Privacy Policy

Preamble

When you visit the website mg-plasseraud.com, Marie-Gabrielle Plasseraud (hereinafter “Marie-Gabrielle Plasseraud” or “we”) collects and processes personal data. Such data is also collected and processed in connection with our activities as lawyers registered with the Paris Bar.

Personal data means any information that allows a natural person to be identified, directly or indirectly, such as a name, an identification number, location data, an online identifier, or one or more elements specific to that person’s identity (hereinafter “Personal Data”).

This privacy policy (hereinafter the “Privacy Policy”) explains what data we collect, why we collect it, and what your rights are.

1. Data Controller

Processing means any operation applied to Personal Data, by automated means or otherwise (hereinafter “Processing”), including in particular: collection, recording, organisation, storage, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, restriction, erasure or destruction of Personal Data.

The Data Controller is Marie-Gabrielle Plasseraud, Attorney, SIREN number 808228068, with registered office at 84 rue d’Amsterdam, 75009 Paris, France.

We implement appropriate technical and organisational measures to ensure the security of your Personal Data and to prevent any unauthorised access, use, disclosure or alteration.

2. Personal Data Collected

We collect and use the following categories of data:

  1. Identity and contact details: for natural persons (surname, first name, telephone number, email address, postal address); for legal entities (company name, registration number, VAT number);
  2. Connection data: login dates and times, browser used, operating system;
  3. Browsing data: number of visits, pages and sections consulted;
  4. Geographic location data.

 

Mandatory fields are indicated when you provide us with your data. They are flagged by all appropriate means.

We do not collect any sensitive Personal Data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation) (hereinafter “Sensitive Personal Data”).

If Sensitive Personal Data is processed, we will delete it as soon as possible.

In addition, certain technical data is automatically collected via cookies on our website. To learn more and to understand your rights, please consult the Cookie Policy.

3. Circumstances of Personal Data Collection

We collect your Personal Data in the following circumstances:

  1. When you browse or consult our website;
  2. When you complete our contact form;
  3. In the context of our exchanges (by post, email and/or telephone). 
4. Use of Your Personal Data

Any Processing of Personal Data is based on one of the legal grounds set out in Article 6 of the General Data Protection Regulation (hereinafter the “GDPR”).

The table below summarises our processing activities and their legal bases.

 

Processing purposes

Legal bases

Providing legal services to the data subject or their organisation  

Performance of a contract – Article 6(1)(b) GDPR  

For our clients or prospects, performance of the contract or of pre-contractual measures taken at your request.  

 

Legal obligation – Article 6(1)(c) GDPR  

Compliance with our accounting and tax obligations imposed by law, including the keeping of accounts and professional fee invoices.

Registering or onboarding the data subject or their organisation as a client  

Delivering and administering legal services in accordance with client instructions  

Managing the client relationship: billing, accounting, cost recovery

Conducting internal checks and avoiding conflicts of interest  

Legal obligation – Article 6(1)(c) GDPR  

Compliance with our legal, regulatory and professional obligations, particularly those arising from anti-money laundering and counter-terrorist financing regulations, the professional conduct rules of the legal profession set out in the National Internal Regulations (Règlement Intérieur National), and applicable international and commercial sanctions regimes.

Complying with our legal and professional obligations: mandatory anti-money laundering and counter-terrorist financing checks, fraud prevention and compliance with international sanctions

Exercising or defending our rights in legal proceedings; complying with a court order or arbitral tribunal order

Managing applications, assessing profiles and conducting the recruitment process

Performance of a contract – Article 6(1)(b) GDPR 

Performance of pre-contractual measures taken at your request, in particular for the receipt and processing of applications received.

Protecting the security of our professional communications and information systems  

Legitimate interest – Article 6(1)(f) GDPR  

Our legitimate interest in ensuring the security and confidentiality of our professional exchanges, information systems, and data entrusted to us in the course of our work.

Preventing and detecting threats, fraud and malicious activities that may affect the firm or its clients

Sending marketing or informational communications, including newsletters or invitations to firm events, to prospects and clients

Legitimate interest – Article 6(1)(f) GDPR

Our legitimate interest in ensuring communication, marketing and information to our clients and prospects.

Identifying website usage issues and improving content and navigation 

Legitimate interest – Article 6(1)(f) GDPR

Our legitimate interest in improving the user experience on our website, optimising the presentation of our services and ensuring proper technical operation.

Monitoring and analysing website performance

 

Processing carried out in connection with our legal work is further covered by legal professional privilege.

