Privacy Policy
Last update: January 21, 2024
This policy describes the privacy practices of REEV SAS and REEV LLC (collectively, “we” or “us” or “REEV”). Your privacy is important to REEV. When you use our services, including our walking assessment application ("the Application"), you entrust us with your personal data and that of your patients. We are committed to taking care of it. This policy is designed to help you understand how we collect and process your personal data, and what your rights are.
This policy applies to information that we collect:
- On REEV SAS’s website https://reev.care (the “Website”).
- In email and other electronic communications between you and the Website.
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by us or any third party; or
- Any third party, including through any application or content (including advertising) that my link to or be accessible from or through the Website; or
- In the course of any medical care or treatment, except as expressly described in this policy.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use the Website or our services.
By accessing the Website or using services provided through the Application, you agree to the terms of this privacy policy. This policy may change from time to time. Your continued use after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
- WHAT DATA DO WE COLLECT?
We collect the following personal data:
● Data you provide: when you contact us, book a demo, create an account on the Application, place a sensor order, or interact with us in any other way, we collect the personal information you provide, which may include your email address, first and last name, phone number, physical address, employment information, age or date of birth, health, medical or insurance information, or information related to ethnicity, race, religion, sexual orientation, gender identity or gender expression.
In all cases, we will only ask you for the information we really need. You are free to choose whether or not to provide the information requested, but if you refuse, we may not be able to respond to your requests or give you access to our services.
● Data we collect automatically:
From your use of the Website. As you navigate through and interact with the Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including traffic data, the referring URL, location data, logs, as well as information about your computer and internet connection, including your IP address, operating system, and browser type.
The technologies that we use for this automatic data collection may include:
· Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
· Web Beacons. Pages of the Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the counting of users who have visited those pages or opened an email and for other related website statistics.
· Third Party Tracking. Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you use the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. We use third party cookies provided by doubleclick.net, google.com, google.fr, and google-analytics.com. To opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”), please visit the NAI’s website.
From the Application. We automatically collect data about your use of our Application for statistical purposes[AB1]. This includes de-identified data of users of the Application.
● Data we collect and process on behalf of health care providers: When a health care provider uses our services, we process personal and health data of patients on behalf of the health care provider as a data processor, and in some cases, as a business associate. For example, when a health care provider creates a patient record or collects data using REEV sensors as part of a walking assessment, REEV SAS acts as a data processor and processes this data on the health care provider's behalf and in accordance with the health care provider’s instructions. In these cases, the health care provider is the data controller. If you have any questions or concerns about how personal or health data is processed in these cases, including how to exercise your rights as a data subject, you should contact the health care provider. If we receive requests for rights concerning cases where REEV SAS is acting as a data processor, we will forward your request to the health care provider.
REEV SAS, a simplified joint stock company registered under number 901 903 245 R.C.S. Toulouse France and whose registered office is located at 445 L’Occitane – 31670 Labege France, is responsible for processing the data of Website visitors. .
Additionally, REEV SAS acts as a data processor for the personal and health information collected by health care providers through the Application.
We process your data for defined purposes, on the basis of a legal "justification" (or legal basis), and for a limited period of time. The table below details the purposes and legal bases of our processing, as well as the applicable retention periods.
Goals | Legal basis | Shelf life |
| ||
Management of health care provider and user accounts, orders, sensor delivery and execution of our services | This processing is necessary for the performance of the contract concluded between REEV and the health care provider. | Duration of the contractual relationship between REEV and the health care provider |
Pre-litigation and litigation management | This processing is necessary to pursue our legitimate interest in establishing proof of a right or contract and defending our rights. | Tied prescription period, generally 5 years |
Supply of information relating to the Application (new features, updates…) | This processing is necessary for the performance of the contract concluded between REEV and the health care provider. | Duration of the contractual relationship between REEV and the health care provider |
Bookkeeping | This processing is necessary to comply with our legal obligations in accounting and tax matters. | In the form of an intermediate archive: legal retention period (e.g. 10-year accounting obligation).
|
| ||
Our newsletter | This processing is necessary to pursue our legitimate interests if you are already a customer. If you are not yet a customer, this processing is based on your consent. | Until consent is withdrawn or 3 years from your last contact with us |
| ||
Business statistics, studies, surveys, etc. | This processing is necessary for the pursuit of our legitimate interest in improving our processes and commercial performance. | 1 year |
| ||
Handling requests to exercise rights | This processing is necessary to comply with a legal obligation to which we are subject. | The time required to respond to your request (normally 1 month; maximum 3 months for complex requests). |
Opposition list management | This processing is necessary to pursue our legitimate interest in respecting your wishes regarding the processing of your data. | 3 years from exercise of right |
Please note that your data may be kept for longer periods, for example in order to establish proof of a right or to comply with a legal obligation. In all cases, your data will not be kept beyond what is strictly necessary for the purposes for which it is processed. When your data is no longer required, we will ensure that it is either deleted or made anonymous.
