Privacy Policy - Caregiver in oncology

Article 1

Introduction

The essential

RESILIENCE is fully committed to complying with the applicable regulations to protect your Personal Data.
This Privacy Policy details how and why we use your Personal Data. It is part of the General Terms of Use (GTUs) that you accepted when you registered.

Text

RESILIENCE takes the protection of Patients' Personal Data very seriously and shall process the information it collects about you in a secure and responsible way, in compliance with the General Data Protection Regulation (GDPR).

The GDPR is in line with French law No. 78-17 of January 6th, 1978 ("Data Protection law") and has been applicable since May 25th, 2018. The GDPR regulates the use of Personal Data by public and private organisations, including RESILIENCE.

This Privacy Policy is part of the GTUs and its purpose is to provide you with clear and transparent information on how we collect and use your Personal Data as a Data Controller.

Terms starting with a capital letter are defined in our General Terms of Use as well as in the "Definitions" section of each article in this Policy.

Definition

RESILIENCE (or "We") refers to the company RESILIENCE, a simplified joint-stock company with a capital of 18.849,72 euros, registered with the Paris Trade and Companies Register under number 893 834 713 and whose registered office is located at 6, rue d'Armaillé - 75017 Paris (France), which is marketing the Resilience Solution.
The Resilience Solution is designed to complement the IT tools used by Healthcare Professionals and/or Establishments with remote monitoring and support functionalities for Patients with cancer, thanks to the two following key functionalities:
- Support, via the Resilience.care application.
- Remote monitoring, via the Resilience PRO module.

The Application  refers to the Resilience Care mobile application developed by RESILIENCE and accessible as part of the Resilience Solution. This tool is designed to support Patients by providing personalised content and wellness programmes. Resilience PRO is a Class IIa medical device, remote monitoring module, manufactured by BETTERISE. Resilience PRO is a regulated health product certified as "medical monitoring and clinical decision-making support software in the field of Oncology" and bears, under this regulation, the CE 0459 marking.Personal Data are information that can be used to identify you. They specifically include your surname, first name, and your professional speciality.

Article 2

Object

The essential

Resilience works as :
- Your Sub-contractor
- a Sub-contractor for a Partner Healthcare Establishment or for your Prescribing Healthcare Professional,
- a Data Controller
‍
In the second case, please contact your Healthcare Establishment for more information.

Text

This Privacy Policy describes how your Personal Data are collected and used by RESILIENCE in its capacity as Data Controller.
RESILIENCE can also work as your Subcontractor or the Subcontractor of your home Healthcare Establishment to provide a solution to help support Patients with cancer. Please contact them for more information.If our Resilience Solution is specifically used for a clinical trial, the Data Controller will be the Sponsor of the trial.

Definition : The Partner Healthcare Establishment (or  "Establishment") refers to any healthcare establishment involved in your care as a Patient and having concluded or not a contract with RESILIENCE, one of its affiliates or one of its distributors, in aim of providing the Resilience Solution to Patients.A Data Controller determines the purposes and means of personal data processing, i.e. the purpose of the processing and how to implement it.The Patient refers to any natural person cared for by a Healthcare Professional having access to and using the Resilience Solution. The Patient is considered by default as a non-healthcare professional.A Subcontractor processes data on behalf of another organisation ("the Data Controller"), as part of a service.

Definition

L’Établissement de santé Partenaire (ou « Établissement ») désigne tout établissement de santé participant à la prise en charge du Patient et ayant conclu ou non un contrat avec RESILIENCE, l’un de ses affiliés ou l’un de ses distributeurs, en vue de la fourniture de la Solution Edra aux Patients.  

‍Le Professionnel de santé vous désigne en tant que soignant exerçant au sein de votre Établissement ou à l’extérieur de celui-ci et participant à la prise en charge médicale du Patient.  
‍
‍Le Patient est toute personne physique pris en charge par un Professionnel de santé bénéficiant d’un accès à la Solution Edra. Le Patient est considéré par défaut comme un non professionnel de santé.  

‍Un Responsable de traitement détermine les finalités et les moyens d’un traitement de Données Personnelles, c’est-à-dire l’objectif de ce traitement et comment le mettre en œuvre.The Resilience Solution is designed to complement the IT tools used by Healthcare Professionals and/or Establishments with remote monitoring and support functionalities for Patients with cancer, thanks to the two following key functionalities:
- Support, via the Resilience.care application.
- Remote monitoring, via the Resilience PRO module.

