Privacy Policy

Definition

Sandra Anthune Bereau’s data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD). Our data protection statement must be legible and understandable to the general public. To ensure this, we would like to start by explaining the terminology used.

In this data protection declaration, we use the following terms, among others:

1. Personal details

Personal data means any information relating to an identified, data subject or identifiable natural person (“user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. User

The user is any identified or identifiable natural person whose personal data is processed by the data controller.

3. Treatment

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Processing restrictions

Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

6. Anonymization

Anonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific person without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. Responsible for treatment

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

8. Responsible for processing

Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not it is a third person. However, public authorities that may receive personal data in the context of a particular investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by such public authorities must comply with the applicable data protection rules, in accordance with the purposes of the processing.

10. Third parties

The third party is a natural or legal person, public authority, agency or body other than the user, responsible for the treatment and/or processing, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. Consent

User consent is any freely given, specific, informed and unambiguous indication of the user’s wishes, by which the user, through a statement or a clear affirmative action, expresses his or her agreement to the processing of personal data concerning him or her.

Controller’s name and address

The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions relating to data protection is:

Sandra Anthune Bereau

TIN: Z0243223A

Email: contact@boostyhealth.com

Website: https://boostyhealth.com

Cookie Policy

Sandra Anthune Bereau’s websites use cookies to improve the user experience, provide specific functionalities, and analyze website traffic. Cookies are small text files that are stored on your computer system via your web browser. Many websites and servers use cookies to identify users, provide a more personalized experience, and enable specific features.

Through the use of cookies, Sandra Anthune Bereau can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as mentioned above, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. The user of the website that uses cookies, for example, does not have to enter access data each time the website is accessed, because these are assumed by the website, and the cookie is thus stored on the user’s computer system. Another example is a shopping cart cookie in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can, at any time, prevent the setting of cookies via our website, through a corresponding setting of the Internet browser used, and can thus permanently deny the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software applications. This is possible in all popular Internet browsers. If the user disables the setting of cookies in the Internet browser used, not all functions of our website can be used correctly.

User consent

When accessing our website for the first time, users are informed about the use of cookies and have the possibility to give or withdraw their consent to optional cookies via the cookie banner.

Types of Cookies Used and Purpose

Below is a table of the specific cookies used on this website, their type, purpose, duration and whether consent is required for their use.

Cookie name	Type	Purpose	Duration	Provider	Consent required
_ga	Analytical	Used by Google Analytics to distinguish unique users by assigning a randomly generated identifier. It enables measurement and monitoring of user behavior on the website.	2 years	Google Analytics	Yes
_ga_8G63JFZH0B	Analytical	Associated with Google Analytics, this cookie stores information about user sessions on the website.	2 years	Google Analytics	Yes
pll_language	Functional	Used by Polylang to store the user’s language preferences, ensuring the website is displayed in the correct language.	1 years	Polylang	No

Manage Cookie Preferences

Users can configure their browser to accept or reject cookies, or to warn them when a cookie is being sent. Instructions for changing cookie settings can be found in different browsers:

Data collection and general information

When you visit our website, technical data and general information such as browser type, operating system, pages visited and IP address may be collected automatically. Or provided voluntarily by users through contact forms or other interactions. By using this data and general information, Sandra Anthune Bereau does not draw any conclusions about the user.

This data is used to ensure optimized content delivery, improve system security and cooperate with the authorities in the event of security incidents. The data is processed anonymously and stored separately from other personal data provided by the user. This data may be collected automatically during use of the website or provided voluntarily by users via contact forms or other interactions.

1. types of data collected

Contact details: Includes name, e-mail address, telephone number, postal address (if applicable).
Browsing data: Includes information about devices, browser types, operating system, pages visited, length of visit, browsing behavior and other automatically generated information.
Data provided voluntarily: This includes any data provided by the user through contact forms, newsletter subscriptions, account registration, etc.

2. Purpose of data processing

The data collected is processed for the following purposes:

Managing requests and providing services: Data provided is used to respond to requests, provide requested services and ensure the best experience of using the website.
Website improvement and data analysis: Browsing data is analyzed to optimize services, identify usage patterns and improve functionalities.
Marketing communications: Based on the user’s consent, contact data may be used to send promotional communications, newsletters or other relevant information.

3. Legal basis for data processing

The data is processed on the basis of:

User consent: In cases where it is necessary (e.g. subscription to newsletters).
Execution of a contract: For services requested by the user.
Legitimate interest of the company: To optimize the website and services or respond to legitimate requests from users.

4. Sharing data with third parties

If data is shared with third parties, this will be done in accordance with the GDPR and only with the partners necessary to guarantee the service, such as analytical tool providers or operational partners. Any data transfers are always governed by contracts that guarantee users’ rights.

5. Data storage and security

The data collected is stored for the period necessary to fulfill the purposes described, unless a longer period is imposed or permitted by law. Sandra Anthune Bereau takes technical and organizational measures to ensure the security of personal data.

Possibility of contact through the website

The website of the Sandra Anthune Bereau contains information that enables a quick electronic contact to our companies as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data voluntarily transmitted by a user to the data controller or processor is stored for the purpose of processing or contacting the user.

