Privacy and GDPR
Privacy Policy
This policy describes how Shine Your Life LLC (Étincelle Ta Vie) collects, processes, and protects your personal data as part of using the peggygirault.fr website and the support programs offered. In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (loi Informatique et Libertés).
Last updated: May 1, 2026
Data controller
Shine Your Life LLC
EIN: 32-0812179
Registered office: 30 N Gould St, Ste R, Sheridan, WY 82801, USA
Trade name: ÉTINCELLE TA VIE
Internal GDPR contact: Peggy Girault, founder and director.
Contact for any question regarding the processing of your data: girault.peggy@gmail.com
No external Data Protection Officer (DPO) has been appointed, as the processing is not carried out on a large scale within the meaning of Article 37 of GDPR.
Data collected
The data collected varies depending on the context of interaction with the site and services:
When booking an appointment (Calendly):
Last name, first name, email address, phone number, personal motivations, chosen time slot.
When subscribing to a support program (Premium Microbiome or Spark Program):
Data above + health data (weight, height, age, blood type, allergies, current treatments, emotional state, gut microbiome data where applicable).
When browsing the site:
Anonymized technical data (anonymized IP address, browser type, pages viewed) collected via Vercel Analytics without cookies.
When subscribing to the newsletter (upcoming):
Email address and first name.
Purposes and legal bases
- Manage diagnostic appointment bookings — Legal basis: execution of pre-contractual measures at the request of the data subject.
- Provide support (microbiome analysis, program) — Legal basis: execution of the contract + explicit consent for health data.
- Send the newsletter — Legal basis: consent.
- Measure site audience — Legal basis: legitimate interest (anonymized analytics without cookies).
- Comply with accounting and tax obligations — Legal basis: legal obligation.
Health data: reinforced processing
Health-related data constitutes a special category within the meaning of Article 9 of GDPR. It is subject to reinforced processing:
- Collection of explicit and written consent before any collection.
- Absolute confidentiality by analogy with professional secrecy.
- No sharing with commercial third parties or advertising platforms.
- Retention limited to the duration of follow-up plus applicable legal periods.
Sub-processors and recipients
The following technical providers may process some of your data within the strict framework of providing the service:
Vercel Inc.
Role: Web hosting and anonymized analytics
Location: United States
Safeguard: Vercel Data Processing Agreement + Data Privacy Framework (DPF)
Supabase
Role: Media storage (Storage)
Location: European Union (Frankfurt region)
Safeguard: Native GDPR compliant, DPA available
Calendly
Role: Online appointment booking
Location: United States
Safeguard: DPF + mandatory prior consent banner
ActiveCampaign
UpcomingRole: Newsletter delivery
Location: United States
Safeguard: DPF + explicit opt-in consent
Stripe Payments Europe
UpcomingRole: Online payment processing
Location: Ireland (EU)
Safeguard: Native EU GDPR
Data transfers outside the European Union
The data controller (Shine Your Life LLC) is established in the United States. Several technical sub-processors are also established outside the European Union (Vercel, Calendly, ActiveCampaign).
These transfers are framed by the Data Privacy Framework (DPF), an adequacy mechanism recognized by the European Commission for EU – U.S. transfers since July 2023.
Commitment: only providers compliant with GDPR or covered by the DPF are used. You can object to these transfers at any time by exercising your rights (see "Your rights" section).
Retention period
- Prospect data (contact form, Calendly bookings without follow-up): 3 years after last contact.
- Client data: duration of contract plus 5 years (civil prescription).
- Health data: duration of follow-up plus 10 years (CNIL recommendation, health sector).
- Billing data: 10 years (accounting obligation).
- Non-essential cookies: 13 months maximum (CNIL recommendation).
Your rights
In accordance with GDPR, you have the following rights regarding your personal data:
- Right of access — obtain communication of the data concerning you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request the deletion of your data ("right to be forgotten").
- Right to object — object to the processing of your data for legitimate reason.
- Right to restriction of processing — request the freezing of processing.
- Right to data portability — retrieve your data in a structured format.
- Right to withdraw consent — at any time, without justification.
- Right not to be subject to automated decision-making — including profiling.
How to exercise your rights: send an email to girault.peggy@gmail.com together with proof of identity.
Response time: 1 month maximum from receipt of the request (extendable by 2 months in case of complexity).
Recourse: in case of dissatisfaction, you can file a complaint with the CNIL: cnil.fr/plaintes.
Security
The following technical and organizational measures are implemented to ensure the security of your data:
- Mandatory HTTPS/TLS encryption for all communications with the site (Vercel).
- Access to data limited to authorized persons (Peggy Girault and Laetitia, as part of the support programs).
- Regular and encrypted data backups.
- Procedure for notification to the CNIL and to the persons concerned within 72 hours in case of data breach, in accordance with Article 33 of GDPR.
Contact and updates
GDPR contact: Peggy Girault — girault.peggy@gmail.com
Supervisory authority: Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, 75007 Paris — cnil.fr
This policy may evolve to adapt to changes in the site, services, or regulations. The version in force is the one published on this page. Substantial modifications are notified by email to the users concerned.