Privacy Policy - Caregiver in oncology
Article 1
Introduction
The essential
RESILIENCE is fully committed to complying with the applicable regulations to protect your Personal Data.
This Privacy Policy details how and why we use your Personal Data. It is part of the General Terms of Use (GTUs) that you accepted when you registered.
Text
RESILIENCE takes the protection of Patients' Personal Data very seriously and shall process the information it collects about you in a secure and responsible way, in compliance with the General Data Protection Regulation (GDPR).
The GDPR is in line with French law No. 78-17 of January 6th, 1978 ("Data Protection law") and has been applicable since May 25th, 2018. The GDPR regulates the use of Personal Data by public and private organisations, including RESILIENCE.
This Privacy Policy is part of the GTUs and its purpose is to provide you with clear and transparent information on how we collect and use your Personal Data as a Data Controller.
Terms starting with a capital letter are defined in our General Terms of Use as well as in the "Definitions" section of each article in this Policy.
Definition
RESILIENCE (or "We") refers to the company RESILIENCE, a simplified joint-stock company with a capital of 18.849,72 euros, registered with the Paris Trade and Companies Register under number 893 834 713 and whose registered office is located at 6, rue d'Armaillé - 75017 Paris (France), which is marketing the Resilience Solution.
The Resilience Solution is designed to complement the IT tools used by Healthcare Professionals and/or Establishments with remote monitoring and support functionalities for Patients with cancer, thanks to the two following key functionalities:
- Support, via the Resilience.care application.
- Remote monitoring, via the Resilience PRO module.
The Application refers to the Resilience Care mobile application developed by RESILIENCE and accessible as part of the Resilience Solution. This tool is designed to support Patients by providing personalised content and wellness programmes. Resilience PRO is a Class IIa medical device, remote monitoring module, manufactured by BETTERISE. Resilience PRO is a regulated health product certified as "medical monitoring and clinical decision-making support software in the field of Oncology" and bears, under this regulation, the CE 0459 marking.Personal Data are information that can be used to identify you. They specifically include your surname, first name, and your professional speciality.
Article 2
Object
The essential
Resilience works as :
- Your Sub-contractor
- a Sub-contractor for a Partner Healthcare Establishment or for your Prescribing Healthcare Professional,
- a Data Controller
In the second case, please contact your Healthcare Establishment for more information.
Text
This Privacy Policy describes how your Personal Data are collected and used by RESILIENCE in its capacity as Data Controller.
RESILIENCE can also work as your Subcontractor or the Subcontractor of your home Healthcare Establishment to provide a solution to help support Patients with cancer. Please contact them for more information.If our Resilience Solution is specifically used for a clinical trial, the Data Controller will be the Sponsor of the trial.
Definition : The Partner Healthcare Establishment (or "Establishment") refers to any healthcare establishment involved in your care as a Patient and having concluded or not a contract with RESILIENCE, one of its affiliates or one of its distributors, in aim of providing the Resilience Solution to Patients.A Data Controller determines the purposes and means of personal data processing, i.e. the purpose of the processing and how to implement it.The Patient refers to any natural person cared for by a Healthcare Professional having access to and using the Resilience Solution. The Patient is considered by default as a non-healthcare professional.A Subcontractor processes data on behalf of another organisation ("the Data Controller"), as part of a service.
Article 3
Description of the Resilience PRO module
The essential
The Resilience Solution, marketed by RESILIENCE, is proposed by you, a Healthcare Professional, to Patients as part of their medical care.
The Resilience Solution contains a remote monitoring module referred to as Resilience PRO.Resilience PRO is subject to strict European regulations.
Text
The Resilience Solution is designed to complement your IT tools and/or those used by Establishments with remote monitoring and support functionalities for Patients with cancer, thanks to the two following key functionalities:
- Support, via the Resilience Care App;
- Remote monitoring, via the Resilience PRO telemonitoring module, a Class IIa medical device manufactured by RESILIENCE MD, for telemonitoring prescribed by a healthcare professional to patients, without replacing medical care.
For more information, please consult our General Terms of Use.
Definition
RESILIENCE MD, a simplified joint-stock company with a capital of 6,315.00 euros, registered with the Bayonne Trade and Companies Register under number 791 307 309, with its headquarters located at 24, Avenue Victor Hugo – 64200 Biarritz, is the manufacturer of the Resilience PRO telemonitoring module.The Healthcare Professional refers to you as a caregiver practicing within your Establishment or outside the latter and participating in the medical care of the Patient.
Article 4
Why does RESILIENCE use your Personal Data ?
