Terms and Conditions

PRIVACY POLICY

Last Updated: December 1, 2022

The LUDOCARE application (hereinafter referred to as the “Application”), developed by LUDOCARE company (hereinafter “LUDOCARE”), is a solution designed to assist patients, particularly children, in the management of certain chronic diseases (the “Patient(s)”).

In particular, the Application is intended for individual users who use a Robot on their own behalf or on behalf of a Patient (hereinafter “Users”), as described in the Terms of Use.

During your use of the Application, you may provide LUDOCARE with personal data about yourself and/or about the Patient for whom you have downloaded the Application, including health-related personal data.

This data is protected by law. For this reason, LUDOCARE, as the data controller, has implemented appropriate security measures to protect your personal data.

We kindly ask you to familiarize yourself with this policy, which explains how your personal data is used by LUDOCARE. This policy supplements the Terms of Use of the Application, as well as any document or information referring to the policy, if applicable.

If necessary, you can direct all your questions to Ludocare by sending an email to dpo@ludocare.com.

1. WHAT PERSONAL DATA MAY BE PROCESSED BY LUDOCARE?

Any data you provide via the Application are processed by LUDOCARE. The processed personal data is limited to that which is strictly necessary for the provision of the services offered on the Application, namely:

Data Categories Examples of Data
User Identification and Contact Information Name, first name, email address, phone number, postal address, and date of birth
Patient Identification Data Name, first name, gender, date of birth, postal address, phone number
Patient Health-related Data Data related to their illness, names, types, and dosage of medications, method of intake, prescription expiration, medical appointments, and in general, any notes manually entered by the User during their use of the Application (crises, exacerbations, fatigue level, etc.)
Identification Data of invited support profile(s) by the User to log into the Application Name, first names, phone numbers

In addition, certain data is automatically collected by the Application, namely:

Data Categories Examples of Data Purposes
Connection Data Date and time of connection, IP address, event logs, usage data such as changes made to treatments and dosage schedules, or interactions of the child with their robot. This data is necessary for the proper technical functioning of the Application and the services it offers, as well as for measuring the usage of the Application.

Some of this data is mandatory, while others is optional in order to benefit from all the services offered by the Application. The mandatory or optional nature of the personal data to be provided is indicated at the time of collection. If you refuse to provide the required mandatory data, LUDOCARE will not be able to provide you with the requested services.

2. WHY LUDOCARE USES YOUR PERSONAL DATA?

LUDOCARE processes your personal data only for the following reasons:

Purposes Examples of use of your personal data Legal Bases Retention Period
APPLICATION FUNCTIONING

Access to the Application
  • to authenticate you and ensure that only one phone number is used for pairing between the Application and the Robot;
 Pre-contractual measures

and User’s consent to authorize the processing of health data		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Creation and Management of Your User Account
  • to create your User account;
  • to pair the Robot with the Application;
 Performance of the contract

and User’s consent to authorize the processing of health data		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Creation of a Patient Profile
  • to create an individualized Patient profile;
 Performance of the contract

and User’s consent to authorize the processing of health data		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Provision of services offered on the Application, including services involving processing of health-related information
  • to enable the Robot to send alerts to the User according to the Patient’s medical prescriptions;
  • to facilitate the recurrence of the Patient’s medication intake;
  • to receive notifications about medications entered in the Application;
  • to award rewards to the Patient
 Performance of the contract

and User’s consent to authorize the processing of health data		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Creation of a Support Profile
  • to enable access to a third party invited by the User to access the Application
 Performance of the contract Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Trackers
  • To enable data traceability and integrity
 Performance of the contract

Legitimate interest		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
User Relationship Tracking
  • Tracking of user complaints
  • Satisfaction surveys
 Performance of the contract

Legitimate interest		 Until account deletion or for 1 year of inactivity (duration of the contractual relationship) then archived for the legal period
Internal Statistics
  • Anonymous statistics
 Legitimate interest Anonymization
MATERIOVIGILANCE

Vigilance Monitoring
  • Prevention, monitoring, evaluation, management of adverse health events related to the use of the application
 Legal and regulatory obligations imposed on LUDOCARE For the entire applicable legal duration
STUDY OF MEDICAL DEVICE PERFORMANCE

Health Domain Study
  • Processing patient data and that of their entourage for the purpose of studying medical device performance (subject to the prior collection of specific consent/non-opposition from the patient and their legal representatives to participate in the research)
 Legitimate interest Up to 2 years after the study’s end or publication, then archived for the legal period according to applicable reference methodology
DISPUTE MANAGEMENT

Pre-litigation or Litigation Management
  • To penalize any violation of the Terms of Use or any other identified violation;
  • To manage any dispute or litigation
 LUDOCARE’s legitimate interest in defending its rights and interests Until the end of the legal prescription period

3. WHO CAN ACCESS YOUR PERSONAL DATA?

As part of using the Application and the services it offers, your personal data may be disclosed to the following recipients:

Recipients Purposes
LUDOCARE and its authorized personnel Provision of services offered on the Application, maintenance, and management of the Application
LUDOCARE’s subcontractors (hosting provider, IT maintenance service provider, User assistance, etc.) Exclusively for technical or logistical purposes
Administrative or judicial authorities Only in the event of an express and justified request on their part in cases of proven violations of legal or regulatory provisions
External advisors Only within the scope of managing potential disputes and other legal matters as applicable
Other third parties Following or in connection with the restructuring, reconstitution, acquisition, financing through borrowing, merger, sale of assets of LUDOCARE, or a similar transaction, as well as in cases of insolvency, bankruptcy, or receivership in which personal data is transferred to one or more third parties as assets of LUDOCARE.

4. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE OF THE EUROPEAN UNION?

Your personal data is not transferred to a country located outside the European Union. You can directly obtain information about their communication by contacting Ludocare via email at dpo@ludocare.com.

5. HOW DOES LUDOCARE PROTECT YOUR PERSONAL DATA?

Ludocare has implemented technical and organizational measures to protect your personal data, particularly against potential breaches that may lead to accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of your personal data. These measures ensure an appropriate level of data security and take into account the state of knowledge, implementation costs relative to the risks, and the nature of the data to be protected.

In particular, Ludocare employs two-factor authentication and end-to-end data encryption. Additionally, the security and protection of this data are upheld by all Ludocare employees and service providers through the following measures:

  • Use of encryption means in data transmission (SSL);
  • Strict confidentiality commitment from Ludocare personnel with access to personal data;
  • Data backups.

If you discover a vulnerability or wish to report a security incident, you can send an email to the following address: dpo@ludocare.com.

6. HOW LONG IS YOUR PERSONAL DATA RETAINED?

Generally, your personal information will be kept only for the period necessary to achieve the purposes for which this information was collected or to comply with legal or regulatory requirements.

Thus:

  • Unless an exception applies, LUDOCARE retains your personal information until the deletion of your account or in case of inactivity for a period of one (1) year. Beyond that, your personal information is archived for the duration of the applicable legal prescription period and then destroyed from our servers.

  • Information related to your login data will be retained for a period of thirteen (13) months from the date of visit.

    • Beyond these periods, your data is retained for:
  • five (5) years from the end of the relationship with LUDOCARE for data retained for evidentiary purposes.

7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

In accordance with regulations concerning the protection of personal data, you have the following rights regarding your personal data:

Your Rights Scope of Rights
Right of Access You have the right to obtain:
  • Confirmation that we are processing your personal data;
  • Clear, transparent, and understandable information about how LUDOCARE uses your personal data and about your rights (as provided in this policy);
  • A copy of your personal data.
Right to Portability You have the right to receive the personal data you have provided to us, in a structured, commonly used electronic format, and to have them transmitted to a third party if technically feasible. This right is not exercised in all circumstances; it only applies under the following conditions:
  • It only applies to your personal data, excluding all anonymous data or third-party data;
  • It does not infringe upon the rights and freedoms of third parties, including those of LUDOCARE (especially trade secrets or intellectual property);
  • It concerns personal data processed in an automated manner (paper files are not included);
  • The processing is based on your consent or the execution of a contract with LUDOCARE (to verify this, refer to Article 2 of this policy).
Right to Erasure You have the right to have your personal data erased (or right to be forgotten) when one of the following grounds applies:
  • You object to the processing of your personal data and there is no compelling legitimate reason for the continued processing (such as the obligation on LUDOCARE to retain certain personal data);
  • You object to direct marketing;
  • You decide to withdraw the consent on which the processing is based;
  • Your personal data is no longer necessary for the initial purposes that justified their collection or another type of processing;
  • The use of your data is not in compliance with applicable legislative or regulatory provisions.
Right to Define Directives You have the right to define directives, either general or specific, concerning your personal data in the event of your death (e.g., their deletion or transmission to anyone you choose). You can revoke your directives at any time.

It is specified that the exercise of these rights depends on the legal basis of the processing, as indicated in the table below:

Access Rectification Deletion Limitation Portability Objection
Consent Yes Yes Yes Yes Yes Withdrawal of consent
Pre-contractual measures Yes Yes No
Contract Yes Yes No
Legitimate interest Yes No Yes
Legal obligations No No No

In some cases, you may need to explain to LUDOCARE why you are exercising one of these rights and, if necessary, prove your identity.

For any questions and to exercise your rights, you can directly contact LUDOCARE by sending an email to dpo@ludocare.com.

If needed, you can contact the CNIL via its website or by mail: 3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. This right can be exercised at any time free of charge, except for the cost of postage if applicable, and any potential costs for assistance or representation if you choose to be assisted in this procedure by a third party.

8. UPDATES TO THE POLICY

This personal data protection policy is precisely dated and may be modified and updated by LUDOCARE at any time, particularly in the event of changes to the services offered on the Application or applicable regulations. Therefore, we recommend that you review this policy each time you access the Application.