Privacy Policy (EkiYou Carbs)

 

 

 

The company DIAPPYMED (hereinafter “the Controller”) wishes by this Privacy Policy, to inform users of the application (hereinafter “Users”) of the processing of personal data collected via the application EkiYou Carbs (hereinafter “the Application”).

The collection of personal data is carried out in compliance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).

The User is hereby informed that the personal data indicated as mandatory on the forms and collected as part of the service described herein are necessary for the use of the EkiYou Carbs application.

  1. Identity and contact details of the data controller

The processing of Users’ personal data is carried out under the responsibility of the following controller :

DIAPPYMED

Cap Alpha,
3 avenue de l’Europe,
34830, Clapiers
représenté par Monsieur Omar DIOURI.

  1. Data Protection Officer (DPO) :

Our Data Protection Officer has been registered with the data protection authorities in an EU member state. If you have any questions or requests regarding this privacy statement or for the data protection officer, you can contact the DPO via the following email address : dpo@diappymed.com

  1. Processing implemented by purpose :

Management of the EkiYou Carbs application

The management of the EkiYou Carbs application includes the following sub-finalities :

Access and use of the Application ;

The operation of the Application ;

The subscription by the User or the generation of a code giving right to a subscription ;

– Responding to requests for information from the User on the services offered by the Data Controller ;

– The improvement of the Application by inviting Users to participate in surveys, studies and satisfaction polls ;

– The provision by third parties of technical functions on behalf of the Controller ;

– The sending of personalized offers by electronic communication (email, sms…) ;

Among the personal data of the User that DiappyMed collects, we can find :

– Identification data of the User (such as name, first name, login, password and e-mail of the User) ;

– Personal characteristics (such as gender, height and weight of the User, physical activity, eating habits) ;

– Health data (such as type of diabetes and injection system).

 

Data Controller

Legal Basis

Retention period

Recipient

Data Transfer

Diappymed

Legitimate Interest

 

30 days from the deletion of the account

– The data controller

– The service provider responsible for the maintenance and hosting of its computer system ;

– Legal counsel ;

– The User’s home health care provider, attending physician or caregiver, if expressly requested by the User.

The EkiYou application and the databases are hosted by our subcontractor Google in data centers in Frankfurt (Germany). The data processed for authentication purposes is hosted in data centers in the USA.

 

Google has subscribed to the European Commission’s standard contractual clauses.

 

Management of the User’s account and authentication on the application

The management of the EkiYou Carbs application includes the following sub-finalities:

The creation or modification of the account on the Application by the User ;

The encoding of the physical activities practiced, the food consumed and the history of insulin injections and blood sugar levels ;

Among the personal data of the User that DiappyMed collects from him may be :

– Identification data of the User (such as name, first name, date of birth, e-mail, identifier, gender, country, postal code) ;

– Data related to the User’s identifiers (such as login, password, IP address)

Data Controller

Legal Basis

Retention period

Recipient

Data Transfer

Diappymed

Legitimate Interest

 

30 days from the deletion of the account

The data controller and any authority legally authorized to access the data

The EkiYou application and the databases are hosted by our subcontractor Google in data centers in Frankfurt (Germany). The data processed for authentication purposes is hosted in data centers in the USA.

 

Google has subscribed to the European Commission’s standard contractual clauses.

 

 

Management of subscription and payment history

The management of the EkiYou Carbs application includes the following sub-features:

The collection, recording and use of subscription information

The follow-up of the history of payments and subscriptions

Among the personal data of the User that DiappyMed collects from him may be :

– Identification data of the User (such as name, first name, e-mail) ;

– Data related to the authentication of the User (such as login, password, IP address)

– Data relating to the history of payments and subscriptions.

Data Controller

Legal Basis

Retention period

Recipient

Data Transfer

Diappymed

Legitimate Interest

 

5 years

The data controller and any authority legally authorized to access the data

The EkiYou application and the databases are hosted by our subcontractor Google in data centers in Frankfurt (Germany). The data processed for authentication purposes is hosted in data centers in the USA.

 

Google has subscribed to the European Commission’s standard contractual clauses.

 

 

This data is collected when :

– The User creates or modifies his account on the Application ;

– The User accesses the Application ;

– The User takes out a subscription on the Application ;

– The User fills in the contact form on the Application ;

– The User fills in the physical activities practiced, the food consumed and the history of insulin injections and blood sugar levels ;

– The User’s home health care provider or other partner asks the Data Controller to generate a code entitling the User to a subscription.

The mandatory or optional nature of the data to be provided is indicated to the User at the time of collection by an asterisk (*).

The requirement to provide mandatory data is of a regulatory or contractual nature or it conditions access to the functionalities of the Controller’s Application.

