HypnoGoal

Special Offer : Valid Until 01/31/25

Menu

Privacy Policy

Last Updated: April 30, 2024

The website https://objectifhypnosis.us/ (hereinafter referred to as the “Site”) is an e-commerce platform primarily dedicated to the online sale of the products and services of the company HO Digital (hereinafter “HO Digital”). HO Digital is committed to respecting your privacy and protecting your personal data when using the Site. As part of accessing, consulting, browsing, and using the Site and the Products and Services it offers, you may provide HO Digital with personal data concerning you. These data are protected by law. For this reason, HO Digital, as the data controller, has implemented appropriate security measures to protect your personal data. HO Digital has updated its Privacy Policy in accordance with applicable regulations, including Regulation (EU) 2016/679 of April 27, 2016 (“GDPR”) and the French Data Protection Act No. 78-17 of January 6, 1978, as amended (“LIL”) and its implementing decree. We kindly ask that you read this policy to understand how your personal data is used by HO Digital. This policy complements the General Terms and Conditions of Sale of the Site (and, if applicable, any document or information referring to this policy). If needed, you can direct any questions to HO Digital by sending an email to contact@hypnoseobjectif.fr

Personal Data

The activities offered on the website accessible at https://objectifhypnosis.us/ involve the processing of personal data. This policy informs you of the characteristics of these processes and your rights regarding the personal data we hold about you. This Privacy Policy is written in accordance with French law No. 78-17 of January 6, 1978 (known as the “French Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.

Who is This Policy For?

This policy applies to all individuals who browse the website https://objectifhypnosis.us/

Who is the Data Controller?

The data controller is HO Digital, a SASU with a capital of €5,000, registered with the Paris Trade and Companies Register under number 983 277 724, located at 9 rue des Colonnes – 75002 PARIS, represented by its president, Mrs. Alizée THIEFIN.

Purposes (What the Data is Collected For)

The data processing activities aim to manage the activities offered on the website, namely:

  • Managing orders (order confirmation, invoicing)
  • Executing services (weekly follow-ups with customers)
  • Managing testimonials
  • Managing the technical aspects of the website (hosting, security, SEO)
  • Email or phone marketing
  • Cart reminder (marketing retargeting)
  • Managing newsletters
  • Managing trackers. Users are invited to consult the tracker policy available on the website.

Types of Data Processed

The data controller processes the following categories of data:

For orders, the collected data includes:

  • Identification data (name, first name, email, phone number, billing address)
  • Payment data (check, credit card details)
  • Order-related data (date, order number, etc.)

For service execution (weekly follow-ups):

  • Customer identity data (name, first name, postal address, phone number, email)
  • Personal situation data (lifestyle, eating habits, etc.)
  • Health data in some cases
  • Facebook profile name

For testimonials (video and written):

  • Image of the individual concerned, their opinion on products and services
  • Personal situation data (weight loss, eating habits, stress, etc.)

For website technical management (hosting, security, SEO):

  • Data stored on the website and connection data (IP address, logs, identifiers, devices, etc.)

For marketing:

  • Mobile phone, email, name, order history

For cart reminder (advertising retargeting):

  • Mobile phone, IP address, items in the cart

For newsletter distribution:

  • Only the email is collected

Legal Basis for Data Processing (What Allows Us to Process Your Data)

The legal basis for the processing is as follows:

  • For managing customer orders and executing services (weekly follow-up): the legal basis is the contract concluded during the order process.
  • For website technical management (hosting, security, SEO): the legal basis is legitimate interest.
  • For sending newsletters to existing customers or those who voluntarily sign up: the legal basis is legitimate interest.
  • For publishing testimonials, cart reminders, phone marketing, and prospecting for non-customers or former customers (more than 3 years since the last contact): the legal basis is the express and prior consent of the individual.

Data Retention Period

Data subject to processing are retained for no longer than necessary for the purposes for which they are collected (principle of data minimization).

