France Patient and legal representatives privacy notice

Access to and implementation of the services of the Sciensus patient support programme requires the collection and processing of personal data of the users (patient and/or their legal representatives), including data relating to civil status and health data.

This notice is regularly reviewed, and changes made from time to time. Any changes will be posted on this page.

If you have any questions relating to this notice, please contact our Data Protection Officer:

The Data Protection Officer

Sciensus Pharma Services Limited

107 Station Street

Burton-On-Trent

DE14 1SZ

United Kingdom

If you would like to download a copy of this privacy notice, please click here

Where we get your information from:

To deliver our services to you, we collect and process information about you and receive them from a variety of sources:

Directly from the user (s) (The Patient or Legal Representatives)
From doctor/healthcare professionals

Personal information we collect on you and the lawful grounds for us to process your information:

Categories of Information and personal data

Type of DataWhy do we need this data?What is our lawful ground for processing?
First and Middle NameSurnameEmail AddressAddressDate of BirthTelephone numberCity/Postal Code of SchoolHealth Information/medical history (Current pathology/allergies)Other medical information (Diarrhoea/ Nausea/Fatigue/Vomit)  To create and maintain a record of your care and communicate with patient/legal representative. To facilitate appointments with healthcare professionalsPlan interventions within a school environmentFor healthcare professionals to personalise the content you will receive.Provide advice and adapted content.The sharing of the User’s health data with the relevant Healthcare Professionals.  GDPR, article 6 (1)(a) Consent  – The individual has given clear consent  to process their personal data for a specific purpose.   GDPR, article 9 (2)(A) Explicit Consent  The individual has given explicit consent to process their personal data for a specific purpose.
User weight and heightCurrent medicationsInformation on family unitHobbies                                                                   Optional data to improve the user experience but not essential.Article 6 (1)(f) Legitimate Interest

RECIPIENTS OF THE DATA

Categories of recipients

Depending on their respective needs:

•             The patient’s healthcare professionals for whom access has been authorized are recipients of all the data collected as part of Sciensus patient support programme.  The user is informed that they have the possibility to revoke at any time the access initially authorized to their data to one or more of the Health Professionals in charge of their follow-up.

•             The user is informed that an approved health data host ensures the secure hosting of health data collected and processed as part of the Application, in accordance with the provisions of Article L.1111-8 of the Public Health Code. As such, the user has the right to object to the hosting of their personal data for a legitimate reason.

The user is informed that their personal data transmitted to the technical service providers are accessible only for the purposes of technical management of the IT system, by the specifically authorized technical service providers, in strict compliance with their missions and in compliance with the principles of confidentiality to which they are subject.

The Data Controller guarantees that the User’s personal data and those of the Patient will not be transmitted to any unauthorized third party.

DATA RETENTION PERIOD

Users’ data is kept for the duration of the program plus one month. After this, the data necessary to respond to a liability action is archived for a maximum of 20 years for evidentiary purposes, in a secured manner and in accordance with the country’s medical record retention directives.

If the User’s Personal Account remains inactive for 1 year, the user will be notified of account closure and the archiving of their data unless they express their wish to keep their Personal Account.

*Article 2226 of the Civil Code defining the limitation period of an action for liability in the event of bodily injury.

Transfers of data outside the EU

No data transfer outside the European Union is carried out.

ANONYMIZATION OF DATA

Provided that they do not allow the direct or indirect identification of the User, data may also be used in order to improve the performance and quality of the programme and may be subject to anonymous statistical analysis.

As part of our programmes, we collect lots of personal and sensitive information about you, and we take keeping your data safe very seriously. For this, we have our own expert teams and use a robust information security management system so that your data is treated appropriately does not end up in the wrong hands. To achieve this, we use a three-layered approach: People, Processes and Technology.

We use a number of technology systems to control how your data is accessed and secured. All our staff members are trained in personal data and confidentiality. They follow strict policies and procedures to ensure security is kept to a high level.

We operate function-based access control. Therefore, our staff members can only access your personal data if it is necessary for them to perform their tasks.

We evaluate our systems regularly using internal and external audits to identify possible weaknesses have rectified them.

YOUR RIGHTS OVER YOUR DATA

You can access and obtain a copy of the data concerning you, object to the processing of this data, have it rectified or have it deleted. You also have the right to restrict the processing of your data.

When the Patient is a minor, the rights are exercised by the User who represents him.

EXERCISING YOUR RIGHTS

The Data Protection Officer (DPO) is your contact person for any request to exercise your rights over this processing.

The Data Protection Officer

Sciensus Pharma Services Limited

107 Station Street

Burton-On-Trent

DE14 1SZ

United Kingdom

COMPLAINT TO THE CNIL

If you feel, after contacting us, that your rights over your data are not respected, you

can send a complaint directly to the CNIL https://www.cnil.fr/en/home