At RivierX, confidentiality and discretion are at the core of our practice. We process personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national data protection legislation.

01

Data Controller

RivierX Intelligence
SIREN: 989 507 660

Registered office: 950 route des Colles, 06410 Biot, France
Email: dpo@rivierx.com
Contact page: /contact

02

Data Collected

We collect only the data strictly necessary to process your request and/or carry out our engagements.

Identity and contact data

  • First and last name
  • Email address, phone number
  • Postal address (where required)

Request and case data

  • Factual information relevant to the analysis and engagement (facts, dates, locations, descriptions)
  • Documents provided by you (supporting materials, correspondence, evidence)

Data generated in the course of an engagement

  • Notes, findings, verification elements
  • Reports and summaries

Contractual and billing data

  • Quotes, contracts, contractual correspondence
  • Invoices, payments, accounting records

Browsing data (cookies / trackers)

  • Strictly necessary technical cookies
  • Audience measurement and performance cookies, subject to consent where required
  • Third-party trackers (maps, videos, embedded content), subject to consent

Sensitive data (special categories)

We seek to avoid collecting sensitive data (health, opinions, etc.). Where such data is strictly required for the establishment, exercise or defence of legal claims, processing is limited, governed and secured accordingly (Art. 9.2.f GDPR).

03

Purposes

Your data is processed for the following purposes:

  • Responding to your enquiries (form, email, phone)
  • Assessing feasibility and preparing an engagement (pre-contractual phase)
  • Carrying out our engagements and lawfully gathering relevant evidence
  • Managing the client relationship (contract, follow-up, billing, accounting)
  • Ensuring the security of our systems and preventing fraud (traceability, logs)
  • Complying with our legal and regulatory obligations
  • Producing audience statistics (anonymised/aggregated where possible), with your consent where required
04

Legal Bases

Depending on the context, processing is based on:

  • Performance of pre-contractual measures or a contract (Art. 6.1.b GDPR)
  • Legal obligation (Art. 6.1.c GDPR)
  • Legitimate interest (Art. 6.1.f GDPR): security, fraud prevention, service improvement, defence of rights
  • Consent (Art. 6.1.a GDPR) for non-essential cookies and trackers
  • Sensitive data: Art. 9.2.f GDPR with enhanced safeguards where required for the defence of legal claims
05

Sources of Data

Data originates from:

  • Yourself (correspondence, documents, forms)
  • Lawful publicly accessible sources (public registers, press, professional directories, public social media, etc.)
  • Authorised third parties depending on context (lawyers, court officers, insurers, experts)
06

Recipients of Data

Data is accessible only to:

  • Authorised RivierX team members, bound by strict confidentiality obligations
  • Our technical service providers (hosting, messaging, maintenance, archiving), acting as data processors under the GDPR and bound by contractual arrangements
  • Where applicable, our legal advisors and officers of the court, our insurers, or competent authorities where required by law

We do not sell or rent your data.

07

Transfers Outside the EU

By default, all processing takes place within the EU/EEA. Should a transfer outside the EU/EEA become necessary, it will be governed by appropriate safeguards (e.g. Standard Contractual Clauses) and, where required, supplemented by additional measures and prior notification.

08

Retention Periods

We retain your data for a period proportionate to the purposes for which it was collected:

CategoryRetention period
Prospects / unanswered enquiries3 years from last contact
Case files and engagement documents5 years after case closure (unless extended by dispute, legal obligation or defence of rights)
Accounting / billing records10 years
Technical logs12 months
CookiesMaximum 13 months; aggregated audience statistics up to 25 months
09

Security and Confidentiality

We implement appropriate technical and organisational measures, including:

  • Access rights management and access controls
  • Appropriate encryption measures (depending on data flows and media)
  • Logging and audit trails
  • Protected backups
  • Data minimisation, pseudonymisation and access restriction where possible
  • Confidentiality awareness training
10

Cookies & Trackers

Strictly necessary cookies

Essential to the operation of the website — no consent required.

Audience measurement / performance cookies

Deposited only with your consent. You may change your preference at any time via the cookie banner or your browser settings.

Third-party trackers (maps, videos, embedded content)

May result in data collection by third parties. Subject to consent where they are not strictly necessary.

11

Your Rights

Under the GDPR, you have the following rights:

AccessObtain a copy of the data held about you.
RectificationCorrect inaccurate or incomplete data.
ErasureRequest deletion in the cases provided for by law.
RestrictionTemporarily restrict a processing activity.
ObjectionObject to processing, including direct marketing.
PortabilityReceive your data in a structured, machine-readable format.
Consent withdrawalWithdraw your consent at any time.
Post-mortem directivesIssue instructions regarding your data after death (France).

To exercise your rights:

dpo@rivierx.com We may request proof of identity where there is reasonable doubt.

Complaints: you may lodge a complaint with the competent supervisory authority. In France: CNIL (www.cnil.fr).

12

Automated Decision-Making

We do not carry out any automated decision-making that produces legal or similarly significant effects, and we do not engage in commercial profiling.