• No products in the cart.

Privacy Policy

Privacy Policy of the "Diabnext" Mobile Application

(Version in force on 24 July 2019)



The mobile device application called "Diabnext" (hereinafter the "Mobile Application") is published by Diabnext (hereinafter "Diabnext").

Diabnext takes privacy and the protection of personal data very seriously. For this reason, Diabnext, as controller, is committed to protecting the privacy and personal data of Users in accordance with legal requirements and in particular Regulation No. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "General Data Protection Regulations" or "DPRR") and Act No. 78-17 of 6 January 1978 on data processing, to files and freedoms (known as the "Data Protection Act"), (together the "Applicable Regulations").

Diabnext can be contacted by e-mail at the following address: contact@diabnext.com but also by post at the following address: 10 rue Treilhard 75008 Paris.

The purpose of this privacy policy (hereinafter the "Privacy Policy") is to inform Users of the Mobile Application as fully as possible of how Diabnext protects the personal data it collects in connection with the download and use of the Mobile Application and of the commitments made by Diabnext to ensure that Users' personal data are respected.

By providing personal data in connection with the use of the Mobile Application, the User acknowledges that he/she has read the terms of this Privacy Policy.

Capitalized terms not defined herein have the meanings given to them in the T&C.

1. WHAT IS THE SCOPE OF THIS PRIVACY POLICY?

The Privacy Policy applies to any natural person over the age of majority or under the age of 13 who is registered and has a valid account on the Mobile Application (hereinafter referred to as the "User(s)").

When the User uses the Mobile Application for remote medical monitoring purposes, as defined by applicable regulations, allowing Users who have expressly consented to this additional device to share data concerning it with their doctor or healthcare professional, the latter also act as data controller, distinct from Diabnext.

Diabnext invites Users to contact their doctor or healthcare professional for information on the treatments they have implemented.

Diabnext cannot be held responsible for a breach of the Applicable Regulations by any of the physicians or health professionals.

Physicians or healthcare professionals who use Diabnext Services for remote monitoring purposes are not subject to this Privacy Policy.

2. IN WHAT CONTEXT DOES DIABNEXT COLLECT USERS' PERSONAL DATA?

Diabnext processes the personal data of Mobile Application Users in the following situations:

  • When creating and managing the User Account on the Mobile Application;
  • When using the Services offered on the Mobile Application;
  • When pairing a connected device and/or a third-party application with the Mobile Application;
  • When participating in promotional offers or contests;
  • When the User contacts Diabnext's customer service or any other point of contact (e-mail, chat, telephone).

3. WHAT ARE THE PURPOSES OF DIABNEXT WHEN IT COLLECTS USERS' PERSONAL DATA? WHAT IS THE LEGAL BASIS FOR JUSTIFYING THE PROCESSING?

As the controller, Diabnext collects Users' personal data in a lawful, fair and transparent manner. The main purpose of collecting personal data is to provide the Services by providing Users with a safe, optimal, efficient and personalized experience.

The purpose of the table below is to inform the User

  1. of the different categories of personal data collected by Diabnext,
  2. of the use made by Diabnext of these personal data and
  3. of the legal basis and exceptions allowing the processing to be justified and therefore to make it lawful and fair.

The information that the User must fill in when creating his account in order to benefit from the Services is indicated by means of an asterisk.
What personal data is Diabnext likely to hold on the User? How does Diabnext use this data? On what legal basis and/or exception does the processing of personal data and sensitive data take place?
The identity of the User*: first name, last name, date of birth, gender, profile picture, The User's contact details: e-mail address, unique four (4) digit code sent to the e-mail address Manage the procedure for creating the User account, the connection process to the Mobile Application and more generally the User account These processing operations are necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext
The User's contact details: e-mail address, telephone number Send prospecting messages (including information related to the launch of new Services, the organization of promotional events and marketing activities of all kinds) This processing is necessary to pursue Diabnext's legitimate interests, in order to promote its Services, understand their effectiveness, and ensure that the User receives the most appropriate experience. The processing thus benefits both the User and Diabnext without infringing the interests, rights and fundamental freedoms of the Users.

