditors.
Under what regulatory framework can data be transferred outside the European Economic Area?
In the course of our activities, we may be required to carry out genealogical research outside the European Economic Area. This sometimes leads us to disclose personal data outside the European Economic Area.
- If the European Commission has issued an adequacy decision granting that country recognition of a level of personal data protection equivalent to that of the European Economic Area, the data will be transmitted on that basis.
- If the level of protection has not been recognised as adequate by the European Commission, we apply appropriate safeguards with our regular partners to ensure the protection of personal data, notably through standard contractual clauses. For further information, we suggest you send us a written request.
- In the case of occasional communications with our partners, when necessary in the interest of the persons concerned by genealogical research, transfers may be based on Article 49.1. of the GDPR relating to derogations for special situations. To obtain additional information, please send us a written request.
How do we protect personal data?
As the data controller, COUTOT-ROEHRIG SA takes all necessary measures to preserve the security and confidentiality of the data and in particular to prevent it from being damaged or accessed by unauthorised third parties. To this end, we make every effort to ensure the physical security of the buildings housing our IT systems.
We implement appropriate organisational and technical measures. In general, we strive to protect personal data, taking into account the sensitivity of the information involved and the potential risks involved in processing such data. We take all reasonable steps to ensure the confidentiality, integrity, availability and resilience of data. We ensure that data is stored in information systems with an appropriate level of security, with access protected, restricted and recorded and we have strict confidentiality agreements with all persons involved in processing data on our behalf.
We ensure that all staff members and persons involved in data processing comply with all data protection regulations and undertake to keep the processed data confidential. We also ensure that our subcontractors and partners comply with the rules on personal data protection.
How long is personal data kept for?
For the purposes set out above, we store personal data in accordance with the applicable legal and regulatory provisions.
Genealogical data (in particular civil status and contact information) collected in the context of our estate genealogy activities and searches for beneficiaries of unclaimed life insurance policies and dormant bank accounts may be retained for 75 years after the closure of the related files in order to facilitate subsequent searches under a new mandate. This data is not distributed; only COUTOT-ROEHRIG’s genealogist-researchers have access to it for the needs of their investigations.
Beyond this period, the data kept by COUTOT-ROEHRIG is that accessible via a consultation of the civil status by each citizen in accordance with law n° 78-753 of July 17, 1978, codified in book III of the code of relations between the public and the administration (CRPA) instituting the principle of the freedom of access to administrative documents
Personal data collected within the framework of our data enhancement and reliability activities is kept for a maximum of one year after the file is closed before being archived for five years in an intermediate archive for litigation purposes.
What rights do people have and how can they exercise them?
In accordance with the amended “Informatique et Libertés” Law of 6 January 1978 and the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, individuals have the right to access and rectify information concerning you, as well as the right to object, the right to limit processing, portability and erasure within the framework permitted by the European Regulation.
Persons may exercise all these rights by sending a letter, together with proof of identity, to
COUTOT ROEHRIG
Direction Organisation et Qualité
21 Boulevard Saint Germain
75005 PARIS
Regarding data from the SIV, individuals may exercise their right of access to personal data directly with the Ministry of the Interior: delegue-protection-donnees[at]interieur.gouv.fr. In accordance with Article R.330-11 of the Highway Code, data subjects have the right to oppose the disclosure of personal data to third parties, with a view to its re-use for surveys and commercial prospecting. It may be exercised by contacting the Ministry of the Interior electronically at the following address: https//immatriculation.ants.gouv.fr, under the headings “Access my space/My vehicle space/Make a new request/I wish to make another request/Report a change in my personal situation/Modify my right of objection”. For any questions regarding the exercise of rights or the processing of data in this system, individuals may contact the Data Protection Officer at the Ministry of the Interior at the following address By e-mail: delegue-protection-donnees[at]interieur.gouv.fr; By post: Ministry of the Interior, For the attention of the Data Protection Officer, Place Beauvau 75800 Paris Cedex 08.
Individuals may, if they deem it necessary and after contacting us, lodge a complaint to your data local authority.
COUTOT-ROEHRIG has appointed a data protection officer, who can be contacted at the email address dpo[at]coutot-roehrig.com to obtain any useful information.
We reserve the right to change or adapt our security and data protection measures, in particular due to technological, technical or regulatory developments. People will be informed through our website www.coutot-roehrig.com and will be able to read the latest version directly.
Video surveillance
COUTOT ROEHRIG has placed its Paris and Lyon premises under video surveillance in order to ensure the security of its personnel and property. The legal basis for the processing is legitimate interest. The company’s employees and visitors may also be filmed occasionally.
In the event of an incident, the images may be viewed by the authorised personnel of COUTOT-ROEHRIG (IT department or human resources department) and by the police.
The images are kept for a maximum of one month.
In the event of an incident related to the security of persons and property, the video surveillance images may nevertheless be extracted from the system. They are then kept on another medium for the time needed to settle the procedures related to this incident and are only accessible to authorised persons in this context.
The rights of individuals are exercised in the same way as other processing operations on the basis of the previous article.
Cookies
Read the EU Cookie Policy page