Nous sommes joignables au 04 81 68 25 26 (prix d’un appel local) et au +32 24 74 66 90 et au +1 888 660 4616

Privacy Policy

1. Field of application

This privacy policy applies to all users of the Maela solution, patients or healthcare professionals on the platforms :

  • Maela Pro : digital solution to improve the follow-up of your patients
  • Maela Ambu : digital solution for patient tracking by SMS
  • Maela Patient : digital solution to improve the follow-up of your patients
  • Maela Patient – Canada : a digital solution to improve the follow-up of your patients in Canada
  • Digicope : a digital solution for the deployment of prevention campaigns

2. Glossary

  • Personal Data“: Refers to any information relating to an identified or identifiable natural person.
  • Recipient“: Refers to the service or company or organization that receives communication and can access your Personal Data.
  • MN SANTE“: Refers to the company MN SANTE HOLDING.
  • Personal Data Protection Policy” and “Policy“: Refers to this Policy describing the measures taken for the processing, use and management of your Personal Data and your rights as a data subject.
  • Data Controller“: Refers to any natural or legal person, public authority, department or body that carries out the processing of your Personal Data and which, alone or jointly with others, determines the purposes and means of the Processing.
  • GDPR“: Refers to the General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data).
  • Processing“: means any operation or set of operations applied to your Personal Data.
  • Personal Data Breach“: means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data.
  • Processor“: Refers to any natural or legal person, public authority, service or body that processes personal data on behalf of the Data Controller. It acts under the authority of the data controller and on the latter’s instructions.

3. Preamble

MN SANTE places the protection of personal data at the heart of its missions and the services offered to you. This Policy sets out the principles and guidelines for the protection of your Personal Data and aims to inform you about :

  • The Personal Data that MN SANTE collects and the reasons for this collection,
  • How this Personal Data is used
  • Your rights over your Personal Data

This Policy applies to the processing of Personal Data in the context of the provision of MN SANTE’s services and products, to the exclusion of any partner sites. All operations on your Personal Data are carried out in compliance with the regulations in force and in particular the European Regulation on the protection of Personal Data, Law No. 78-17 “Informatique, Fichiers et Libertés” of 6 January 1978 as amended as well as its implementing decrees.

4. How does MN SANTÉ take into account the protection of personal data?

MN SANTE is committed to taking into account the protection of your Personal Data and your privacy when designing new products or services offered to you. To ensure security and guarantee respect and proper exercise of your rights, measures to ensure the protection of your Personal Data are implemented.

5.How does MN SANTÉ collect your personal data ?

MN SANTE undertakes to collect only the data strictly necessary for the direct or indirect performance of the subscribed services when they require the processing of customers’ Personal Data.

In the event that optional data is requested from you, MN SANTE will clearly inform you of the Personal Data essential for the performance of the contracted service.

Personal Data is collected directly from you and is only used for the purposes that have been brought to your attention.

Personal Data is used to provide you with other services, only if you have agreed to receive marketing communications.

Some data processed by MN SANTE is collected indirectly from the following sources :

  • Or customers, specifying information on subscribers, beneficiaries, beneficiaries, contacts, recipients. This data is necessary for the performance of the contracted services ;
  • Or third parties. 

In the event of indirect collection, MN SANTE undertakes to inform individuals in compliance with the conditions set out in Article 14 of the GDPR.

Some services may be used by minors. In this case, minors must obtain the consent of their parents or legal guardians.

6. What are the purposes of the processing carried out by the MN SANTÉ group, their legal basis and the duration of storage of personal data ?

Depending on the processing of personal data implemented, MN SANTE acts as the Data Controller or Data Processor of its customers. When MN SANTE acts as Data Controller, the purposes of the processing implemented and the retention periods of Personal Data are set by it.

You can consult the purposes of the processing as well as its legal basis and the retention periods of the Personal Data resulting from the processing implemented by MN SANTE, in its capacity as Data Controller, at the end of this document.  

Generally speaking, the purposes, the storage period and the legal basis differ depending on the services and products concerned. At the end of the retention periods, the Personal Data is anonymized or permanently deleted.

When MN SANTE acts as a Data Processor for its customers, the purposes of the processing and the retention period of the Personal Data are determined by the Customer Data Controller. In this context, MN SANTE only acts on the instructions of the Data Controller. The processing operations for which MN SANTE acts as a Data Processor are specified in the table accessible at the end of this document.  

