PRIVACY POLICY
Last Updated: December 1, 2022
The LUDOCARE application (hereinafter referred to as the “Application”), developed by LUDOCARE company (hereinafter “LUDOCARE”), is a solution designed to assist patients, particularly children, in the management of certain chronic diseases (the “Patient(s)”).
In particular, the Application is intended for individual users who use a Robot on their own behalf or on behalf of a Patient (hereinafter “Users”), as described in the Terms of Use.
During your use of the Application, you may provide LUDOCARE with personal data about yourself and/or about the Patient for whom you have downloaded the Application, including health-related personal data.
This data is protected by law. For this reason, LUDOCARE, as the data controller, has implemented appropriate security measures to protect your personal data.
We kindly ask you to familiarize yourself with this policy, which explains how your personal data is used by LUDOCARE. This policy supplements the Terms of Use of the Application, as well as any document or information referring to the policy, if applicable.
If necessary, you can direct all your questions to Ludocare by sending an email to dpo@ludocare.com.
1. WHAT PERSONAL DATA MAY BE PROCESSED BY LUDOCARE?
Any data you provide via the Application are processed by LUDOCARE. The processed personal data is limited to that which is strictly necessary for the provision of the services offered on the Application, namely:
Data Categories | Examples of Data |
User Identification and Contact Information | Name, first name, email address, phone number, postal address, and date of birth |
Patient Identification Data | Name, first name, gender, date of birth, postal address, phone number |
Patient Health-related Data | Data related to their illness, names, types, and dosage of medications, method of intake, prescription expiration, medical appointments, and in general, any notes manually entered by the User during their use of the Application (crises, exacerbations, fatigue level, etc.) |
Identification Data of invited support profile(s) by the User to log into the Application | Name, first names, phone numbers |
In addition, certain data is automatically collected by the Application, namely:
Data Categories | Examples of Data | Purposes |
Connection Data | Date and time of connection, IP address, event logs, usage data such as changes made to treatments and dosage schedules, or interactions of the child with their robot. | This data is necessary for the proper technical functioning of the Application and the services it offers, as well as for measuring the usage of the Application. |
Some of this data is mandatory, while others is optional in order to benefit from all the services offered by the Application. The mandatory or optional nature of the personal data to be provided is indicated at the time of collection. If you refuse to provide the required mandatory data, LUDOCARE will not be able to provide you with the requested services.
2. WHY LUDOCARE USES YOUR PERSONAL DATA?
LUDOCARE processes your personal data only for the following reasons:
Purposes | Examples of use of your personal data | Legal Bases | Retention Period |
APPLICATION FUNCTIONING | |||
Access to the Application |
|
Pre-contractual measures and User’s consent to authorize the processing of health data |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Creation and Management of Your User Account |
|
Performance of the contract and User’s consent to authorize the processing of health data |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Creation of a Patient Profile |
|
Performance of the contract and User’s consent to authorize the processing of health data |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Provision of services offered on the Application, including services involving processing of health-related information |
|
Performance of the contract and User’s consent to authorize the processing of health data |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Creation of a Support Profile |
|
Performance of the contract | Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Trackers |
|
Performance of the contract Legitimate interest |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
User Relationship Tracking |
|
Performance of the contract Legitimate interest |
Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period |
Internal Statistics |
|
Legitimate interest | Anonymization |
MATERIOVIGILANCE | |||
Vigilance Monitoring |
|
Legal and regulatory obligations imposed on LUDOCARE | For the entire applicable legal duration |
STUDY OF MEDICAL DEVICE PERFORMANCE | |||
Health Domain Study |
|
Legitimate interest | Up to 2 years after the study’s end or publication, then archived for the legal period according to applicable reference methodology |
DISPUTE MANAGEMENT | |||
Pre-litigation or Litigation Management |
|
LUDOCARE’s legitimate interest in defending its rights and interests | Until the end of the legal prescription period |
