Skip to main content

Privacy Policy & GDPR

This document brings together the Privacy Policy and operational annexes (registers and templates) intended to facilitate a rapid presentation in the event of an inspection by the supervisory authorities (CNIL).

  • Home
  • Privacy Policy & GDPR

Last updated: June 30, 2026

Privacy Policy

This Privacy Policy describes how Beauchamp Estates France collects, uses, stores, shares, and protects personal data in the course of its activities, including real estate intermediation, mandate management, leasing, sales, commercial prospecting, property viewings, and regulatory compliance.

1. Definition and Interpretation

We may collect and process the following personal data:

  • Information provided directly by you: when requesting information about our properties or services, or subscribing to our newsletter, you may provide your name, email address, phone number, and property preferences.
  • Automatically collected information: when you visit our website, certain data may be collected automatically, such as your IP address, browser type, pages viewed, and time spent on the site.
  • Information from third parties: we may receive information about you from business partners or third-party platforms.

2. About Us

Our website is hosted and managed by a service provider located in France: OVH CLOUD, 2 Rue Kellermann, 59100 Roubaix, France.

Our VAT number is 656 687187.

The Data Protection Officer (DPO) / privacy contact is Adrien Willig-Lamy, reachable at:

  • Email: info@beauchamp.com
  • Phone: +33 (0)4 93 94 45 45
  • Address: Beauchamp Estates, 19 rue des États-Unis, 06400 Cannes – France

3. Scope of This Document

This notice applies to all personal data we process. Unless otherwise stated, we act as the data controller.

Our website may contain links to other websites. We are not responsible for how these third parties collect, store, or use your data. We recommend reviewing their privacy policies before providing any personal data.

4. Your Rights

You have the following rights:

  • Right to be informed about data collection and use
  • Right of access to your personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making and profiling

We may collect, depending on the case:

  • Identification data: name, surname, date of birth, nationality, photo, signature, ID documents
  • Contact details: postal address, email, phone number
  • Professional and financial data: occupation, employer, income, banking details, compliance verification data
  • Property-related data: preferences, search criteria, viewing history, expressed interests
  • Navigation data: IP address, technical identifiers, browser type, pages visited, duration, browsing path
  • Communication data: emails, forms, calls, SMS, instant messaging in a professional context
  • Compliance data: KYC / AML-CTF data, identity checks, beneficial ownership information when required

If you have a complaint regarding our processing of your personal data, please contact us (Section 16). If you are not satisfied, you may contact the CNIL:

CNIL – 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Tel: +33 (0)1 53 73 22 22
Website: https://www.cnil.fr

5. What Information Do We Collect?

Depending on your use of our website and services, we collect basic identification data (name, email, phone number, postal address). Compliance checks (AML-CTF) may require additional documentation, including beneficial ownership information for corporate clients.

We process personal data for the following purposes:

  • Managing inquiries, viewings, and client onboarding (pre-contractual measures or contract execution)
  • Managing mandates, transactions, rentals, and client relationships (contract execution)
  • Regulatory compliance (AML-CTF, accounting, tax obligations) (legal obligation)
  • Website security, fraud prevention, and incident management (legitimate interest)
  • Marketing communications and newsletters (consent or legitimate interest for existing clients where permitted)
  • Analytics, personalization, and website improvement (consent where required)
  • Handling complaints, legal requests, and disputes (legal obligation and legitimate interest)

6. How We Use Your Data

We process your data based on:

  • Contract performance
  • Your consent
  • Legal obligations
  • Legitimate interests

Examples include account management, website access, personalization, market research, service improvement, contractual execution, responding to requests, and lawful marketing.

Access to data may be granted on a need-to-know basis to authorised internal staff, group entities, and service providers (hosting, CRM, security, marketing, compliance tools, legal/accounting advisors).

You may withdraw consent at any time and request deletion of your data.

All processors are bound by Article 28 GDPR-compliant contracts ensuring confidentiality and security.

7. Data Storage and Security

Data is stored securely and retained no longer than necessary. By default, data is hosted in France/EU, although backups or processing outside the EU may occur with appropriate safeguards (see Section 9).

Security measures include access control, passwords/encryption, restricted access, and staff training.

Where data is transferred outside the EU/EEA, appropriate safeguards such as adequacy decisions or Standard Contractual Clauses are applied.

8. Do We Share Your Data?

We may share data with affiliated entities, including Beauchamp Estates offices in Mayfair, St John’s Wood, Private Office, Mykonos, France, and Leslie J Garfield & Co.

We may also use third-party service providers for compliance, marketing, analytics, and administrative/technical operations, subject to contractual safeguards.

Aggregated anonymised statistics may be shared for legitimate business purposes (investors, partners, advertisers).

9. Transfers Outside the EU/EEA

Any transfer outside the EU/EEA is governed by an adequacy decision or Standard Contractual Clauses (SCCs), ensuring an equivalent level of protection under GDPR.

Data may also be disclosed where required by law (judicial proceedings, legal obligations, authorities).

