Privacy Policy
Last updated: February 22, 2026
Sotheby Realty France places the utmost importance on the protection of your personal data. This Privacy Policy informs you how we collect, use and protect your information in full compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and French data protection law.
1. Data Controller
Sotheby Realty France SAS 8 Avenue Montaigne, 75008 Paris RCS Paris 842 156 478 Data Protection Officer (DPO): dpo@sothebyrealty.fr
2. Data We Collect
We collect the following categories of personal data: • Identification data: name, first name, email address, phone number • Account data: login credentials, browsing history of viewed properties and favorites • Browsing data: IP address, browser type, pages visited, visit duration (via analytical cookies, with your consent) • Contact data: the content of messages you send via our forms We do not collect or process sensitive data (health data, political or religious opinions, etc.).
3. Purposes and Legal Bases
Your data is processed for the following purposes: • Managing your user account (legal basis: contract performance) • Sending transactional communications related to your requests (legal basis: contract performance) • Improving our services through statistical traffic analysis (legal basis: legitimate interest / consent) • Sending marketing communications and newsletters (legal basis: consent) • Legal obligations (retention of certain data) (legal basis: legal obligation)
4. Retention Period
Your personal data is retained for the following periods: • Active account data: for the duration of the contractual relationship + 3 years after the last activity • Non-converted prospect data: 1 year from last contact • Navigation log data: maximum 13 months • Accounting data: 10 years (legal obligation) At the end of these periods, your data is securely deleted or anonymized.
5. Data Recipients
Your data may be shared with: • Our authorized staff (real estate advisors, customer service, technical team) • Our technical subcontractors: Vercel (hosting), Supabase (database), Resend (emails), Google (OAuth authentication, analytics if enabled) • Competent authorities, upon legal request We never sell your data to third parties for commercial purposes.
6. Transfers Outside the EU
Some of our service providers (notably Vercel and Google) transfer data to the United States. These transfers are governed by standard contractual clauses approved by the European Commission and/or adherence to the Data Privacy Framework, ensuring an adequate level of protection.
7. Your Rights
Under the GDPR, you have the following rights: • Right of access: obtain a copy of your data • Right of rectification: correct inaccurate data • Right to erasure: request deletion of your data ("right to be forgotten") • Right to portability: receive your data in a structured format • Right to object: object to the processing of your data for direct marketing purposes • Right to restriction: temporarily limit the processing of your data To exercise these rights, contact our DPO at dpo@sothebyrealty.fr, enclosing a copy of your identity document. You also have the right to lodge a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.
8. Cookies
We use cookies and similar technologies on our site. To learn more, please consult our Cookie Policy accessible in the website footer, or manage your preferences by clicking "Customize" in the consent banner.
9. Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure or destruction: TLS encryption (HTTPS), password hashing, strict access controls, access logging.
10. Policy Changes
We reserve the right to modify this Policy at any time to comply with regulatory changes or our practices. The date of last update is indicated at the top of the document. We encourage you to consult it regularly.