GDPR & Data Privacy

GDPR & Data Privacy


  1. Data controller and recipients of personal data

We inform you that your personal data collected more generally as part of the relationship that you might have with our company, is processed by Compagnie Financière et de Participations Roullier (CFPR) based in 27, Avenue Franklin Roosevelt – 35400 Saint-Malo, France.

The data collected is intended to be used by CFPR. It will also be made available to our technical service providers (“sub-contractors” as defined in the regulations), for the strict purposes of their designated task.

Access is strictly governed by the security policies in place so that human intervention with the data remains highly exceptional. In addition, such access is governed by typical contractual clauses pursuant to the requirements of the regulations for data transfers outside of the EU.

  1. Legal basis and purposes for collecting personal data

When some of your data is essential for us to fulfil a contract to which you or your company are parties, or to meet a regulatory obligation, we tell you when collecting it.

Your data will be used in different ways, dependent on your reason for entering into a relationship with our company:

- For the organisation of competitions, lotteries or any other promotional operation, based on your consent, which you can withdraw at any point without negating the initial legality of use of your data;

- For the requirements of the performance of your contract or a contract concluded with the company you represent (delivery of services, invoicing, monitoring and performance of the contract, delivery, after-sales service and claims, customer satisfaction surveys, customer file management, management of non-payments and disputes);

- For processing and responding to requests that could give rise to a contractual relationship (request for information);

- For meeting our legal, accounting, and fiscal obligations (particularly in preserving accounting supporting documents, managing requests for rights, rectification and objection, keeping a list of objections to market research);

- For meeting our legitimate needs, unless you object, and within the limits of your interests and rights. This includes, in particular:

Market research, customer relationship monitoring, and customer loyalty (which includes a need to better know the people with whom we have a relationship, sending messages concerning sales, updates, our products, services and offers);

Carrying out marketing campaigns, in order to develop our company’s sales activity;

Managing people’s opinions of products, services or content with the aim of improving the products and services offered by our company;

Creating commercial statistics in order to analyse our company’s sales activity;

Management of the prospective customer file in order to develop our company’s sales activity;

  1. Rights of data subjects

You have a right to access and rectify erroneous data concerning you, and, on a case by case basis and according to the limits established by the regulations, to object with and erase some of your data, restrict its use, or request its portability with a view to its transmission to a third party.

To exercise your rights, simply write to us at This email address is being protected from spambots. You need JavaScript enabled to view it. and attach, if applicable, proof of identity and a document supporting your request.

  1. Retention of personal data

Your data will be kept for a period that is necessary for the above-mentioned purposes. Data enabling customer relationship management will be kept for 3 years after the end of the commercial relationship.  Data collected for commercial prospecting will also be kept for 3 years after last contact.

At the end of these periods, the data will be deleted from active databases and, if necessary, archived for a duration not exceeding the legally prescribed periods or the applicable archiving obligations. Once these periods have expired, the data will be destroyed. 

  1. Mandatory or optional data provision

Data that is essential to CFPR for the purposes described above are indicated by an asterisk on the contact form. If you do not fill in the mandatory fields, we will not be able to follow up your requests and/or provide the desired services.

Data that is not marked by an asterisk is optional; it enables us to know you better and improve both our contact with you and the services we provide you.

  1. Contacting the Data Protection Officer

For any additional information or difficulty concerning the collection or processing of your data, you can contact our Data Protection Officer (DPO) at: This email address is being protected from spambots. You need JavaScript enabled to view it..

If you have any unresolved issues, you can contact a supervisory authority.


In the context of providing our services, we may send your data, or provide access to it, to our departments and sub-contractors below:

  • Agence Web Graphisweet, 103 A, Avenue Henri Fréville – 35000 Rennes for statistical analysis;
  • Agence Web Mediaveille, 10, Parc de Brocéliande 35760 - Saint-Grégoire for statistical analysis.

CFPR may have to send your Data to third parties if such a disclosure is authorised and required by law or a legal decision, or if this disclosure is necessary for the protection and defence of its rights.

Outside of these cases, your Data will not be sold or made accessible to any third party without your prior agreement.

CFPR never transfers your Data to countries outside the EEA. In the event of transfer outside the EEA, such transfers will be covered by the appropriate guarantees, such as the standard clauses required by the European Commission.


You have a right of access to data concerning you, a right to request rectification, erasure or portability, as well as a right to request restriction of the processing of your Data and to withdraw your consent.

You also have the option of objecting, at any point:

These rights can be exercised at any time by sending an e-mail to our Group DPO: This email address is being protected from spambots. You need JavaScript enabled to view it.;

or a letter to:

27, Avenue Franklin Roosevelt
35400 Saint-Malo, France

You also have the right to make a complaint to a supervisory authority.

The French supervisory authority is the Commission nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

Date updated: 08/07/2019