10. Data Retention

Data is retained only as long as necessary:

  • Prospects: 3 years after last contact
  • Clients: duration of contract + legal retention period (up to 7 years)
  • Marketing data: until consent withdrawal or objection
  • AML/KYC data: according to legal requirements
  • Cookies: as defined in cookie policy
  • CCTV: up to 30 days unless incident
  • Newsletter data: until unsubscribe

After retention periods, data is securely deleted or anonymised.

11. Change of Ownership

In case of sale or change of control, relevant data may be transferred to the new owner, who will be bound by the same purposes. You will be informed and may object or request deletion.

12. Control Over Your Data

You may opt out of direct marketing and register on preference lists (e.g., Bloctel) to reduce unsolicited calls.

13. Right Not to Provide Information

You may browse the site without providing data, but some services may require it.

14. Access to Your Data

You may request access to your personal data free of charge. Contact details are provided in Section 16.

15. Cookies

The website uses first-party and third-party cookies in compliance with PECR.

Analytics tools (e.g., Google) may be used. See the Cookie Policy for details.

Cookies include:

  • Strictly necessary cookies (no consent required)
  • Non-essential cookies (analytics, marketing, personalization) requiring prior consent via a CNIL-compliant banner

Consent may be modified at any time. A dedicated cookie policy details categories, purposes, and durations.

16. Contact

Beauchamp Estates is a member of ANM Consommation (mediation and complaints system):

ANM Consommation
2 Rue de Colmar, 94300 Vincennes
Email: contact@anm-conso.com
Website: https://www.anm-conso.com

Complaints process:

  1. Contact local office (Director)
  2. Then General Director
  3. Then Mediator

17. Changes to This Notice

This policy may be updated due to legal or operational changes. Updates are published on the website, and continued use constitutes acceptance.

Last updated: June 20, 2026

18. Mandatory Registers

In compliance with GDPR, we maintain:

  • Processing register
  • Incident register
  • Data subject request register

See annexes for templates.

19. GDPR Governance and Internal Organisation

Beauchamp Estates France has implemented internal governance to ensure GDPR compliance.

This includes:

  • Appointment of a Data Protection Officer (DPO)
  • Defined internal responsibilities
  • Lifecycle data management procedures
  • Staff training on confidentiality and data protection

All employees are bound by strict confidentiality obligations.

20. Informal Communication Channels

Informal tools (SMS, WhatsApp, messaging apps) may be used for:

  • Scheduling viewings
  • Operational follow-up
  • Client information sharing

Employees must:

  • Limit data shared to what is necessary
  • Avoid sending sensitive documents
  • Use secure professional tools whenever possible

These tools are not archival systems.

21. Data Retention Policy

Indicative retention periods:

  • Prospects: 3 years after last contact
  • Clients: contract duration + up to 7 years
  • Rental files: legal minimum duration
  • Marketing data: until withdrawal of consent
  • CCTV: up to 30 days
  • Accounting/tax data: legal retention periods

Data is securely deleted or anonymised afterward.

22. Commercial Prospecting and Profiling

Beauchamp Estates may carry out marketing and customer segmentation:

  • Based on consent, or
  • Based on legitimate interest

Individuals may object at any time.

No automated decision producing legal effects is made.

23. Enhanced Protection of High-Value Data

Due to the nature of its clientele, enhanced security measures apply:

  • Strict access controls
  • Strong authentication where available
  • Encryption of sensitive data
  • Limited sharing
  • Regular audits

Breaches are handled according to Appendix D procedures.

24. Exercise of Data Subject Rights

Requests may be sent to:

  • Email: info@beauchamp.com
  • Post: Beauchamp Estates, 19 rue des États-Unis, 06400 Cannes – France

Identity verification may be required. Requests are processed within one month.

25. Legal Bases (Summary)

Processing is based on:

  • Contract performance
  • Legal obligation (AML-CTF, tax, accounting)
  • Consent (cookies, newsletters, marketing where required)
  • Legitimate interest (security, client relationship, service improvement, limited marketing)

Balancing tests ensure rights and freedoms are respected.

26. Electronic Marketing Communications

Marketing communications may be sent via email, SMS, or messaging apps (e.g., WhatsApp):

  • Based on consent, or
  • Existing client relationship for similar services

Users may unsubscribe at any time without justification or cost.

27. Cookie Management

Strictly necessary cookies are always active.
Non-essential cookies require explicit consent via a CNIL-compliant banner.

Consent can be modified at any time without affecting site access.

28. Video Surveillance (if applicable)

Where implemented, CCTV is used solely for security purposes.

Retention: up to 30 days unless incident requires longer storage.

Access is strictly limited to authorised personnel.

29. Minors’ Data

Services are not intended for minors under 15 years old.

We do not knowingly collect data from minors.

Any such data is deleted as soon as identified.

30. Sub-processors and GDPR Article 28 Compliance

All processors acting on our behalf provide sufficient guarantees of security and confidentiality.

Contracts comply with Article 28 GDPR and define:

  • Purpose and duration
  • Nature of processing
  • Security and confidentiality obligations

If you want, I can also:

  • format this into aready-to-sign PDF (law firm style)
  • or turn it into aclean GDPR compliance dossier with annex templates (registers, breach log, DPA templates)