Dreem's website privacy policy
Shall apply as of 24 10 2022. Last Privacy Policy version: 12 07 2017
Definitions
In this document, words and expressions beginning with a capital letter will have the meaning given to them below,
whether written in the singular or in the plural:
"Request": means requests for access, disclosure, objection, rectification, limitation, portability or deletion
that the User may make to Dreem.
"Data": refers to personal data, as defined in Article 4 of Regulation 2016/679 of 27 April 2016.
"Staff": means Dreem's employees, servants, contractors and subcontractors.
"Policy": means this document.
"Site": means any website published and hosted by or on behalf of Dreem.
"User" means any person of legal age who accesses the Site for the purpose of using it.
Purpose of the Privacy Policy
This Privacy Policy describes how information about individuals using the Site is collected, stored and used by
Dreem.
The Policy does not address the use of cookies and other tracking files. These are described in the
Cookie Management Policy.
Application of the Privacy Policy
Use of the Sites is conditioned on your full acceptance of the Policy, after having read the general terms of use
of our sites.
This Privacy Policy may periodically be changed, modified, or otherwise updated without notice. However, your Data
will always be treated in accordance with the Privacy Policy in effect at the time of collection.
The Sites have been specifically designed for use by persons of legal age. Therefore, Dreem does not knowingly
solicit or collect Data from or about minors.
Purpose of data processing
User Data is collected and processed for the purposes indicated below. Each purpose has a "legal basis", i.e. a reason provided by law.
| Site | Purposes | Sub-purposes | Legal basis |
|---|---|---|---|
| Dreem.com | Management of contact requests | Management of requests related to the exercise of the rights of individuals | Legal obligation |
| Management of contact requests related to Dreem's services and products | Legal obligation | ||
| To carry out operations related to prospecting |
Legitimate interest for our customers
Consent for prospects |
||
| MySleepProfile | Assessment of sleep quality | Consent |
When data processing is implemented on the basis of legitimate interest, Dreem declares that it has previously
verified that its legitimate interests do not infringe on the rights and interests of Users. In any case, the Data
are not used for any purpose that would infringe the privacy of the Users.
The justification of Dreem's legitimate interest is given below:
- Processing Personal Data on the basis of our legitimate interests where we process it for the purpose of marketing our products and services, providing customer service and improving our products and services.
Processed Data
To enable the use of the Services and/or the Sites, the collection and processing of Data is necessary.
The following categories of data are collected:
| Site | Purposes | Sub-purposes | Data processed |
|---|---|---|---|
| Dreem.com | Management of contact requests | Management of requests related to the exercise of the rights of individuals | Email, name, surname, country, reason for contact request |
| Management of contact requests related to Dreem services and products | Email, name, surname, country, reason for contact request | ||
| Carry out operations related to prospecting | Email, name, surname, country, reason for contact request | ||
| MySleepProfile | Sleep quality assessment |
Age
Gender Email address Information about sleep and lifestyle |
When the provision of Data is indispensable, an asterisk indicating this appears next to the Data or category of Data concerned.
Rights of the User
The User has various rights with respect to the Data concerning him/her, these rights varying according to the legal basis used to implement the data processing:
- Right of access and rectification: The User may request access to his Data and, if necessary, their rectification.
- Right to withdraw consent: The User may at any time withdraw his or her consent to the processing of his or her Data, such withdrawal being valid only for the future;
- Right to object: The User may object to the processing of Data concerning him/her, provided he/she gives a legitimate reason (the legitimate reason is not necessary in case of objection to the processing for commercial prospecting purposes);
- Right to be forgotten: The User has the right to erase the Data concerning him/her after a certain period of time;
- Right to the limitation of processing: The User may request that the Data concerning him/her be specifically marked in order to limit their future processing, under various circumstances;
If you wish to exercise your rights with Dreem or to object to any processing carried out by Dreem, requests
should be sent to Dreem, 34 boulevard des Italiens 75009 Paris France, to the attention of our Data Protection
Officer, or by e-mail to dpo@dreem.com.
You may be asked to provide proof of identity if we have no other way to verify that you are the owner of the
account you wish to access. Dreem will process all requests that are not excessive. Otherwise, Dreem may charge a
reasonable fee based on administrative costs for any excessive user requests.
Dreem agrees to respond to Requests within one (1) month of receipt of a complete Request that verifies the User's
identity.
If the User considers that Dreem is not complying with its obligations, the User may submit a complaint or request
to the competent authority. In France, the competent authority is the CNIL to which you can send a request
electronically by clicking on the following link:
https://www.cnil.fr/fr/plaintes/internet.
Advance directives
The User has the ability to set forth instructions regarding the retention, deletion and disclosure of his or her
Data after his or her death.
Requests for specific directives can be sent to Dreem at legal@dreem.com.
By providing specific instructions, you consent to the retention, transmission and execution of those
instructions.
Data Security
Dreem ensures the security of the Data collected and processed. In this respect, Dreem and its subcontractors are
obliged to implement a set of organizational and technical measures to ensure maximum protection of the Data, in
particular to prevent its alteration, destruction or distribution by unauthorized third parties.
The members of its staff and its subcontractors are thus bound by a confidentiality clause, while the Data
circulating on networks, such as the Internet, are systematically encrypted. In addition, access to our databases
is limited to authorized personnel who have a legitimate need to access the information.
Dreem and its subcontractors will keep in their computer systems any data which may be required to identify any
person who has accessed the Site and/or the Data or who has created, modified or deleted any information or Data
on the Site, in particular with a view to possible legal action.
Dreem agrees to notify the User immediately upon becoming aware of any serious incident, intrusion, disclosure,
unauthorized access or alteration and any attempted intrusion, disclosure, unauthorized access or alteration to
the Site or any malicious act against the Data that has or is likely to have a serious impact on the User.
Notification of any such Data breach is a legal obligation and shall not be construed as an admission of any
liability on the part of Dreem for its occurrence or operation.
Recipient of the data
The Data is intended for Dreem, its Affiliates, its subcontractors and authorized service providers under the following terms and conditions:
| Internal Recipients | External Recipients |
|---|---|
|
Authorized personnel of :
|
|
The User may at any time object to the transmission of Data concerning him/her to Dreem's commercial partners.
The Data may also be made available to the competent public authorities.
Some Data may be transferred outside the European Union, in which case we ensure that such transfers are:
- Made to a country that provides an adequate level of protection, i.e. a level of protection equivalent to what is required by European regulations;
- Governed by standard contractual clauses and additional security measures authorized and validated by European legislation;
Retention Period
Dreem will not retain User Data beyond a reasonable period of time.
| Data processed | Length of time to be kept |
|---|---|
|
Identity : name, first name, age, sex
Contact details: email Information on the User: Information relating to sleep and lifestyle |
3 years from the last contact at the initiative of the prospect in active base |