3. WHO CAN ACCESS YOUR PERSONAL DATA?
As part of using the Application and the services it offers, your personal data may be disclosed to the following recipients:
Recipients | Purposes |
LUDOCARE and its authorized personnel | Provision of services offered on the Application, maintenance, and management of the Application |
LUDOCARE’s subcontractors (hosting provider, IT maintenance service provider, User assistance, etc.) | Exclusively for technical or logistical purposes |
Administrative or judicial authorities | Only in the event of an express and justified request on their part in cases of proven violations of legal or regulatory provisions |
External advisors | Only within the scope of managing potential disputes and other legal matters as applicable |
Other third parties | Following or in connection with the restructuring, reconstitution, acquisition, financing through borrowing, merger, sale of assets of LUDOCARE, or a similar transaction, as well as in cases of insolvency, bankruptcy, or receivership in which personal data is transferred to one or more third parties as assets of LUDOCARE. |
4. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE OF THE EUROPEAN UNION?
Your personal data is not transferred to a country located outside the European Union. You can directly obtain information about their communication by contacting Ludocare via email at dpo@ludocare.com.
5. HOW DOES LUDOCARE PROTECT YOUR PERSONAL DATA?
Ludocare has implemented technical and organizational measures to protect your personal data, particularly against potential breaches that may lead to accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of your personal data. These measures ensure an appropriate level of data security and take into account the state of knowledge, implementation costs relative to the risks, and the nature of the data to be protected.
In particular, Ludocare employs two-factor authentication and end-to-end data encryption. Additionally, the security and protection of this data are upheld by all Ludocare employees and service providers through the following measures:
- Use of encryption means in data transmission (SSL);
- Strict confidentiality commitment from Ludocare personnel with access to personal data;
- Data backups.
If you discover a vulnerability or wish to report a security incident, you can send an email to the following address: dpo@ludocare.com.
6. HOW LONG IS YOUR PERSONAL DATA RETAINED?
Generally, your personal information will be kept only for the period necessary to achieve the purposes for which this information was collected or to comply with legal or regulatory requirements.
Thus:
- Unless an exception applies, LUDOCARE retains your personal information until the deletion of your account or in case of inactivity for a period of one (1) year. Beyond that, your personal information is archived for the duration of the applicable legal prescription period and then destroyed from our servers.
- Information related to your login data will be retained for a period of thirteen (13) months from the date of visit.
- five (5) years from the end of the relationship with LUDOCARE for data retained for evidentiary purposes.
Beyond these periods, your data is retained for:
7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
In accordance with regulations concerning the protection of personal data, you have the following rights regarding your personal data:
Your Rights | Scope of Rights |
Right of Access | You have the right to obtain:
|
Right to Portability |
You have the right to receive the personal data you have provided to us, in a structured, commonly used electronic format,
and to have them transmitted to a third party if technically feasible. This right is not exercised in all circumstances;
it only applies under the following conditions:
|
Right to Erasure | You have the right to have your personal data erased (or right to be forgotten)
when one of the following grounds applies:
|
Right to Define Directives | You have the right to define directives, either general or specific, concerning your personal data in the event of your death (e.g., their deletion or transmission to anyone you choose). You can revoke your directives at any time. |
It is specified that the exercise of these rights depends on the legal basis of the processing, as indicated in the table below:
Access | Rectification | Deletion | Limitation | Portability | Objection | |
Consent | Yes | Yes | Yes | Yes | Yes | Withdrawal of consent |
Pre-contractual measures | Yes | Yes | No | |||
Contract | Yes | Yes | No | |||
Legitimate interest | Yes | No | Yes | |||
Legal obligations | No | No | No |
In some cases, you may need to explain to LUDOCARE why you are exercising one of these rights and, if necessary, prove your identity.
For any questions and to exercise your rights, you can directly contact LUDOCARE by sending an email to dpo@ludocare.com.
If needed, you can contact the CNIL via its website or by mail: 3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. This right can be exercised at any time free of charge, except for the cost of postage if applicable, and any potential costs for assistance or representation if you choose to be assisted in this procedure by a third party.
8. UPDATES TO THE POLICY
This personal data protection policy is precisely dated and may be modified and updated by LUDOCARE at any time, particularly in the event of changes to the services offered on the Application or applicable regulations. Therefore, we recommend that you review this policy each time you access the Application.