privacy policy

privacy policy

Preliminary article - preamble

This confidentiality policy is addressed to Users (hereinafter “the User”) of the website (hereinafter “Site”) edited by the company SMART BODY, a simplified action company with sole shareholder whose head office is located at 42 boulevard albert 1er, 35200 Rennes, registered under number 88016863800026 (hereinafter « the Company ») and its purpose is to present to the User the content of the data processing of a personal nature implemented on the Site.

The Company undertakes in any case to respect the following three essential principles:
– collect only the data strictly necessary with regard to their purpose
– the User remains the owner of his personal data
– the data is processed in a transparent, confidential and secure manner

The processing of personal data is governed:
by law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms
by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, entered into force on May 25, 2018 (hereinafter « GDPR »)

Article 1 - Purposes of processing

The data may be collected for explicit, legitimate and determined purposes in order to ensure:

– the proper functioning and permanent improvement of the Site, its services and its functionalities
– refine the User’s search on the Site
– the management of the User’s subscription to the Site newsletter and for some the management of their subscription to the services offered
– the provision in a secure space of documents
– organization of events by the Company
– the management of requests for the right of access, rectification and opposition, erasure, limitation, portability, right to be forgotten and the right to lodge a complaint with the CNIL
– development of trade statistics

In any event, and for each defined purpose, the Company will use all the means in its possession to ensure the security and confidentiality of the personal data entrusted to it, in compliance with the laws and regulations in force.

Article 2 - Data controller

Personal data is collected and processed by the Company, whose contact details are mentioned in the « preliminary » article hereof, which is responsible for the processing of personal data implemented within the framework of the operation of the Site. .

For any questions relating to the management and use of personal data, the User must send an email to the following address: support (at)

article 3 - collection and processing of personal data

The personal data communicated by the User to the Company are subject to computer processing and are stored and used by the latter for the purposes described in the aforementioned article and concern:
– identification data (last name, first name, email address, telephone number, postal address)
– connection data and cookies (IP addresses, connection logs)
– the recording and management of orders and the supply of the corresponding products and / or services
– communication with Users in order to respond to their requests and requests
– the management of complaints and possible disputes
– sending to the User, after having obtained his prior express consent, newsletters, information messages and promotional offers.

In particular, the Company may collect personal data:
– when visiting the Site
– when registering on the Site
– when purchasing on the Site
– during exchanges with its teams via the Site
– when requesting contact or purchase on the Site

In addition, when the User visits the Site, navigation data may be collected and processed by the Company or by any service provider of his choice for statistical purposes, in order to improve the use of the Site, and in particular to measure the number of pages viewed, the number of visits and the User’s journey on the site.

article 4 - consent

When this is necessary with regard to the Data Protection Act, the Company undertakes to obtain the User’s consent and / or to allow him to oppose the use of his data for certain purposes.

The Company may send commercial solicitations to Users who have accepted it. If subsequently, Users no longer wish to receive such solicitations, they can at any time send an email free of charge and without providing any other reason to the following address: support (at)

Article 5 - Recipients of personal data

Only the authorized and determined persons mentioned below may have access to the User’s data:

– Authorized staff from the Publisher’s various departments (authorized staff from communication, administrative, logistics and IT departments, responsible for handling customer relations and responsible for monitoring)
– Sub-contractors of the Publisher who act in the name and on behalf of the Company, and in particular the host of the Site
– The Stripe secure payment service (information available on the site)

The secure payment service Paypal (information available on the site)
– The courts concerned, mediators, accountants, auditors, lawyers, bailiffs, debt collection companies,
– Third parties likely to place cookies on the User’s terminals (computers, tablets, mobile phones, etc.) when they consent
– Third-party social networks, the Site may use social plugins provided and operated by third-party companies, such as the Facebook button, LinkedIn, Twitter. Consequently, the User can send to third parties the information that he views in a section of the Site. If the User is not connected to his account opened with the third party, the latter will not be able to know his identity. If the User is connected to his account opened with the third party, then the latter may link the information or actions relating to his interactions with the Site to the account he holds with the third party in question. For more information, the User should consult the privacy policies of the third party regarding their data practices.

User data is not communicated, exchanged, sold or rented to any person other than those mentioned above.

Article 6 - Data retention period

The Company undertakes that the data collected will be kept in a form allowing the identification of the User for a period which does not exceed the period necessary for the purposes for which these data are collected and processed.

However, this data may be kept for the purpose of complying with a legal obligation or kept in files in accordance with the applicable regulations and laws.
As an exception, the User’s identification data is kept by the Company for a period of three (3) years from the last contact with the User.

For the management of the commercial relationship with the User and customer follow-up, data is kept for three (3) years from the end of the commercial relationship if the User is a customer.
For the management of requests for rights to the User’s data, the data is kept for one (1) year.

In any case, personal data will not be kept beyond the maximum retention period provided for in the Regulations and Laws in force and in accordance with the needs of the Company’s activity, either:
– 36 months from the last connection for the identification data
– 36 months from the date of the order for order data
– 13 months maximum from their provision for banking data
– 12 months from the last activity on the Site for prospect data

article 7 - User rights

In accordance with the amended Data Protection Act and the GDPR, the User benefits from the following rights:

– Right of access (article 15 of the RGPD) of rectification (article 16 of the RGPD) of updating, of completeness of the data
– Right to block or erase personal data (article 17 of the GDPR) when they are inaccurate, incomplete, equivocal, out of date, or whose collection, use, communication or storage is prohibited
– Right to withdraw consent at any time (article 13-2 of the GDPR)
– Right to limit data processing (article 18 of the GDPR)
– Right to object to data processing (article 21 of the GDPR)
– Right to portability of data provided, when the data is subject to automated processing based on the User’s consent or on a contract (article 20 of the GDPR)
– Right to lodge a complaint with the CNIL (article 77 of the RGPD)
– Right to define the fate of the data after the death of the User and to choose the communication (or not) of his data to a third party that he would have previously designated. In the event of death and in the absence of instructions from the User, the Publisher undertakes to destroy his data, unless their retention is necessary for evidentiary purposes or to meet a legal obligation.

These rights can be exercised by simple request by e-mail to the support address (at) indicating their contact details (last name, first name, address and a copy of the identity document) and, if applicable, a legitimate reason when this is required by law (in particular in the event of opposition to the processing).

article 8 - security

The Company and its possible subcontractors undertake to implement all the technical and organizational measures to ensure the security of the processing of personal data and the confidentiality of these, in application of the Data Protection Act. and the European Data Protection Regulation (RGPD) and Law No. 2018-133 of February 26, 2018.

article 9 - transfer outside the European Union

The Company may need to transfer User data outside the European Union. In this case, it would inform Users thereof, indicating the measures taken to control this transfer and ensure that the confidentiality of their data is respected.

article 10 - modification of privacy policies

This privacy policy may be changed by the Company at any time without notice.