We share your data only with:
● Duly authorized REEV personnel who require access to your data in the course of their duties,
● Our subcontractors who carry out processing operations on our behalf (e.g. data hosting),
● Our external advisors (lawyers, auditors, etc.), when this is necessary for the purposes of REEV's legitimate interests,
● Public or judicial authorities, if we are legally bound to do so.
We may also share your personal data with third parties in connection with a potential or actual sale or restructuring of our company or certain of our assets, in which case your data may form part of the transferred assets.
We also use subcontractors to process your personal data on our behalf. In this context, for residents of Europe, your personal data may be transferred outside the European Economic Area (EEA), to countries (such as the United States) that do not offer a level of protection to your data equivalent to that which you enjoy within the EEA. In the absence of an adequacy decision by the European Commission under Article 45 of the GDPR, the transfer of your personal data will be governed by appropriate transfer mechanisms under Articles 46 et seq. of the GDPR (such as standard contractual clauses adopted by the European Commission). You can obtain a copy of these (excluding confidential provisions) by contacting us at dpo@reev.care.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All personal information that you provide to us is stored on Amazon’s secure servers[AB2]. Additionally, our website is hosted with SSL at the server level. The transmission of information over the internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Website. Any transmission of personal information is at your own risk to the extent permitted by law. We are not responsible for circumvention of security measures on the Website or in the Application. Identifying data of patients entered into the Application is encrypted.
You have a number of rights over your data.
● You can set your web browser to refuse all or some browser cookies, or you can opt out of cookies on the Website.
● You can set your web browser to send a Do Not Track signal.
● You may revoke your consent to any processing of your data based on your consent at any time.
● You can ask us to confirm whether we process your data and, if so, inform you of the characteristics of the processing, allow you to access it and obtain a copy.
● You can ask us to rectify or complete your data if it is incorrect or incomplete.
● In certain cases, you may ask us to delete your data or restrict its processing.
● You may ask us, in certain cases, to provide you with your data in a structured, commonly used and machine-readable format, or you may request that it be transmitted directly to another data controller.
● You have the right to define directives (general or specific) concerning the fate of your data after your death.
● You may object to any processing of your data that is based on our "legitimate interest". If you exercise this right, we must cease processing unless we can demonstrate compelling legitimate grounds that override your fundamental rights and freedoms, or for the establishment, exercise or defense of legal claims.
● You may object at any time to the processing of your data for prospecting purposes.
You may exercise your rights by contacting us at the address indicated in article 7 "Contact us".
You also have the right to lodge a complaint with the competent supervisory authority regarding the processing of your data. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).
- PROTECTING MINORS/CHILDREN UNDER THE AGE OF 18
Use of the Website or the Application is reserved for healthcare professionals. Our services are not intended for minors and are not intended to be used by minors. We do not knowingly collect information from minors, nor do we request any information from them. We do not knowingly authorize minors to use our services. No one under age 18 is permitted to use our Website or the Application, or provide any personal information to the Website or to the Application. If you are under age 18, do not use or provide any information to the Application, or the Website or through any of its features, including creating an account, purchasing products or services, providing any information about yourself to us, including your name, address, phone number, email address, screen name or user name that you may use. Any person providing information to REEV as part of an order declares that they have reached the legal age of majority. If we discover that we have collected information from a minor without their parent's or legal guardian's permission, we will delete it. Please contact us at dpo@reev.care if you believe that you have provided us with information about a minor without their parent's or legal guardian's permission.
For more information about your rights, to exercise them or if you have any questions or complaints about the protection of your personal data, you can write to us at dpo@reev.care.
If you are a resident of the European Union and you wish to report a complaint or you feel that we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with a supervisory authority such as the member state in which you reside or work.
We may modify this Privacy Policy to reflect changes in legislation, our services, our data processing practices or technological advances. Our use of the personal data we collect is subject to the Privacy Policy in effect at the time such data is used. Depending on the type of change, we may inform you of the change by posting a notice on this page.
[AB1]What personal information is collected through the application other than what the user enters?
[AB2]Do you store information anywhere other than the servers? Is any information downloaded and stored locally in your systems or in email?
