MILINUS attaches great importance to the protection and security of your personal data, in compliance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as with the applicable national laws of the Member States of the European Union. This Privacy Policy (together with our Cookies Policy and Terms of Use and any documents referred to in it) is intended to inform you of the manner in which we process the personal data you provide to us and that we collect in the course of your use of the App and the Services. Please read this document carefully to understand our practices regarding the processing of your personal data and your rights in this regard. This Privacy Policy applies to all of our MILINUS services accessible online via the Website or via the App (hereinafter referred to as “Online Services”) excluding services provided and operated by third parties, in which case, the privacy policy of such third parties applies and not these provisions.

The personal data we collect

The notion of “personal data” covers all data that directly or indirectly identifies you, whether it is information that you have provided or declared (your contact details, etc.) but also information resulting from the contractual relationship that you have with MILINUS (exercise history, etc.). We take care to collect only the personal data concerning you that is necessary for the purposes for which it is collected. In this respect, we collect personal data:
  • that you provide to us directly;
  • that you provide to us indirectly through your use of our Services;
  • that you provide to us indirectly through your use of our Services; that third party sources provide to us.
In the course of providing our Services, we may collect and process the following categories of personal data about you:
  • identification and profile data, such as your title, identity, date of birth, email address and password, photograph
  • data related to your loyalty benefits, your sponsorships, your subscription and other products and services you have purchased;
  • data about your interests and preferences in direct marketing;
  • data about your fitness, sports and dietary habits;
  • Data about your exercise/performance/progress/evaluations;
  • data related to your interventions / interactions with us or other users;
  • bank data for payment of services;
  • data related to orders and billing of products and services purchased;
  • Photos and videos of your sessions;
  • geolocation data;
  • technical data of the terminal (IP, mobile ID, version of the app, advertising ID
This data is collected according to the services you use and for the purposes described below. To facilitate your registration and login to our services, we collect certain data indirectly: – From Facebook, via Facebook Connect. By clicking on the “Facebook Connect” button, you agree that Facebook may share this data with us. In the event that, in accordance with Article 6(1)(a) of the GDPR, you expressly consent to the exchange of data with Facebook prior to the registration process, the use of the Facebook Connect feature will give us access to certain general information stored in your Facebook profile that is, depending on your privacy settings, publicly available. This information includes, but is not limited to, profile name, photo, email, first and last name. – with Apple, via Apple Connect. Instead of using a social network account or filling out the form available on the App or the Website, you will be able to log in by clicking on the “Apple connect” button. In the event that, in accordance with Article 6(1)(a) of the GDPR, you expressly consent prior to the registration process to the exchange of data with Apple, the use of the Apple Connect feature will give us access to certain general information including, but not limited to, photo, email, first and last name. You can choose to change your name or hide your email. The mandatory or optional nature of the data you may be asked to provide will be indicated on the collection forms by an asterisk. You will be informed of the possible consequences for you if you do not answer. When you provide personal data about yourself, you undertake to provide accurate information that does not harm the interests or rights of third parties.

Why we process your personal data

We process your personal data for the following purposes:
  • Connection to the service
  • the management and follow-up of the registration, the customer relationship, the member relationship;
  • the provision of the services;
  • management and follow-up of orders and requests for information;
  • commercial and marketing management;
  • customer segmentation;
  • the development of personalized sports programs;
  • performance and fitness monitoring;
  • development and follow-up of nutritional programs;
  • quality and satisfaction measurement, service improvement;
In case of use of data for other purposes, we undertake to obtain your prior consent before the implementation of the processing and to specify beforehand the said purpose(s).

The recipients of your personal data

Your personal data is intended for the authorized people of the company and the entities of the MGI group. Your data is also communicated to the authorized personnel of the company Totem which ensures the technical maintenance. We share some of your personal data with commercial partners who provide us with certain specialized services or who cooperate with us on specific projects. These business partners act as separate data controllers and are therefore responsible for their own data protection compliance. These partnerships may be necessary to perform one of the services you have subscribed to. You will be duly informed in such cases. Your personal data may also be transferred to service providers selected by us, to provide certain services according to the instructions we provide them. These service providers (“subcontractors” in the sense of the regulation) are subject to an obligation of confidentiality, and have access to your personal data only to the extent necessary for the provision of their services and are therefore not authorized to use your data for other purposes. This includes our IT service providers and our customer support providers. We may also disclose your personal data if we are required to do so by law to enforce our rights and protect the security of our services and in connection with mergers or acquisitions of companies. Processing of your personal data outside the EU Your data is stored in the European Union. However, in order to operate our marketing service, we use the services of a provider located in the United States. We have signed a legally binding contract with this service provider, as well as standard contractual clauses adopted by the European Commission and governed by French law, obliging them to comply with French data protection legislation and Regulation (EU) 2016/679 How long we keep your personal data Your personal data is kept for a period of time in accordance with the legal and regulatory provisions in force and only for the time necessary to achieve the purposes for which it was collected. We keep your data for as long as necessary to use the services: For the duration of registration plus one year. After one year of inactivity on an account, it will be deleted and the data will be kept for another year, before being definitively destroyed. In accordance with our status of host, we are required by law to keep certain personal data for a period of one year on the basis of Article 6, II of the law for confidence in the digital economy of June 21, 2004. The email address will be kept for prospecting purposes for 1 year after 1 year of inactivity of the account. In case of deletion of your account, the email address will not be used for prospecting purposes. For requests to exercise rights: for the period of time necessary for us to prove that we have responded to requests in the event of litigation or control: 1 year from the month following your request. To meet our legal, tax and accounting obligations, we retain personal data of a transactional nature (and associated identification and contact data to the extent required for these purposes) for the statutory limitation period after a person ceases to be a customer. In this case, we limit the purposes of the processing and only use your data to meet these legal and regulatory obligations. We undertake to provide the best efforts and all the means in its possession to guarantee the optimal security of the stored data. However, it is your responsibility to take appropriate measures to protect your data.

Your rights

You have the right to access, rectify, erase, limit, port and oppose the processing of your personal data. In some cases, we may not grant your request if we demonstrate that the legitimate interest we are pursuing prevails. Furthermore, if the processing of your personal data is based on your consent, you also have the right to withdraw your consent at any time. All your requests for this right can be exercised:
  • by mail to GF INVEST-49 bis avenue de ceinture, 95880 Enghien Les Bains
  • by e-mail to confidentialite@milinus.fr
The person in charge of the treatment will answer your request within a maximum of one month as from its reception, provided that it is sufficiently precise and includes all the elements necessary to answer it. If the request is excessively recurrent, unfounded or manifestly intended to abuse this right of access, we may require payment of a “reasonable fee” based on the administrative costs incurred to issue these documents.

Security

In accordance with the provisions of Article 32 of the GDPR, we implement all the technical and organizational measures necessary to guarantee the security and confidentiality of the personal data collected and processed, and in particular to prevent them from being distorted, damaged or communicated to unauthorized third parties, by ensuring a level of security appropriate to the risks associated with the processing and the nature of the data to be protected, having regard to the level of technology and the cost of implementation.

Updates to the Privacy Policy

This Policy may be amended to comply with current legislation or the way we process your data in the course of our business. We ensure that the most recent version is published on the MILINUS website and app. When material changes are made to the Policy, we will notify you by posting a notice online or by sending you an email within a reasonable period of time prior to its entry into force, in accordance with applicable regulations.