PRIVACY POLICY
At the house of MITRAL , respecting your privacy and protecting your personal data are our priority.
This Privacy Policy (the “ Privacy Policy ”) aims to inform you about the methods of processing your personal data and your rights when using the application Apneal Lite ( the « Application ”) in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “ GDPR ”) and Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms in its latest version in force (together the “ Applicable Regulations »).
The Privacy Policy does not describe the methods of collecting and processing your data via cookies and other tracers (the “ Cookies ”) on the Application. For more information, please see our Cookie Policy .
The data controller is the company MITRAL, a simplified joint-stock company registered with the Créteil Trade and Companies Register under number 893 531 509, whose registered office is located at 5 avenue Jean Jaurès, 94220, Charenton-le-Pont (“ We », « Us », « OUR »).
We may collect your personal data in two ways:
When using the Application, we may also collect health data about you as indicated in the table below. This data is only collected with your express consent via the button available when you register on our Application. You can withdraw your consent at any time by writing to us using the contact details provided in the article 6 .
Mandatory data is indicated when you provide us with your data. It is indicated by any means .
|
Purposes
|
Personal data concerned |
Legal basis |
Retention periods |
|
Allow you to create an account on our Application |
Email address, first name, last name, date of birth, telephone number |
Execution of the contract you have entered into with Us (in particular the acceptance of our General Conditions of Use)
|
Your data is kept for the duration of your account.
Your connection logs are kept for 1 year.
If your account is inactive for 2 years, your personal data will be deleted or anonymized if you do not respond to our reactivation email.
In addition, your data is archived for 10 years to meet materiovigilance obligations and to allow you, if you wish, to resume longitudinal monitoring. |
|
Provide you with the services available on our Application through your account |
Data relating to the quality of your sleep, including health data: quality of sleep, fatigue, possible depression, age, sounds and chest movements during sleep, medical history, social security number, information on your treatment pathway and your treatments. |
Execution of the contract you have entered into with Us (in particular the acceptance of our General Conditions of Use)
For health data: Your consent |
Your data is kept for the duration of your account. If your account is inactive for 2 years, your personal data will be deleted if you do not respond to our reactivation email. |
|
Respond to requests to exercise rights by data subjects |
Required:
Name, first name, email address
Facultative :
Copy of an identity document in case of doubt.
|
Comply with our legal and regulatory obligations (derived from the GDPR)
|
If we ask for proof of identity: we only keep it for as long as necessary to verify your identity. Once verified, the proof of identity is deleted. |
|
Monitor requests to exercise rights by data subjects |
Name, first name, email address.
|
Our legitimate interest in following up on your requests to exercise your rights |
The information allowing the management of your requests to exercise rights under the GDPR will be kept for 3 years from the request. |
The following will have access to your personal data:
Your data is kept and stored for the entire duration of processing on the servers of Amazon Web Services, Google Cloud Platform, Omnidoc and Ordoclic, HDS certified, located in the European Union.
As part of the tools we use (see article on recipients regarding our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:
You can obtain a copy of the tools enabling transfers of your data outside the European Union by contacting us using the contact details provided in the a rticle 6 .
6.1. You have the following rights with respect to your personal data:
You can exercise these rights by writing to us at the following address: dpo@dmh-aphp.fr.
We may ask you on this occasion to provide us with additional information in the event of reasonable doubt or any document likely to prove your identity if the doubt persists.
We are committed to implementing technical and organizational measures to ensure the security, integrity, authenticity, and confidentiality of your personal data. .
We ensure that our subcontractors also maintain a similar level of protection to ours when processing your personal data.
We may modify this Privacy Policy at any time, in particular to comply with any regulatory, jurisprudential, editorial or technical developments. These modifications will apply from the date the modified version comes into force. You are therefore invited to regularly consult the latest version of this policy. However, we will keep you informed of any significant changes to this privacy policy.
Entry into force: 21 / 05 /202 5
version 1.0 - 21/05/2025