Previous version

Confidentiality

Effective as and from July 31, 2017

We have drawn up a Confidentiality Policy in order to explain to you how, at Rythm SAS, and also at its parent companies and subsidiaries (collectively referred to using the terms "Rythm", "we" and "our"), we process your personal data very carefully.

Moreover, we guarantee that we have met all the legal obligations in relation to the protection of personal data, and in particular that we have carried out all prior formalities as regards the French data protection authority, la Commission Nationale de l'Informatique et des Libert├ęs (CNIL), which were incumbent upon us with regard to the introduction of processing of data of a personal nature. If you do not find answers to your questions here, do not hesitate to get in contact with us using the email address: legal@rythm.co

In accessing and in using our Services, you acknowledge that you are at least 18 (eighteen) years of age and have read and fully agreed to the policies stipulated in this document.

What data is collected?

Use of our products and services necessitates the collection of your data, data which identifies you directly and/or indirectly. We collect data regardWng your identity (first name, surname, email address, date of birth, postal address), your personal life (lifestyle and sleep habits), details of a financial nature (your income), connection data (IP address), location data (GPS travel data and GSM data), data on your brain activity using an electroencephalogram, and information on your blood-oxygen level.

We can also obtain information, including personal details, from third parties and from sources other than our Services. If we combine or associate information from other sources with the Personal Data collected by means of our Services, we will process the combined information in the same way as we process Personal Data, for the purposes of the Confidentiality Policy set out here, on the condition that if said third party applies additional requirements that are set out contractually, we will be obliged to adhere to them.

Protection of your data constitutes a central point of our Confidentiality Policy. Thus we make the undertaking that we will ensure the confidentiality of all Personal Data resulting out of the use of our websites, our mobile and/or software applications (the "Applications") and our other products (collectively referred to using the term "Products"), and likewise as regards our Services (collectively referred to using the term "Services").

In accordance with the French Data Protection Act, Act no. 78-17 of 6 January 1978, the processing of data carried out under the responsibility of Rythm SAS was declared to la Commission Nationale de l'Informatique et des Libert├ęs (CNIL), which provided a receipt for said declaration, which was numbered 1943967 V0 and dated 31 March 2016.

End purposes of the processing of your personal data

We use your data with the exclusive purpose of supplying, operating, maintaining and improving our Products, Applications and Services and to manage customer relations. To this end, we can use your data for:

Moreover, we can use data pertaining to your health to:

Cookies

Cookies are small data files that are saved on your computer or device which enable our website to recognise your browser and to collect and store certain details.

We use cookies to understand and to store your preferences for your next visits, to compile and aggregate data concerning the use of our website and also any interactions in order that we can provide you with better performances and better tools. Data thus collected is not combined with the personal data collected by the Product or the Applications.

When you first log in to the website, your consent to the installation and the use of such cookies will be requested, by and and all suitable technical processes. To deactivate cookies, you have to set the settings of your browser to do so. The procedures to do so are described either in the browser's help menu or on the website of the publisher. In the event of deactivation, some features of the website may no longer be operational.

Content publication

  • With certain features of our Services, you can upload, to the website, files which you intend to make accessible to other users of the Services, in which case, some information can be made visible to said other users. However, in such cases, we do not divulge any other personal data apart from your username and the information which you have decided to share.
  • The Website and the Applications enable you to, at any time, amend, update and/or restrict access to certain information. You can of course choose to restrict access to and dissemination of your personal data. However, this could limit your ability to receive and/or to use our Services.
  • Not covered by the confidentiality policy

    Rythm may provide links to websites, applications, products and services provided by third parties and can enable you to publish on or by means of the websites of third parties. We cannot be held liable for the practices engaged in by the websites of third parties which are made accessible by or which are linked to by our Services, nor for the information or content displayed thereon.

    Please note that when you use a link to another website, our Confidentiality Policy is no longer applicable. Your browsing and your actions on any other website, including those to which our website links, are subject to the own rules and policies of the given website. Moreover, you are solely liable for any and all content which you may decide to post on or via the website of third parties.

    Security

    Rythm puts in place certain protective features of a physical, organisational and technical nature to protect your personal data against any and all losses, in appropriate use, unauthorised access, disclosure, changes and destruction. Please note however that Rythm does not guarantee the security of said data but undertakes to deploy the necessary means to maintain a high level of security.

    Rythm restricts access to your personal data to only our employees who have a real need to use it within the context of their duties, to supply, use, maintain and improve our Products, Applications and Services. Your personal data will not be sold, exchanged, transferred or supplied without your consent, and this will be the case for any reasons howsoever.

    During the course of collection or of the forwarding of your bank details, additional security measures are implemented, such as SSL encryption and the use of fraud prevention services, and we require of vendors which use or store data of a financial nature that they comply with Payment Card Industry Data Security Standards (PCI-DSS) security standards.

    Because we are concerned about keeping your personal data confidential, Rythm undertakes to host your personal data or to have it hosted on its servers or on the servers of its sub-contractors in:

    However, Rythm does not act in the capacity of a host of health data as defined by Article L. 1111-8 of the French Public Health Code and does not use the services of such a service provider, since your personal data is not collected at the time of prevention, diagnosis, treatment, social monitoring and medico-social monitoring activities.

    In the event of sub-contracting of the hosting of your personal data, Rythm undertakes to pass on, contractually, to the service provider in question, all of the obligations stipulated in this Confidentiality Policy and obligate it to:

    International personal data transfers

    We undertake not to carry out, in any and all manners, transfers of your personal data to States which are not members of the European Union, in particular for the purpose of comparative studies between European and American users of our Products, Applications and/or Services, without your prior consent.

    By way of exception to the foregoing, if you visit our website or use our Products, Applications and/or Services while in the United States, then please note that your personal data will be stored in the United States.

    If you visit our website or use our Products, Applications and/or Services while in other regions which apply legislation in relation to personal data protection than that applied in the European Union, please note that your personal data will be transferred to the Republic of Ireland.

    Amendments to the confidentiality policy

    This Confidentiality Policy is applicable from the date filled in above.

    We reserve the right to amend and to correct it at any time, and to do so without providing prior notice. If we have cause to make a substantial change to this Confidentiality Policy, we will publish a notice on our website during the 30 (thirty) days following the date of said change.

    Contact us

    You can send all your questions and complaints concerning this Confidentiality Policy to us or exercise your rights to access your personal data, to have it amended and/or to have it corrected by sending us an email, with proof of identity attached to it, by sending an email to legal@rythm.co.

    We undertake to examine and to attempt to resolve all grievances, complaints and disputes amicably, in a reasonable time.

    All grievances, complaints and disputes regarding the manner in which we use or protect your personal data which it was not possible to settle amicably are subject to French law and will be only be brought before courts in Paris, within the timeframes and under the circumstances specified in the General Terms and Conditions of Use.