The Application  refers to the Resilience Care mobile application developed by RESILIENCE and accessible as part of the Resilience Solution. This tool is designed to support Patients by providing personalised content and wellness programmes. Resilience PRO is a Class IIa medical device, remote monitoring module, manufactured by BETTERISE. Resilience PRO is a regulated health product certified as "medical monitoring and clinical decision-making support software in the field of Oncology" and bears, under this regulation, the CE 0459 marking.Personal Data are information that can be used to identify you. They specifically include your surname, first name, and your professional speciality.

Article 3

Présentation du module Edra PRO

The essential

La Solution Edra, commercialisée par la société RESILIENCE, est proposée par vous, Professionnel de santé, aux Patients dans le cadre de leur prise en charge médicale.  

La Solution Edra contient un module de télésurveillance nommé Edra PRO.   Edra PRO est soumis à une stricte règlementation européenne.    

Text

La Solution Edra vient compléter vos outils informatiques et/ou ceux des Établissements avec des fonctionnalités de télésurveillance et d’accompagnement des Patients touchés par les troubles de l’humeur, grâce à deux fonctionnalités principales :
- L’accompagnement, via l’Application Edra ;
- Le suivi à distance, via le module de télésurveillance Edra PRO, dispositif médical de classe IIa, en cours de certification, fabriqué par RESILIENCE MD, pour la télésurveillance prescrit par un Professionnel de santé aux Patients, sans remplacer une prise en charge médicale.  

Pour plus d’informations, nous vous invitons à consulter nos Conditions Générales d’Utilisation.

Definition

RESILIENCE MD, société par actions simplifiée au capital de 6.315,00 euros, enregistrée au RCS de Bayonne sous le numéro 791 307 309 et dont le siège est situé 24, Avenue Victor Hugo – 64200 Biarritz, fabricant le module de télésurveillance Edra PRO.      

Article 4

Pourquoi et comment RESILIENCE utilise vos Données Personnelles ?

The essential

Dans le cadre de votre utilisation de la Solution Edra, vos Données Personnelles sont collectées pour des objectifs déterminés (finalités) et selon des fondements juridiques.    

Vos Données sont notamment collectées pour  la :  
- Création et gestion administrative et technique de votre compte Utilisateur Soignant ;
- Gestion du support utilisateur et de vos réclamations ;
- Assurer le fonctionnement et l’amélioration continue des Services et de notre Solution ;
- Détection et résolution des incidents techniques, etc.  

Si vous souhaitez avoir plus d’informations sur l’utilisation de vos Données Personnelles, nous vous invitons à vous rapprocher de votre Établissement.  

Text

RESILIENCE et sa filiale RESILIENCE MD (fabricant du module Edra PRO) collectent et utilisent les Données Personnelles en qualité de Responsable de traitement pour les finalités et selon les fondements juridiques suivants :  
- Création et gestion administrative et technique de votre compte Utilisateur Soignant (sur la base du contrat conclu entre votre Établissement et RESILIENCE pour l’utilisation de notre Solution) ;  
- Gestion du support utilisateur et de vos réclamations (contrat) ;   
- Gestion du support technique (contrat) ;   
- Assurer le fonctionnement et l’amélioration continue des Services et de notre Solution (intérêt légitime de RESILIENCE) ;   
- Analyser votre utilisation de notre Solution (intérêt légitime de RESILIENCE) ;  
- Détection et résolution des incidents techniques (intérêt légitime de RESILIENCE) ;  
- Gestion des incidents et de la matériovigilance (obligation légale) ;    
- Surveillance clinique après commercialisation (obligation légale) ;    
- Surveillance après commercialisation (obligation légale).    
- Facturation (obligation légale).  

Nous vous invitons à rapprocher de votre Établissement pour plus d’informations sur ces traitements.  

RESILIENCE MD, en sa qualité de fabricant du dispositif médical Edra PRO, a également une obligation légale de traiter vos Données Personnelles à des fins de gestion des incidents et de matériovigilance.  

