HEKO PRIVACY POLICY

PREAMBLE

More than a legal obligation, the protection of your personal Data is a strong commitment on the part of BOTDESIGN.

We are aware of the sensitivity of the Data we may collect about you via our HEKO platform, and respect for your privacy and medical confidentiality is a priority for us.

Our digital solutions are implemented within a framework of trust between authorized healthcare professionals, you and us. To clarify this framework, you will find below our full Personal Data Protection Policy as applied to HEKO (hereinafter “the Data Protection Policy”).

This will enable you to :
– to know the reasons and purposes for the collection of your Personal Data
– to inform you about the processing procedures applied to your Personal Data
– to know to whom your Personal Data is transmitted
– to check the security of your Health Data
– to inform you and facilitate the exercise of your rights

This Data Protection Policy forms an integral part of the General Terms and Conditions of Use.

1. Definitions
According to the CNIL, “personal data” is any information relating to an identified or identifiable natural person. However, because it concerns individuals, they must retain control over it”.

According to the CNIL, “Processing of personal data” refers to operations involving personal data, whatever the process used.
For example, recording, organizing, storing, modifying, reconciling with other data, transmitting, etc. personal data”.

“Regulations relating to the protection of personal data” means in particular, without this list being limitative:

– The Law of June 20, 2018 relating to the protection of personal data amended the “Informatique et Libertés” law to adapt it to the provisions of the General Data Protection Regulation (RGPD), applicable throughout Europe since May 25, 2018.
– The European Regulation of 2016/679 of the European Parliament and of the Council of April 27, 2016 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (hereinafter “RGPD”).

According to the CNIL, “”Health Data” means all data relating to the physical and mental health, past, present or future, of a natural person (including the provision of healthcare services) that reveal information about that person’s state of health.
This definition therefore includes, for example:
Information relating to a natural person collected when registering for healthcare services or during the provision of such services: a specific number, symbol or element assigned to a natural person to uniquely identify him or her for healthcare purposes;
Information obtained during the testing or examination of a body part or bodily substance, including from genetic data and biological samples;
Information concerning a disease, disability, risk of disease, medical history, clinical treatment or the physiological or biomedical condition of the person concerned (irrespective of its source, for example from a doctor or other healthcare professional, a hospital, a medical device or an in vitro diagnostic test).
This definition encompasses certain measurement data from which it is possible to deduce information about a person’s state of health.

According to the CNIL, “the ‘Data Controller’ of personal data is in principle the person, public authority, company or organization that determines the purposes and means of the file, and decides on its creation”.
According to the CNIL, “the ‘processor’ is the natural or legal person (company or public body) who processes data on behalf of another organization (‘the controller’), as part of a service or provision”.

According to the CNIL, “a ‘cookie’ is a small file stored by a server on a user’s terminal (computer, telephone, etc.) and associated with a web domain (i.e. in most cases with all the pages of a single website). This file is automatically returned on subsequent contacts with the same domain”.

“Site” refers to the “HEKO” website accessible at https://heko.botdesign.net/login

2. General principles regarding data collection and processing
In accordance with the provisions of Article 5 of European Regulation 2016/679 cited above, the collection and processing of your Personal Data complies with the following principles:
– lawfulness, fairness and transparency: the collection and processing of data require the consent of the owner of the data
– limited purposes: the collection and processing of data are carried out to meet one or more purposes determined upstream (see §.IV)
– minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site is collected
– time-limited data retention: data is retained for a limited period of time, of which the user is informed
– data integrity and confidentiality: the data controller undertakes to guarantee the integrity and confidentiality of the data it collects

3. Who processes your Personal Data?
a) Data controller: healthcare and medico-social establishments

The healthcare establishment contracting or using BOTDESIGN’s services is the data controller, unless it expressly requests otherwise.

b) Sub-contractor : BOTdesign

BOTdesign is a simplified joint stock company whose registered office is 3 Rue Bertrand Gril 31400 in TOULOUSE. BOTdesign is the subcontractor for healthcare and medico-social establishments. Representatives: Olivier THUILLART and Jean-Louis FRAYSSE. Website: https://botdesign.net/

c) Second-tier subcontractor: OVH
We subcontract some of our activities in order to provide our services. For example, your personal data is hosted by OVH, a certified Health Data Host (HDS) whose head office is at 2 rue Kellermann – BP 80157, 59053 Roubaix Cedex 1. Telephone number: 08 203 203 63.
OVH is the second-tier subcontractor.
We are committed to ensuring that our subcontractors guarantee the same level of security as our own.

4. What personal data do we collect from you and how is it used?
a) Origin of your personal data

We may collect personal data in various ways:
– From you

– From you via healthcare establishments

– When you create an account or contact us (website, support).

At the time of collection, the mandatory fields to be completed are indicated by an asterisk.

b) Collection of your Personal Data and its justifications

The table here will give you an overview of the information relating to your interactions with our services and their consequences on your Personal Data. You will find in this table:
– Column 1: in which situations may your Personal Data be provided or collected?
– Column 2: what types of data are processed?
– Column 3: for what purposes is your Data processed? This will explain how and why we may use them
– Column 4: What is the legal basis for our use of your Personal Data? This explains why we may use your data

5. Who can access your Personal Data?
Health Data are strictly for the use of HEKO platform Users, i.e. :
– The patient (for his/her Data only)
– The Healthcare Professional for the Data of the patient he/she is following
– The Healthcare Professionals among themselves

6. Is my data secure?
We attach great importance to protecting your Personal Data and your Health Data.

We have therefore put in place technical and organizational measures to ensure maximum protection of Personal Data, in particular to prevent their alteration, destruction or distribution by unauthorized third parties.
7. How long do we keep your Personal Data?
As a general rule, we retain your Data until the purpose for which it was collected has been fulfilled, as required by the Data Protection Regulations, in agreement with the Healthcare Professional.

Consequently, the length of retention varies according to the Data in question, presented in this table here.

8. What are your rights and how can you exercise them?
You retain full control over your Personal Data. Here, we list the rights that are recognized by the Regulations on the protection of personal data, which you are able to exercise with us.

In order to respond to your request, we may require proof of identity.

9. Conditions for modifying the privacy policy
This privacy policy may be consulted at any time at the following address: https://botdesign.net/.

The site editor reserves the right to modify it in order to ensure its compliance with current legislation.

Consequently, the user is invited to consult this privacy policy regularly in order to keep abreast of the latest changes.

The user is informed that this privacy policy was last updated on: 29/07/2022.

10. Contact
If you would like further information, please contact us at dpo@botdesign.net or write to us at
‍
BOTDESIGN
12 rue Louis courtois de Viçose, 31100 TOULOUSE.

If you have any questions or comments about how we process and use your Personal Data, or if you wish to exercise any of your rights mentioned in Part VII.

What are your rights and how can you exercise them?

Please contact us at the following e-mail address: dpo@botdesign.net or write to us at the following address: support@botdesign.net

If you wish to unsubscribe from our commercial newsletter, please contact us at the following e-mail address: support@botdesign.net