Nomadia Protect Application Privacy Policy
This Privacy Policy applies only to the NOMADIA PROTECT mobile application.
The purpose of this policy is to inform you in a transparent manner about how the company NOMADIA PROTECT (hereinafter “we”) collects, processes and protects the personal data of users of the mobile application (hereinafter, “your”, “you”).
The NOMADIA PROTECT app is designed to ensure the safety of lone workers. It allows your employer to fulfil its legal obligation to protect employees by implementing an alert system to report any distress situation and receive prompt assistance.
What is our role under GDPR?
In providing the NOMADIA PROTECT mobile application, we perform various processing activities in which we act both as:
– data controller and,
– data processor on behalf of our professional clients (hereinafter, “your employer”).
What personal data do we collect about you?
When you use the application, we may process the following personal data:
• Identification data: first name, last name, username
• Contact details: telephone number
• Connection data: IP address, connection logs
• Service usage and interaction data:
o Accelerometer
o depending on your employer’s settings, notifications related to smartphone operation (battery, on/off), event notifications (SOS by pressing buttons, fall detection, immobility, scheduled alarm request triggered by the user, etc.). Events are time-stamped and geolocated (your employer can decide to geolocate only alarms)
• Location data: GPS coordinates and coordinate timestamps
• Audio recording of exchanges between the company in charge of alarm management and you, when an alert is triggered
• Ambient-sound recordings (if this feature is enabled by your employer)
What are the processing purposes and retention periods applied?
The processing operations performed as data processor are identified by the mention (DP) in the table below:
Processing operation | Purpose | Legal basis | Retention period |
Ensuring the safety of lone workers through the provision of the NOMADIA PROTECT mobile application | Mobile application access management (DP) | Legal basis, to be determined by your employer | – For the entire duration of the contract between your employer and NOMADIA PROTECT |
Distress detection and alerting (DP) | Legal basis, to be determined by your employer | 90 days for location and service usage data – configurable by your employer | |
Monitoring and processing of lone worker alerts (DP) | Legal basis, to be determined by your employer | – 90 days for location and service usage data – configurable by your employer | |
Mobile Application Security Management | Legitimate interest | Up to 90 days | |
Do we share your personal data?
Your data is made available to your employer and to authorized NOMADIA PROTECT staff, strictly for the purposes for which it was collected and within the scope of their respective responsibilities.
They are also disclosed—only as needed to fulfil those purposes and within their mandates, to the following recipients:
– Service providers engaged to perform specific operations and tasks:
o For alarm management purposes: the company (a sub-processor of NOMADIA PROTECT) is responsible for responding to alerts. It may contact you via an automated call system and dispatch emergency services after a verification phase (e.g. no response, detected fall, medical distress or aggression).
o For data hosting purposes – sub-processor of NOMADIA PROTECT.
– Duly authorized public authorities (judicial, supervisory, etc.), under our legal and regulatory obligations.
– Regulated professions (lawyers, bailiffs, etc.) who could intervene in the context of the implementation of guarantees, recovery or litigation.
When we share your data with sub‑processors, we require them to use it only for the original, specified purposes. We take all reasonable steps to ensure these third parties maintain the confidentiality and security of your data, and we disclose only the minimum data necessary. We make every effort to ensure the secure transmission of your data.
Are your Personal Data transferred to Third Countries?
NOMADIA PROTECT processes your data in France only within the European Economic Area (EEA).
If a transfer outside the EEA were ever necessary, it would be strictly controlled, either:
– To a country recognized by the European Commission as offering an adequate level of protection;
– Or, failing that, on the basis of appropriate safeguards such as Standard Contractual Clauses or Binding Corporate Rules (BCRs).
What are your rights?
Under the GDPR, data subjects have the following rights:
- Right to information: the right to receive clear, precise and complete information about how your personal data are used.
- Right of access: the right to obtain a copy of the personal data that we or your employer hold about you.
- Right of rectification: the right to have inaccurate or outdated personal data corrected, and/or to have incomplete data completed.
- Right to erasure / right to be forgotten: the right, under certain conditions, to have your personal data erased, unless your employer has a legitimate interest in retaining it.
- Right to object: the right to object to the processing of personal data for reasons relating to your particular situation (subject to conditions).
- Right to withdraw consent: the right to withdraw your consent at any time, when processing is based on consent.
- Right to restriction of processing: the right, under certain conditions, to request that the processing of your personal data be temporarily suspended.
- Right to data portability: the right to request that your personal data be transmitted in a reusable format, allowing you to migrate it to another database.
- Right not to be subject to automated decision-making: the right to refuse decisions based solely on automated processing and/or to exercise any additional safeguards available.
- Right to define post-mortem directives: the right to define instructions relating to the fate of your personal data after your death.
To exercise your rights or for any questions relating to the protection of your personal data, we invite you to:
– contact your employer directly or,
– contact us at the following email address: dpo@nomadia-group.com – In this case, we will forward your request to your employer.
When you send us a request to exercise your rights, please specify as clearly as possible the scope of your request, the right you wish to exercise, the processing activity concerned, and any other relevant details to help us handle your request efficiently.
You also have the right to lodge a complaint with the French data protection authority (CNIL) at Commission Nationale de l’Informatique et des Libertés (CNIL) – 3 Place de Fontenoy – TSA 80715
75334 PARIS CEDEX 07, regarding any grievance about how NOMADIA PROTECT collects or processes your data.
How do we ensure the security of your personal data?
NOMADIA PROTECT is committed to safeguarding the personal data we collect, or process, against accidental or unlawful loss, destruction, alteration, unauthorized access or disclosure.
To achieve this, we implement all appropriate technical and organizational measures, tailored to the nature of the data and the risks involved. Such measures ensure the security and confidentiality of your personal data and may include:
– Restricting access to authorized personnel based on their roles;
– Pseudonymization of data;
– Encryption of data.
In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, backup copy, software, etc.) are regularly reviewed and updated if necessary.
Update of this Policy
This Policy may be regularly updated to take into account changes in regulations relating to personal data.
This English version of the Privacy Policy is provided for convenience only.
In the event of any discrepancy or inconsistency between the French and English versions, the French text shall prevail.
Last updated: July 2025.