The essential
Your Personal Data is collected when you use the Resilience Solution for specific objectives (purposes) and according to legal grounds.
Your Data are collected for:
- Creating and ensuring the administrative and technical management of your Caregiver User account.
- Managing user support and your claims.
- Ensuring the operation and continuous improvement of the Services and our Solution.
- Detecting and solving technical incidents, etc.
If you would like more information about how your Personal Data are used, please contact your Establishment.
Text
RESILIENCE and its subsidiary RESILIENCE MD (manufacturer of the Resilience PRO module) collect and use Personal Data as Data Controller for the following purposes and based on the following legal grounds:
- Creation and administrative and technical management of your Caregiver User account (based on the contract concluded between your Establishment and RESILIENCE for using our Solution).
- Management of user support and your claims (contract).
- Technical support management (contract).
- Ensuring the operation and continuous improvement of the Services and our Solution (legitimate interest of RESILIENCE).
- Analyze your use of our Solution (legitimate interest of RESILIENCE);
- Research in relation to the Health Data Warehouse for the purposes authorised by the French National Commission for Data Protection and Liberties (CNIL) (legitimate interest of RESILIENCE).
- Detection and resolution of technical incidents (legitimate interest of RESILIENCE).
- Management of incidents and materiovigilance (legal obligation).
- Post-marketing clinical monitoring (legal obligation).- Post-marketing monitoring (legal obligation).
- Billing (legal obligation).
Please contact your institution for more information about these treatments.
RESILIENCE MD, in its capacity as manufacturer of the Resilience PRO medical device, also has a legal obligation to process your Personal Data for the purposes of incident management and materiovigilance.
RESILIENCE MD provides post-marketing surveillance or evaluation as part of the post-marketing clinical monitoring of medical devices (BETTERISE TECHNOLOGIES' legal obligation).
Article 5
What information is collected by RESILIENCE and how ?
The essential
When you use the Resilience Solution, the following information about you is collected:Lorsque vous utilisez la Solution Resilience, les informations suivantes vous concernant sont collectées :
- Your name and your contact information.
- Your personal information (such as your profession, your home Healthcare Establishment, etc.).
- Your login details.
- Your technical data.
Text
By using our Resilience Solution, you send us a certain amount of information about yourself, some of which are likely to identify you:
- Your identification data: to create your Account and to allow us to contact you again (for example if you send us a question). This includes, for example, your surname, first name, identification number, e-mail address, phone number.
- Your professional information: such as your profession, your speciality, your home Healthcare Establishment.
- Your login details: all information you need to access your Account, such as your password and other information necessary for authentication and accessing your Account).
We also collect technical data, contained in the browser, computer or mobile device with which you use our Solution, especially the following:
- Data allowing us to learn more about the device you are using ("device data"): the type and model of the device, its operating system and version, its unique identifier, etc.
- The log data ("log data") which are automatically saved by our servers according to those sent by your browser. These data include the date and time of your visit, the version of the browser used (as well as its configuration), your IP address and protocol, and how you used our Solution.
The essential
In order to use the Resilience Solution, Users need internet access with sufficient bandwidth and computer hardware compatible with the minimum configuration required.They are solely responsible for choosing the network and hardware.
Text
To access the Resilience Solution, Users must have an Account, which is provided via a phone number (and/or a professional e-mail address) and a password.
They must complete and/or validate all identification fields:
- Professional e-mail address
- Surname used in a professional capacity
- First name
- Phone number
- Job
- When applicable, the Establishment involved in the User's treatment.
The Account must comply with the following rules at a minimum:
- Personal information must be accurate, verifiable, complete and up-to-date;
- Account connection information (times, country, Internet service provider, prohibition of proxies) must correspond to the normal use of a user account.
Users only have the right to access the Resilience Solution, which remains the property of RESILIENCE.
The essential
The login details (and/or phone number, password) that you use to access the Resilience Solution are personal and confidential.
In the event of unauthorized or suspicious use, you must immediately notify RESILIENCE at: support@resilience.care.
All operations carried out using your login details will be considered as having been carried out by you.
Text
The login details (e-mail and/or telephone number, password) are intended to restrict access to the Resilience Solution, including the Resilience PRO module, to Users only, to protect the integrity and availability of the Resilience Solution, as well as the integrity, availability and confidentiality of the Personal Data transmitted via our Solution.
