GDPR

Living better with Parkinson’s
DATA PROTECTION POLICY

Updated April 12, 2022 Policy

The purpose of this personal data protection policy of the Living With Parkinson’s Website  is to inform users of the website and the online services offered of their rights and obligations relating to the collection of their data.

This protection policy also answers the legitimate questions that users of our services may have to ask themselves during the use of the site.

It is thus recalled that, in particular, the Data Protection Act, as well as the European Regulation 2016/679 of 27 April 2016 (GDPR), which entered into force on 25 May 2018, provide for a specific system in terms of supervision and protection of Personal Data.

In this context, this policy aims to provide clear, complete and true information on the means and methods used by the Living Well with Parkinson’s site  to protect the data of its users and respect their rights.

In order for you to benefit from our services safely and with confidence, this policy presents in a single document clear, simple and sincere information concerning the processing of Personal Data carried out by MVAP.

Indeed, as part of our activities, we are required to collect, process and store a certain amount of Data concerning visitors to the site.

The purpose of this Personal Data Protection Policy is to inform Users about their rights, as well as the means used by MVAP to guarantee the security of your Data as well as compliance with legal and regulatory requirements in this area.

It is in this context that this personal data protection policy is inscribed.

This Policy is supplemented by:

  • Our legal notice;
  • The T&Cs of our site;

By benefiting from the Online Services provided by MVAP, Users undertake to comply with and be bound by this Policy.

DEFINITIONS

Data(s)Any element (information, texts, photographs, messages, etc.) collected by the User and implemented by him within the Site and the Services through its use;
Personal data Under Article 4.1 of the GDPR, means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
Feature(s)Each element implemented, accessible and usable within the different Services;
Data Protection ActRefers to Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms accessible on the Internet at the following address: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000886460;
Living better with Parkinson’sRefers to the Site;
Means of AccessMethods and/or functions by which the User may access one or more Services in order to use them for his own needs;
MVAPRefers to the commercial name of the sole proprietorship of Mr. Clément JUST, registered in the Register of Commerce and Companies of BORDEAUX under the number 882 233 307;
OperatorCompany that operates different electronic telecommunications networks necessary for access to and use of the Services;
PoliticsMeans this Personal Data Protection Policy;
Data ControllerAccording to Article 4.7 of the GDPR, means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria for his or her appointment may be provided for by Union law or by the law of a Member State; 
GDPRRefers to Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 available online at the following address: https://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=FR
ServicesAll the services made available to the User by MVAP and accessible via the Means of Access;
SiteRefers to the Living Better with Parkinson’s website owned by MVAP;
SubcontractorMeans, pursuant to Article 4.8 of the GDPR, the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller;
Third:Refers to natural persons who are not related to MVAP or other individuals unrelated to MVAP and/or the User;
Treatment(s)Means any operation or set of operations carried out or not by automated means and applied to personal data or sets of data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available,  alignment or interconnection, limitation, erasure or destruction; 
User(s)Refers to any natural person accessing the Site as well as any person benefiting from the Services;
  1. WHO COLLECTS YOUR DATA (IDENTIFICATION OF THE CONTROLLER)?

The Data Controller for Personal Data is MVAP, who can be contacted:

Thus, MVAP alone determines the means and purpose of collecting the Personal Data Processing necessary for the use of the Services by the User, as well as other Data necessary for the establishment of the contractual relationship, its monitoring and improvement.

  • WHAT ARE MVAP’S ACTIVITIES  AND SERVICES OFFERED?

The Living Better with Parkinson’s Site is a website based on an innovative concept, namely the self-rehabilitation of Parkinson’s disease.

Through Living Well with Parkinson’s, several Services are offered by MVAP to all Users accessing the Site.

In addition, Users with an Account and subscription may access specific Services.

For more information, we invite you to consult the Terms of Use of the Living Better with Parkinson’s Site.

All of these elements are referred to in this Policy as the “Services“.

In order to be able to offer you the Services best suited to your expectations, it is necessary for us to collect and process a certain amount of Personal Data.

  • ON WHAT OCCASIONS IS PERSONAL DATA COLLECTED?

