Protection of personal data

1 - Introduction

Honestica is the publisher of the Lifen service and will hereafter be referred to as "Lif en" for the purposes hereof.

Lifen attaches great importance to the protection of your privacy and your personal data. It is a founding element of our approach. The purpose of this personal data protection charter (hereafter the "Charter") is therefore to present to you in more detail our approach to your personal data, to explain to you the cases in which we collect them, the reasons justifying this collection and what we do with them. It also presents the security measures we apply to protect their confidentiality, reminds you of your rights regarding your personal data, and the means to exercise them. In general, your attention is drawn to the fact that the data collected via Lifen are sensitive and confidential data that require special vigilance.

This data refers to information concerning natural persons, identified or identifiable, directly or indirectly, including data relating to physical or mental health (hereinafter the "Personal Data"). Our Charter applies in compliance with the provisions relating to the protection of Personal Data, and in particular, European Regulation 2016/679 of 27 April 2016, and the Data Protection Act of 1978 as amended, as well as the provisions of the Public Health Code (CSP), (hereinafter the "Act"). This Charter is intended to apply to the users of Lifen and to the visitors during their navigation on the lifen.fr site (hereafter the "Site"). The Charter is an integral part of the General Conditions of Use of the Site.

2 - Definitions

For the purposes hereof, the terms and expressions defined below shall have the following meanings:

3 - Who processes your personal data?

The person responsible for the collection and processing of your Personal Data is :

We outsource some of our activities for the performance of our services. For example:

We are committed to ensuring that our subcontractors guarantee the same level of safety as we do. The User and Honestica (hereinafter the "Parties") agree to comply with the Law applicable to the Processing of Personal Data. The Parties undertake to comply with the General Health Information Systems Security Policy issued by ASIP Santé (hereafter the"PGSSI-S").

4 - For what purposes are your data processed?

Lifen processes your Personal Data only for :

For the exchange of documents, the treatment carried out consists of extracting information contained in the medical documents and then using them to accomplish the purposes of the treatment.

For the home follow-up of patients with symptoms of Covid-19 infection, the treatment carried out consists of collecting medical information from patients through targeted questionnaires received via SMS or E-mail for a period of 14 and 30 days.

The questionnaires are analysed automatically and are presented to the caregiver in the form of dashboards and alerts to help him/her adapt the follow-up according to the results.

Unless otherwise expressly stated by the User, Lifen does not use your Personal Data for commercial or marketing canvassing, research, or publication of statistics.

5 - What data is processed?

The Personal Data we process are :


Cookies

What is a cookie?

A "cookie" is a piece of information stored on your device when you browse a website. It allows your device to be identified each time you visit.

What are they used for?

We use cookies in order to:
- Offer you a better browsing experience on Lifen.fr;
- Measure and improve the services offered on Lifen.fr.

What can you do to manage the cookies stored on your device?

You can accept or decline cookies. If you reject cookies, some aspects of our Site may not work on your device and you may not be able to access certain features of our Site.

6 - What do we do with your data?

The Personal Health Data is strictly intended for Users concerned in issuing and/or receiving a medical document. Lifen guarantees that they will not be transmitted to any unauthorized third party, subject to possible subcontractors of Lifen, such as the certified health data host or the desktop publishing provider.

The Personal Data collected in the contact forms, and the cookies, are only intended for the administrators of Lifen. We do not transfer Personal Data to countries that are not members of the European Union or the European Economic Area.

Lifen may, however, communicate to third parties the Personal Data it processes when such communication is required by law, regulation or court order, or if such communication is necessary to ensure the protection and defence of its rights.

Concerning Personal Health Data, Lifen undertakes, when the legal framework allows it:

The User, as the person responsible for processing personal health data, is responsible for :

Lifen, as a Subcontractor, undertakes to :

Subcontractor of second rank

In accordance with Article 28 of the RGPD, the Data Controller generally authorises Lifen to have recourse to subcontractors (hereafter "second-tier subcontractor") to carry out specific processing activities.

