Privacy Policy
What is the purpose of our Privacy Policy?
DiamPark SAS, which manages the mobile application DigiPark, places great importance on the protection and confidentiality of your personal data, which we consider a mark of seriousness and trust.
As such, our Privacy Policy for personal data specifically reflects our commitment to uphold the applicable rules on personal data protection within DiamPark SAS, particularly those of the General Data Protection Regulation ('GDPR').
In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide.
Who is our Privacy Policy for?
Our Privacy Policy is for you, regardless of your place of residence, as long as you are at least 15 years old and a user of our mobile application DigiPark.
If you are under the legal age detailed above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at rgpd@diampark.io.
If you believe that we hold personal data about your children without your consent, we invite you to contact us at the dedicated address mentioned above.
Why do we process your personal data and on what basis?
We process your personal data primarily for the following reasons:
- To use and benefit from our health service and all its features (e.g., account creation, medication tracking, activity and exercise tracking, etc.) based on our terms of use and your prior consent to allow us to process health data and your voice.
- To enable telemonitoring of your data by healthcare professionals, based on your prior consent to the teletransmission of your health data.
- To manage user accounts (e.g., account creation, access to the service, and account deletion) based on our terms of use.
- To download and upload documents on our platform based on our terms of use.
- To ensure and enhance the security and quality of our services daily (e.g., statistics, data security, etc.) based on our legal obligations, our terms of use, and our legitimate interest in ensuring the proper functioning of our services.
Your data is collected directly from you as a user of our mobile application DigiPark, and we commit to processing your data only for the reasons described above.
What personal data do we process and for how long?
We have summarized below the categories of personal data and their respective retention periods:
- Personal identification data (e.g., ID number, etc.) retained for the entire duration the account is active.
- Health data (e.g., illness, prescriptions, medications used, etc.) retained for the entire duration the account is active.
- Connection data (e.g., logs, IP address, etc.) retained for one year.
- Voice data retained for the entire duration the account is active.
- Biometric data used during registration and deleted after verifying your identity.
- Accelerometer data when the application is used in combination with the Smart Watch, retained for the entire duration the account is active to visualize the evolution of tremors.
Upon expiration of the applicable retention periods, the deletion of your personal data is irreversible, and we will no longer be able to communicate it to you after this period. At most, we may only retain anonymous data for statistical purposes.
Please also note that in the event of a dispute, we are required to retain all data concerning you for the entire duration of the case, even after the expiration of their retention periods described above.
What rights do you have to control the use of your personal data?
The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control the use we make of your data.
- Right of access and copy of your personal data as long as this request is not in conflict with business secrecy, confidentiality, or the secrecy of correspondence.
- Right to rectify personal data that is incorrect, outdated, or incomplete.
- Right to request the deletion ('right to be forgotten') of your personal data that is not essential for the proper functioning of our services.
- Right to limit your personal data, which allows you to pause the use of your data in case of a dispute over the legitimacy of processing.
- Right to data portability, allowing you to retrieve some of your personal data to store or transfer them easily from one information system to another.
- Right to give instructions on the fate of your data in case of death, either through yourself, a trusted third party, or an heir.
To have a request considered, it must be made directly by you to the address rgpd@diampark.io. Any request not made in this manner cannot be processed.
Requests cannot come from anyone other than you. Therefore, we may ask for proof of identity if there is doubt about the requester's identity.
We will respond to your request as soon as possible, with a maximum limit of three months from the receipt of the request if the request is technically complex or if we receive many requests simultaneously.
Please note that we may still refuse to respond to any excessive or unfounded request, particularly given its repetitive nature.
Who can access your personal data?
Your personal data is processed by our teams solely to manage applications.
We ensure that we thoroughly vet all our technical providers before hiring them to ensure they strictly comply with applicable personal data protection rules.
FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.
Can your personal data be transferred outside the European Union?
The personal data processed by our website is exclusively hosted on servers located within the European Union.
Moreover, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we ensure they implement the necessary safeguards to ensure the confidentiality and protection of your personal data.
How do we protect your personal data?
We implement the following technical and organizational measures to ensure the daily security of your personal data, particularly to combat any risk of destruction, loss, alteration, or disclosure.
Technical Security Measures | Organizational Security Measures |
---|---|
Two-factor user authentication (Front end), Encryption of user passwords (Front end), Frequent password changes for users (Front end), Complex passwords required for login (Front end), Password database (Back end) separate from user IDs, Encryption of user passwords (Back end), HTTPS protocol, Access traceability | Information system charter, Awareness and training of teams twice a year, codes of good conduct. |
Do we use cookies when you browse our mobile application?
WE GUARANTEE THAT WE DO NOT USE ANY ADVERTISING OR STATISTICAL COOKIES FOR THE FUNCTIONING OF OUR MOBILE APPLICATION.
We only use technical cookies necessary for the proper functioning of our mobile application, which we advise not to remove and which do not require a cookie banner.
However, if you still wish to object to their use, you can use your browser settings by following these instructions: Chrome, Microsoft Edge, Safari, Firefox, and Opera.
Who can you contact for more information on the use of your personal data?
To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ('DPO') with our supervisory authority.
How can you contact the CNIL?
You can contact the 'Commission nationale de l'informatique et des libertés' or 'CNIL' at any time at the following contact details: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at 01.53.73.22.22.
Can the Privacy Policy be modified?
We may modify our Privacy Policy at any time to adapt to new legal requirements and any new processing we may implement in the future.