Privacy Policy

Terraillon Privacy Policy

Last updated: June 2025

1. Introduction

At Terraillon, protecting your personal data is a priority. This privacy policy describes how we collect, use, store, and protect your personal information, including health data collected through our connected devices.

2. Data Controller

The data controller is Terraillon SAS, located at 1 rue Ernest Gouin in Croissy sur Seine, 78290 and registered under number 796 080 455.

For any questions regarding your personal data, you can contact our Data Protection Officer (DPO) at the following address: serviceconsommateurs@terraillon.fr

3. Data Collected

We collect different categories of personal data depending on your interaction with our services:

  • Identification data : surname, first name, email address, telephone number.
  • Account data : identifiers, preferences, usage history.
  • Health data : weight, BMI, body composition, heart rate, blood pressure, sleep data, etc.
  • Browsing data : IP address, browser type, pages visited, cookies.

4. Purposes of Processing

Your personal data is processed for the following purposes:

  • Creation and management of your user account.
  • Provision of Terraillon services and products.
  • Analysis and improvement of our products and services.
  • Sending marketing communications, subject to your consent.
  • Compliance with legal and regulatory obligations.

5. Legal Basis for Processing

The processing of your personal data is based on the following legal bases:

  • Consent : for health data and marketing communications.
  • Performance of a contract : for the provision of our products and services.
  • Legal obligation : to comply with accounting and tax obligations.
  • Legitimate interest : to improve our services and prevent fraud.

6. Retention Period

We retain your personal data for the period necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Account data : until account deletion.
  • Health data : 3 years after last activity.
  • Billing data : 10 years in accordance with legal obligations.

7. Sharing Data

Your data may be shared with:

  • Our service providers (hosting, maintenance, payment) located in the European Union.
  • The competent authorities, if required by law.

We do not transfer your personal data outside the European Economic Area without appropriate safeguards.

8. Data Security

We implement rigorous technical and organizational measures to ensure the security of your personal data, particularly health data.

All health data collected through our connected devices is hosted in France on certified servers HDS (Health Data Hosting) , in accordance with the requirements of the Digital Health Agency (ANS).

This certification guarantees a high level of protection, traceability and availability of sensitive data, in full compliance with the Public Health Code and the GDPR.

9. Your Rights

In accordance with the GDPR, you have the following rights:

  • Right of access : obtain information on the processing of your data.
  • Right of rectification : request the correction of inaccurate data.
  • Right to erasure : request the deletion of your data.
  • Right to restriction of processing : restrict the processing of your data in certain circumstances.
  • Right to object : to object to the processing of your data for legitimate reasons.
  • Right to portability : receive your data in a structured and commonly used format.

To exercise these rights, please contact our DPO at the following address: [DPO email address].

10. Cookies

Our website uses cookies to improve your user experience, analyze traffic, and personalize content. You can manage your cookie preferences through your browser settings or our cookie management tool.

11. Changes to the Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes through our website or other appropriate means.