Privacy Policy
Protection and respect for your personal data in accordance with the General Data Protection Regulation (GDPR).
Preamble
This privacy policy describes how Bastien Miest, a nutrisport coach practicing in Luxembourg, collects, uses, stores and protects your personal data in the context of his nutritional and sports coaching services.
We attach the utmost importance to the protection of your privacy and respect for your personal data, particularly your health data which is subject to enhanced protection. This policy complies with the General Data Protection Regulation (GDPR EU 2016/679) and Luxembourg legislation on data protection.
Data Controller: Bastien Miest
Email: contact@perdredupoids.lu
Phone: +352 661 176 369
Supervisory Authority: National Commission for Data Protection (CNPD), Luxembourg
1. Data Collected
Identification Data
Last name, first name, date of birth, postal address, email address, phone number.
Health Data
Weight, height, BMI, body composition, relevant medical history, food allergies, dietary restrictions, health goals. This data is considered sensitive within the meaning of the GDPR and is subject to enhanced protection.
Tracking Data
Consultation history, meal plans, exercise programs, progress measurements, progress photos (with explicit consent), exchanges with the coaching support team.
Payment Data
Billing information, payment history. Banking details are not stored by us but processed by PCI-DSS certified payment service providers.
Navigation Data
IP address, browser type, pages visited, visit duration. This data is collected via cookies with your prior consent.
2. Processing Purposes
Service Provision
Development of personalized nutrition plans, design of adapted exercise programs, tracking your progress, nutritionist consultations and sports coaching.
Communication
Responses to your requests, appointment confirmation, consultation reminders, sending personalized recommendations.
Service Improvement
Anonymized analysis of results to improve our methods, development and optimization of our coaching tools.
Legal Obligations
Compliance with accounting and tax obligations, transmission to CNS for reimbursement (with your consent), retention to meet Luxembourg legal obligations.
Marketing (Optional)
Sending newsletters, information about our new services, nutrition and fitness advice. You can unsubscribe at any time.
3. Legal Basis for Processing
Contract Performance
The processing of your data is necessary for the performance of the service provision contract you have entered into with us.
Consent
For sensitive health data, progress photos and marketing, we collect your explicit and informed consent. You can withdraw this consent at any time.
Legal Obligation
Retention of billing data in accordance with Luxembourg accounting obligations (10 years).
Legitimate Interest
Improvement of our services based on anonymized data analysis, fraud prevention.
4. Data Recipients
Authorized Personnel
Bastien Miest (nutrisport coach) and direct collaborators under strict confidentiality obligation.
Technical Subcontractors
Data host (secure servers in EU compliant with GDPR), payment service provider (PCI-DSS certified), emailing service (for newsletters with consent), video conferencing platform (for online consultations).
Health Organizations
National Health Fund (CNS) only for reimbursement requests and with your explicit consent. Treating physician if coordination is necessary and with your written authorization.
Authorities
Possible transmission to judicial, tax or health authorities in case of legal obligation.
5. Retention Period
During Contractual Relationship
All data necessary for the provision of services is retained for the duration of your program and up to 3 years after the last consultation.
Health Data
Retained for 10 years after the last consultation in accordance with Luxembourg legal obligations for health professionals.
Accounting Data
Invoices and payment data retained for 10 years in accordance with accounting obligations.
Marketing
Prospecting data retained for 3 years from last contact. Immediate deletion upon unsubscription.
Anonymized Data
Anonymized statistics (average age, average weight loss, etc.) may be retained indefinitely as they are non-identifying.
6. Data Security
Technical Measures
SSL/TLS encryption for all transmissions, hosting on secure servers in Europe, daily encrypted backups, firewall and anti-intrusion protection, data access via strong authentication.
Organizational Measures
Data access strictly limited to authorized personnel, GDPR training for all staff, internal data management procedures, regular security audits.
Coaching Support
Exchanges with the coaching support are end-to-end encrypted, data is anonymized, no resale or sharing of data with third parties.
Breach Notification
In the event of a personal data breach, we undertake to notify the National Commission for Data Protection (CNPD) within 72 hours and the data subjects without delay if the breach presents a high risk.
7. Your GDPR Rights
Right of Access
You can obtain a copy of all personal data we hold about you, as well as information about their processing.
Right to Rectification
You can request the correction of inaccurate or incomplete data concerning you.
Right to Erasure ('Right to be Forgotten')
You can request the deletion of your personal data, unless we have a legal obligation to retain it (health data, accounting).
Right to Restriction of Processing
You can request the temporary freezing of the processing of your data in certain circumstances (contesting accuracy, objection to processing).
Right to Data Portability
You can receive your data in a structured, commonly used and machine-readable format, and transmit it to another data controller.
Right to Object
You can object at any time to the processing of your data for direct marketing purposes. For other purposes, you can object for legitimate reasons.
Right to Withdraw Consent
Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
Right to Define Post-Mortem Directives
You can define directives regarding the retention, deletion or communication of your data after your death.
How to Exercise Your Rights?
For any request concerning your personal data, contact us by:
contact@perdredupoids.lu
Response within 48 hours maximum
Cabinet Bastien Miest, Luxembourg City, Luxembourg
With a copy of valid ID
Phone
+352 661 176 369
For any preliminary questions
Response Time and Supporting Documents
We undertake to respond to any request to exercise rights within a maximum period of 1 month from receipt of your request. This period may be extended by an additional 2 months taking into account the complexity and number of requests. We will inform you in this case.
To ensure the security of your data, we will ask you to prove your identity by providing a copy of a valid identity document.
Right to Lodge a Complaint
If you believe that the processing of your personal data constitutes a violation of applicable legislation, you have the right to lodge a complaint with the competent supervisory authority:
National Commission for Data Protection (CNPD)
15, boulevard du Jazz L-4370 Belvaux Luxembourg
Tel: (+352) 26 10 60-1
Email: info@cnpd.lu
Website: cnpd.public.lu
Modifications to the Privacy Policy
We reserve the right to modify this privacy policy at any time, particularly to comply with any regulatory, jurisprudential, editorial or technical developments.
Any substantial modification will be brought to your attention by email or via a notification on our website at least 30 days before it comes into effect. Continued use of our services after this notification constitutes acceptance of the modifications.
We encourage you to regularly consult this page to become aware of the current version of our privacy policy.
Questions About Your Data?
Our team is at your disposal to answer all your questions regarding the protection of your personal data.
Contact Us