top of page

Privacy Policy @AzurX Investigation

Last update: 28 Décember 2025 

At AzurX Investigation, confidentiality and discretion are at the heart of our work. We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the French “Informatique et Libertés” law, and the obligations applicable to private investigators (a regulated activity supervised by CNAPS).

1. Data Controller

The data controller is:

AzurX Investigation (trade name) – RivierX Intelligence (legal entity)
Company ID (SIREN/SIRET): 989 507 660
Registered office: 950 route des Colles, 06410 Biot, France
CNAPS authorization to operate: AUT-S1-2025-10-28-A-00108185
Email (GDPR contact / DPO where applicable): dpo@rivierx.com
Contact page: /contacts

2. Personal Data We Collect

We only collect data that is strictly necessary to handle your request and/or to perform our assignments.

2.1 Identity and contact details

  • First and last name

  • Email address, telephone number

  • Postal address (if necessary)

2.2 Request / case file data

  • Factual information needed to assess and conduct the assignment (facts, dates, locations, descriptions)

  • Documents you provide (supporting documents, exchanges, evidence)

2.3 Data produced in the course of the assignment

  • Notes, findings, verification elements

  • Photos/videos only where lawful and relevant

  • Reports and summaries

2.4 Contractual and billing data

  • Quotes, contracts, contractual communications

  • Invoices, payments, accounting follow-up

2.5 Browsing data (cookies/trackers)

  • Technical cookies strictly necessary for the website to function

  • Audience measurement and performance cookies subject to consent (where applicable)

  • Third-party trackers (maps, videos, embedded content, etc.) subject to consent

2.6 Sensitive data (special categories)

We seek to avoid collecting sensitive data (health, political opinions, etc.).
If such data is strictly necessary for the establishment, exercise, or defence of legal claims, processing is strictly limited, governed, and secured (Article 9(2)(f) GDPR).

3. Purposes (Why We Use Your Data)

We process your data to:

  1. Respond to your requests (form, email, telephone)

  2. Assess feasibility and prepare an assignment (pre-contractual steps)

  3. Perform private investigation assignments and collect lawful evidence

  4. Manage customer relationships (contract management, follow-up, billing, accounting)

  5. Ensure system security and prevent fraud (traceability, logs)

  6. Comply with legal and regulatory obligations, including those related to the activity and CNAPS oversight

  7. Produce website analytics (anonymised/aggregated wherever possible) with your consent when required

4. Legal Bases

Depending on the situation, processing is based on:

  • Performance of a contract / pre-contractual measures (Article 6(1)(b) GDPR)

  • Legal obligation (Article 6(1)(c) GDPR)

  • Legitimate interests (Article 6(1)(f) GDPR), notably: security, fraud prevention, service improvement, defence of legal claims

  • Consent (Article 6(1)(a) GDPR) for non-essential cookies/trackers

  • Sensitive data: where necessary for legal claims (Article 9(2)(f) GDPR), with enhanced safeguards

5. Source of the Data

Data may come from:

  • You (communications, documents, forms)

  • Lawful publicly available sources (public registers, press, professional directories, public social media, etc.)

  • Authorized third parties depending on the context (lawyers, judicial officers, insurers, experts)

  • Witnesses or relevant parties, in compliance with applicable rules and the purpose of the assignment

6. Recipients of the Data

Data is accessible only to:

  • Authorized AzurX team members, bound by strict confidentiality

  • Technical service providers (hosting, email, maintenance, archiving) acting as processors under the GDPR and bound by data-processing agreements

  • Where applicable, our legal advisors and legal auxiliaries, our insurers, or competent authorities where required by law

We do not sell or rent your personal data.

7. Transfers Outside the European Union

By default, processing is carried out within the EU/EEA.
If a transfer outside the EU/EEA becomes necessary, it will be governed by appropriate safeguards (e.g., Standard Contractual Clauses) and, where required, additional measures and prior information.

8. Data Retention Periods

We retain data for a period proportionate to the purposes:

  • Prospects / enquiries with no follow-up: 3 years after the last contact

  • Case files and investigation documents: 5 years after case closure (unless litigation, a legal obligation, or the need to defend legal claims requires longer retention)

  • Accounting / billing: 10 years

  • Technical logs: 12 months

  • Cookies: see §10 (generally up to 13 months for cookies; audience statistics retained up to 25 months in aggregated form, depending on the tool and configuration)

9. Security and Confidentiality

We implement appropriate technical and organizational measures, including:

  • Role-based access controls and authorization management

  • Appropriate encryption (depending on data flows and storage)

  • Logging and traceability

  • Protected backups

  • Data minimisation and, where possible, pseudonymisation/restricted access to reports

  • Confidentiality awareness and procedures

10. Cookies and Trackers

Strictly necessary cookies

These cookies are essential to the website’s operation and do not require your consent.

Audience measurement / performance cookies

They are set only with your consent when required. You can change your choices at any time via the cookie banner and/or your browser settings.

Third-party trackers (maps, videos, embedded content)

They may enable third parties to collect data and are subject to consent when not strictly necessary.

Cookie management: “Cookie settings” link / cookie banner. https://usercentrics.com/wix-privacy-policy/

11. Your Rights

Under the GDPR, you have the following rights (among others):

  • Access, rectification, erasure

  • Restriction, objection (including objection to marketing)

  • Data portability (where applicable)

  • Withdrawal of consent (for consent-based processing)

  • Post-mortem directives (France)

You can exercise your rights:

We may request proof of identity in case of reasonable doubt, to protect your data.

Complaint: you may file a complaint with the CNIL (French Data Protection Authority) if you believe your rights have not been respected.

12. Automated Decisions / Profiling

We do not carry out any automated decision-making producing legal effects concerning you, and we do not conduct commercial profiling.

bottom of page