What does the personal data use policy cover?

This policy informs you about the characteristics of data processing and your rights regarding your personal data.

Who is responsible for this policy?

The data controller is Sébastien HANTZ. The contact e-mail address is contact@sebastienhantz.com.

The manager can be reached at: 0685732532

This privacy policy has been drafted in accordance with Law no. 78-17 of January 6, 1978 (known as the “Loi informatique et libertés” or “LIL”) and the General Regulation on the Protection of Personal Data (“RGDP”) no. 2016/679.

Who is this policy aimed at?

This policy is intended for Sébastien Hantz customers and Internet users who log on to the sebastienhantz.com website.

Purposes (what data is collected for) 

For customers : the purpose of the processing is to manage appointments booked on the smartagenda platform, carry out consultations and manage customer relations.

-The transmission of certain data to third-party wellness practitioners

-Management of Internet users’ requests for information via the contact form

-Technical management of the site (maintenance, hosting, site security)

-Newsletter subscription management

Legal basis for processing: what gives us the right to process data

*For the management of consultations and customer relations, the legal basis for processing is the contract concluded with the customer.

*For the processing of any customer health data: the legal basis is consent

*For the transmission of certain data to third-party wellness practitioners : the legal basis is consent. 

*For the management of requests for information via the contact form, the legal basis is the legitimate interest (enabling online communication) or the execution of pre-contractual measures (production of estimates at the request of individuals).

*For technical management of the site (maintenance, hosting, site security), the legal basis is legitimate interest.

*To manage newsletter subscriptions, the legal basis is the subscriber’s consent.

Data retention period

Data is kept for no longer than is necessary for the purposes for which it was recorded (principle of minimization of processing).

*Customer data is kept for 5 years from the end of the contractual relationship.

*To manage newsletter subscriptions: the e-mail address is kept until the person concerned unsubscribes. Subscribers who have not clicked on a newsletter for more than a year are removed from the mailing list.

*For the management of requests for information via the contact form: 3 years from the date of the request.

*For technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs 

Processed data

The data controller processes the following categories of data:

Identity data (surname, first name, postal address, telephone number, e-mail address)

-Data relating to customers’ personal situation (lifestyle, eating habits, etc.)

-Customer health data where necessary

-Connection data (IP addresses, logs, etc.)

Whether data collection is mandatory or optional

The data collected is mandatory for the purposes of processing.

Data sources

Data is transmitted directly by the person concerned or via the smartagenda appointment scheduling platform.

Data recipients

Depending on their respective needs, the following recipients may receive all or part of the data:

-smartagenda, for appointment booking and remote consultations, whose privacy policy is available here : https://www.smartagenda.fr/politique-de-confidentialite.pdf

-The data controller may, with the customer’s express consent, pass on certain personal data to third-party wellness practitioners.

-Infomaniak for shared folders (kdrive) – kmeet

What safety measures are in place?

The data controller implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.

The controller shall take steps to ensure that any natural person acting under the authority of the controller or the processor, who has access to personal data, does not process them unless instructed to do so by the controller, unless obliged to do so.

Whether or not data is transferred to a country outside the European Union, and associated guarantees

The data controller transfers personal data outside the European Union.

The data controller undertakes to ensure that these transfers are carried out :

-to countries offering an adequate level of protection as defined by the European data protection authorities, or

-with appropriate safeguards pursuant to Article 46 of the RGDP or

-in compliance with Article 49 of the RGPD.

Automated decision-making

The processing does not involve automated decision-making.

Fate of personal data after death – Right of access, rectification, deletion and portability of data

The person concerned by a processing operation can define directives relating to the conservation, erasure and communication of his or her personal data after his or her death. These directives may be general or specific.

Data subjects also have the right to access, oppose, rectify, delete and, under certain conditions, port their personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for processing.

The request must indicate the first and last name, e-mail or postal address of the person concerned, and must be signed and accompanied by valid proof of identity.

To exercise these rights, please contact :

Sébastien HANTZ – 14, Allée des Tulipiers 74600 ANNECY

Mail: contact@sebastienhantz.com – Tel: 0685732532

Claim

The person concerned by a processing operation has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte