Privacy Policy

DiamPark SAS, which operates the DigiPark mobile application, places great importance on the protection and confidentiality of your personal data, which represents, for us, a guarantee of seriousness and trust.

In this regard, our Personal Data Privacy Policy precisely demonstrates our commitment to ensuring that within DiamPark SAS, we comply with applicable rules regarding the protection of personal data and, more specifically, those of the General Data Protection Regulation ('GDPR').

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.

Our Privacy Policy is addressed to you, regardless of your place of residence, as long as you are at least 15 years old and are a user of our DigiPark mobile application.

If you are below the legal age detailed above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at rgpd@diampark.io.

If you believe that we hold personal data concerning your children without your consent, we invite you to contact us at the dedicated address detailed above.

We process your personal data primarily for the following reasons

• To use and benefit from our health service and all its functionalities (e.g., account creation, medication tracking, activity and exercise tracking, etc.) based on our Terms of Use and your prior consent to allow us to process health data and your voice.
• To allow the User to invite a Caregiver or a Paramedical Companion to view their non-clinical data for non-medical support purposes, based on their explicit consent.
• To enable the remote monitoring of your data by healthcare professionals, based on your prior consent to the remote transmission of your health data.
• To ensure the management of user accounts (e.g., account creation, service access, and account deletion) based on our Terms of Use.
• To be able to download and import documents onto our platform based on our Terms of Use.
• To guarantee and enhance the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on legal obligations incumbent upon us, our Terms of Use, and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you as soon as you are a user of our DigiPark mobile application, and we commit to processing your data only for the reasons described previously.

We have summarized below the categories of personal data as well as their respective retention periods:

• Personal identification data (e.g., ID number, etc.) retained for the entire duration of account activation.
• Health data (e.g., illness, prescriptions, medications used, etc.) retained for the entire duration of account activation.
• When the User activates the "Caregiver" or "Paramedical Companion" function, the following data may be viewed by the Caregiver or Paramedical Companion: symptoms, activity, schedule, reported treatments. The Caregiver has no right to modify or interpret.
• Connection data (e.g., logs, IP address, etc.) retained for a period of 1 year.
• Voice data, retained for the entire duration of account activation.
• Biometric data used during registration and deleted after verification of your identity.
• Accelerometer data when the application is used in combination with the Smart Watch, retained for the entire duration of account activation to visualize the evolution of tremors.

Upon expiration of applicable retention periods, the deletion of your personal data is irreversible, and we can no longer provide them to you after this deadline. At most, we can only retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obligated to retain all data concerning you for the entire duration of the case processing, even after the expiration of the retention periods described previously.

Applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data.

• Right of access and copy of your personal data, provided that this request is not contrary to business secrecy, confidentiality, or the secrecy of correspondence.
• Right to rectify personal data that may be incorrect, outdated, or incomplete.
• Right to request the erasure ('right to be forgotten') of your personal data that are not essential to the proper functioning of our services.
• Right to restriction of your personal data, which allows for a snapshot of the use of your data in case of a dispute regarding the legitimacy of processing.
• Right to data portability, which allows you to retrieve a portion of your personal data in order to store or transfer them easily from one information system to another.
• Right to give instructions regarding the fate of your data in the event of death, either through you or through a trusted third party or a successor.

The User may, at any time, withdraw the Caregiver's access to their data. This revocation immediately interrupts the Caregiver's viewing. The Caregiver does not have any access rights to the User's data after withdrawal.

For a request to be taken into account, it is imperative that it be made directly by you to the address rgpd@diampark.io. Any request that is not made in this manner cannot be processed.

Requests cannot come from a person other than you. Therefore, we may ask you to provide proof of identity in case of doubt about the identity of the requester.

We will respond to your request as soon as possible, with a maximum limit of three months from its receipt in case the request is technically complex or if we receive many requests at the same time.

Please note that we may always refuse to respond to any excessive or unfounded request, particularly due to its repetitive nature.

Your personal data is processed by our teams solely for the purpose of managing applications.

We specify that we verify all our technical providers before hiring them to ensure that they strictly comply with applicable rules regarding the protection of personal data.

ADDITIONALLY, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

In addition to the teams of DIAMPARK SAS and its authorized subcontractors, your data may be viewed by a Caregiver you have directly invited. This access is limited to the data you explicitly share, and the responsibility for choosing the Caregiver lies with you. DIAMPARK SAS does not verify the identity of the Caregiver.

When the User invites a Paramedical Companion, they only have access to the non-clinical data that the User voluntarily shares. DigiPark never transmits the User's data to a healthcare professional without a voluntary and explicit action by the User.

Personal data processed by our website is exclusively hosted on servers located within the European Union.

Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. However, if this is not the case, we carefully ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.

We implement the following technical and organizational measures to guarantee the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

WE GUARANTEE THAT WE DO NOT USE ANY ADVERTISING OR STATISTICAL COOKIES IN THE CONTEXT OF THE OPERATION OF OUR MOBILE APPLICATION.

We only use technical cookies necessary for the proper functioning of our mobile application, which we recommend not removing and which do not require a cookie banner.

If you nevertheless wish to object to their use, you can use your browser settings by following the instructions below: Chrome, Microsoft Edge, Safari, Firefox and Opera.

To best guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ('DPO') with our supervisory authority.

You can contact the 'Commission nationale de l'informatique et des libertés' or 'CNIL' at any time at the following coordinates: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by phone at 01.53.73.22.22.

We may modify our Privacy Policy at any time to adapt it to new legal requirements as well as to new processing operations that we may implement in the future.