PRIVACY POLICY

Effective as of 12/07/2017

We have established a privacy policy (hereinafter the "Privacy Policy") to explain to you how Rythm SAS and its parent company and subsidiaries (hereinafter collectively "Rythm", "we", "our") treat your personal data with great importance.

You are informed that within the meaning of this Privacy Policy, personal data means, in accordance with Article 2 of Law no. 78-17 of January 6, 1978, "any information relating to a natural person identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to him. To determine if a person is identifiable, all the means to enable his identification which are in the possession of or accessible to the data controller or any other person should be considered".

By accessing and using our Sites, Applications and Service, you acknowledge that you are at least eighteen (18) years old, that you have read and fully accept this Privacy Policy and the General Conditions of Use.

WHAT PERSONAL DATA IS COLLECTED?

The use of our products and Services requires the collection of your personal data which allows us to identify you directly or indirectly.

Directly or within the framework of the use of the Services, we collect the following categories of data:

We may also collect information that includes personal data about you indirectly from third parties. This is the case, in particular, when you create your Account in accordance with our General Conditions of Use via a social network (in particular Facebook or Google) to which you subscribe.

If we combine or associate data from third parties that we collect when you create your Account in accordance with our General Conditions of Use via a social network with personal data collected either directly from you or within the framework of your use of our Services, you are informed that the resulting combined information is treated by Rythm as personal data for the purposes defined by this Privacy Policy.

PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA

Your personal data is subject to processing by Rythm for the exclusive purpose of providing, exploiting, maintaining and improving our Products, Applications and Services and to manage the customer relationship.

Within the meaning of this Privacy Policy, Processing means, in accordance with Article 2 of Law no. 78-17 of January 6, 1978, "any operation or set of operations relating to such data, regardless of the process used, and in particular the collection, recording, organisation, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, as well as locking, deletion or destruction."

The Processing implemented by Rythm is for the following purposes:

In addition, we can use your health data to:

WHAT STEPS HAVE WE TAKEN?

We guarantee that we have met all the legal obligations relating to the protection of personal data, and in particular to have carried out all the preliminary formalities with the French data protection agency (Commission Nationale de l’Informatique et des Libertés (CNIL)), incumbent on us in respect of the implementation of the processing of personal data.

In accordance with the Information Technologies and Freedoms Law no. 78-17 of January 6, 1978, the processing of personal data implemented by RYTHM SAS, under its responsibility, was declared to the Commission Nationale de l’Informatique et des Libertés (CNIL), which issued a receipt under number 1943967 v 0 on March 31, 2016.

COOKIES

Cookies are small data files stored on your terminal (computer, tablet, mobile phone or device) when you browse our Sites and when you use our Applications and Services. These cookies allow our website to recognise your browser and to enter and retain certain information, including personal data.

The cookies deposited and read on the hard disk of your terminal by Rythm have the following purposes:

We also use cookies to understand and keep your preferences for future visits, compile and aggregate data about the use of our website and any interactions so that we can offer you better performance and better tools. The data collected is not crossed with the personal data collected by the Product or the Application.

During your first connection to the website, you are informed of the use of cookies and your consent to the installation and exploitation of these cookies will be requested by any appropriate technical process.

In accordance with the principles of data protection, you are informed that cookies are kept for the period strictly necessary for the purposes for which they are used and within the limits defined by the competent protection authority.

To disable cookies, you must configure your browser. The procedures are described either in the browser's help menu or on the publisher's website. If cookies are disabled, some features of the website may no longer be operational.

PUBLICATION OF CONTENT

With some features of our Services, you may download from the website files intended to be made available to other users of the Services, in which case some information may be made visible to these other users. However, in such a case, we do not disclose any personal data other than your username and the information you have decided to share.

The Site and the Application allow you to modify, update or restrict access to certain information at any time. You may of course choose to limit the access and dissemination of your personal data. However, this may limit your ability to receive or use our Services.

LIMITS OF THE PRIVACY POLICY

Rythm may contain links to websites, applications, products or services of third parties and may allow you to post on or through third party websites. We cannot be responsible for the practices of third party websites made available or referred to by our Services, or their information or content.

Note that when you use a link to another website, our Privacy Policy is no longer applicable. Your browsing and your actions on any other site, including those to which we refer, are subject to the rules and policies specific to this site. In addition, you are solely responsible for any content that you decide to post on or via a third party site.

