Ummon Healthtech™

What is the purpose of our Privacy Policy?

Ummon HealthTech SAS, which manages the platform Chara-prAIdict, attaches great importance to the protection and confidentiality of your personal data, which we regard as a guarantee of reliability and trust.

In this respect, our Privacy Policy is a clear demonstration of our desire to ensure that Ummon HealthTech SAS complies with the rules applicable to the protection of personal data and, more specifically, those of the General Data Protection Regulation ("GDPR").

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy intended for?

Our Privacy Policy applies to you, wherever you live, as long as you are at least 15 years old and are a user of our Chara-prAIdict platform.

If you are under the legal age detailed above, you are not authorised to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email to dpo@ummon.health.

If you believe that we are holding personal data about your children without your consent, please contact us at the dedicated address detailed above.

Why do we process your personal data and on what basis?

We process your personal data mainly for the following reasons:

• To use and benefit from our service and all its features on the basis of our general conditions of use.
• To manage user accounts (e.g. account creation, access to the service and account deletion) on the basis of our general terms and conditions of use.
• To receive our technical emails (e.g. modification of passwords, etc.) which are essential for the proper functioning of our service on the basis of our general terms and conditions of use.
• To be able to download and import documents onto our platform on the basis of our general terms and conditions of use.
• To guarantee and improve the security and quality of our day-to-day services (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms and conditions of use and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you when you use our Chara-prAIdict platform and we undertake to process your data only for the purposes described above.

What personal data do we process and for how long?

We have summarised the categories of personal data and their respective retention periods below:

• Professional identification data (e.g. surname, first name, position, company, etc.) and contact details (e.g. e-mail address and business telephone number, etc.) kept for the duration of the service, plus the statutory limitation periods, which are generally 5 years.
• Email address to receive our technical messages, kept until your account is deleted.
• Connection data (e.g. logs, IP address, etc.) retained for 1 year.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you. At the most, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all data concerning you for the duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations give you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.

• The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
• The right to rectify any personal data that is incorrect, obsolete or incomplete.
• The right to request the deletion ("right to be forgotten") of your personal data that is not essential for the proper functioning of our services.
• The right to limit your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
• The right to data portability, which allows you to recover part of your personal data so that it can be easily stored or transmitted from one information system to another.
• The right to give instructions on what should happen to your data in the event of your death, either through you, a trusted third party or a beneficiary.

For a request to be taken into account, it must be sent directly by you to dpo@ummon.health. Any request that is not made in this way cannot be processed.

Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.

We will respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request is technically complex or if we receive a large number of requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, particularly if it is repetitive.

Who can access your personal data?

Your personal data is processed by our teams and by our technical service providers for the sole purpose of operating our service.

We would like to point out that we check all our technical service providers before recruiting them to ensure that they scrupulously comply with the applicable rules on the protection of personal data.

WE GUARANTEE THAT WE WILL NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

Can your personal data be transferred outside the European Union?

Personal data processed by our platform Chara-prAIdict is exclusively hosted on servers located within the European Union.

Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement the following technical and organisational means to guarantee the security of your personal data on a day-to-day basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.

• Technical safety measures

  User password database ("Back" side) separate from user IDs, Encryption of user database at rest, Encryption of passwords ("Back" side), Complex passwords for Ummon HealthTech SAS team terminals, HTTPS protocol, Access traceability, VPN for Ummon HealthTech SAS teams.

• Organisational security measures

  Locked offices, Information systems charter, Data breach procedure, Rules of good conduct, Team awareness and training twice a year

Do we use cookies when you browse our platform?

WE GUARANTEE THAT WE DO NOT USE ANY ADVERTISING OR STATISTICAL COOKIES IN THE OPERATION OF OUR PLATFORM.

We only use technical cookies that are necessary for the proper functioning of our platform, which we advise you not to remove and which do not require a cookie banner.

If, however, you still wish to oppose their use, you can use your browser settings by following the instructions below: Chrome, Microsoft Edge, Safari, Firefox and Opera.

Who can you contact to obtain more information about the use of your personal data?

To guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ("DPO") to our supervisory authority.

How can you contact the CNIL?

You may at any time contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at the following address: CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be modified?

We may amend our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future.

Certified by Dipeeo ®.