Data Protection
Privacy Policy
We are committed to protecting your personal data in full compliance with the European General Data Protection Regulation (GDPR) and applicable French law.
Last updated: 29 April 2026. This Privacy Policy applies to all services provided by Riviera Wealth Management and to visitors of our website rivierawealthmanagement.com.
Accountability
Data Controller
The data controller responsible for processing your personal data is:
Benjamin Cohen — President & CEO, Riviera Wealth Management
840 Avenue des Parcs, 06250 Mougins, France
+33 4 11 66 55 44 · contact@rivierawealthmanagement.com
Transparency
Personal Data We Collect
Depending on your relationship with us, we may collect and process the following categories of personal data:
- Identification — Full name, date of birth, nationality, ID document
- Contact details — Address, email, telephone number
- Professional situation — Employer, profession, income sources
- Financial & wealth data — Assets, investments, insurance, real estate
- Family situation — Civil status, dependents, matrimonial regime
- Browsing data — IP address, cookies, pages visited
GDPR Article 6
Purposes and Legal Basis
| Purpose | Description | Legal Basis |
|---|---|---|
| Investment advisory | Personalised wealth management recommendations | Contract — 6.1(b) |
| KYC / AML / MiFID II | Client identification and regulatory due diligence | Legal obligation — 6.1(c) |
| Newsletter & insights | Market updates and investment commentary | |
| Client relationship | Managing appointments and communications | Legitimate interest — 6.1(f) |
| Website improvement | Traffic analysis and service improvement | Legitimate interest — 6.1(f) |
| Marketing | Communications about our services and events |
Data Sharing
Data Recipients
Your personal data may be shared with the following recipients, strictly on a need-to-know basis:
- Financial partners — Insurance companies, asset managers, banking custodians
- Technical providers — Cloud hosting, CRM, e-signature platforms (GDPR Art. 28 agreements)
- Regulatory authorities — AMF, ACPR, TRACFIN when required by law
- External advisors — Notaries, accountants, lawyers engaged with your authorisation
We never sell, rent, or trade your personal data to third parties.
Cross-Border
International Data Transfers
Your data is primarily processed within the EEA. When transfers outside the EEA are necessary, we ensure protection through Standard Contractual Clauses (SCCs), adequacy decisions, and supplementary measures including encryption and data minimisation.
You may request a copy of the relevant safeguards at contact@rivierawealthmanagement.com.
Data Lifecycle
Data Retention Periods
| Category | Retention Period | Basis |
|---|---|---|
| Active client files | Duration of contractual relationship | Contract performance |
| Former client data | 5 years after end of relationship | Civil liability (art. 2224 Civil Code) |
| KYC / AML records | 5 years after relationship end | Art. L561-12 Monetary & Financial Code |
| Advisory documentation | 5 years | MiFID II / Directive 2014/65/EU |
| Prospect data | 3 years from last contact | CNIL guidelines |
| Cookies & trackers | 13 months maximum | CNIL recommendation |
GDPR Chapter III
Your Rights
Under the GDPR, you have the following rights. We respond within 30 days, free of charge.
Article 15
Right of Access
Obtain confirmation and a copy of your data.
Article 16
Right to Rectification
Request correction of inaccurate data.
Article 17
Right to Erasure
Request deletion where no compelling reason exists.
Article 18
Right to Restriction
Limit processing in certain circumstances.
Article 20
Right to Portability
Receive your data in a structured format.
Article 21
Right to Object
Object to processing based on legitimate interest.
Contact us at contact@rivierawealthmanagement.com or by post to 840 Avenue des Parcs, 06250 Mougins. You may also lodge a complaint with the CNIL — 3 Place de Fontenoy, 75007 Paris.
Cookie Policy
Cookies & Trackers
| Category | Purpose | Retention |
|---|---|---|
| Strictly necessary | Session management, security, authentication | Session |
| Analytics | Traffic measurement, anonymised user journey | 13 months |
| Preferences | Language, display settings, cookie choice | 12 months |
Data Protection
Data Security
SSL / TLS
All data in transit encrypted with TLS 1.3
Access Controls
Role-based access with multi-factor authentication
Encrypted Backups
Automated backups on French sovereign infrastructure
Staff Training
Annual GDPR awareness training for all personnel
Policy Updates
Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated by email and displayed prominently on our website for 30 days.
Get in Touch
Contact Us
Post
Registered Office
840 Avenue des Parcs
06250 Mougins, France