Regular Deletion and Blocking of Personal Data

The data controller will only process and retain the user’s personal data for the period necessary to achieve the purpose of storage, or to the extent granted by the European legislator or other legislators in the laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, personal data is routinely blocked or erased in accordance with legal requirements.

Rights of the data subject

1. Right of confirmation

Each data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If you wish to make use of this right of confirmation, you can contact our data protection officer or another employee of the controller at any time.

2. Right of access

Each user shall have the right granted by the European legislator to obtain from the controller free information about their personal data stored at any time and a copy of this information. In addition, European directives and regulations grant the user access to the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the expected period for which personal data will be stored or, if this is not possible, the criteria used to determine this period;
the existence of the right to request from the controller the rectification or erasure of personal data, or the restriction of processing of personal data relating to the user, or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
if personal data is not collected from the user, any available information on its origin;
the existence of automated decisions, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the user.

In addition, the user has the right to obtain information on whether personal data is transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate guarantees regarding the transfer.

If you wish to make use of this right of access, you can contact our data protection officer or another employee at any time.

3. Right of rectification

Each user has the right granted by the European legislator to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the user has the right to have incomplete personal data completed, including by submitting an additional declaration.

4. Right to be forgotten

Each user has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies, provided that the processing is not necessary:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
The user withdraws the consent on which the processing is based, in accordance with Article 6(1)(a) of the GDPR.
You object to processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21(2) of the GDPR.
Personal data was processed illegally.
Personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by the Sandra Anthune Bereau, you may, at any time, contact our Data Protection Officer or another employee responsible for the processing. The Data Protection Officer of the Sandra Anthune Bereau or another employee shall promptly ensure that the erasure request is complied with immediately.

If the controller has made the personal data public and is obliged pursuant to Article 17(1) to delete the personal data, the controller shall, taking into account available technology and the costs of execution, take reasonable measures, including technical measures, to inform other controllers of the personal data that you have requested the deletion by such controllers of any links to such personal data, or the copying or reproduction thereof, insofar as the processing is no longer necessary. The Data Protection Officer of the Sandra Anthune Bereau or another employee will arrange the necessary measures in individual cases.

5. Right to restriction of processing

Each user shall have the right granted by the European legislator to obtain from the controller the restriction of processing when one of the following conditions applies:

The accuracy of personal data is contested by the user, during a period that allows the data controller to verify the accuracy of the personal data.
The processing is unlawful and the user opposes the deletion of the personal data and requests the restriction of its use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defense of legal claims.
The user has objected to the processing pursuant to Article 21(1) of the GDPR, pending verification that the legitimate grounds of the controller override those of the user.

If one of the aforementioned conditions is met, and a user wishes to request the restriction of the processing of personal data stored by the Sandra Anthune Bereau, he or she may at any time contact our Data Protection Officer or another employee responsible for the processing. The Data Protection Officer of the Sandra Anthune Bereau or another employee will arrange the restriction of the processing.

6. Right to data portability

Each user has the right granted by the European legislator to receive the personal data concerning him/her, which has been provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising your right to data portability under Article 20(1) of the GDPR, you have the right to have personal data transmitted directly from one controller to another, where this is technically feasible and does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the user may at any time contact the data protection officer designated by Sandra Anthune Bereau or another employee.

7. Right to object

Each user has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on Article 6(1)(e) or (f) of the GDPR. The same applies to profiling based on these provisions.

Sandra Anthune Bereau will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or for the establishment, exercise or defense of legal claims.

If Sandra Anthune Bereau processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling insofar as it relates to such direct marketing. If you object to processing for direct marketing purposes, the Sandra Anthune Bereau will no longer process your personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by Sandra Anthune Bereau for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the user may contact Sandra Anthune Bereau’s Data Protection Officer or another employee directly. Furthermore, the user is free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use their right to object by automated means, using technical specifications.

8. Automated individual decision-making, including profiling

Each user shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or which affects him or her in a similar way, provided that the decision (1) is not necessary for the taking of the decision, or the performance of a contract between you and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the user and a data controller, or (2) it is based on the user’s explicit consent, the Sandra Anthune Bereau shall implement suitable measures to safeguard the user’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If you wish to exercise the rights concerning automated individual decision-making, you may at any time contact our Data Protection Officer of Sandra Anthune Bereau or another employee directly.

9. Right to withdraw consent to data protection

Each user has the right granted by the European legislator to withdraw their consent to the processing of their personal data at any time.

If you wish to exercise your right to withdraw your consent, you can contact Sandra Anthune Bereau’s data protection officer or another employee directly at any time.

Policy for the Use of Analysis Tools and Technologies

To improve the user experience, offer personalized services and analyze traffic on our website, we use various third-party tools and technologies. Some of these tools may collect personal data from users, while others serve to provide additional functionality without directly collecting personal information.

Google Analytics (with anonymization function)

We use Google Analytics to analyze how users interact with our website. The data is collected anonymously through cookies, and the IP anonymization function is activated to protect users’ privacy. For more information, see Google’s Privacy Policy.