The maximum retention periods are as follows:

  • For managing customer orders: data is retained for 10 years from the end of services (21 days after the order or from the last contact related to services).
  • For service execution: data is not retained and is deleted immediately after the exchange.
  • For testimonials: data is retained for 10 years from the publication date.
  • For website technical management: data is retained only for the necessary duration of the technical operation.
  • For marketing:
    • Data for customer marketing may be retained during the business relationship and for up to 3 years after the business relationship ends.
    • Data for marketing to prospects can be retained for 3 years from their collection or the last contact from the prospect (e.g., a click on a hyperlink in an email). After this period, we will reach out to see if they want to continue receiving marketing communications. If no explicit positive response is received, the data will be deleted.
  • For cart reminder (advertising retargeting): data is retained for XX days.
  • For newsletters: data is retained for 3 years from the last click.

Mandatory or Voluntary Data Collection

The data collected is required to fulfill the purposes of processing, except for certain information such as order notes. For online orders, the data is required to conclude and execute the order (contract).

Data Sources

The data is transmitted directly by the concerned individual.

Data Recipients

Depending on their respective needs, the following may be recipients of all or part of the data:

  • OVH for website hosting The concerned individual is invited to read how OVH processes data from the following page: OVH Cloud Data Protection

  • Messenger (Facebook) for exchanges The individual is informed that Facebook is a joint data controller for personal data exchanged on this network, including Messenger. HO Digital does not control how Facebook processes the data. The individual is invited to read how Facebook processes data from the following page: Facebook Privacy Policy

What Security Measures Are in Place?

The data controller implements appropriate technical and organizational measures to ensure a level of security commensurate with the risk. The data controller takes measures to ensure that any individual acting under their authority, or under the authority of a subcontractor, who has access to personal data, does not process it unless required to do so.

Transfer of Data to a Country Outside the European Union and Associated Safeguards

The data controller may transfer personal data outside the European Union through its subcontractors, notably OVH for website hosting or Facebook for Messenger exchanges. Regarding OVH, here is what the concerned individual should know:

The data is controlled by OVH, OVHcloud. It is then sent to other OVH locations and service providers that may be situated in other regions, including Canada and the United States. When OVH sends data outside the EEA, the UK, or Switzerland, it does so in accordance with applicable law.

When data is transferred to Canada, it is protected by Canadian law, which the European Commission has deemed adequate to protect your information. If these data are transferred outside of Canada (for example, to further subcontractors), they are protected by contractual commitments comparable to those in the Standard Contractual Clauses.

Finally, while OVH does everything in its power to protect the data, it may sometimes be legally obligated to disclose the data (e.g., if it receives a valid court order). For more information on how OVH responds to such orders, please consult the guidelines for legal requests.

The data controller ensures that these transfers are made:

  • To countries with an “adequate” level of protection as recognized by European data protection authorities, or
  • With appropriate safeguards under Article 46 of the GDPR, or
  • In compliance with Article 49 of the GDPR.

Automated Decision-Making

The processing does not involve fully automated decision-making.

Data Access, Rectification, Deletion, and Portability Rights

The concerned individual has the right to set directives concerning the retention, deletion, and communication of their personal data after their death. These directives may be general or specific. The concerned individual also benefits from the right of access, opposition, rectification, deletion, and, under certain conditions, portability of their personal data.

The concerned individual has the right to withdraw their consent at any time if consent is the legal basis for the processing. The request must include the full name, email or postal address of the individual, and be signed with a valid identification document. The request can be made by contacting: Mrs. Alizée THIEFIN – President, HO DIGITAL 9 rue des Colonnes – 75002 PARIS, email: contact@hypnoseobjectif.fr

Complaint

The concerned individual has the right to file a complaint with the relevant supervisory authorities.

Updates to This Policy

This policy may be updated, particularly if there are changes to the services offered on the Site. Therefore, we recommend that you consult this policy whenever you access the Site.

Scroll to Top