RESILIENCE MD assure la surveillance après commercialisation ou encore pour évaluer dans le cadre du suivi clinique après commercialisation des dispositifs médicaux (obligation légale de RESILIENCE MD).   

Article 5

Quelles informations sont collectées par RESILIENCE et comment ?

The essential

Lorsque vous utilisez la Solution Edra, les informations suivantes vous concernant sont collectées :  
- Votre nom et vos coordonnées ;
- Vos informations personnelles (comme votre profession, votre Etablissement de soin de rattachement, etc.) ;
- Vos identifiants de connexion ;
- Vos données techniques.  

Text

En utilisant notre Solution Edra, vous nous transmettez un certain nombre d’informations à votre sujet dont certaines sont de nature à vous identifier :  
- Vos données d’identification : pour la création de votre Compte et pour nous permettre de vous recontacter (par exemple si vous nous adressez une question). Cela comprend par exemple votre nom, prénom, numéro d’identification, adresse e-mail, numéro de téléphone ;   
- Vos informations professionnelles : comme votre profession, votre spécialité, votre établissement de soin de rattachement.    
- Vos identifiants de connexion : toute information dont vous avez besoin pour accéder à votre Compte, comme le mot de passe et autres informations nécessaires à l’authentification et à l’accès à votre Compte.  

Nous recueillons également des données techniques contenues dans le navigateur, l’ordinateur ou l’appareil mobile avec lequel vous utilisez notre Solution, notamment :  
- Des données qui nous permettent d’en savoir plus sur l’appareil que vous utilisez (« device data ») : le type et le modèle de l’appareil, son système d’exploitation et la version de celui-ci, son identifiant unique, etc.
- Les données de journal (« log data ») qui sont enregistrées automatiquement par nos serveurs d’après celles envoyées par votre navigateur. Il s’agit notamment de la date et de l’heure de votre visite, la version du navigateur utilisé (ainsi que sa configuration), vos adresse et protocole IP, et la façon dont vous avez utilisé notre Solution (par exemple le nombre de patients télésuivis, ou encore le nombre d’alertes traitées).  

Article 6

With whom does RESILIENCE share your Personal Data ?

The essential

We share your Data with:
- Our subsidiary RESILIENCE MD ;
- Our service providers ;
- Your medical team, if necessary.

Text

We may need to share your Personal Data with the following recipients:
- Our subsidiary RESILIENCE MD, , which is the manufacturer of the Resilience PRO module and needs your information to ensure remote monitoring of your Patients or to meet its materiovigilance obligations.
- Our service providers: we use various service providers, for example, to provide technological or logistical services, and support management. Our service providers must comply with our requirements regarding the confidentiality and security of Personal Data. They are not authorised to use Personal Data. They are listed on our website.
- Your medical team: we can send your Data to other members of the medical team as part of your Patient's monitoring.

In order to manage serious adverse events when using Resilience PRO, the manufacturer or RESILIENCE may also send your Data to members of your healthcare team, involved in the monitoring of your Patients, or who can provide assistance in the analysis of your file, to notified bodies in charge of assessing the Resilience PRO medical device and to national public bodies (for example, the National Agency for the Safety of Medicines and Health Products (ANSM) in France or the Federal Agency for Medicines and Health Products (FAMHP) in Belgium).

Article 7

Are your Personal Data transferred to third countries?

The essential

Your Health Data are hosted in France, by certified hosting providers, authorised to store Health Data.RESILIENCE may use service providers located outside the European Union: if necessary, RESILIENCE will implement appropriate guarantees to protect your Personal Data.

Text

Your Personal Data, collected when you use the Resilience Solution, are hosted by certified HDS (Health Data Hosting Provider) hosts in France. For the Resilience PRO remote monitoring module, the Data are stored by Ecritel.RESILIENCE may also use service providers located outside the European Union. Should data be transferred to a third-party country whose legislation has not been recognised as offering an adequate level of protection for Personal Data, RESILIENCE will implement appropriate guarantees, such as standard contractual clauses.All of our service providers and the appropriate guarantees implemented by RESILIENCE are listed on our website.

Article 8

How long are your Personal Data kept for ?

The essential

Vos Données Personnelles sont conservées le temps de votre inscription et de votre utilisation de notre Solution.