On the Site, Personal Data is collected by MVAP:

  • During visits to our Site (login details);
  • When filling in one or more forms on the Site;
  • When clicking on hypertext links to our social networks;
  • During our exchanges and your actions on our social media pages;

When performing the Services requiring a subscription, Personal Data is collected by MVAP:

  • When filling in the User’s personal information when creating an Account ;
  • During exchanges between MVAP and the User ;
  • THROUGH WHAT INTERMEDIARY IS PERSONAL DATA COLLECTED BY MVAP ?
    • CHANNELS FOR COLLECTING PERSONAL DATA ON THE INTERNET

Personal Data is collected by MVAP through:

  • From the Site;
  • Through our social networks;
  • Direct contacts (telephone, email, visit, etc.) between the Customer and MVAP.

Thus MVAP has dedicated pages on the following social networks:

MVAP is co-responsible for processing the pages on the social networks listed above.

For any difficulty when using the pages listed above, the User may contact the operator in question (Facebook, Instagram, LinkedIn), or contact MVAP.

  • DETAILS ON THE USE OF SOCIAL NETWORKS

The Site uses buttons and social network integrations on its pages, for Users, who can thus integrate links to their pages on the Facebook, Instagram, LinkedIn networks.

Most of the links on our Site  containing content from social networks refer to the sites and tools in question, and are not directly integrated into the page.

If you click on a button to share and/or play content, a new window will then appear and you will then be able to access the content (if applicable by having filled in your connection data to the service concerned).

For more information and exercise of your rights, concerning the protection and security methods of these third-party providers, we invite you to connect directly to the pages concerned, listed below:

  • FOR WHAT PURPOSES DOES MVAP COLLECT PERSONAL DATA?

MVAP collects your Personal Data for the following purposes:

  • Provision of the Services as described above;
  • Management of requests for rights of access, rectification, portability (if any) and opposition;
  • Statistical analyses.

The collection of Data is strictly limited to the achievement and monitoring of the purposes mentioned above.

  • WHAT ARE THE LEGAL BASES FOR THE COLLECTION OF PERSONAL DATA?

Article 6 of the GDPR states that processing is lawful only if at least one of the following conditions is met:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject;

c) the processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) the processing is necessary to safeguard the vital interests of the data subject or another natural person;

(e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.  »

In this regard, MVAP recalls that the Treatments carried out are based on:

  • The necessity relating to the execution of the pre-contractual and contractual relationship;
  • The legitimate interest of the Data Controller;

In any case, we make sure not to disregard your interest or your fundamental rights and freedoms by allowing you, at any time, to oppose all or part of the processing described in this Personal Data Protection Policy.

Details of your rights regarding the Personal Data collected by MVAP are defined below.

In this context, in the event of an opposition, we will inform you of the consequences of this opposition on the performance of the requested service.

  • WHAT DATA DOES MVAP COLLECT?

As part of our Services, we collect and process the following Personal Data:

  • Collection based on the establishment of a contractual or pre-contractual relationship:
  • Contact details : email address;
  • Collection based on legal obligations:
    • Billing details : surname, first name, address (in the event of a payment greater than 25 € or when the customer makes a request to obtain an invoice);
  • Collection based on legitimate interest:
    • Data related to the use and control of computer equipment: Data related to the use of equipment provided through the Site;
    • Data related to social networks;
    • Tracking and marketing data: IP address, Connection data (dates, number of connections);
  • Consent-based collection:
    • Use of cookies other than technical cookies and those remaining strictly necessary for the delivery of a Service expressly requested by the User or the Third Party. This consent may be withdrawn or modified at any time through the tool provided on the Site;
    • E-mail address in the context of commercial prospecting;
    • Transmission of Contact Data to MVAP’s partners  as part of a joint action.
  • HOW DOES MVAP ENSURE THE SECURITY OF MY DATA?

With regard to the Data processed, MVAP attaches fundamental importance to the security and confidentiality of the Data that you are required to communicate to us.

This Policy results in the selection of Subcontractors and partners who meet the standards set by the regulations in force.

In addition, each MVAP employee  undertakes to adhere to a strict security and confidentiality policy.

In summary, MVAP implements legal and organizational elements to ensure the best possible protection with regard to the typology and purposes of the Personal Data collected in order to protect said Data against alteration, accidental or unlawful loss, use, disclosure or unauthorized access.