Lifen ensures that the second-tier subcontractor presents the same guarantees as regards the implementation of the Security Measures for the missions entrusted to it. Lifen undertakes to enter into a contract with the Sub-Contractor under which its access to the data of the Data Controller will be strictly limited to the purpose of the contract entered into with Lifen.

The Sub-Contractors with which Lifen has entered into a contract, in force at the date of signature of the Contract, are OVH (certified hosting provider), AWS (certified hosting provider), Corus (desktop publishing), MS Santé (secure health messaging) and Apicem (secure health messaging).

The Data Controller has the right to object to the use of a second-tier Subcontractor from the date of receipt of this information.

7 - Protection of your data and storage period

Security

We implement all security measures required to protect your Personal Data. To ensure the security of your Personal Information, Lifen has implemented the following procedures and processes:

The Parties undertake to take appropriate measures to ensure that any employee, partner, subcontractor and any individual acting under the authority of the Data Controller or Lifen is duly authorized to access Personal Data. Healthcare professionals who use Lifen are subject to professional secrecy by law. Thus, each User is invited to implement, under his responsibility, all useful and relevant security measures for the purposes of protecting access to his computer or his portable or mobile equipment, and to all Personal Data accessible on Lifen, in particular with respect to third parties.

In order to guarantee the confidentiality, integrity and security of Personal Data, Lifen acknowledges having implemented the Security Measures below, intended to protect Personal Data:

Geographical areas

Lifen hosts personal data with hosting providers, which can be indifferently ;

If Lifen comes to contract with a new host outside France, it commits itself to give the choice to the Data Controller as to the country of hosting of its Personal Data.

Shelf-life

Health Data

Lifen is committed to retaining the Personal Data collected for a limited period of time. However, Lifen is not responsible for the obligations of the Data Controller regarding the retention period of Personal Data.

The retention periods of Personal Data collected via Lifen are different according to the type of data and are specified below:


At the end of the storage periods, Lifen undertakes, at the choice of the Data Controller, to :

However, medical documents that have been sent to the Processor or that he has sent via Lifen may be retained as long as other medical professionals sending or receiving such medical documents remain active on Lifen.

Administrative data

Personal Data used for the purposes of sending contact forms and managing Lifen's customer files are kept for a period of three years from the time of their collection or from the last contact with Lifen.

Navigation data

Connection logs, cookies and other tracers set up on our Site will be kept in accordance with the applicable regulations for a period of 13 months. For more details, see the cookies section above.

8 - What are your rights and how do you exercise them?

In accordance with the Law, you have a right of access, rectification, limitation, opposition, deletion and portability of your Personal Data, which you may exercise for legitimate reasons, and subject to any legitimate compelling reasons that Lifen may have for retaining your Personal Data. These rights may be exercised at any time by filling in this form(PDF - ODT) and returning it :

In the event of a request, Lifen undertakes to inform, as soon as possible, the Data Controller and to provide him/her with the information necessary for the transmission of the data to his/her patient.

The Data Controller acknowledges, in general, that he/she is exclusively responsible for the prior information and the collection of consent from patients in compliance with the provisions of the RGPD. The User, as Data Controller, must designate a person within his organisation (the " Customer Contact ") who will be able to designate a health professional to Lifen when necessary, for example for any problem requiring access to health data or relating to the management of the relationship with the patient. The Data Controller must make sure to communicate to Lifen, through his DPO, a new Customer Contact when necessary, in particular in the event of his departure.

Right to information

We inform you about the collection and processing of your Personal Data and the rights you have in this respect:

We inform our Users who are part of the same healthcare team that it is their responsibility to provide the patients they care for (hereinafter the "Patients") with the following information prior to sharing their health data:

For Lifen Users who are not part of the same healthcare team, we inform you that the Patient must expressly consent, by means of a checkbox :

Rights of access, rectification and limitation :

You can ask us at any time:

Right to portability

You have the right to retrieve the Personal Data you have provided to us. Lifen is committed to providing you with your Personal Data in a structured, commonly used and readable format.