En cas de non-utilisation de la Solution Resilience pendant 12 mois :
- Your Personal Data are deleted and will be archived for 24 months.
- Then, unless you instruct us otherwise, your data will be deleted or anonymised (i.e. it will no longer be possible to identify you or to know that they belong to you).

If you would like more information about the reason your Caregiver account was closed, or to recover your Personal Data, please contact us at the following address : soignant@resilience.care

Text

Your Personal Data are kept for the period during which you are registered and use our Solution, subject to compliance with the applicable legal provisions.If you do not log in or use our services for a period of 12 months your Data will be archived on an intermediate basis for a period of 24 months. The account will then be archived for a period of 10 years to comply with our regulatory obligations before being permanently deleted.Then, unless you instruct us otherwise, we will delete your Data, or we will irreversibly anonymise your Data in order to use it for scientific research purposes.The anonymisation process used by RESILIENCE MD will no longer allow any identification of your Personal Data, either directly or indirectly.When the decision to archive is taken, Patients are informed by a pop-up notification when their account is opened, by text message/e-mail sent using the contact details provided when they subscribed to our Solution.If you would like more information about the reason your Account was closed, or if you would like to recover your Personal Data, please contact us at the following address: privacy@resilience.care.

Article 9

RESILIENCE's Health Data Warehouse

The essential

With your consent, your Personal Data (not including your surname, first name or any other directly identifying information), collected when you use Resilience PRO, may be stored in RESILIENCE's Health Data Warehouse and used for scientific research to improve the Patients' care and quality of life.If you refuse, this will not affect how you use the Resilience Solution.

Text

As a Data Controller, RESILIENCE performs scientific research to improve the care and quality of life of cancer patients. In this respect, RESILIENCE set up a Health Data Warehouse, authorised by the French National Commission for Information Technology and Civil Liberties (Commission Nationale de l'Informatique et des Libertés - CNIL) on April 21st, 2022.With your consent, your pseudonymised Personal Data (i.e. without your surname, first name or any other directly identifying information), including data collected when you use Resilience PRO, may be stored and used by RESILIENCE in a database for scientific research purposes and as part of the development of our decision-making and medical care support tool.Your Data will be kept in this database for 15 years after being collected.If you refuse, this will not affect how you use the Resilience Solution.You can exercise your rights, and in particular object to your Personal Data being collected and re-used, by contacting our Data Protection Officer at the following address: privacy@resilience.care or by post by writing to RESILIENCE (for the attention of the DPO), 6 rue d'Armaillé - 75017 Paris (France).To access the list of research programmes, studies and assessments or obtain more information about our warehouse, you can consult our Transparency portal.

Definition :
The Health Data Warehouse ("Resilience Data Warehouse") is a database intended to be used by RESILIENCE specifically for research, studies or assessments in the field of health. RESILIENCE has been authorised by deliberation No. 2022-049 of April 21st, 2022.

Article 10

How are your Personal Data secured?

The essential

We implement appropriate technical and organisational measures to preserve the security and confidentiality of your Personal Data.As required by the regulations, the Resilience Solution is stored by a hosting provider certified for Health Data Hosting (HDS), Ecritel.

Text

RESILIENCE shall protect your Personal Data against any loss, destruction, alteration, unauthorised access or disclosure.
RESILIENCE shall therefore implement appropriate technical and organisational measures to preserve the security and confidentiality of your Personal Data such as the following:
- Access to Personal Data is limited to people who are authorised due to their functions.
- Contractual guarantees when working with an external service provider.
- Performing data protection impact assessments (DPIA).
- Our employees are trained in data protection and are subject to confidentiality obligations.
- Regularly reviewing our Privacy Practices and Policies and/or physical and/or logical security measures (secured access, authentication process, backup copies, antivirus software, firewalls, etc.). 
- Data encryption, etc.

RESILIENCE shall ensure that the Resilience Solution is hosted by a hosting provider with HDS certification (Health Data Hosting Provider). Therefore, for the Resilience PRO remote monitoring module, your Personal Data as well as your Patients' data are stored by Ecritel. For more information, you can consult Ecritel's Privacy Policy.The Health Data Warehouse is hosted in France by OVH, in a Health Data Hosting (HDS) environment. For more information, you can refer to OVH's Privacy Policy.