Facebook Pixel

We use Facebook Pixel to monitor user behavior on our website and evaluate the success of our Facebook marketing campaigns. This tool allows us to optimize ads based on user interactions, such as visits to specific pages or conversion actions. The data collected is anonymized and treated in accordance with Facebook’s privacy policy. Users can adjust their ad preferences via their Facebook account settings or consent mechanisms on our website.

WP Forms

WP Forms is used to allow users to submit information via contact forms on our website. The information submitted is stored so that we can respond to user requests. The data provided is stored securely and is not shared with third parties unless required to fulfill a specific user request.

Google Maps

We integrate maps provided by Google Maps to offer a more practical and intuitive browsing experience. The use of Google Maps may result in the collection of navigation information by Google, such as the user’s IP address and behavior on the map. For more information, please consult Google’s privacy policy.

Google reCAPTCHA

We use Google reCAPTCHA to protect our website from access and automated interactions (bots). The tool collects information such as the user’s IP address and browsing behavior to verify that the interaction is genuine. The data is transmitted to Google for verification and is processed in accordance with Google’s privacy policy.

Whatsapp Chat

Whatsapp Chat on our website allows direct communication with our visitors. When you use this feature, your phone number and other contact information may be shared with WhatsApp. For more information on data processing, please refer to WhatsApp’s privacy policy.

Google Maps, Youtube and Vimeo

These tools may collect browsing data, such as IP address, to provide mapping services or video playback. Data processing is carried out in accordance with the respective privacy policies: Google, Vimeo.

Google Fonts and Adobe Fonts

We use fonts provided by Google and Adobe to improve the visual presentation of our website. These tools may collect information such as IP address when fonts are loaded. Please refer to the Google and Adobe Privacy Policies.

Using Google Workspace

Sandra Anthune Bereau uses Google Workspace services, provided by Google LLC, to support its business operations, including, but not limited to, email management, document storage, calendars, video conferencing and other collaboration features. Google Workspace may therefore be used for the processing of personal data in the context of communication, file storage and calendar management, as necessary for the performance of our activities and services.

Google Workspace services are subject to Google’s security policies and are protected by technical and organizational measures that include encryption of data in transit and at rest, strict access control and regular security audits. For more information on Google’s security practices, please consult Google’s Privacy Policy.

Health Data Processing

Our website may collect and process users’ health data, which is considered sensitive data under the General Data Protection Regulation (GDPR). This data will be processed under one of the following conditions:

Explicit User Consent: Health data will only be processed after the explicit consent of the user for specific and legitimate purposes.
Compliance with Legal Obligations: Where applicable, we may process health data in accordance with the legislation in force for the provision of health care or compliance with other legal obligations.

Purposes of Processing

The health data collected will be used for the following specific purposes:

Provision of Health Care: Data required to provide health services or health advice.
Service Management: Data processed to ensure the proper functioning of our health-related services.
Compliance with legal obligations: Data processing required by specific legislation in the health sector.

Explicit Consent

In order to process your health data, you will be asked to provide your explicit and informed consent, clearly describing the purposes for which the data will be processed. Consent may be withdrawn at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent previously given.

Security Measures for Health Data

To protect the health data we collect, we implement strict technical and organizational measures, including:

Data Encryption: Health data is encrypted during storage and transmission.
Restricted Access Control: Only authorized persons have access to health data, according to their roles and needs.
Regular Audits: We carry out regular audits to ensure that our security measures are effective and in line with the requirements of the GDPR.

Health Data Retention Period

Health data will only be stored for as long as necessary to fulfill the purposes described in this policy or as required by applicable law. After this period, the data will be deleted or anonymized in accordance with applicable security standards.

Transfer of Health Data to Third Parties

Health data may be shared with third parties, such as health service providers, only when necessary to fulfill the purposes described and in compliance with applicable legislation. We ensure that all data transfers are governed by contracts that ensure adequate data protection.

Rights of Health Data Subjects

The user has the right to:

Access your Data: Request information about the health data we process.
Rectify the Data: Correct any incorrect or incomplete data.
Request Limitation or Deletion: Request the limitation of processing or the deletion of your health data.
Withdrawing Consent: Users can withdraw their consent to the processing of health data at any time.

Minimization and Purpose Limitation

Health data is processed in accordance with the principles of data minimization and purpose limitation, and is used only for the purposes described in this policy and as necessary to comply with legal obligations or provide services to the user.

Legal basis for processing

Art. 6(1), lit. a, serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If you have given your consent to the processing of your personal data for one or more specific purposes.

The legitimate interests pursued by the controller or a third party

Where the processing of personal data is based on Article 6(1), lit. f, our legitimate interest is to disseminate our work and actions for the well-being of all our visitors and the general public.

Period during which personal data will be stored

The criterion used to determine the storage period for personal data is the respective legal retention period. After the end of this period, the corresponding data is routinely deleted.

Changes to the Privacy Policy

We may update our Privacy Policy on a regular basis. We will notify you of any changes by posting the new Privacy Policy on this page.