Nous sommes joignables au 04 81 68 25 26 (prix d’un appel local) et au +32 24 74 66 90 et au +1 888 660 4616
This privacy policy applies to all users of the Maela solution, patients or healthcare professionals on the platforms :
MN SANTE places the protection of personal data at the heart of its missions and the services offered to you. This Policy sets out the principles and guidelines for the protection of your Personal Data and aims to inform you about :
This Policy applies to the processing of Personal Data in the context of the provision of MN SANTE’s services and products, to the exclusion of any partner sites. All operations on your Personal Data are carried out in compliance with the regulations in force and in particular the European Regulation on the protection of Personal Data, Law No. 78-17 “Informatique, Fichiers et Libertés” of 6 January 1978 as amended as well as its implementing decrees.
MN SANTE is committed to taking into account the protection of your Personal Data and your privacy when designing new products or services offered to you. To ensure security and guarantee respect and proper exercise of your rights, measures to ensure the protection of your Personal Data are implemented.
MN SANTE undertakes to collect only the data strictly necessary for the direct or indirect performance of the subscribed services when they require the processing of customers’ Personal Data.
In the event that optional data is requested from you, MN SANTE will clearly inform you of the Personal Data essential for the performance of the contracted service.
Personal Data is collected directly from you and is only used for the purposes that have been brought to your attention.
Personal Data is used to provide you with other services, only if you have agreed to receive marketing communications.
Some data processed by MN SANTE is collected indirectly from the following sources :
In the event of indirect collection, MN SANTE undertakes to inform individuals in compliance with the conditions set out in Article 14 of the GDPR.
Some services may be used by minors. In this case, minors must obtain the consent of their parents or legal guardians.
Depending on the processing of personal data implemented, MN SANTE acts as the Data Controller or Data Processor of its customers. When MN SANTE acts as Data Controller, the purposes of the processing implemented and the retention periods of Personal Data are set by it.
You can consult the purposes of the processing as well as its legal basis and the retention periods of the Personal Data resulting from the processing implemented by MN SANTE, in its capacity as Data Controller, at the end of this document.
Generally speaking, the purposes, the storage period and the legal basis differ depending on the services and products concerned. At the end of the retention periods, the Personal Data is anonymized or permanently deleted.
When MN SANTE acts as a Data Processor for its customers, the purposes of the processing and the retention period of the Personal Data are determined by the Customer Data Controller. In this context, MN SANTE only acts on the instructions of the Data Controller. The processing operations for which MN SANTE acts as a Data Processor are specified in the table accessible at the end of this document.
For any information on the retention periods of Personal Data processed by MN SANTE as a subcontractor, we invite you to contact the healthcare establishment, Data Controller, which has provided for the opening of your account on one of MN SANTE’s solutions for the monitoring of your health journey.
Healthcare institutions may be subject to legal obligations to retain Personal Data, in their own environments, for longer periods than those set out in this data protection policy.
The Personal Data that you communicate to MN SANTE may be transmitted to the following recipients :
The Personal Data processed by MN SANTE is hosted within the European Union (EU) or the European Economic Area (EEA), except for Canadian users, whose Personal Data is hosted in Canada. However, for certain specific services, MN SANTE may use subcontractors established outside the EU or the EEA (United States for example). These subcontractors may have access to the Personal Data strictly necessary to carry out their missions. In this case, in accordance with the regulations in force, MN SANTE requires its subcontractors to provide the appropriate guarantees, in particular the signing of standard contractual clauses of the European Commission or the adoption by the latter of Binding Corporate Rules.
MN SANTE undertakes to take all measures to ensure the security and confidentiality of Personal Data.
In particular, MN SANTE implements all technical and organisational measures to guarantee the security and confidentiality of the Personal Data collected and processed and in particular to prevent them from being distorted, damaged or communicated to unauthorised third parties, by ensuring a level of security appropriate to the risks associated with the processing and the nature of the Personal Data to be protected.
The processing carried out may be subject to audit.
In addition, in the event of a Personal Data breach, within the meaning of Article 4 of the GDPR, affecting your Personal Data (destruction, loss, alteration or disclosure), MN SANTE undertakes to comply with the obligation to notify Personal Data breaches, in particular to the CNIL.
The user understands that the rights mentioned above may be tempered, if the legal basis for the processing justifies it, without hindering the principle of non-maleficence.
To exercise your rights, please contact the DPO of your monitoring institution, Data Controller. The contact details are indicated in the T&Cs available from your user account.
If you have difficulty reaching the DPO of your establishment, you can send your request to MN Santé Holding, at the email address dpo-mns@careside.care. MN Santé Holding, as a Data Processor, must request the agreement of the establishment before exercising its rights.
La Poste, the group to which our company belongs, has appointed a Data Protection Delegate to the CNIL. You can contact him at: Data Protection Officer – CP Y412 – 9 RUE DU COLONEL PIERRE AVIA, 75015 PARIS 15.
If, after contacting us, you believe that your rights over your data have not been respected, you can file a complaint with the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07; tel.: 01 53 73 22 22).
Services | Purposes | Legal bases | Retention periods | |||
---|---|---|---|---|---|---|
Contact requests submitted by users via the "Contact" form |
|
Consent | Storage for 3 years after the last contact with MN SANTÉ |
Services | Purposes | Legal bases | Retention periods | ||||
---|---|---|---|---|---|---|---|
Commercial prospecting of MN SANTE N.B.: This processing only concerns professionals. |
Carrying out commercial prospecting and marketing operations electronically, by mail or through an employee of MN SANTE (surveys, etc.). | Legitimate interest of MN SANTE, with regard to prospecting :
|
Retention for 3 years from the last contact or until the withdrawal of consent | ||||
Business Operations Management N.B.: This processing only concerns professionals. |
|
|
Retention for the entire duration of the contractual relationship, at the end of which only the data necessary for pre-litigation or litigation purposes are archived until the legal limitation period expires.