SECURITY - CONFIDENTIALITY - RECIPIENTS

The protection of your personal data is a central point of our Privacy Policy. We thus undertake to ensure the confidentiality of all your personal data including that resulting from the use of our websites, our mobile applications and/or software (the "Applications"), our other products (collectively referred to as "Products"), as well as services (collectively referred to as "Services").

Rythm undertakes to implement any appropriate physical, organisational and technical protection measures to protect your personal data against loss, misuse, unauthorised access, disclosure, modification and/or destruction. Rythm limits access to your personal data only to employees who have a real need to know in the context of their duties, to provide, operate, maintain and improve our Products, Applications and Services. You are informed that these employees are subject to a contractual obligation of confidentiality.

Your personal data will not be sold, exchanged, transferred or given without your consent, for any reason whatsoever.

When collecting or transmitting your banking data, additional security measures are implemented, such as SSL encryption and the use of fraud management services. In addition, we require sellers who process and/or store your banking information to comply with Payment Card Industry Data Security Standards (PCI-DSS) to ensure the confidentiality and integrity of the data of bank card holders and transactions.

To ensure the confidentiality of your personal data, Rythm undertakes to host or to have said data hosted on its servers or those of its subcontractors on:

If your personal data were to be transferred to a State that is not considered to offer an adequate level of protection, in particular within the framework of the use of a subcontractor, we undertake to impose the standard contractual clauses adopted by the European Commission

However, RYTHM does not intervene as a host of health data within the meaning of Article L1111-8 of the Public Health Code and does not use such a provider, as your personal data is not collected for the purposes of prevention, diagnosis, care or social and medico-social monitoring activities.

If the hosting of your personal data is outsourced, RYTHM undertakes to contractually impose on the service provider all the obligations stipulated in this Privacy Policy and to require it:

INTERNATIONAL TRANSFERS

We undertake not to transfer your personal data to a State which is not a member of the European Union, in particular to carry out comparative studies between European and American users of our Products, Applications and/or Services, without your prior agreement.

As an exception to the foregoing, if you visit the website or use our Products, Applications and/or Services from the United States, please note that your personal data is stored in the United States.

If you visit the website or use our Products, Applications and/or Services from other regions with data protection laws different from those applied in the European Union, please note that your personal data is transferred to Frankfurt.

DATA RETENTION PERIOD

Rythm retains your personal data for a period that does not exceed the period necessary for the purposes set forth in this Privacy Policy. After this period, your personal data may be archived to comply with the legal and regulatory obligations to which Rythm is subject, or deleted.

Personal data that establishes the proof of a right or contract, or that is kept in accordance with a legal obligation by Rhythm, is archived in accordance with the provisions in force.

In this context, the retention period of your personal data concerning your orders applied by Rythm is five (5) years as specified in the General Conditions of Sale.

In addition, your personal data relating to your use of our Services, Application and Site is kept for the entire period of use of said Services, Application and Site.

CHANGES TO THIS POLICY.

This Privacy Policy is applicable as of the date indicated above.

We reserve the right to modify or correct it at any time and without notice, in particular to take into account the evolution of the regulations applicable to the protection of personal data. If we make a substantial change to this Privacy Policy, we will post a notice on our Site for thirty (30) days following the date of this change.

In any case, you are invited to regularly consult this Privacy Policy to be aware of any update or modification.

CONTACT US - EXERCISE YOUR RIGHTS

If you cannot find the answer to your questions, do not hesitate to contact us by email at: legal@rythm.co

You can send us any questions or complaints about this Privacy Policy.

In accordance with the regulations on the protection of personal data, you have a right of access and a right to rectify data concerning you. Under the conditions defined by Law no. 78-17 of January 6, 1978, you also have the right to oppose the processing of your data, the right to have this data deleted and the right to define the fate of this data after your death.

You can exercise your rights and make your requests by sending us an email or letter, accompanied by an identity document, to the following address legal@rythm.co – Rythm 5 rue Scribe 75009 Paris.

We undertake to examine and attempt to amicably resolve any complaint, claim or dispute within a reasonable period of time.

Any complaint, claim or dispute concerning the way we use or protect your personal data which cannot be settled amicably is subject to French law and the exclusive jurisdiction of the Paris courts, within the time limits and under the conditions specified in the general conditions of use.