For any information on the retention periods of Personal Data processed by MN SANTE as a subcontractor, we invite you to contact the healthcare establishment, Data Controller, which has provided for the opening of your account on one of MN SANTE’s solutions for the monitoring of your health journey.

Healthcare institutions may be subject to legal obligations to retain Personal Data, in their own environments, for longer periods than those set out in this data protection policy.

7. To which services or companies is your personal data disclosed ?

The Personal Data that you communicate to MN SANTE may be transmitted to the following recipients :

  • MN SANTE’s services authorised to access this information ;
  • MN SANTE’s technical service providers, including its subcontractors, within the strict framework of the missions entrusted to them ;
  • MN SANTE’s partners, after prior acceptance on your part ;
  • The contracting parties, beneficiaries of services, entitled beneficiaries or any third party designated by the customers or users of our services and/or products, by virtue of the contractual relations ;
  • Public bodies, court officers, ministerial officers, lawyers, administrative or judicial authorities, in order to comply with any law or regulation in force, or to respond to any judicial or administrative request, in the context of compliance with the legal obligations incumbent on MN SANTE or to enable MN SANTE to ensure the defence of its rights and interests ;
  • Mediators, supervisory authorities authorized to receive such data.

8. Can your personal data be transferred outside the European Union ?

The Personal Data processed by MN SANTE is hosted within the European Union (EU) or the European Economic Area (EEA), except for Canadian users, whose Personal Data is hosted in Canada. However, for certain specific services, MN SANTE may use subcontractors established outside the EU or the EEA (United States for example). These subcontractors may have access to the Personal Data strictly necessary to carry out their missions. In this case, in accordance with the regulations in force, MN SANTE requires its subcontractors to provide the appropriate guarantees, in particular the signing of standard contractual clauses of the European Commission or the adoption by the latter of Binding Corporate Rules.

9. Is your personal data protected ?

MN SANTE undertakes to take all measures to ensure the security and confidentiality of Personal Data.

In particular, MN SANTE implements all technical and organisational measures to guarantee the security and confidentiality of the Personal Data collected and processed and in particular to prevent them from being distorted, damaged or communicated to unauthorised third parties, by ensuring a level of security appropriate to the risks associated with the processing and the nature of the Personal Data to be protected.

The processing carried out may be subject to audit.

In addition, in the event of a Personal Data breach, within the meaning of Article 4 of the GDPR, affecting your Personal Data (destruction, loss, alteration or disclosure), MN SANTE undertakes to comply with the obligation to notify Personal Data breaches, in particular to the CNIL.

10. What are your rights over your personal data and how can you exercise them ?

  • You have the right to access the Personal Data we hold about you. This includes the right to request additional information from us about :
  • the recipients and categories of recipients to whom your data has been transmitted
  •  the purposes of the data processing
  • where possible, the length of time for which your data will be stored or, where this is not possible, the criteria for determining this period.
  • You have the right to have us correct inaccurate or incomplete Personal Data about you ;
  • You can object to our use of your Personal Data at any time ;
  • You have the right to be “forgotten” by us by exercising your right to erasure of your data ;
  • You have the right to request the suspension of the processing of your Personal Data ;
  • You may request that your Personal Data be retrieved in a structured, commonly used and readable format in order to dispose of it and transmit it to another data controller ;
  • You can request a list of the people who have had access to your Personal Data as a User or to the Personal Data of the patients you follow as a healthcare professional, the trace of which is kept in our databases ;
  • You have the ability to provide instructions regarding the fate of your Personal Data after your death ;
  • You can also withdraw your consent at any time, in cases where you have been asked for it. This will allow you to modify and/or withdraw your consents to commercial prospecting.

The user understands that the rights mentioned above may be tempered, if the legal basis for the processing justifies it, without hindering the principle of non-maleficence.

To exercise your rights, please contact the DPO of your monitoring institution, Data Controller. The contact details are indicated in the T&Cs available from your user account.

If you have difficulty reaching the DPO of your establishment, you can send your request to MN Santé Holding, at the email address dpo-mns@careside.care. MN Santé Holding, as a Data Processor, must request the agreement of the establishment before exercising its rights.