They are personal and confidential. It is the Users' responsibility to ensure the confidentiality of their login details, to ensure the accuracy of their Personal Data which appear in the Resilience Solution (especially for identification purposes) and to immediately notify RESILIENCE in the event of any unauthorized or suspicious use at: support@resilience.care. All operations carried out in the Resilience Solution using Users' login details are considered to have been carried out by the Users themselves.
The essential
Identification with the Resilience Solution can also be carried out via Pro Santé Connect, using the e-CPS mobile application or the CPS card of the User, Healthcare Professional.
Text
Pro Santé Connect is a teleservice implemented by the Digital Health Agency (Agence du Numérique en Santé, ANS) which simplifies the identification of Healthcare Professionals.
The Users, Healthcare Professionals, can log in using their e-CPS mobile application or their CPS card, with a card reader and the necessary components.
The essential
You are responsible for your Account. Therefore :
- You must take precautions to prevent third parties from accessing your Account without your authorisation.
- You may only use your Account.
The procedures for creating User Accounts for access to the Services are the responsibility of the Establishment.
Text
In order to guarantee the security of your Account and prevent any usurpation, you agree to :
- Not give access to your Account to an unauthorized third party;
- Take all measures to prevent an unauthorized third party from accessing the Account to which you are connected, even without your knowledge.
RESILIENCE may in no way be held responsible in the event of Account usurpation or of any alteration that an Account may undergo.
Definition
An Authorized Third Party is any physical person authorized by the Patient to access the Resilience Solution and enter on his behalf all information concerning them in the context of his medical treatment.
The essential
Vous restez responsable des données et des informations que vous communiquez en utilisant la Solution Resilience.
Text
Users can modify and update the data relating to their Account.
Users acknowledge that they alone, and not RESILIENCE, are responsible for the data provided and other information exchanged, and that they must use the Resilience Solution in compliance with the current GCU and applicable laws and regulations.
The essential
Your Account is created when you accept the current GCU.If you wish to delete your Account, you can contact :
- Your establishment,
- RESILIENCE, at the following e-mail address: privacy@resilience.care
Text
The Account is provided for Users from the moment they accept the current GCU and for the entire period during which they use the Resilience Solution.
If the Account is not used during a period of 5 years, it is archived. In the event of a repeat offence or a medically justified reason, you may ask RESILIENCE to restore your Account in order to recover its content or information.
If you wish to delete your Account, you can contact:
- Your establishment,
- RESILIENCE at: privacy@resilience.care, or at the following postal address: RESILIENCE - for the attention of the Data Protection Officer – 6, rue d'’Armaillé – 75017 Paris (France).privacy@resilience.care, ou à l’adresse postale suivante : RESILIENCE – à l’attention du Délégué à la protection des données – 6, rue d’Armaillé – 75017 Paris (France).
Article 6
With whom does RESILIENCE share your Personal Data ?
The essential
We share your Data with:
- Our subsidiary RESILIENCE MD ;
- Our service providers ;
- Your medical team, if necessary.
Text
We may need to share your Personal Data with the following recipients:
- Our subsidiary RESILIENCE MD, , which is the manufacturer of the Resilience PRO module and needs your information to ensure remote monitoring of your Patients or to meet its materiovigilance obligations.
- Our service providers: we use various service providers, for example, to provide technological or logistical services, and support management. Our service providers must comply with our requirements regarding the confidentiality and security of Personal Data. They are not authorised to use Personal Data. They are listed on our website.
- Your medical team: we can send your Data to other members of the medical team as part of your Patient's monitoring.
In order to manage serious adverse events when using Resilience PRO, the manufacturer or RESILIENCE may also send your Data to members of your healthcare team, involved in the monitoring of your Patients, or who can provide assistance in the analysis of your file, to notified bodies in charge of assessing the Resilience PRO medical device and to national public bodies (for example, the National Agency for the Safety of Medicines and Health Products (ANSM) in France or the Federal Agency for Medicines and Health Products (FAMHP) in Belgium).
The essential
RESILIENCE fournit au Prescripteur les Services conformément aux présentes CGU, à la règlementation qui lui est applicable, ainsi qu’aux normes, pratiques et coutumes générales de l’industrie.
Les modalités de création des Comptes d’accès des Prescripteurs aux Services relèvent de la responsabilité de l’Établissement
Text
Les accès aux Services sont accordés dans le respect des règles d’identification et d’affectation des droits, définies par l’Établissement. Les modalités de création des Comptes d’accès des Prescripteurs aux Services relèvent de la responsabilité de l’Établissement.