In this regard, MVAP attaches fundamental importance to:

  • The awareness of its employees to the requirements of confidentiality;
  • The submission of its Subcontractors to compliance with their confidentiality obligations;
  • Securing access to its premises and IT platforms;
  • Securing access, sharing and transfer of Data;
  • The implementation of a general IT security policy;
  • The demanding selection of partners and service providers based on their compliance with the GDPR in particular as well as other regulatory obligations applicable in France.
  • DATA STORAGE

Personal Data is stored on servers with adequate security and located in Europe and benefiting from adequate security standards with regard to the Data processed.

  • CONFIDENTIALITY OBLIGATION

All MVAP  employees are subject to a strict obligation of confidentiality and are made aware of compliance with the provisions of the regulations on the protection of Personal Data.

In addition, all the Subcontractors selected by MVAP have stated that they comply with their obligations in this area and are subject to an obligation of confidentiality.

  • FOR WHAT DURATION CAN MY DATA BE STORED BY MVAP ?

Below is a list of the main retention periods applied by MVAP.

Types of dataRetention periods
Audience measurement statistics data and gross Site traffic data13 months
Account Data24 months from the last connection through the Means of Access
Data related to satisfaction surveys and reviews36 months
Data related to the establishment of the pre-contractual and contractual relationshipUnder the terms of the relationship

Printed on paper, Personal Data will be destroyed securely, including by cross-shredding or incineration of paper documents or otherwise and, if saved in electronic form, will be destroyed.

MVAP also reserves the right to retain strictly anonymized Statistical Data for a period longer than the periods mentioned above for research and scientific publication purposes only.

  1. DOES MVAP COLLECT “SENSITIVE” AND/OR CHILD DATA?

It is recalled that “sensitive” Data is defined as follows by the GDPR:

Information concerning racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sex life. In principle, sensitive data can only be collected and used with the explicit consent of individuals. »

In this regard, MVAP specifies that it is in principle not required to collect sensitive Data transmitted by the User during the provision of Services.

With regard to Personal Data relating to minors, it is also recalled that Recital No. 38 of the GPDR provides that:

Children deserve specific protection with regard to their Personal Data because they may be less aware of the risks, consequences and safeguards involved and their rights related to the processing of Personal Data. This specific protection should, in particular, apply to the use of Personal Data relating to children for marketing purposes or to create personality or user profiles and to the collection of Personal Data relating to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be required in the context of preventive or counselling services offered directly to a child.  »

It is thus recalled that Article 7-1 of the Data Protection Act sets the age limit for the use of Personal Data at 15 years.

MVAP is not intended to collect Personal Data from minors under the age of 15.

  1. WHAT ARE THE OBLIGATIONS OF USERS?

As a preliminary point, the User must ensure that he uses recognized and up-to-date Internet access programs, including the various ancillary modules allowing access to the Services.

The User undertakes to communicate to MVAP accurate and up-to-date information, concerning him directly.

In this regard, each User undertakes, when transmitting Data on the Site or directly, to comply with MVAP’s General Terms and Conditions of Use.

Finally, the User undertakes not to communicate (by email for example) information not expressly requested by MVAP necessary for the performance of the Services

  1. OPTIONAL OR MANDATORY NATURE OF THE PERSONAL DATA COLLECTED

Only data provided in a form field marked with an asterisk (*) are mandatory in order to benefit from MVAP’s Services.

All Additional Data provided by the User is not mandatory and may be transmitted on an optional basis by the User, in order to improve his User experience on the Site and allow MAVP to  personalize his experience.

  1. WILL MY CONTACT DATA BE USED FOR ADVERTISING PURPOSES? WILL I RECEIVE SPAM FROM MAVP?

MAVP does not carry out commercial prospecting via the sending of e-mails, without the prior consent of the User concerned.

It is recalled that, in accordance with the applicable regulatory and legal provisions, MVAP may only send you marketing offers or commercial offers provided that you have given your clear, unequivocal and explicit consent to receive such elements.

In this regard, acceptance ticks are provided, if necessary, on the Site in order to collect your consent on this point. It is also possible, at any time, to withdraw this consent in order to no longer be the recipient of such offers.

  1. AUTOMATION OF TRANSMISSIONS AND PROCESSING

The Personal Data collected by MVAP is not subject to decisions based exclusively on automation.

