PRIVACY

POLICY

EFFECTIVE DATE: 1st May 2026 | Last updated: 1st May 2026

01 Who We Are

This Privacy Policy describes how Monument Private Office SAS collects, uses and protects your personal data when you visit our website, contact us, or engage our services.

DATA CONTROLLER: Monument Private Office SAS

REGISTERED OFFICE: 60 rue François 1er, 75008 Paris, France

RCS: Paris 982 413 767

DATA PROTECTION CONTACT: info@mnt-privateoffice.com

We process your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and French Law n° 78-17 of 6 January 1978 (loi Informatique et Libertés) as amended. If you have any questions, contact us at the address above.

02 Personal Data We Collect

DATA YOU PROVIDE DIRECTLY

When you contact us, submit an enquiry, or engage our services, we may collect:

IDENTITY: Full name, date of birth, nationality, country of residence

CONTACT DETAILS: Email address, telephone number, postal address

PROFESSIONAL INFORMATION: Employer, profession, role — where relevant to a mandate

FINANCIAL INFORMATION: Income, assets, liabilities, borrowing capacity — collected solely for the purpose of credit intermediation or property search mandates

TRANSACTION INFORMATION: Details of a property acquisition, ownership structure, or financing project you share with us in the course of an engagement

COMMUNICATIONS: Content of emails, messages or call notes exchanged with us

DATA COLLECTED AUTOMATICALLY

When you visit our website, our server and any analytics tools we use may automatically collect:

TECHNICAL DATA: IP address, browser type and version, device type, operating system

USAGE DATA: Pages visited, time spent, links clicked, referral source

COOKIES: See our Cookie Policy in section 08 below

DATA FROM THIRD PARTIES

We may receive data about you from third parties, including referring professionals (real estate agents, family offices, advisors) who introduce you to us, publicly available sources such as the Land Registry (Livre Foncier), and identity verification or KYC/AML providers where required by law.

03 How We Use Your Data

We only process your personal data where we have a lawful basis to do so. The table below sets out our purposes and the applicable legal basis under GDPR Article 6.

A table with two columns titled "PURPOSE" and "LEGAL BASIS". The table lists various activities related to legal and financial services, such as responding to inquiries, performing property searches, providing credit services, and complying with regulations, along with their respective legal bases like CONTRACT, LEGAL OBLIGATION, LEGITIMATE INTEREST, or CONSENT.

We will not use your personal data for purposes incompatible with those for which it was collected. Where we rely on legitimate interest, you have the right to object — see section 06 below.

04 Who We Share Your Data With

We do not sell your personal data. We may share it only in the following circumstances:

LENDERS AND BANKING PARTNERS

Where you instruct us to arrange financing on your behalf, we will share relevant financial and identity information with lenders, private banks or other credit providers as necessary to assess and process your application. You will be informed of which institutions we approach on your behalf.

PROFESSIONAL ADVISORS AND NOTAIRES

In the course of a property transaction, we may share relevant information with notaires, lawyers, tax advisors or other professionals involved in your file, where necessary for the completion of the transaction.

REFERRING PROFESSIONALS

Where you have been introduced to us by a real estate agent, family office or other professional, we may share relevant updates on the progress of your file with that professional, where this is consistent with the terms of your engagement and their role.

SERVICE PROVIDERS

We engage third-party service providers who process data on our behalf (for example, IT hosting, email communication, CRM, and document management). All such providers are bound by data processing agreements and may only use your data to perform the services we request.

REGULATORY AND LEGAL DISCLOSURE

We may disclose your data to regulatory authorities (including the ACPR and ORIAS), law enforcement, or courts where we are required to do so by law or to defend a legal claim.

BUSINESS TRANSFER

In the event of a corporate restructuring, merger or transfer of business activities involving Monument Private Office SAS, relevant personal data may be transferred subject to equivalent confidentiality and data protection obligations.

05 How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by applicable law.

ENQUIRIES (NO ENGAGEMENT): 3 years from last contact

REAL ESTATE MANDATE FILES: 10 years from completion of the transaction (loi Hoguet obligations)

CREDIT INTERMEDIATION FILES: As required by ORIAS/ACPR regulation — minimum 5 years from the end of the relationship

KYC/AML RECORDS: 5 years following the end of the business relationship, as required by French anti-money laundering law

MARKETING CONSENT RECORDS: 3 years from the date of consent or last interaction

When retention periods expire, data is securely deleted or anonymised.

06 Your Rights

Under GDPR and French data protection law, you have the following rights in respect of your personal data:

ACCESS

Request a copy of the personal data we hold about you.

RECTIFICATION

Ask us to correct inaccurate or incomplete data.

ERASURE

Request deletion of your data where there is no longer a lawful basis for processing.

RESTRICTION

Ask us to limit processing of your data in certain circumstances.

PORTABILITY

Receive your data in a structured, machine-readable format where processing is based on consent or contract.

OBJECTION

Object to processing based on legitimate interest, including direct marketing.

WITHDRAW CONSENT

Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing.

COMPLAINT

Lodge a complaint with the CNIL if you believe we have processed your data unlawfully.

To exercise any of these rights, contact us at info@mnt-privateoffice.com. We will respond within one month. There is no charge for reasonable requests.

For complaints relating to credit intermediation services specifically, Monument Private Office's appointed mediator via its CNCEF membership is CMAP — Centre de Médiation et d'Arbitrage de Paris, 39 avenue Franklin D. Roosevelt, 75008 Paris — www.cmap.fr.

For real estate complaints, the appointed mediator is MEDIMMOCONSO — medimmoconso.fr.

To lodge a complaint with the French supervisory authority:
CNIL — Commission Nationale de l'Informatique et des Libertés
3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr

07 International Data Transfers

Monument Private Office primarily operates within the European Economic Area (EEA). Where we transfer personal data outside the EEA — for example, to a lender, service provider or co-advisor based in a third country — we ensure appropriate safeguards are in place, such as European Commission Standard Contractual Clauses (SCCs) or an adequacy decision, in accordance with GDPR Chapter V.

If you would like further information about the safeguards applicable to a specific transfer, please contact us.

08 Cookies

Our website uses cookies — small text files stored on your device — to ensure the site functions correctly and to understand how it is used.

TYPES OF COOKIES WE USE

ESSENTIAL COOKIES: Required for the website to function. These cannot be disabled.

ANALYTICS COOKIES: Help us understand how visitors use the site (e.g. pages visited, time spent). Only placed with your consent.

PREFERENCE COOKIES: Remember your settings and choices. Only placed with your consent.

When you first visit our website, you will be presented with a cookie consent banner. You may accept or decline non-essential cookies at any time by adjusting your preferences via the cookie settings link in the footer of our website, or through your browser settings.

Please note that disabling certain cookies may affect the functionality of our website. For more information on managing cookies, visit www.aboutcookies.org.

09 Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Access to personal data is restricted to those with a genuine business need.

While we take data security seriously, no transmission over the internet is entirely secure. If you believe your data has been compromised, please contact us immediately at info@mnt-privateoffice.com.

10 Children's Privacy

Our website and services are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will indicate the date of the most recent update at the top of this page. Where changes are material, we will notify you by email or by a prominent notice on our website.

We encourage you to review this policy periodically.

12 Contact Us

For any questions about this Privacy Policy or the way we handle your personal data, please contact:

BY EMAIL: info@mnt-privateoffice.com

BY POST: Monument Private Office SAS, 60 rue François 1er, 75008 Paris, France — marked: Data Protection