Whenever required by Applicable Regulations, Diabnext collects the consent of the User, who may in any event request at any time to no longer receive commercial or marketing communications by mail, SMS or email by unsubscribing via the link at the bottom of the page of communications received from Diabnext or by sending an email to the following email address: contact@diabnext.com
The User's health data relating to his or her condition as entered on the Mobile Application*: his or her type of diabetes, the year of diagnosis of diabetes, whether or not he or she uses an insulin pen, whether or not he or she takes medication, the unit used to measure blood glucose levels, the unit used to measure carbohydrate consumption and his or her blood glucose targets.

The User's Monitoring Data:
  • The health of the User, including in particular the level of glucose in the User's blood at a given time, the consumption of carbohydrates over a given period, the administration of tablets and the associated dosage, insulin injections and the associated dosage; and
  • The User's daily activity that may influence his diabetes, including information on his diet (composition and meal times, illustrative photographs) and information on his physical activity (type of activity and duration).
Allow Users to import, inform, centralize, consult and manage Monitoring Data, Generate reports These processing operations are necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext

Nevertheless, to the extent that health data is data to which the Applicable Regulations attach particular importance and protection, Diabnext must rely on one of the exceptions provided by the Applicable Regulations to be able to process this type of data.

For this reason, Diabnext asks the User for his or her consent to process this data when the User uses the Mobile Application for diabetes self-care purposes.

The User may withdraw his consent at any time by deleting his health data directly on his profile or by contacting Diabnext at the following e-mail address: contact@diabnext.com

However, Diabnext draws the User's attention to the fact that he/she will not be able to benefit from all the Services if the User's health data cannot be processed.

When the User uses the Mobile Application for remote monitoring purposes, monitoring diabetes with a doctor or healthcare professional, the User's consent is not required to the extent that the Mobile Application is used by the User as part of a medical remote monitoring device.
When the User uses the Mobile Application by coupling it to connected equipment: brand and model of the self-monitoring device used or insulin pen Allow Users to import, inform, centralize, consult and manage Monitoring Data. Generate reports. Optimize/improve the Mobile Application, the compatibility of the Mobile Application with connected devices that measure diabetes. These processing operations are necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext

The processing of this data for the purpose of optimizing and improving the Mobile Application is necessary to pursue Diabnext's legitimate interests so that Dibanext can adapt the Mobile Application to the various connected devices and develop new compatibilities or resolve compatibility issues.
Monitoring Data imported via third-party applications that the User also uses, in particular Apple Santé / Samsung Health (number of steps, carbohydrates, blood sugar, insulin administration) Allow Users to import, inform, centralize, consult and manage Monitoring Data, Generate reports These processing operations are necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext

Nevertheless, to the extent that health data is data to which the Applicable Regulations attach particular importance and protection, Diabnext must rely on one of the exceptions provided by the Applicable Regulations to be able to process this type of data.

For this reason, Diabnext asks the User for his or her consent to process this data when the User uses the Mobile Application for diabetes self-care purposes. The User may withdraw his consent at any time by deleting his health data directly on his profile or by contacting Diabnext at the following e-mail address: contact@diabnext.com

However, Diabnext draws the User's attention to the fact that he/she will not be able to benefit from all the Services if the User's health data cannot be processed.

When the User uses the Mobile Application for remote monitoring purposes, monitoring diabetes with a doctor or healthcare professional, the User's consent is not required to the extent that the Mobile Application is used by the User as part of a medical remote monitoring device.
User Content data available on the User's personal profile when using the functionalities of the social network: in particular textual, visual, sound and other content Provide Users with a social network on which they can interact with the entire community of other Users and distribute and share User Content on their personal profile This processing is necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext.

The provision of this data by the User is not mandatory.
Location data: via the geolocation tool, the profile suggestion tool and the User search form.

The data that appear on the public profile: pseudonym of the User, automatically and randomly assigned, certain Monitoring Data of the User concerned (including glucose levels, carbohydrates consumed, tablets and insulin administered), information on the date of the last update of this information and data
Present contact suggestions to Users, connect Users with each other, offer Users the opportunity to share/compare their diabetes rates and daily physical activities with those of other Users on the public profile The User's location data are collected with the User's consent, who may withdraw his consent at any time by[to be completed on the procedures to be followed to withdraw consent] or by contacting Diabnext at the following e-mail address: contact@diabnext.com

In addition, these processing operations are necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext.

Nevertheless, to the extent that health data is data to which the Applicable Regulations attach particular importance and protection, Diabnext must rely on one of the exceptions provided by the Applicable Regulations to be able to process this type of data. For this reason, Diabnext asks the User for his or her consent to process this data when the User uses the Mobile Application for diabetes self-care purposes.