Le Prescripteur devra respecter les spécifications et prérequis contenus dans la Documentation (comme par exemple, utiliser les versions des navigateurs Internet spécifiées) lui permettant un accès aux Services dans les meilleures conditions. Le Prescripteur est responsable de la qualité de sa connexion Internet conformément aux spécifications de RESILIENCE. A ce titre, RESILIENCE ne saurait en aucun cas être tenue responsable de la qualité, de la vitesse ou de l’interruption des moyens de communication (notamment du réseau Internet) entre la Solution Resilience et l’infrastructure technique du Prescripteur.
En aucun cas RESILIENCE ne sera tenue de payer les éventuels coûts liés à la substitution de la Solution Resilience ni ne procéder à leur remplacement. En cas de constatation d’un dysfonctionnement de la Solution Resilience, le Prescripteur signalera ledit dysfonctionnement à RESILIENCE. RESILIENCE assure la formation du Prescripteur sur l’utilisation des Services.
Definition
Le Prescripteur désigne tout Professionnel de santé, Utilisateur de la Solution Resilience, exerçant dans un Etablissement et prescrivant la Solution Resilience aux Patients.
Article 7
Are your Personal Data transferred to third countries?
The essential
Your Health Data are hosted in France, by certified hosting providers, authorised to store Health Data.RESILIENCE may use service providers located outside the European Union: if necessary, RESILIENCE will implement appropriate guarantees to protect your Personal Data.
Text
Your Personal Data, collected when you use the Resilience Solution, are hosted by certified HDS (Health Data Hosting Provider) hosts in France. For the Resilience PRO remote monitoring module, the Data are stored by Ecritel.RESILIENCE may also use service providers located outside the European Union. Should data be transferred to a third-party country whose legislation has not been recognised as offering an adequate level of protection for Personal Data, RESILIENCE will implement appropriate guarantees, such as standard contractual clauses.All of our service providers and the appropriate guarantees implemented by RESILIENCE are listed on our website.
Definition
The Content specifically refers to all the texts, information, graphics, images, videos, audio files, music, illustrations, data, interfaces, trademarks, logos and computer codes of the Resilience Solution.
Article 8
How long are your Personal Data kept for ?
The essential
Vos Données Personnelles sont conservées le temps de votre inscription et de votre utilisation de notre Solution.
En cas de non-utilisation de la Solution Resilience pendant 12 mois :
- Your Personal Data are deleted and will be archived for 24 months.
- Then, unless you instruct us otherwise, your data will be deleted or anonymised (i.e. it will no longer be possible to identify you or to know that they belong to you).
If you would like more information about the reason your Caregiver account was closed, or to recover your Personal Data, please contact us at the following address : soignant@resilience.care
Text
Your Personal Data are kept for the period during which you are registered and use our Solution, subject to compliance with the applicable legal provisions.If you do not log in or use our services for a period of 12 months your Data will be archived on an intermediate basis for a period of 24 months. The account will then be archived for a period of 10 years to comply with our regulatory obligations before being permanently deleted.Then, unless you instruct us otherwise, we will delete your Data, or we will irreversibly anonymise your Data in order to use it for scientific research purposes.The anonymisation process used by RESILIENCE MD will no longer allow any identification of your Personal Data, either directly or indirectly.When the decision to archive is taken, Patients are informed by a pop-up notification when their account is opened, by text message/e-mail sent using the contact details provided when they subscribed to our Solution.If you would like more information about the reason your Account was closed, or if you would like to recover your Personal Data, please contact us at the following address: privacy@resilience.care.
Article 9
RESILIENCE's Health Data Warehouse
The essential
With your consent, your Personal Data (not including your surname, first name or any other directly identifying information), collected when you use Resilience PRO, may be stored in RESILIENCE's Health Data Warehouse and used for scientific research to improve the Patients' care and quality of life.If you refuse, this will not affect how you use the Resilience Solution.
Text
As a Data Controller, RESILIENCE performs scientific research to improve the care and quality of life of cancer patients. In this respect, RESILIENCE set up a Health Data Warehouse, authorised by the French National Commission for Information Technology and Civil Liberties (Commission Nationale de l'Informatique et des Libertés - CNIL) on April 21st, 2022.With your consent, your pseudonymised Personal Data (i.e. without your surname, first name or any other directly identifying information), including data collected when you use Resilience PRO, may be stored and used by RESILIENCE in a database for scientific research purposes and as part of the development of our decision-making and medical care support tool.Your Data will be kept in this database for 15 years after being collected.If you refuse, this will not affect how you use the Resilience Solution.You can exercise your rights, and in particular object to your Personal Data being collected and re-used, by contacting our Data Protection Officer at the following address: privacy@resilience.care or by post by writing to RESILIENCE (for the attention of the DPO), 6 rue d'Armaillé - 75017 Paris (France).To access the list of research programmes, studies and assessments or obtain more information about our warehouse, you can consult our Transparency portal.