Automation of decision-making or processing can be carried out in an ancillary way, but will always remain under the control of a human person.

  1. WHERE ARE THE DATA COLLECTED BY MVAP PROCESSED  ?

MVAP mainly processes Data on internal servers located in Europe.

Our Subcontractors are mainly established within the European Economic Area. Marginally and for certain specific Services, the Data collected by MVAP could be transmitted to Subcontractors established outside the European Union.

In this situation, MVAP ensures that the appropriate guarantees are provided by the Subcontractors in question to supervise any transfer of Personal Data by subscribing to specific contracts ensuring in particular that the rights of Users are respected.

  1. WHO ARE THE RECIPIENTS OF THE DATA COLLECTED?

The Personal Data collected by MVAP may be transmitted to the Subcontractors selected by MVAP, provided that such Data is necessary for the exercise of their missions.

Your Personal Data may also be disclosed to Customers. In this case, MVAP will only be able to do so after requesting and obtaining your prior and explicit authorization.

Apart from these situations, MVAP does not transfer or transfer any Data directly or indirectly concerning its Users to Third Parties.

If you wish to have access to the detailed list of our Subcontractors, you can contact MVAP directly  using a contact form or at the contact details indicated in Article 21 of this Data Protection Policy.

  1. WHAT ARE THE RIGHTS OF USERS?

In accordance with the european general regulations in force on data protection, each User has the right to obtain free information concerning the Personal Data collected by MVAP.

Your rights and claims include:

  • ▪        Article 15 GDPR – Right to information on how Personal Data is processed by MVAP ;
  • Article 16 GDPR – Right to rectification of Personal Data collected by MVAP by  contacting MVAP directly;
  • Article 17 GDPR – Right to erasure, this right does not concern all the Data collected;
  • Article 20 GDPR – Right to data transfer (portability), this right only concerns Data collected on the basis of consent and the establishment of the contractual relationship;
  • Article 21 GDPR – Right to object.

For any request in this context, the User may send his request to the contact details indicated in Article 21.

 If necessary, MVAP may be required to ask you for certain additional elements (proof of identity, identifier, etc.) in order to ensure your identity in the context of the exercise of your rights.

  1. WHAT HAPPENS TO MY DATA IN THE EVENT OF DEATH? WHO WILL HAVE ACCESS TO THE TRANSMITTED DATA?

MVAP may be required to have Personal Data relating to a deceased person.

In this case, Law No. 2016-1321 of 7 October 2016 establishes as a principle that the personal rights of the deceased are extinguished on the death of their holder.

However, the regulations provide for two exceptions in which these duties may be provisionally maintained:

  • The deceased has issued directives to allow any person, during his lifetime, to organize the conditions for the storage, erasure and communication of his personal data after his death;
  • In the absence of instructions or indications to the contrary from the deceased, it is provided that the heirs may “to the extent necessary” exercise the rights relating to:
  • the organization and settlement of the estate of the deceased. As such, heirs can access the processing of personal data concerning them in order to identify and obtain communication of information useful for the liquidation and division of the estate. They can also receive communication of digital assets or data similar to family memories, transferable to heirs
  • the taking into account, by the controllers, of his death. As such, the heirs may have the deceased’s user accounts closed, oppose the further processing of personal data concerning him or have them updated“.

In the event that you would like MVAP to collect your instructions regarding the transmission of Personal Data post-mortem, we invite you to contact us at the contact details indicated in Article 21 of this Policy.

  1. HOW ARE USERS NOTIFIED OF CHANGES TO THIS DATA PROTECTION POLICY?

MVAP may modify this Data Protection Policy at any time.

MVAP will inform Users by any means of the changes made herein.

MVAP invites Users to regularly read the Data Protection Policy in order to keep themselves fully informed of its provisions.

  • 20.  SUPERVISORY AUTHORITY

In the event that you consider that MVAP does not comply with its obligations regarding the protection of Personal Data, you may contact the competent supervisory authority, namely the CNIL (https://www.cnil.fr/fr/agir or 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07).

  • 21.  HOW DO I CONTACT MVAP?

Users may contact MVAP for any questions they may have about this Data Protection Policy at the following addresses:

In this context, you may be asked for proof of identity before processing your request.