The purpose of this personal data protection policy (“Policy”) is to inform you about the type of data collected and how it is used, as well as your rights with regard to the processing carried out by MBO+ in its capacity as data controller.
This Policy may be modified, supplemented or updated in order to comply with any legislative, regulatory, jurisprudential or technical developments. We therefore invite you to consult it regularly at www.mbo.plus, which contains the most up-to-date version.
Scope of the Policy
This Policy applies to you if you are :
- A user of the MBO+ website;
- A shareholder or manager of MBO+ ;
- A person (natural person or representative of a legal entity) taking or likely to take stakes in companies (investors, shareholders of stakes, shareholders of the MBO+ company);
- Consultant involved in investment transactions (natural person or representative of a legal entity) ;
- A representative of MBO+’s service providers, customers and suppliers;
- A journalist, a representative of an administration, an authority or any other third party entering into relations with MBO+ ;
(hereinafter indistinctly referred to as “you”).
1 – Who collects and uses your personal data (the data controller)?
The company responsible for processing your personal data is MBO+ (“MBO+”), whose registered office is located at 7 rue Copernic – 75116 PARIS.
2 – How is your data collected?
Your personal data is generally collected directly from you (when you enter into a relationship with MBO+, on your terminal if you use our website, by video surveillance cameras on our premises when you visit them.
When this data is essential for us to respond to your request, fulfill a contract or meet a regulatory obligation, we inform you at at the time of collection.
Some personal data may also be collected indirectly, notably because your employer or the company you represent has communicated them to us, or because you are involved in a company targeted by an operation managed by MBO+…, as well as, if this is the only way to contact you and subject to compliance with regulations, from publicly accessible sources such as directories or professional social networks. This data does not exceed that which we may collect directly, relating to your identification or your professional life (identification data, contact details, functions, data contained in due diligence reports linked to investment operations, customer knowledge data concerning investors or potential investors, various supporting documents in which your name appears, such as K-Bis extracts, proof of origin of funds or absence of international sanctions, economic and financial data if applicable, such as invoicing and payment data, details of shares held by shareholders, video surveillance images, etc.).
3 – Why do we use your data and how long is it stored?
| Goals | Legal basis | Shelf life in active base |
| Recruitment | Execution of pre-contractual measures taken at the request of the data subject | Duration of application review and hiring decision + 3 months |
| Retention of candidate profiles for future needs (applicant pool) | Consent | 2 years maximum, renewable 1 time, from last contact |
| Management of shareholdings in companies (preparation of shareholding files, monitoring of shareholdings, management of relations with advisors and counterparties, implementation and monitoring of investments or divestments) | MBO+’s legitimate interest (management of shareholdings) | Participation duration |
| Management of fund investors and prospects (registration of investors in the CRM, improvement of investor knowledge, management of investor relations (understanding their investment needs, prospecting)) | Legitimate interest of MBO+ (investment management) | Investment period |
| Management of AML/CFT obligations (verification of investor profiles, verification of company director profiles, execution and follow-up of mandatory declarations) | Legal obligation | Duration of relationship |
| Supplier management (monitoring supplier contracts, managing commercial relations with suppliers) | Legitimate interests of MBO+ (conduct of business) | Duration of relationship |
| Management of legal, accounting and tax obligations (carrying out administrative operations related to contracts, orders, receipts, invoices, settlements, supplier accounting, calculating and paying taxes, issuing payment vouchers, managing accounting, annual accounts, managing statutory auditors’ reports, managing requests to exercise RGPD rights, producing statistics). |
§ Legal obligation § MBO+’s legitimate interest (rationalization of its activities) |
Duration of relationship |
| MBO+ corporate life (shareholding, governance) |
§ Contract performance § Legitimate interest (internal organization) |
Duration of shareholding |
| Communication | Legitimate interest (external communication) | 2 years |
| Management of the physical security of premises, goods and people (management of access to premises via video surveillance) | Legitimate interest (security) | 24 heures |
| Digital resource management (monitoring and maintenance of IT systems, management of messaging and business tools) | Legitimate interest (IT security and management) | 6 months |
At the end of the retention periods specified in the table above, your personal data will, if necessary, be archived:
- In the event of a legal obligation with regard to supporting accounting documents that may include data concerning you (business retention period + period required to reach 10 years);
- If elements need to be preserved in the event of litigation: applicable statute of limitations (depending on the type of action, between 1 and 5 years).
4 – Who receives your personal data?
All or part of your personal data will be made accessible internally to authorized personnel who need to know it, depending on the reason why you contacted MBO+. It will also be made accessible to our technical service providers (“subcontractors” within the meaning of the regulations), for the strict requirements of their mission.
Some of your personal data may also be transmitted to third parties who may use them for their own purposes, depending on the reason why you contacted MBO+ :
- Institutional or commercial partners, such as custodians or Limited Partners, in connection with the management of shareholdings and funds; Where the latter are located in non-European countries not benefiting from an adequacy decision by the European Commission, data transfers (limited to only the identification data of managers) are governed by the signing of standard contractual clauses with the recipient, a copy of which can be obtained from the address given below;
- Public bodies and administrations legally entitled to receive certain personal data;
- Agents to manage a dispute or case (lawyers, bailiffs, etc.);
- Statutory auditors, certified public accountants and auditors;
- In the event that our company or all or part of its assets are acquired by a third party, your personal data may be made accessible to any person involved in the preparation and execution of the transaction and included in the assets transferred.
5 – What are your rights regarding the processing of personal data by us, and how can you exercise them?
You may at any time exercise the various rights provided for by the regulations in force: right of access, right to withdraw your consent when this constitutes the sole legal basis for processing, right to rectify any erroneous data concerning you, and, in the cases and within the limits provided for by the regulations, right to object, to delete some of your personal data, to have its use restricted or to request its portability in with a view to its transmission to third parties, but also – if you reside in France – to define the fate of your data after your death.
You are reminded that, in accordance with regulations, we may refuse to grant certain requests concerning some of these rights (in particular the right to deletion), for legitimate reasons such as the need to defend legal rights or the requirements of a legal obligation to retain certain data.
If you have any questions or wish to exercise your rights, simply send your request, enclosing, where appropriate, any document proving your identity and the validity of your request, to the following address: MBO+ – Données Personnelles – 7 rue Copernic – 75116 PARIS.
In the event of unresolved difficulties, or to exercise your right to access your data collected to meet our obligations to combat money laundering and the financing of terrorism, you may refer the matter to the French Data Protection Authority (CNIL).