11. How can I contact the personal data protection officer appointed by MN SANTÉ ?

La Poste, the group to which our company belongs, has appointed a Data Protection Delegate to the CNIL. You can contact him at: Data Protection Officer – CP Y412 – 9 RUE DU COLONEL PIERRE AVIA, 75015 PARIS 15.

If, after contacting us, you believe that your rights over your data have not been respected, you can file a complaint with the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07; tel.: 01 53 73 22 22).

Processing of personal data carried out by MN SANTÉ, in its capacity as data controller, for the performance of the services offered on the website

Services Purposes Legal bases Retention periods
Contact requests submitted by users via the "Contact" form
  • To allow users of the site to communicate with MN SANTE.
  • Manage user requests for information.
  • Follow up on responses to contact requests.
  • Communicate on MN SANTE news.
  • Develop service-related statistics
Consent Storage for 3 years after the last contact with MN SANTÉ

Other processing operations implemented by MN SANTÉ, in its capacity as data controller, for the provision of these services

Services Purposes Legal bases Retention periods
Commercial prospecting of MN SANTE

N.B.: This processing only concerns professionals.
Carrying out commercial prospecting and marketing operations electronically, by mail or through an employee of MN SANTE (surveys, etc.). Legitimate interest of MN SANTE, with regard to prospecting :
  • by telephone;
  • by electronic means, if it is intended for persons who are already customers and the prospecting relates to products and services similar to those already subscribed to by these persons;
Consent of prospects/customers with regard to electronic prospecting (SMS, email)
Retention for 3 years from the last contact or until the withdrawal of consent
Business Operations Management

N.B.: This processing only concerns professionals.
  • The management of the operations necessary with regard to the products or services subscribed to..
  • Managing our business relationships, including responding to contact requests received.
  • Management of complaints with customer service
  • Management of the after-sales service;
  • Newsletter subscription management
  • Performance of the service (contract)
  • Consent
  • Legitimate interest (improvement of quality of service)
Retention for the entire duration of the contractual relationship, at the end of which only the data necessary for pre-litigation or litigation purposes are archived until the legal limitation period expires.

The limitation period under ordinary law in civil and commercial matters is five (5) years. The data is kept until the subscriber unsubscribes For the conduct of satisfaction surveys: retention for 1 year from the date of the survey.

For claims management: retention for 13 months from the date of receipt of the complaint
Health vigilance management
  • Ensure the prevention, surveillance, evaluation and management of adverse health events
  • Legal obligation
Retention of data in an active database for the duration necessary to manage the adverse health event.

Data retention in an intermediate database 10 years after the end of the health event.

At the end of the retention periods, the data will be deleted or archived in anonymised form for 25 years.
Post-market surveillance
  • Analyze relevant data on the quality, performance and safety of the medical device throughout its lifetime ;
  • Draw appropriate conclusions ;
  • Identifies, implements and monitors any preventive or corrective measures.
  • Legal obligation
Data retention of analysis documents (clinical evaluation, reports, surveillance report, periodic safety report) for 2 years after the last publication of the analysis documents.

At the end of the retention period, the data is archived in an anonymised form for 25 years.
Official requests from public or judicial authorities empowered to do so
  • Management of responses to official requests from public or judicial authorities authorized for this purpose
  • Legal obligation
Retention for the entire duration of the procedure, increased by the period of acquisition of the legal requirements.

The limitation period under ordinary law in civil and commercial matters is five (5) years from the end of the contract.
Detecting, preventing and combating fraud and cybercrime
  • Identify user accounts with incidents or anomalies in order to notify them and possibly trigger suspension or closure procedures;
  • Legitimate interest (fight against counterfeiting, fight against fraud, fight against cybercrime, ...)
Retention for the duration of the qualification of a fraud or cybercrime alert: 12 months from the date of the alert; Alerts that are not qualified at the end of the twelve (12) month period are deleted.

Qualified alerts are kept for a maximum of five (5) years from the closure of the fraud or cybercrime file.
Management of requests to exercise rights
  • Processing your requests to exercise your rights
  • Legal obligation
Retention of data relating to the processing of your requests for 5 years from receipt of the request. Retention of proof of identity documents for one year.