The limitation period under ordinary law in civil and commercial matters is five (5) years. The data is kept until the subscriber unsubscribes For the conduct of satisfaction surveys: retention for 1 year from the date of the survey. For claims management: retention for 13 months from the date of receipt of the complaint |
||||
Health vigilance management |
|
|
Retention of data in an active database for the duration necessary to manage the adverse health event.
Data retention in an intermediate database 10 years after the end of the health event. At the end of the retention periods, the data will be deleted or archived in anonymised form for 25 years. |
||||
Post-market surveillance |
|
|
Data retention of analysis documents (clinical evaluation, reports, surveillance report, periodic safety report) for 2 years after the last publication of the analysis documents.
At the end of the retention period, the data is archived in an anonymised form for 25 years. |
||||
Official requests from public or judicial authorities empowered to do so |
|
|
Retention for the entire duration of the procedure, increased by the period of acquisition of the legal requirements.
The limitation period under ordinary law in civil and commercial matters is five (5) years from the end of the contract. |
||||
Detecting, preventing and combating fraud and cybercrime |
|
|
Retention for the duration of the qualification of a fraud or cybercrime alert: 12 months from the date of the alert; Alerts that are not qualified at the end of the twelve (12) month period are deleted.
Qualified alerts are kept for a maximum of five (5) years from the closure of the fraud or cybercrime file. |
||||
Management of requests to exercise rights |
|
|
Retention of data relating to the processing of your requests for 5 years from receipt of the request. Retention of proof of identity documents for one year. |
Services | Purposes | Legal bases | Retention periods | ||||
---|---|---|---|---|---|---|---|
Creation of a User account on the Solutions implemented by the healthcare establishment (patients, employees of the healthcare establishment) | To enable the authentication of Users who access the services subscribed to by healthcare establishment customers as part of the provision of the Remote Monitoring/Remote Monitoring Solution. |
Performance of the contract concluded with the Client (Healthcare Establishment)
Consent of individuals collected by the health institution subscribing to the service |
Retention of data necessary for account management until account deletion | ||||
Provision of a Remote Monitoring Solution and Services
(management of remote monitoring / remote monitoring of patients who have subscribed to the service offered by their health establishment as part of the monitoring of their care pathways) |
|
Performance of the contract concluded with the Client (Healthcare Establishment)
Patient consent collected on behalf of the healthcare establishment, the data controller, which implements the remote monitoring/monitoring solution |
Defined by the health establishment :
Duration of the patient's care pathway with the healthcare establishment + shelf life specific to healthcare establishments in accordance with the regulations applicable to them |
||||
Management of patient care pathways in healthcare facilities according to the health protocols defined by them |
|
Performance of the contract concluded with the Client (Healthcare Establishment) Patient consent collected on behalf of the healthcare institution that implements the Remote Monitoring/Monitoring Solution |
Defined by the health establishment :
Duration of the patient's care pathway with the healthcare establishment + shelf life specific to healthcare establishments in accordance with the regulations applicable to them. |
||||
Extraction of the list of persons who have had access to the patient's Personal Data and making available to the patient upon request N.B.: This processing only concerns professionals. |
To allow the patient to know who has had access to his or her Personal Data. | Obligation to comply with the Digital Health Agency's Digital Health Agency's Interoperability and Security Framework for Digital Medical Devices | The list is securely transmitted to the user who made the request and then deleted on the manufacturer's side. | ||||
Management of support requests from healthcare institutions on the operation of the Solutions |
|
Performance of the contract concluded with the Client (Healthcare Establishment) | Retention of related data for the entire duration of the contract concluded with the Client | ||||
Support to healthcare establishments in the event of complaints and requests to exercise rights from users of the Solutions (patients, employees of the healthcare establishment) (Healthcare institutions manage complaints and requests to exercise their patients' rights in their capacity as data controllers) |
Assist healthcare facility customers to enable them to respond to :
|
Performance of the contract concluded with the Client (Healthcare Establishment) | Retention of data relating to the processing of the institution's requests for assistance, in the context of a dispute, for 5 years from receipt of the request. | ||||
Conducting surveys on behalf of the client healthcare institution (e.g. satisfaction survey, survey on the use of the Solution, the quality of the remote monitoring / remote monitoring set up, etc.) |
|
|
Retention for 1 year from the date of the survey. | ||||
Clinical studies and research carried out by the client healthcare institution based on the data collected as part of the Remote Monitoring/Remote Monitoring Solution implemented by the healthcare institution |
|
|
Defined by the health establishment : Shelf life specific to healthcare establishments in accordance with the regulations applicable to them in terms of clinical research |
As a reminder, in order to exercise these rights regarding the processing listed in the table above, the user must contact the DPO of their monitoring institution, Responsible for the Processing of their data. The contact details are indicated in the T&Cs available from the user account.
In the event of difficulty in reaching the DPO of your establishment, the user can send his request to MN Santé Holding, at the email address dpo-mns@careside.care. MN Santé Holding, as a Data Processor, must request the agreement of the establishment before exercising any rights.
Nous contacter
56 rue St Jean de Dieu,
69007 Lyon
RGPD
© Maela 2024 – Maintenance WordPress Evolyon