In today's economic landscape, a company's intangible assets represent a major part of its value. Among them, the customer file represents much more than a simple list of contacts: it is a strategic tool, the fruit of investment and commercial effort. When a company is in debt, its creditors can legitimately seek to recover what they owe by turning to its assets. The seizure of assets, in particular advice on the acquisition of intangible and digital assetsThe seizure of a customer file raises complex legal issues. However, the seizure of a customer file raises complex legal issues, at the crossroads between enforcement procedures and the protection of personal data. It is an approach that explores the boundaries of seizable business assets and intangible rightsIt cannot be carried out without an in-depth analysis of the conditions for its validity and its consequences.
The customer file: a valuable and transferable intangible asset
Before envisaging its seizure, it is essential to understand the legal nature of the customer file. It should not be confused with the concept of customers, which is closely linked to it. This distinction is the key to understanding why one can be seized and the other cannot.
Distinction between customer and client files
From a legal point of view, customers are a volatile concept. It represents all the people who habitually approach a professional or a company. It is based on trust and reputation, which are by nature uncertain and personal. As a result, customers as such are not considered to be assets that can be appropriated or seized. It can only be 'transferred' through the sale of the business to which it is attached, which amounts to transferring the elements that enable it to be retained (the name, the sign, the lease, the equipment, etc.).
The customer file is different. It is the materialisation of this customer base in the form of an organised database. Whether on paper or, more commonly, in digital form (spreadsheet, CRM software), it constitutes intangible personal property. It is an intellectual creation, a structured collection of information (names, addresses, purchase histories, preferences) that has its own existence and can be detached from the business. It is this "asset" nature that makes it eligible for assignment and, by extension, seizure.
The economic value of the customer file
The value of a customer file can be considerable. It lies not just in the raw list of contacts, but in the wealth and quality of the information it contains. A well-maintained, segmented and up-to-date file makes it possible to carry out targeted marketing campaigns, build loyalty among existing customers and generate predictable sales. This economic value makes it a particularly attractive asset for creditors. Selling it at auction can raise funds to pay off a debt. However, the realisation of this value is directly conditional on the legality of the information it contains, particularly with regard to data protection regulations.
Prerequisites for entering the customer file
Entering a customer file is not a simple material operation. It is governed by strict legal constraints, compliance with which determines the very validity of the procedure. Compliance with the General Data Protection Regulation (GDPR) is at the heart of these requirements.
RGPD compliance: a legal imperative
Regulation (EU) 2016/679, known as the RGPD, governs all processing of personal data. A customer file is, by definition, the processing of personal data. For it to be validly entered and sold, it must first and foremost be lawful. This means that the data it contains must have been collected and processed by the debtor company in full compliance with the principles of the RGPD.
In practical terms, the company must be able to prove the legal basis on which it collected each item of data (for example, the individual's consent, the performance of a contract, or its legitimate interest). A customer file consisting of data collected without a valid legal basis, or kept for longer than necessary, is a "contaminated" asset. Its transfer would be unlawful and its economic value virtually nil, as the acquirer could not legally exploit it. The creditor requesting the seizure must therefore be aware that the value of his pledge depends directly on the debtor's rigour in terms of data protection.
Data subject consent and 'active' data
One of the most delicate points concerns the transfer of consent. The fact that a customer has consented to company A processing his or her data does not mean that he or she consents to company B, which acquires the file, using it in turn. The transfer of the file to a third party constitutes a new processing operation, for a potentially different purpose.
The purchaser of the seized file will become the new "data controller". As soon as they take possession, they must inform each person in the file individually of the new situation. They must explain the origin of the data (the seizure), the purpose of their own processing (for example, commercial canvassing) and remind them of their rights, in particular the right to object to the new processing. In practice, the value of the file lies in the potential number of customers who will not object to this new use. We are not capturing a list of captive customers, but a list of potential prospects who will have to be asked for their consent again, in a way.
