Privacy Policy
Website : “Diappymed.com“
TABLE OF CONTENTS :
- Identity and contact details of the controller
- Data Protection Officer (DPO)
- Processing implemented by purpose
- Your rights
- Cookies and other trackers
The company DIAPPYMED (hereinafter “the Data Controller“) wishes, through this Privacy Policy, to inform the users of the application (hereinafter “the Users“) of the processing of personal data collected via the Website “https://diappymed.com” (hereinafter “the Website“).
The collection of personal data takes place in compliance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
The User is hereby informed that the personal data collected as part of the service described herein are necessary for the use of the Website. Among the personal data collected from the User may be the following:
- IP address
- Browser used
- Type of terminal used
1. Identity and contact details of the controller
The processing of Users’ personal data is implemented under the responsibility of the following controller:
DIAPPYMED
Cap Alpha,
3 avenue de l’Europe,
34830, Clapiers
represented by Mr Omar DIOURI.
2. Data Protection Officer (DPO)
Our data protection officer has been registered with the data protection authorities in an EU member state. If you have any questions or requests regarding this privacy statement or for the Data Protection Officer, you can contact the DPO via the following email address: dpo@diappymed.com
3. Processing implemented by purpose
Web server log management
Control intrusion attempts on the server
| Data controller | Legal basis | Shelf life | Recipients of the data | Transfer outside the EU |
| Diappymed | Art. 6.1.c – Necessary for compliance with a legal obligation |
365 days starting from the collection
While browsing, our server (hosted by Bluehost) stores logs. This mainly consists of collecting your IP address and the history of your requests. |
The controller and any authority legally authorised to access the data | BlueHost* |
Management of the register of consent regarding cookies and other trackers
Collection and timestamping of consents for the installation of cookies and other trackers on the user terminal
| Data controller | Legal basis | Shelf life | Recipients of the data | Transfer outside the EU |
| Diappymed | Article 6 (1) a GDPR: Consent of the data subject | 6 months starting from the consent of the data subject | The controller and any authority legally authorised to access the data |
BlueHost*
|
Website Analytics Management
Sub-purpose: Production of audience and website usage statistics
| Data controller | Legal basis | Shelf life | Recipients of the data | Transfer outside the EU |
| Diappymed |
Statistical cookies exempt from consent retention period of 13 months.
Personal data collected via cookies 24 months for statistics |
The controller and any authority legally authorised to access the data |
BlueHost*
|
Management of demonstration requests by health professionals
Proposal for in-person or remote appointments
| Data controller | Legal basis | Shelf life | Recipients of the data | Transfer outside the EU |
| Diappymed | Article 6 (1) a GDPR: Consent of the data subject | 6 months starting from the consent of the data subject. | The controller and any authority legally authorised to access the data |
BlueHost*
|
Management of contacts and communications
Proposal for in-person or remote appointments (web conferences or other events)
| Data controller | Legal basis | Shelf life | Recipients of the data | Transfer outside the EU |
| Diappymed | Article 6 (1) a GDPR: Consent of the data subject | 3 years starting from the consent of the data subject. | The controller and any authority legally authorised to access the data |
BlueHost*
|
* Our website is hosted by our subcontractor BlueHost based in the United States. This service provider is not included in the list of certified subcontractors whose transfers can be made freely (cf: https://www.dataprivacyframework.gov/)
We cannot therefore guarantee the integrity and security of your data.
BLUEHOST, INC
5335 Gate Parkway Jacksonville
FL 32256
4. Your rights
In accordance with the provisions of Regulation No. 2016/679 of 27 April 2016 and Law No. 78-17 of 6 January 1978 as amended, the User is fully informed of the rights at his disposal.