5. Retention Period for Your Personal Data

We retain your Personal Data for the period necessary considering the purpose for which it was collected:

  • Client data: for a period of 5 years from the closure of the file. Billing data is retained for 10 years, in accordance with applicable statutory obligations;
  • Prospect data: for a period of 3 years from the last contact;
  • Candidate data:
    • Data held in the CV database is retained for 2 years from the end of the recruitment process;
    • Data of successful candidates is retained throughout the recruitment process until the hiring decision and is then re-used and retained in the context of personnel administration.
    • Data of unsuccessful candidates is retained for three months from the end of the recruitment process.
  • Data collected via cookies: for a maximum period of 24 months in accordance with the default settings of GA4, subject to Google’s policies.

These periods may be extended where required by statutory archiving obligations, the establishment of proof of a right or contract, applicable limitation periods, potential disputes, or guidelines issued by the competent data protection authorities.

6. Your Rights Regarding Your Personal Data

You remain at all times the sole owner of your Personal Data and may exercise the following rights under applicable law:

  • Access to your Personal Data: you may obtain a copy of the Personal Data we hold about you, as well as information on how it is processed.
  • Rectification of your Personal Data: you may ask us to correct any inaccurate or incomplete Personal Data. We reserve the right to verify the accuracy of any new information provided
  • Erasure of your Personal Data: you may request the deletion of your Personal Data when it is no longer necessary or has become obsolete, in the event of unlawful processing, or following the exercise of your right to object. This right may be restricted where retention is required by a statutory obligation or is necessary for the establishment, exercise or defence of legal claims. You will be notified of such reasons
  • Restriction of the Processing of your Personal Data: you may request the suspension of the Processing of your Personal Data in the event of:

(i) a dispute as to their accuracy, for the time needed to verify them;

(ii) unlawful processing where you prefer to restrict use rather than request erasure;

(iii) where we no longer need your Personal Data but you still require it for the establishment, exercise or defence of your legal claims;

(iv) the exercise of your right to object, during the verification period to determine whether the legitimate grounds we pursue override yours.

  • Portability of your Personal Data: you may receive your Personal Data in a structured and commonly used format, to transfer it to a third party of your choice. This right applies only to Personal Data processed based on your consent or the performance of a contract.
  • Objection to the use of your Personal Data: you may object, at any time, to the processing of your Personal Data, or withdraw your consent where processing is based on consent (which may prevent us from providing you with certain services).

To exercise any of these rights, please contact Marie-Gabrielle Plasseraud at the following email address: contact@mg-plasseraud.com.

If you believe your rights are not being respected, you may lodge a complaint with the Commission nationale de l’informatique et des libertés (CNIL) at the following address:

CNIL, Service des plaintes, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

7. Transfer and/or Sharing of Your Personal Data with External Third Parties

In the context of the tools we use (see Article 8 – Recipients with Access to Personal Data), your Personal Data may be transferred outside the European Union. Such transfers are secured by the following means:

  • the data is transferred to a country subject to an adequacy decision by the European Commission, in accordance with Article 45 GDPR: in this case, that country ensures a level of protection deemed sufficient and equivalent to the GDPR;
  • the data is transferred to a country whose level of data protection has not been recognised as adequate under the GDPR: in this case, such transfers are based on appropriate safeguards as set out in Article 46 GDPR, tailored to each service provider, including without limitation the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or pursuant to an approved certification mechanism;
  • the data is transferred based on one of the appropriate safeguards described in Chapter V of the GDPR.

You may obtain a copy of the instruments enabling transfers of your Personal Data outside the European Union by contacting us.

In addition, analytical data collected via cookies may be shared with service providers (e.g. Google) for the sole purpose of analysing our website’s performance.

8. Recipients with Access to Personal Data

Your Personal Data will only be communicated, where applicable, to the following recipients:

  • Authorised personnel within the firm, strictly within the limits of their respective duties and in compliance with professional secrecy obligations;
  • Trusted subcontractors and service providers of the firm, responsible in particular for:
    • Website hosting;
    • Technical maintenance and management of the website;
    • Sending newsletters;
    • Managing the contact form;
    • Audience analysis and cookies.

 

These recipients have access only to the Personal Data strictly necessary for the performance of their tasks and undertake not to use it for any other purpose. They are bound by a confidentiality obligation.

We select our service providers with the greatest care, ensuring that they provide sufficient guarantees, in terms of security, to meet the requirements of applicable law.

Furthermore, in accordance with applicable legislation, we may be required to disclose your Personal Data to competent authorities upon request, including public bodies, officers of the court, and ministerial officers, to fulfil our legal obligations.

9. Amendments to this Privacy Policy

This Privacy Policy may be updated by us to best reflect any changes in the way we collect and process your Personal Data. Any amendment is published on this page with the revision date.