DigiPark Monitor v1.0 - Privacy Policy

DiamPark SAS, the operator of the DigiPark Monitor platform, places great importance on the protection and confidentiality of your personal data, which represents a commitment to reliability and trust for us.

Our Privacy Policy reflects our dedication to complying with applicable personal data protection regulations, particularly the General Data Protection Regulation ("GDPR").

Specifically, our Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide.

Our Privacy Policy applies to you, regardless of your location, as long as you are at least 15 years old and a user of our DigiPark Monitor platform.

If you are below the legal age specified above, you are not permitted to use our services without the prior and explicit consent of a parent or legal guardian, which must be sent to us by email at rgpd@diampark.io.

If you believe we hold personal data about your children without consent, please contact us at the email address provided above.

We process your personal data primarily for the following purposes:

• To use and benefit from our telemonitoring service, designed to optimize the tracking and care of Parkinson’s patients, and all its features, based on our Terms of Service.
• To manage user accounts (e.g., account creation, service access, and account deletion) based on our Terms of Service.
• To manage third-party (patient) data, based on contract performance.
• To provide telemonitoring of patients regarding their disease progression, based on contract performance.
• To submit free-form comments about your case management, based on our Terms of Service.
• To communicate with our support team via our internal messaging system, based on our Terms of Service.
• To receive our technical emails and SMS (e.g., password changes, notifications, alerts, etc.), essential for service functionality, based on our Terms of Service.
• To ensure and enhance the security and quality of our services (e.g., statistics, data security, etc.) based on legal obligations, our Terms of Service, and our legitimate interest in maintaining service integrity.

Your data is collected <strong>directly from you</strong> once you are a user of our DigiPark Monitor platform. We commit to processing your data only for the purposes described above.

Below is a summary of the categories of personal data and their respective retention periods:

• Professional identification data (e.g., name, position, company, RPPS number) and contact details (e.g., professional email and phone number) are stored for the duration of service provision plus statutory retention periods (typically 5 years).
• Email and phone number for technical communications are retained until account deletion.
• Patient health data is stored for the entire duration of account activation.
• Connection data (e.g., logs, IP address) is retained for 1 year.

After the applicable retention periods expire, the deletion of your personal data is irreversible, and we can no longer provide it to you. Only anonymized data may be kept for statistical purposes.

Please note that in the event of legal disputes, we are obligated to retain all your data for the duration of the case, even after the retention periods mentioned above have expired.

Applicable data protection laws grant you specific rights, which you may exercise at any time free of charge to control how we use your data.

• Right to access and obtain a copy of your personal data
• Right to rectification of personal data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to provide post-mortem instructions

For a request to be processed, it must be submitted directly by you to rgpd@diampark.io. Requests not made through this channel cannot be processed.

Requests must come from you personally. We may request identity verification if there are doubts about the requester’s identity.

We will respond to your request as soon as possible, with a maximum deadline of three months from receipt if the request is technically complex or if we receive multiple requests simultaneously.

Note that we reserve the right to refuse excessive or unfounded requests, especially if repetitive.

Your personal data is processed by our teams and technical service providers solely for the operation of our service.

We emphasize that all technical providers are vetted before onboarding to ensure strict compliance with data protection regulations.

WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

• Personal data processed by our DigiPark Monitor platform is hosted exclusively on servers within the European Union.
• We also strive to use only technical tools with servers located in the EU. If this is not possible, we ensure that appropriate safeguards are implemented to protect your data.

We implement the following technical and organizational measures to safeguard your data daily, particularly against risks such as destruction, loss, alteration, or disclosure.

WE GUARANTEE THAT WE DO NOT USE ADVERTISING OR ANALYTICAL COOKIES ON OUR PLATFORM.

We only use technically necessary cookies for platform functionality, which we recommend not disabling. These cookies do not require a cookie banner.

You may disable technical cookies via your browser settings. Instructions: Chrome, Microsoft Edge, Safari, Firefox, and Opera.

To ensure optimal data protection, we have appointed an independent Data Protection Officer ("DPO").

You may contact the French Data Protection Authority ("CNIL") at any time: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at +33 1.53.73.22.22.

We reserve the right to modify this Privacy Policy to comply with new legal requirements or future data processing activities.