French version

Dreem's website privacy policy

Shall apply as of 24 10 2022.  Last Privacy Policy version: 12 07 2017

Definitions

In this document, words and expressions beginning with a capital letter will have the meaning given to them below, whether written in the singular or in the plural:

"Request": means requests for access, disclosure, objection, rectification, limitation, portability or deletion that the User may make to Dreem.

"Data": refers to personal data, as defined in Article 4 of Regulation 2016/679 of 27 April 2016.

"Staff": means Dreem's employees, servants, contractors and subcontractors.

"Policy": means this document.

"Site": means any website published and hosted by or on behalf of Dreem.

"User" means any person of legal age who accesses the Site for the purpose of using it.

Purpose of the Privacy Policy

This Privacy Policy describes how information about individuals using the Site is collected, stored and used by Dreem.

The Policy does not address the use of cookies and other tracking files. These are described in the  Cookie Management Policy.

Application of the Privacy Policy

Use of the Sites is conditioned on your full acceptance of the Policy, after having read the general terms of use of our sites.

This Privacy Policy may periodically be changed, modified, or otherwise updated without notice. However, your Data will always be treated in accordance with the Privacy Policy in effect at the time of collection.

The Sites have been specifically designed for use by persons of legal age. Therefore, Dreem does not knowingly solicit or collect Data from or about minors.

Purpose of data processing

User Data is collected and processed for the purposes indicated below. Each purpose has a "legal basis", i.e. a reason provided by law.

Site Purposes Sub-purposes Legal basis
Dreem.com Management of contact requests Management of requests related to the exercise of the rights of individuals Legal obligation
Management of contact requests related to Dreem's services and products Legal obligation
To carry out operations related to prospecting Legitimate interest for our customers

Consent for prospects
MySleepProfile Assessment of sleep quality Consent

When data processing is implemented on the basis of legitimate interest, Dreem declares that it has previously verified that its legitimate interests do not infringe on the rights and interests of Users. In any case, the Data are not used for any purpose that would infringe the privacy of the Users.

The justification of Dreem's legitimate interest is given below:

Processed Data

To enable the use of the Services and/or the Sites, the collection and processing of Data is necessary.

The following categories of data are collected:

Site Purposes Sub-purposes Data processed
Dreem.com Management of contact requests Management of requests related to the exercise of the rights of individuals Email, name, surname, country, reason for contact request
Management of contact requests related to Dreem services and products Email, name, surname, country, reason for contact request
Carry out operations related to prospecting Email, name, surname, country, reason for contact request
MySleepProfile Sleep quality assessment Age
Gender
Email address
Information about sleep and lifestyle

When the provision of Data is indispensable, an asterisk indicating this appears next to the Data or category of Data concerned.

Rights of the User

The User has various rights with respect to the Data concerning him/her, these rights varying according to the legal basis used to implement the data processing:

If you wish to exercise your rights with Dreem or to object to any processing carried out by Dreem, requests should be sent to Dreem, 34 boulevard des Italiens 75009 Paris France, to the attention of our Data Protection Officer, or by e-mail to dpo@dreem.com. You may be asked to provide proof of identity if we have no other way to verify that you are the owner of the account you wish to access. Dreem will process all requests that are not excessive. Otherwise, Dreem may charge a reasonable fee based on administrative costs for any excessive user requests.

Dreem agrees to respond to Requests within one (1) month of receipt of a complete Request that verifies the User's identity.

If the User considers that Dreem is not complying with its obligations, the User may submit a complaint or request to the competent authority. In France, the competent authority is the CNIL to which you can send a request electronically by clicking on the following link:  https://www.cnil.fr/fr/plaintes/internet.

Advance directives

The User has the ability to set forth instructions regarding the retention, deletion and disclosure of his or her Data after his or her death.
Requests for specific directives can be sent to Dreem at legal@dreem.com.
By providing specific instructions, you consent to the retention, transmission and execution of those instructions.

Data Security

Dreem ensures the security of the Data collected and processed. In this respect, Dreem and its subcontractors are obliged to implement a set of organizational and technical measures to ensure maximum protection of the Data, in particular to prevent its alteration, destruction or distribution by unauthorized third parties.

The members of its staff and its subcontractors are thus bound by a confidentiality clause, while the Data circulating on networks, such as the Internet, are systematically encrypted. In addition, access to our databases is limited to authorized personnel who have a legitimate need to access the information.

Dreem and its subcontractors will keep in their computer systems any data which may be required to identify any person who has accessed the Site and/or the Data or who has created, modified or deleted any information or Data on the Site, in particular with a view to possible legal action.

Dreem agrees to notify the User immediately upon becoming aware of any serious incident, intrusion, disclosure, unauthorized access or alteration and any attempted intrusion, disclosure, unauthorized access or alteration to the Site or any malicious act against the Data that has or is likely to have a serious impact on the User. Notification of any such Data breach is a legal obligation and shall not be construed as an admission of any liability on the part of Dreem for its occurrence or operation.

Recipient of the data

The Data is intended for Dreem, its Affiliates, its subcontractors and authorized service providers under the following terms and conditions:

Internal Recipients External Recipients

Authorized personnel of :

  • Department in charge of customer relations and prospecting
  • Logistic and IT services
  • AWS Frankfurt (hosting of our servers)
  • Zendesk (help in managing contact requests for support)

The User may at any time object to the transmission of Data concerning him/her to Dreem's commercial partners.

The Data may also be made available to the competent public authorities.

Some Data may be transferred outside the European Union, in which case we ensure that such transfers are:

Retention Period

Dreem will not retain User Data beyond a reasonable period of time.

Data processed Length of time to be kept
Identity : name, first name, age, sex

Contact details: email

Information on the User: Information relating to sleep and lifestyle
3 years from the last contact at the initiative of the prospect in active base