Access to the functionalities of the Controller’s Application cannot be granted if this information is not provided.

By voluntarily providing optional data, the User expressly accepts that they will be processed under the conditions and for all of the above purposes.

  1. Social Networks

The Processor is present on various social networks, including Facebook, Instagram, LinkedIn, Youtube. As such, the Data Processor is likely to process the public data of the profiles of social network users who share, subscribe, follow or contact the Data Processor on these platforms.

The Data Processor shall not be responsible for the User’s public data accessible on these networks and platforms. The User is therefore advised to read the privacy policies applicable to each of these platforms in order to configure his or her privacy settings.

  1. Data Recipient

The Data Controller may share some of your data with its service providers (see section 3.).

This transmission of data by the Data Controller is carried out within the strict limits necessary for the accomplishment of the tasks conferred on these service providers.

These recipients may be required to contact the User directly using the contact details that he has provided.

The Data Controller requires these recipients to use the User’s personal data only to manage the services for which they are responsible and in accordance with the applicable laws and regulations on the protection of personal data.

Where applicable, the User’s personal data may be communicated to third parties authorized by law (in particular in the context of an express and motivated request from the judicial authorities).

Similarly, if the Data Controller is involved in a merger, acquisition, transfer of assets or receivership procedure, it may be required to transfer or share all or part of its assets, including the User’s personal data. In this case, the User will be informed and will be able to give his informed consent, before any transfer of his personal data to a third party.

  1. Storage and transfer of data outside the European Union

The User’s personal data processed through the Application are stored in the DataCenters of our subcontractor Google, located in Frankfurt (Germany).

The authentication service only processes the data necessary to connect to the application (email, password…) and is hosted in the United States. As such, our subcontractor Google has taken all the necessary measures to comply with the RGPD and has subscribed to the standard contractual clauses of the European Commission.

  1. Security of personal data

The Data Controller implements organizational, technical, software and physical measures for digital security to protect the User’s personal data from alteration, destruction and unauthorized access. However, it should be noted that the Internet is not a completely secure environment and that the Data Controller cannot guarantee the security of the transmission or storage of the User’s data on the Internet.

  1. Use of data for statistical purposes

As part of its commitment to the continuous improvement of its service, the Data Controller may use anonymized data for statistical purposes.

This data allows the Data Controller to perform analyses and find correlations between different variables, which helps it to better understand the needs of Users and to improve the quality of its services.

  1. Your rights

In accordance with the provisions of Regulation No. 2016/679 of April 27, 2016 and Law No. 78-17 of January 6, 1978 as amended, the User is fully informed of his rights.

The User has :

– a right of access to his data : the User has the right to obtain confirmation as to whether or not his data is being processed, as well as the communication of a copy of his data and information relating to the characteristics of the processing carried out by the Data Controller on such data ;

– a right to rectification of inaccurate information and incomplete data ;

– a right to the deletion of data that are no longer necessary for the processing, a right to withdraw consent to the processing, a right to object to the processing of his data when there are no legitimate and compelling reasons justifying the processing, a right to object to commercial prospecting ;

– a right to limit the processing in case of inaccuracy of the data during the time of their verification, or when they are no longer necessary for the exercise of a legal right ;

– a right to data portability, in order to request the transmission to another person in charge of the data provided with his consent or on the occasion of the conclusion of the contract ;

– a right not to be subject to a decision based exclusively on automated processing that produces significant legal effects concerning him ;

– a right to define directives concerning the fate of his data after his death.

 

The User may exercise his rights at any time :

– By mail to the address :

DIAPPYMED

Cap Alpha,

3 avenue de l’Europe,

34830, Clapiers

– By email to the address : dpo@diappymed.com // ekiyou@diappymed.com

The User must specify in his request his full name, e-mail address or postal address to which he wishes the reply from the Data Controller he has contacted to be sent.

For security reasons and to avoid fraudulent requests, DiappyMed reserves the right to request proof of identity if there is reasonable doubt as to the applicant’s identity. Once the request has been processed, this proof will be destroyed.

In accordance with the law, this request will be answered within one month of its receipt.

Finally, the User has the right to lodge a complaint with the CNIL or any other competent supervisory authority in his country of residence.

The User may make this complaint to the French CNIL :

– By mail to the following address :

3 Place de Fontenoy

TSA 80715

75334 PARIS CEDEX 07

– By phone at 01 53 73 22 22 (Monday to Thursday from 9am to 6:30pm / Friday from 9am to 6pm) ;

– By fax at 01 53 73 22 00 ;

– Via the CNIL website at the following address: https://www.cnil.fr/fr/plaintes