Definition :
The Health Data Warehouse ("Resilience Data Warehouse") is a database intended to be used by RESILIENCE specifically for research, studies or assessments in the field of health. RESILIENCE has been authorised by deliberation No. 2022-049 of April 21st, 2022.
Article 10
How are your Personal Data secured?
The essential
We implement appropriate technical and organisational measures to preserve the security and confidentiality of your Personal Data.As required by the regulations, the Resilience Solution is stored by a hosting provider certified for Health Data Hosting (HDS), Ecritel.
Text
RESILIENCE shall protect your Personal Data against any loss, destruction, alteration, unauthorised access or disclosure.
RESILIENCE shall therefore implement appropriate technical and organisational measures to preserve the security and confidentiality of your Personal Data such as the following:
- Access to Personal Data is limited to people who are authorised due to their functions.
- Contractual guarantees when working with an external service provider.
- Performing data protection impact assessments (DPIA).
- Our employees are trained in data protection and are subject to confidentiality obligations.
- Regularly reviewing our Privacy Practices and Policies and/or physical and/or logical security measures (secured access, authentication process, backup copies, antivirus software, firewalls, etc.).
- Data encryption, etc.
RESILIENCE shall ensure that the Resilience Solution is hosted by a hosting provider with HDS certification (Health Data Hosting Provider). Therefore, for the Resilience PRO remote monitoring module, your Personal Data as well as your Patients' data are stored by Ecritel. For more information, you can consult Ecritel's Privacy Policy.The Health Data Warehouse is hosted in France by OVH, in a Health Data Hosting (HDS) environment. For more information, you can refer to OVH's Privacy Policy.
Article 11
How are cookies managed ?
The essential
We use internal trackers to measure the number of visitors, i.e. they will not be shared outside RESILIENCE.
Text
A "cookie" or connection tracker is a string of information containing your browsing data, which are stored by your web browser for a specific period of time.RESILIENCE is required to use internal trackers. These trackers are used to track your activity within the Resilience Solution, to measure the number of visitors (measure performance, detect navigation problems, optimise technical performance or ergonomics, assess the power of the necessary servers, and analyse the content being consulted). However, these trackers are only used internally and are not shared outside RESILIENCE or for advertising purposes.
Article 12
What are my rights ?
The essential
You have several rights concerning your Personal Data.You can exercise these rights: 1. With your Partner Health Establishment, or2. With RESILIENCE at the following address: privacy@resilience.careIf the answer provided does not satisfy you, you can send a complaint to your data protection authority, in France, the CNIL.This link provides a list of all the competent authorities in Europe.Vous trouverez sur ce lien l’ensemble des autorités compétentes en Europe.
Text
Your Personal Data belongs to you, and as such, you have a number of rights.In accordance with applicable laws and regulations relating to the protection of personal data, you have the right:
- Of access: you have the right to know what Personal Data we have about you, to consult them and to obtain a copy (find out more).
- Of rectification: if you notice an error, you can ask us at any time to correct the incorrect information or to complete your information (find out more).
- Of deletion: under certain conditions, you can ask us to delete your Personal Data. Please note that we may retain certain information about you when we are required to do so by current laws and regulations or when we have a legitimate reason to do so (find out more).
- Restriction: under certain conditions, you may ask us to restrict our use of your Personal Data, for example for the period necessary to examine a request for rectification (find out more).
These rights can be exercised:
- With your Partner Health Etablishment, or
- By contacting RESILIENCE at: privacy@resilience.care, or at the following postal address: RESILIENCE - for the attention of the Data Protection Officer – 6, rue d'Armaillé – 75017 Paris (France).
When you submit a request to exercise your rights, we have a period of one month from receipt to respond to it. This one-month period may be extended by two months depending on the complexity of your request.In order to respond to your request and guarantee the confidentiality of your Personal Data, we may ask you to prove your identity using any available means.If, after contacting us, you feel that your rights have not been respected, you have the right to lodge a complaint with the supervisory authority in France or that of your country, for example the National Commission for Information Technology and Civil Liberties (Commission Nationale de l'Informatique et des Libertés - CNIL) in France or the Data Protection Authority (Autorité de Protection des Données (APD) in Belgium. This link provides a list of all the competent authorities in Europe.