The User may withdraw his consent at any time by deleting his health data directly on his profile or by contacting Diabnext at the following e-mail address: contact@diabnext.com
Data relating to the device used to use the Mobile Application: technical information concerning the characteristics and operating data of the User's device, the operator, the operating system, the IP address Manage the Mobile Application and its operational functions, improve and develop new functionalities based on usage, optimize the display on the Mobile Application according to the preferences chosen by the User These processing operations are necessary for the pursuit of Diabnext's legitimate interests (economic interests) in order to ensure that it offers the User a Mobile Application that functions correctly, to solve any technical problems, and to ensure the protection and security of the Mobile Application. The processing thus benefits both the User and Diabnext without infringing the interests, rights and fundamental freedoms of the Users.
Logs for connecting to the Mobile Application and tags corresponding to the use of each of the Mobile Application's functionalities Manage the Mobile Application and its operational functions, improve and develop new functionalities based on usage, optimize the display on the Mobile Application according to the preferences chosen by the User Some of these processing operations are necessary for the performance of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext and others are necessary for the pursuit of Diabnext's legitimate interests (economic interests) in order to ensure that the User is offered a Mobile Application that functions correctly, to solve any technical problems, to ensure the protection and security of the Mobile Application. The processing thus benefits both the User and Diabnext without infringing the interests, rights and fundamental freedoms of the Users.
User identification data: name, first name, email address Respond to Users' requests and communicate with them, in particular to ask them for their opinion on the service provided by Diabnext and the significant changes and developments in the Services offered by Diabnext.

To apply the legislation and regulations in force and to defend it and/or defend its interests in the event of litigation.
These processing operations are necessary to pursue Diabnext's legitimate interests (economic interests) in order to improve the Services offered to the User, to better understand the needs and expectations of the Users. The processing thus benefits both the User and Diabnext without infringing the interests, rights and fundamental freedoms of the Users.

The processing relating to the application of the legislation and regulations in force is based on the legal obligations that may be based on Diabnext.
Data collected and processed in the context of the use of specific messaging Manage the Mobile Application and its operational functions and in particular provide messaging services by allowing the User (i) to communicate directly with his doctor or healthcare professional in charge of performing medical remote monitoring acts as part of the remote monitoring system; (ii) to send a personal message directly to another User. This processing is necessary for the execution of the contract between Diabnext and the User, i.e. they are necessary to provide the User with the service offered by Diabnext.

4. HOW LONG DOES DIABNEXT KEEP USERS' PERSONAL DATA?

Generally applicable retention periods

Diabnext keeps personal data for the duration of the activation of the User's personal account. The User has the possibility to close his personal space at any time by sending an email request to Diabnext at the following address: contact@diabnext.com or by deleting his account directly from his personal User space.

If the User uses the Mobile Application for remote medical monitoring purposes with the intervention of a doctor or healthcare professional

Diabnext will keep the User's personal data for a period of 6 months from the closure of the User's account in order to enable the healthcare professional to retrieve the User's health data and to ensure his or her medical follow-up without using the Mobile Application. Once this 6-month period has elapsed, Diabnext will archive this data for a period of 10 years from the day the User wishes to delete his personal account.

If the User uses the Mobile Application for self-monitoring of his diabetes

Diabnext will permanently delete its personal data from the active database when it deactivates its personal account. Diabnext reserves the right to archive this data for a period of 3 years from the date of the request to delete the User's personal account in a separate archive database if the User uses the Mobile Application with connected devices produced by Diabnext to store this data during the limitation period applicable to any actions that may be brought.

In the event of inactivity of the account for a period of 2 years, the User's personal data will be automatically deleted.

In the event of a dispute, Diabnext reserves the right to keep any data that may be useful to it for the duration of the dispute and then place them in a separate archive database for a period of 5 years after all legal remedies have been exhausted.

Specific retention periods for certain types of personal data

Data relating to the geolocation of Users are not kept by Diabnext.

The raw attendance data associated with the User ID is stored for a period of 13 months. Data relating to Users' IP addresses are also stored for 13 months from the User's first connection to the Mobile Application. Users' other login data is kept for a period of 6 months.