Processing for which MN SANTÉ acts as a subcontractor (Solutions marketed, web and mobile versions)

Services Purposes Legal bases Retention periods
Creation of a User account on the Solutions implemented by the healthcare establishment (patients, employees of the healthcare establishment) To enable the authentication of Users who access the services subscribed to by healthcare establishment customers as part of the provision of the Remote Monitoring/Remote Monitoring Solution. Performance of the contract concluded with the Client (Healthcare Establishment)

Consent of individuals collected by the health institution subscribing to the service
Retention of data necessary for account management until account deletion
Provision of a Remote Monitoring Solution and Services

(management of remote monitoring / remote monitoring of patients who have subscribed to the service offered by their health establishment as part of the monitoring of their care pathways)
  • Enable healthcare establishments to offer their patients and implement a remote monitoring/monitoring system
  • Allowing patients to benefit from follow-up by their health institution
Performance of the contract concluded with the Client (Healthcare Establishment)

Patient consent collected on behalf of the healthcare establishment, the data controller, which implements the remote monitoring/monitoring solution
Defined by the health establishment :

Duration of the patient's care pathway with the healthcare establishment + shelf life specific to healthcare establishments in accordance with the regulations applicable to them
Management of patient care pathways in healthcare facilities according to the health protocols defined by them
  • Integrate the health protocols defined by the healthcare institution into the Solution
  • Enable healthcare establishments to collect information from their patients as part of the health protocol set up via the subscribed remote monitoring/monitoring system
  • To allow Users to have access to remote monitoring/monitoring information according to the health protocols implemented by the health establishment
Performance of the contract concluded with the Client (Healthcare Establishment)

Patient consent collected on behalf of the healthcare institution that implements the Remote Monitoring/Monitoring Solution
Defined by the health establishment :

Duration of the patient's care pathway with the healthcare establishment + shelf life specific to healthcare establishments in accordance with the regulations applicable to them.
Extraction of the list of persons who have had access to the patient's Personal Data and making available to the patient upon request

N.B.: This processing only concerns professionals.
To allow the patient to know who has had access to his or her Personal Data. Obligation to comply with the Digital Health Agency's Digital Health Agency's Interoperability and Security Framework for Digital Medical Devices The list is securely transmitted to the user who made the request and then deleted on the manufacturer's side.
Management of support requests from healthcare institutions on the operation of the Solutions
  • Deal with technical anomalies reported by customers
  • Implementation of the necessary diagnostics and corrective actions
Performance of the contract concluded with the Client (Healthcare Establishment) Retention of related data for the entire duration of the contract concluded with the Client
Support to healthcare establishments in the event of complaints and requests to exercise rights from users of the Solutions (patients, employees of the healthcare establishment)

(Healthcare institutions manage complaints and requests to exercise their patients' rights in their capacity as data controllers)
Assist healthcare facility customers to enable them to respond to :
  • any claim and request to exercise rights by their users
  • any request for information from the supervisory and protection authorities of Personal Data
Performance of the contract concluded with the Client (Healthcare Establishment) Retention of data relating to the processing of the institution's requests for assistance, in the context of a dispute, for 5 years from receipt of the request.
Conducting surveys on behalf of the client healthcare institution

(e.g. satisfaction survey, survey on the use of the Solution, the quality of the remote monitoring / remote monitoring set up, etc.)
  • Carrying out surveys on request and on behalf of the client health institution and data controller
  • Performance of the contract concluded with the Client (Health Establishment)
  • Legitimate interest of the healthcare institution
  • Patient consent collected as part of the conduct of the survey
Retention for 1 year from the date of the survey.
Clinical studies and research carried out by the client healthcare institution based on the data collected as part of the Remote Monitoring/Remote Monitoring Solution implemented by the healthcare institution
  • Assist the health establishment within the framework of the research protocol implemented
  • Performance of the contract concluded with the Client (Health Establishment)
  • Consent of patients collected by the health establishment, data controller, as part of the study/research protocol set up by it
Defined by the health establishment :

Shelf life specific to healthcare establishments in accordance with the regulations applicable to them in terms of clinical research

As a reminder, in order to exercise these rights regarding the processing listed in the table above, the user must contact the DPO of their monitoring institution, Responsible for the Processing of their data. The contact details are indicated in the T&Cs available from the user account.

In the event of difficulty in reaching the DPO of your establishment, the user can send his request to MN Santé Holding, at the email address dpo-mns@careside.care. MN Santé Holding, as a Data Processor, must request the agreement of the establishment before exercising any rights.