Privacy and Data Protection Policy
Last updated: April 8, 2026
Article 1: Data Controller and DPO
The company FlexiZdrowie, with its registered office at Centre d'Affaires Trocadéro, 112 Avenue Kléber, 75116 Paris, France, acts as the Data Controller. To ensure optimal protection of your personal and sensitive data, we have appointed a Data Protection Officer (DPO) who can be contacted directly at the email address: [email protected].
Article 2: Data Collection (Minimization and Purposes)
We collect your personal data within a strict, transparent, and proportionate framework relative to the services offered on https://flexizdrowie.com:
- Contact and Identity Data: Name, first name, email address, phone number (Legal basis: Contractual performance and pre-contractual measures).
- Wellness Data (Sensitive Data): If you voluntarily provide information about your physical condition, lifestyle habits, or health goals. Legal basis: Explicit, free, and informed consent (Article 9 of the GDPR).
- Technical and Telemetry Data: IP addresses, connection logs, browser type, analytical cookies (Legal basis: Legitimate interest for site security and optimization).
Article 3: Advanced Security and Encryption
To ensure the integrity of your information, especially data related to your well-being, FlexiZdrowie applies institutional-level security standards:
End-to-end encryption
Systematic use of the TLS 1.3 protocol for securing data in transit.
Encryption at rest
Database storage with AES-256 encryption algorithm.
Partitioning and Access
Access to sensitive data is strictly limited to technically authorized personnel, subject to rigorous confidentiality clauses and regular security audits.
Article 4: Your Inalienable Rights (Articles 15 to 22 of the GDPR)
In accordance with European regulations, you have absolute control over your personal information:
Receive a full copy of the data we process concerning you.
Demand the immediate correction of any inaccurate or incomplete data.
Request the definitive deletion of your profile and health data, subject to our legal retention obligations.
Temporarily freeze or suspend the processing of your information in case of dispute.
Retrieve your data in a structured, commonly used, and machine-readable format (JSON/CSV) to transmit it to a third party.
Refuse any processing for commercial prospecting purposes or withdraw your consent for the processing of your health data at any time.
Article 5: International Transfers and Sub-processors
Your data is primarily hosted on highly secure servers located within the European Union (EU). In the event that we use sub-processors located outside the European Economic Area (EEA) for specific technical needs, FlexiZdrowie guarantees that these transfers are strictly governed by the Standard Contractual Clauses approved by the European Commission.
Article 6: Retention Periods and Archiving
FlexiZdrowie commits not to retain your data beyond the strictly necessary period:
- Wellness Data and User Profile: Deleted or irreversibly anonymized after 24 consecutive months of account inactivity.
- Administrative and Billing Data:Stored as a secure archive for 10 years to satisfy accounting and tax obligations under the French Commercial Code.
- Trackers (Cookies):The maximum lifespan of cookies subject to consent is set at 13 months.
Article 7: Appeals to the CNIL
If, after contacting us, you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a formal complaint with the French supervisory authority, the CNIL (Commission Nationale de l'Informatique et des Libertés), via its official website (www.cnil.fr).