5. CAN DIABNEXT USE USERS’ PERSONAL DATA FOR SCIENTIFIC RESEARCH PURPOSE?

Diabnext reserves the right to process and share Users' personal data in anonymous form for scientific research purposes. Diabnext undertakes that this further processing will comply with the provisions of the Applicable Regulations and will not be used to make decisions with regard to the persons concerned. The data resulting from these processing operations stored by Diabnext may only be accessed or modified by authorised persons who comply with the rules of professional ethics applicable to their sectors of activity. These data may not be disseminated without prior anonymisation unless dissemination in non-anonymised format is absolutely necessary for its presentation.

6. WHAT ARE THE RIGHTS OF USERS TO THEIR PERSONAL DATA?

In accordance with the Applicable Regulations, the User has the following rights over his personal data:

  • a right to information: the User has the right to obtain clear, transparent, understandable and easily accessible information on how Diabnext uses its personal data and on its rights. That is why Diabnext has written this Privacy Policy.
  • a right of access: the User has the right to access the personal data held by Diabnext about him/her (provided that the request is not manifestly unfounded or excessive, in particular because of its repetitive nature), and to obtain a copy.
  • a right of rectification: the User has the right to demand that his personal data be rectified if they are inaccurate or outdated and/or that they be completed if they are incomplete (provided that the request is not manifestly unfounded or excessive, in particular because of its repetitive nature).
  • a right to erasure: in certain cases, the User has the right to obtain the erasure or deletion of his personal data. This is not an absolute right, as Diabnext may be required to retain the User's personal data for legal or legitimate reasons.
  • a right to limit processing: the User has the right to request that the processing of his personal data be limited, so that Diabext can keep this data, but may not use or process it. This right applies in special circumstances, namely:
    • In cases where the accuracy of personal data is contested by the User. The processing is then limited for a period of time allowing Diabnext to verify the accuracy of the personal data;
    • In cases where the processing is unlawful and the User objects to their deletion and instead demands the limitation of their use;
    • In cases where Diabnext no longer needs the personal data for processing but they are still necessary for the User to establish, exercise or defend legal claims;
    • In cases where the User has objected to the processing based on the legitimate interests pursued by Diabnext during the verification as to whether the legitimate grounds pursued by Diabnext prevail over those of the data subject or not.
  • a right to object to the processing of its personal data when the processing is based on Diabnext's legitimate interest (see above the table in Section 3 to identify such processing and data): the User may at any time object to the processing of his personal data for reasons relating to his particular situation, unless Diabnext asserts legitimate and compelling reasons for processing such data which prevail over the interests, rights and freedoms of the User or when such data are necessary for the establishment, exercise or defence of a legal claim.
  • a right to object to direct commercial prospecting: the User may, at any time, unsubscribe or object to the receipt of commercial prospecting messages from Diabnext. Simply click on the link at the bottom of the page of the communications he receives from Diabnext or send a message to the following email address: contact@diabnext.com
  • a right to withdraw consent at any time for data processing based on consent or where consent is required to process health data (see above the table in Section 3 to identify such processing and data): the User may, at any time, withdraw consent to the processing of his data if such processing is based on consent or if consent has been obtained to process health data. The withdrawal of such consent shall not affect the lawfulness of the processing operation based on the consent given before its withdrawal.
  • a right to data portability: the User has the right to receive the personal data concerning him/her, which he/she has provided to Diabnext and which are present in the Diabnext database, in a structured format, commonly used and machine-readable. This applies only to data that the User has provided directly or indirectly, where the processing is based on (i) the consent of the User or the performance of a contract (see above the table in Section 3 to identify such processing and data) and (ii) it is carried out by means of automated processes.
  • a right to define special guidelines for the storage, erasure and communication of your personal data after his death.
  • a right to file a complaint with a supervisory authority: the User has the right to file and file a complaint with the data protection authority of his country (in France the CNIL) to challenge Diabnext's practices in terms of personal data protection and privacy.

The User may, at any time, exercise the rights mentioned by sending a request to the following e-mail address contact@diabnext.com or to the following postal address: Diabnext SAS, 10 rue Treilhard - 75008 Paris.

7. WHAT ARE THE USER'S DUTIES WITH REGARD TO THE PROTECTION OF PERSONAL DATA?

The User undertakes to ensure, as far as necessary, that the personal data concerning him/her is updated. The User also undertakes to ensure that the personal data concerning him/her is accurate, complete and sincere.