Rights of opposition and right of erasure

You may object to the processing or request the deletion of your Personal Data, i.e. their deletion by Lifen.

9 - To whom should you address your requests?

We have appointed a Délégué à la Protection des Données personnelles (hereinafter the "DPO") at the CNIL, to demonstrate our commitment to respect for your privacy and your rights to your Personal Data. For any question related to the processing of Personal Data by Lifen, you may contact our DPO at the following address: dpo@lifen.fr 17, rue du Faubourg du Temple, 75010 Paris.

10 - Other commitments

Impact analysis relating to the protection of Personal Data

In accordance with Article 35 of the RGPD, the Data Controller undertakes to carry out an impact analysis to ensure the compliance of the Processing with the Law, when it is likely to generate a high risk for the rights and freedoms of the persons concerned by the Processing.

In the event that Lifen becomes aware of a high risk to the rights and freedoms of the persons concerned by the Processing, we undertake to inform the Data Controller of such a risk as soon as possible and to assist him in carrying out the impact analysis, as well as in carrying out the prior consultation with the supervisory authority.

Certification

We undertake to provide the Data Controller with proof of our certifications on request, and to inform him of any change of certification office within 30 days.

Furthermore, we undertake to provide the latest audit report on our certifications upon request by the Data Controller.

Notification of violations of Personal Data

In accordance with Article 33 of the RGPD, the Data Controller undertakes to notify the supervisory authority, within a maximum period of seventy-two (72) hours from the time of becoming aware of it, of any violation of Personal Data.

Lifen undertakes to inform the Data Controller, as soon as possible after becoming aware of any breach of Personal Data, concerning the Processing for which the Data Controller is responsible, and to take the appropriate measures to limit the risk and protect the Personal Data.

The notification will be sent by Lifen to the Data Controller by e-mail, and will contain, as far as possible, any piece of information useful to the Data Controller in order to enable him to notify, if necessary, the violation to the supervisory authority.

The notification sent to the Data Controller by Lifen does not constitute an acknowledgement of fault or responsibility on the part of the latter.

Audit

The Data Controller reserves the right to conduct audits to verify Lifen's compliance with the provisions of the Charter.

After informing Lifen in writing, including by email at dpo@lifen.fr, with twenty (20) days' notice, the Data Controller may have an audit performed, at its own expense, to verify compliance with all security measures implemented to ensure the security of Personal Data. Such an audit may take place at any time, subject to a limit of one audit per calendar year.

The audit shall be performed by an independent and recognized expert, whose choice shall be validated by Lifen at least five (5) days before the audit begins. Such an audit will be the subject of a tripartite agreement whose main clauses will be in accordance with the PASSI requirements published by the ANSSI.

In any case, the audit operations must not disrupt the operation of the service implemented by Lifen beyond the constraints inherent to an audit.

The audit may not include information that is not specific to the Data Controller, in order to preserve the confidentiality of information specific to other Lifen customers or information whose disclosure could jeopardize the security of other customers and other personal data concerning them.

Lifen agrees to provide User with the results of an independent external audit of our pooled operational features (security features that we have in place for all of our customers).

Lifen agrees to cooperate in good faith with the auditor and to facilitate the audit by providing all necessary information and responding to all audit-related requests.

A copy of the audit report prepared by the auditor will be provided to each party.

If the conclusions of the audit contain recommendations, the conditions for their implementation will be studied in a contradictory manner as soon as possible between the Data Controller and Lifen.

The auditor, a designated natural person, will be duly mandated in writing by the contractor, and will be subject to the strictest confidentiality and business secrecy.

11 - Amendment of the Charter

Lifen reserves the right to modify its Policy at any time, and will post the modified version on its Site.

Last update: March 23, 2020.