Procedure for entering a customer file
The seizure of an intangible right such as a customer file follows a specific procedure, which is often more complex than the seizure of a tangible asset. It requires the intervention of a judicial commissioner (formerly a bailiff) and, frequently, that of a judge.
Identification of the garnishee (direct debtor or designated technician)
The first step is to locate the file. If the file is stored on the debtor company's servers, the data is entered directly by the debtor. However, it is increasingly common for the data to be hosted by a third-party service provider: an IT services company, a SaaS (Software as a Service) CRM solution provider, or a marketing agency. In this case, the service provider becomes the "garnishee". The court commissioner will serve the seizure order on the service provider, prohibiting it from disposing of or altering the data. The service provider then has an obligation to cooperate and must declare the nature and extent of the data it holds on behalf of the debtor.
The role of the enforcement judge in securing an extraction (enforcement difficulties)
Capturing a digital file is more than just copying a file. Technical and legal difficulties can arise. The debtor may be uncooperative, refusing to provide passwords or supplying a file that is incomplete or in an unusable format. This is where the intervention of the Enforcement Judge (JEX) in matters of enforcement difficulties becomes essential. At the request of the creditor, the JEX can order restrictive measures to enable the seizure to be carried out effectively. For example, it may authorise the court commissioner to call on the assistance of an IT expert to securely extract the data, even without the debtor's consent. The judge will ensure that the operation is carried out in a proportionate manner, by ensuring that only relevant data from the customer file is extracted.
The content of the specifications and advertising the sale
Once the seizure is complete, the sale of the customer file is organised. This sale is governed by specifications, an essential document drawn up under the supervision of the creditor and the court commissioner. This document must describe precisely the nature of the asset being sold: the format of the file, the type of data included (contact details, history, etc.), and its volume. Above all, it must mention the obligations that will be placed on the purchaser in terms of RGPD. The specifications act as a legal notice, informing potential bidders that use of the file is subject to strict data protection rules. The sale is then advertised to attract as many buyers as possible and obtain the best possible price, in the interests of both the creditor and the debtor.
Issues and responsibilities once the customer file has been entered
The operation does not end with the sale. The seizure and transfer of a customer file involves the responsibility of several players and raises issues that go beyond the simple recovery of debts.
Protection of business secrecy
A customer file may contain information that is a business secret. It may reveal the debtor's commercial strategy, its market share, the identity of its best customers, specific pricing conditions, etc. Disclosing this information during the sales process could cause further damage to the debtor company. The procedure must therefore be conducted with great care. The JEX may, for example, order that certain particularly sensitive data be anonymised or excluded from the scope of the sale, in order to strike a balance between the creditor's right to be paid and the protection of the debtor's strategic assets.
The purchaser's obligations under the RGPD
As mentioned above, the purchaser of the file assumes considerable responsibility. They do not become the owner of the data, but simply its new "data controller". Their obligations are clear and must be implemented without delay:
- Informing people : The data controller must contact each person in the file to inform them of the change in data controller, the purpose of the data processing and their rights.
- Respecting rights : It must put in place simple procedures to enable individuals to exercise their right of access, rectification, deletion and, above all, opposition.
- Guaranteeing safety : It must ensure the security and confidentiality of the data acquired.
Failure to comply with these obligations exposes the purchaser to severe penalties from the CNIL. The purchase of a captured customer file is therefore not simply the acquisition of an asset, but the beginning of a new legal relationship with each person in the file.
The seizure of a customer file is a powerful but delicate collection procedure. It demonstrates that digital assets are now fully integrated into a company's seizable assets. However, its implementation is a complex balancing act between creditor law, intellectual property law and, above all, the fundamental right to protection of personal data. To navigate these legal and technical waters, the assistance of a lawyer is essential to secure the procedure, guarantee its legality and optimise its effectiveness. If you are a creditor or debtor in a situation involving such assets, a advice on seizing intangible and digital assets is necessary to assess your rights and obligations.
Sources
- Code of civil enforcement procedures
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD)
- Commercial Code (relating to business assets)
- Intellectual Property Code (relating to databases)
EN 
FR