The User has:
– a right of access to his data – the User has the right to obtain confirmation as to whether or not his data is processed as well as the communication of a copy of his data and information relating to the characteristics of the processing carried out by the Data Controller on these data;
– a right to rectification of inaccurate information and incomplete data;
– a right to erasure of data that are no longer necessary for processing, a right to withdraw consent to processing, a right to object to the processing of data when there are no compelling legitimate grounds justifying the processing, a right to object to commercial prospecting;
– a right to limit processing in the event of inaccuracy of the data during the time of their verification, or when they are only necessary for the exercise of a right in court;
– a right to the portability of his data, in order to request the transmission to another controller of the data provided with his consent or at the time of the conclusion of the contract;
– a right not to be the subject of a decision based exclusively on automated processing producing significant legal effects concerning him;
– a right to define directives relating to the fate of his data after his death.
The User may exercise his rights at any time:
– By post to:
DIAPPYMED
Cap Alpha,
3 avenue de l’Europe,
34830, Clapiers
– By email to: dpo@diappymed.com
The User must specify in his request his IP address and the email address to which he wishes the response of the Data Controller he has contacted to reach him. He will also have to send a screenshot of the IP Config, which will ensure the validity of the request.
In accordance with Regulation (EU) 2016/679 (“GDPR”), in particular Article 12, a response will be provided within one month of receipt of the request.
Finally, the User has the right to lodge a complaint with the French Supervisory Authority, i.e., the “Commission Nationale de l’Informatique et des Libertés” (hereinafter : “CNIL”) or any other competent supervisory authority in his State of residence.
The User may make this claim to the French CNIL:
– By post to the following address:
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
– By phone at 01 53 73 22 22 (Monday to Thursday from 9am to 6.30pm / Friday from 9am to 6pm);
– By fax to 01 53 73 22 00;
– Via the CNIL website at the following address: https://www.cnil.fr/fr/plaintes
5. Cookies and other trackers
Our website, https://diappymed.com (hereinafter the “Website”), uses trackers. Trackers may also be placed by third parties whose services are integrated into the Website.
In accordance with the principle of transparency, this section explains the use of cookies and other trackers on our Website.
5.1. Definition of trackers
Trackers are small computer files that may be stored and/or read, for example when visiting a website, reading an email, installing or using software or a mobile application, regardless of the type of terminal used.
Trackers include, in particular, cookies and scripts.
5.2. Strictly necessary trackers
Some trackers ensure the proper functioning of certain parts of the Website and save your preferences as a user. These trackers are “strictly necessary in order to provide an information society service explicitly requested by the subscriber or user” or have “the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network”, within the meaning of Article 5(3) of Directive 2002/58/EC as amended in 2009 and the CNIL’s recommendations.
The User’s consent is not required for the following trackers:
Publisher: WordPress
Domain name: Complianz, diappymed.com
| Cookie | Retention period | Purpose |
| cmplz_consented_services | 365 days from storage | Store consent preferences for cookies |
| cmplz_functional | 365 days from storage | Store consent preferences for cookies |
| cmplz_policy_id | 365 days from storage | Store the ID of the accepted cookie policy |
| cmplz_marketing | 365 days from storage | Store consent preferences for cookies |
| cmplz_statistics | 365 days from storage | Store consent preferences for cookies |
| cmplz_preferences | 365 days from storage | Store consent preferences for cookies |
| cmplz_banner-status | 365 days from storage | Remember whether the cookie banner was refused |
Publisher: WordPress
Domain name: Polylang, diappymed.com
| Cookie | Retention period | Purpose |
| pll_language | 365 days from storage | Store language settings |
5.3. Trackers subject to consent
The User’s prior consent is required for cookies and other trackers that are not strictly necessary, in particular those enabling the integration of third-party content (e.g. videos), the use of external widgets and/or measurement and marketing purposes, within the meaning of Article 5(3) of Directive 2002/58/EC as amended in 2009 and the CNIL’s recommendations.
Consent must be freely given, informed, specific and unambiguous, in accordance with Articles 4(11) and 7 of the GDPR.
These trackers are only stored/activated after consent has been collected via our cookie banner.