8. WHO ARE THE RECIPIENTS OF THE USERS' PERSONAL DATA?

Diabnext undertakes to store all personal data collected via the Mobile Application and to share them only under certain circumstances and in accordance with the provisions of the Applicable Regulations.

The communication of Users' personal data to Diabnext employees:

Some of the Users' personal data is accessible to Diabnext employees if they need to have access to it for the purposes mentioned, i.e. to provide the Services to the Users in an appropriate manner. Diabnext's internal departments that may have access to Users' personal data include the IT department, the technical support department and the marketing/commercial department.

The communication of Users' personal data to doctors or health professionals:

The Mobile Application allows the doctor or other healthcare professional (i) who is a member of the Diabnext Pro program and (ii) expressly authorized by the User to access and consult the User's data contained in his User Account, to interpret such data remotely and, if necessary, to make decisions relating to the medical care of this User.

The User may at any time change the identity of the doctors or healthcare professionals who have access to this data.

The communication of Users' personal data to third party service providers:

In particular, Diabnext may provide access to Users' personal data to third party service providers, acting as subcontractors to perform services related to the Mobile Application, including hosting, storage, analysis, communication, data processing, database management and computer maintenance services. These service providers act only on instructions from Dibanext and will only have access to Users' personal data to perform the above-mentioned services and will be bound by the same security and confidentiality obligations as Diabnext.

In addition, the User's personal data may be shared with third parties for the following reasons:

  • In the context of scientific research with duly authorized persons who respect the rules of ethics applicable to their sectors of activity. Only data in anonymised form are transmitted to them;
  • In the context of a merger, acquisition or sale of all or part of the company's assets, of which the User acknowledges having been informed;
  • In response to judicial or administrative proceedings of any kind or law enforcement measures requested by the competent authorities;
  • To comply with legal obligations, to protect the rights and/or safety of an individual, to protect Diabnext's rights and property, including the need to comply with this Privacy Policy and the Terms and Conditions of Use, and to prevent fraud, security or technical problems.

9. ARE USER DATA TRANSFERRED TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA?

In order to provide you with better quality Services and in particular to resolve any technical difficulties that may arise 24 hours a day, 7 days a week, Diabnext may transfer Users' personal data to its subsidiaries in the United States and Taiwan. Diabnext will carry out this operation in a secure manner and in compliance with the Applicable Regulations. Diabnext France has signed standard contractual clauses with Diabnext USA and Diabnext Taiwan which are model contracts for the transfer of personal data adopted by the European Commission that allow Diabnext to ensure that your personal data will be processed in the same way by its entities. The model standard contractual clauses are available at the following address: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commision-europeenne

10. LINK TO MOBILE APPLICATIONS AND/OR THIRD PARTY WEBSITES

While browsing the Mobile Application, the User may see content that contains links to third party Mobile Applications and/or websites. Diabnext cannot access or control cookies or other functions used by Mobile Applications and/or third party websites, and the procedures and processing carried out by these external Mobile Applications are not governed by this Privacy Policy. Consequently, it is the User's responsibility to contact and/or consult directly the general terms of use and privacy policies of these Mobile Applications and/or websites of these third parties to obtain additional information regarding their personal data protection procedures.

11. WHAT SECURITY MEASURES DOES THE MOBILE APPLICATION TAKE TO ENSURE THE CONFIDENTIALITY AND SECURITY OF USER INFORMATION?

The security of personal data is one of Diabnext's priorities. Thus, Diabnext undertakes to take all reasonable organisational and technical measures to prevent any disclosure, use, alteration, accidental loss or destruction of the personal data provided by a User.

12. WHAT IF DIABNEXT CHANGES THIS PRIVACY POLICY?

Diabnext may update this Privacy Policy at any time to adapt it to possible new practices and service offerings. In this case, the date of update of the Privacy Policy will be updated and will indicate the day on which the changes were made. If Diabnext provides updates to the Privacy Policy, Users will be notified through the Mobile Application.

13. HOW CAN THE USER CONTACT DIABNEXT FOR ANY REQUEST OR QUESTION REGARDING HIS PERSONAL DATA?

In general, if the User has any questions or comments regarding this Privacy Policy, Diabnext's use of their data, or if they wish to exercise any of their rights, they may contact Diabnext by email at contact@diabnext.com or by post at the following address: Diabnext SAS, 10 rue Treilhard - 75008 Paris.