Policy on data protection for the application TAMALOU
Version of 23rd May 2022
This policy on personal data protection (below the « Policy ») defines how TAMALOU, and every company acting on the behalf of TAMALOU, process personal data that every person provides data while he is using the application TAMALOU (below the « Application »), for and after the creation of a user account (below the « Personal Account »).
The use of the Application is granted subject to agreement to the Policy by the User.
1 LEGISLATION APPLICABLE
The Policy is made in application of the Regulation (EU) 2016/679 of the European Parliament and the Council of the 27th April 2016 about the protection of physical persons regarding personal data processing and free movement of these data (below the « GDRP ») and law n°78-17 of the 6th January 1978 about computing, files and freedoms (below the « law on Computing and Freedom »).
2 PERSON CONCERNED
Person concerned by the processing done by TAMALOU under the following conditions are (mentioned together below « Users »):
- Every person using the Application;
- The person who benefit from the use of the Application (below the « Care Receiver »).
3 RESPONSABILITY OF THE PROCESSING
The responsible of the processing is TAMALOU SAS with capital of 7 500 €, with its head office at 8 rue des Boulangers, 75 005 Paris, and listed on the Register of Commerce of Paris with number 889 212 114 (« TAMALOU »).
For any query regarding the personal data processing operated by TAMALOU, User can contact:
8 rue des Boulangers, 75 005 Paris
Tél. : +33 6 83 27 68 88
Email : email@example.com
5 PURPOSE AND LEGAL BASIS OF THE PROCESSING
5.1 Personal data processing operated by TAMALOU are necessary:
To use the Application ;
To carry out studies about Users’ needs.
5.2 In this case, processing is made on the following legal basis: (i) User has given his consent to his personal data processing; or (ii) Processing are necessary for the execution of a contract of which he is part of.
6 DATA CATEGORIES INVOLVED AND SOURCE OF DATA
6.1 TAMALOU processes the following personal data of the User:
6.1.1 At the creation of Personal Account:
His first namse;
His email address;
His phone number.
6.1.2 During use of the Application:
Messages, files and images sent by Users in Rooms' conversation.
6.2 Personal data are provided:
·Either directly by the User;
·Either indirectly concerning the Care Receiver. Personal data are then provided by one or several Users. The User must ensure TAMALOU that he has obtained the Care Receiver’s authorization allowing TAMALOU to process his personal data.
6.3 To prevent any security incident or to face any threat or vulnerability situation, TAMALOU implements the following security measures:
·Secure authentication system;
·Hosting Users’ data and Contents by a certified provider for health data with an integrated security system and located in Western Europ;
·Reading of Users’ Emails from the User’s message server through a secure protocol, except for any email copy in the data base of the Application.
·Encryption of messages, images and documents sent by Users in Rooms' conversation.
7 RECIPIENT OF THE DATA
7.1 Personal data processed by TAMALOU are not transferred to any third party.
7.2 Personal data are shared between users according to their choices.
7.3 If need be, processing may be done with subcontractors, in compliance with Article 60 of the law on Computing and Freedom and Article 28 of the GDRP.
8 TRANSFERT OF DATA OUT OF THE EUROPEAN UNION
8.1 Personal data used in the Application are not subject to any transfer out of the European Union.
9 DURATION OF DATA RETENTION
9.1 The User is informed that TAMALOU is required to detain and retain the following data for the duration indicated below:
Information about civil identity of the User
First name and last name
5 years after the end of contract’s validity of the User
Technical data that allow to identify the source of connection or about terminal equipment used
For each content creation*:
Login name at the origin of the communication
Protocol types used for the connection to the features and for content transfers
1 year after the connection
Traffic and location data
For each content creation*:
Login name assigned by the information system to the content, object of the operation
Nature of the operation
Date and time of the operation
Login name used by the author of the operation when provided
1 year in case of administrative subpoena, from the day of the connection or the creation of a content, for each operation contributing to this creation
Rooms' conversation data
For each content creation*:
1 month from the day of the creation of the content.
*Contribution to content creation includes operations about initial creation of content, modification of content or data about content and deletion of content.
9.2 Except when deleted by the User himself, personal data provided by the User on the Application other than those mentioned at 9.1 are stored during the entire duration of use of the Application by the User, plus one year from the closure of his Personal Account.
9.3 Data about the use of the Application by the User automatically stored other than those mentioned at 9.1 are stored for a duration of 36 months and can be deleted by TAMALOU upon request of the User within one month.
10 RIGHTS OF PERSONS CONCERNED
10.1 The User has the right to access, rectify, delete, limit, oppose, port his personal data, withdraw his consent and define guidelines about his personal data after his death under the conditions and within the limits set forth in the GDRP and the law on Computing and Freedom.
10.2 The User is informed that in case of the use of his right of deleting or opposing, all or part of the Application features could be made inaccessible.
10.3 The user can exercise his rights defined in Article 10.1 at any time by contacting the person designated in Article 4.
10.4 To ensure confidentiality and protection of personal data, TAMALOU will ask the User to identify himself to answer his request. For this purpose, it will be asked to the User to join a copy of an official proof of identity, such as a valid identity card or passport.
10.5 Each request will be assessed at the earliest opportunity and in accordance with the GDRP and the law on Computing and Freedom. In some cases, personal data can not be removed before a certain period of time imposed by regulations and limitation rules. In this case, TAMALOU will keep these data until the permitted date for complete deletion.
10.6 The User is informed that in the event of refusal to give his personal data or to exercise his right to remove or oppose, TAMALOU can suspend or stop all or part of the services provided to the User.
10.7 In the case of a dispute about the use of his personal data, the User is entitled to make a claim against the National Commission for Data Protection and Liberties.
11.1 A cookie is a computer file which cannot be used to directly identify the User but to store on his devices information about page viewed, date and time of the viewing, information provided and stored to avoid subsequent entry.
11.2 Browsing on the Application may result in the installation of cookies on User’s devices. These cookies are strictly necessary for the operation of the Application (plotters designed for the authentication on the Application).
11.3 Data related to cookies are deleted at every application’s logout.
12.1 TAMALOU can modify the Policy periodically.
12.2 The User will be informed about the modification by any means, such as an e-mail or a notification on the Application.
12.3 The current version of the Policy is always available on the Personal Account of the User or on request to the person named in article 4.