Retention period: the retention period of cookies varies depending on their nature and publisher. Some cookies are session cookies (deleted when the browser is closed). Others are stored for a limited period which may be up to 13 months (and, depending on third-party services and browser configuration, exceptionally longer). The retention periods indicated in the tables below are provided for information purposes only and may change.
The domains, publishers and examples of trackers listed below are provided for transparency purposes, on the basis of third-party services integrated into the Website and elements observed during verifications; they may evolve depending on the Website’s technical configuration and updates made by third-party publishers.
5.3.1 Third-party content – YouTube and associated Google services
When the User views content embedded from YouTube, cookies and other trackers may be stored and/or requests to third-party domains may be made by Google / YouTube and certain associated technical domains. These processing operations may be related to player functionality, technical resource loading, service security, abuse prevention, interaction measurement, service optimisation and, where applicable, Google’s own purposes.
Publisher: Google LLC / YouTube
Domains observed or likely to be contacted, depending on embedded content and the Website’s technical configuration:
- youtube.com
- google.com
- googleads.g.doubleclick.net
- static.doubleclick.net
- gstatic.com
- fonts.gstatic.com
- jnn-pa.googleapis.com
- i.ytimg.com
- yt3.ggpht.com
Examples of cookies / trackers observed or likely to be used:
| Cookie / tracker | Retention period | Purpose |
| YSC | Session | Video player session management and interactions |
| VISITOR_INFO1_LIVE | Variable | Player settings / optimisation (e.g. playback quality) |
| VISITOR_PRIVACY_METADATA | Variable | Management of privacy-related elements on YouTube’s side |
| __Secure-YEC | Variable | Security / fraud and abuse prevention |
| __Secure-ROLLOUT_TOKEN | Variable | Service stability / progressive rollouts |
| Associated Google cookies (e.g. SID, HSID, SSID, SAPISID, APISID, NID, PREF, LOGIN_INFO, __Secure-1PAPISID, __Secure-3PAPISID, etc.) | Variable | Cookies associated with the Google/YouTube ecosystem (security, preferences, interaction measurement and Google’s own purposes) |
Legal basis: the User’s prior consent, unless an element is strictly necessary for the provision of a service expressly requested.
5.3.2 Third-party widgets – Elfsight
If Elfsight widgets are present on the Website, cookies and other trackers may be stored and/or requests to third-party domains may be made in order to ensure widget display, operation, service security, abuse prevention and technical improvement of the third-party service.
Publisher: Elfsight and/or associated technical providers
Domains observed or likely to be contacted:
- static.elfsight.com
- core.service.elfsight.com
- and, where applicable, other technical domains associated with the Elfsight service
Examples of cookies / trackers observed or likely to be used:
| Cookie / tracker | Retention period | Purpose |
| _cfuvid | Session | Security / abuse prevention |
| elfsight_viewed_recently | Variable | Widget operation / user experience improvement |
Legal basis: the User’s prior consent, unless an element is strictly necessary for the provision of the expressly requested service.
5.3.3 Additional information on third-party domains
When using embedded content, external libraries, CDNs or third-party services, certain technical domains may be contacted by the User’s browser. Depending on their configuration, these calls may involve the storage of trackers, the reading of information on the terminal or the use of technical mechanisms comparable to other trackers.
The list of domains, publishers, examples of cookies and other trackers set out in this policy is provided for transparency purposes and may evolve depending on the services activated on the Website, their technical configuration and updates made by their respective publishers.
5.4 Consent management
The User may at any time change their choices (accept, refuse, configure) via the cookie banner or the cookie management module available on the Website. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal. The User may also configure their browser to delete or block cookies. Blocking certain cookies may prevent the display of third-party content (e.g. YouTube videos) or external widgets.
Where the activation of third-party content or an external widget involves the use of trackers that are not strictly necessary, such content must only be activated after the User’s consent has been collected.
