Access to and implementation of the services of the Sciensus patient support programme requires the collection and processing of personal data of the users (patient and/or their legal representatives), including data relating to civil status and health data.
This notice is regularly reviewed, and changes made from time to time. Any changes will be posted on this page.
If you have any questions relating to this notice, please contact our Data Protection Officer:
The Data Protection Officer
Sciensus Pharma Services Limited
107 Station Street
Burton-On-Trent
DE14 1SZ
United Kingdom
If you would like to download a copy of this privacy notice, please click here
Where we get your information from:
To deliver our services to you, we collect and process information about you and receive them from a variety of sources:
| Directly from the user (s) (The Patient or Legal Representatives) |
| From doctor/healthcare professionals |
Personal information we collect on you and the lawful grounds for us to process your information:
Categories of Information and personal data
| Type of Data | Why do we need this data? | What is our lawful ground for processing? |
| First and Middle NameSurnameEmail AddressAddressDate of BirthTelephone numberCity/Postal Code of SchoolHealth Information/medical history (Current pathology/allergies)Other medical information (Diarrhoea/ Nausea/Fatigue/Vomit) | To create and maintain a record of your care and communicate with patient/legal representative. To facilitate appointments with healthcare professionalsPlan interventions within a school environmentFor healthcare professionals to personalise the content you will receive.Provide advice and adapted content.The sharing of the User’s health data with the relevant Healthcare Professionals. | GDPR, article 6 (1)(a) Consent – The individual has given clear consent to process their personal data for a specific purpose. GDPR, article 9 (2)(A) Explicit Consent The individual has given explicit consent to process their personal data for a specific purpose. |
| User weight and heightCurrent medicationsInformation on family unitHobbies | Optional data to improve the user experience but not essential. | Article 6 (1)(f) Legitimate Interest |
RECIPIENTS OF THE DATA
Categories of recipients
Depending on their respective needs:
• The patient’s healthcare professionals for whom access has been authorized are recipients of all the data collected as part of Sciensus patient support programme. The user is informed that they have the possibility to revoke at any time the access initially authorized to their data to one or more of the Health Professionals in charge of their follow-up.
• The user is informed that an approved health data host ensures the secure hosting of health data collected and processed as part of the Application, in accordance with the provisions of Article L.1111-8 of the Public Health Code. As such, the user has the right to object to the hosting of their personal data for a legitimate reason.
The user is informed that their personal data transmitted to the technical service providers are accessible only for the purposes of technical management of the IT system, by the specifically authorized technical service providers, in strict compliance with their missions and in compliance with the principles of confidentiality to which they are subject.
The Data Controller guarantees that the User’s personal data and those of the Patient will not be transmitted to any unauthorized third party.
DATA RETENTION PERIOD
Users’ data is kept for the duration of the program plus one month. After this, the data necessary to respond to a liability action is archived for a maximum of 20 years for evidentiary purposes, in a secured manner and in accordance with the country’s medical record retention directives.
If the User’s Personal Account remains inactive for 1 year, the user will be notified of account closure and the archiving of their data unless they express their wish to keep their Personal Account.
*Article 2226 of the Civil Code defining the limitation period of an action for liability in the event of bodily injury.
Transfers of data outside the EU
No data transfer outside the European Union is carried out.
ANONYMIZATION OF DATA
Provided that they do not allow the direct or indirect identification of the User, data may also be used in order to improve the performance and quality of the programme and may be subject to anonymous statistical analysis.
As part of our programmes, we collect lots of personal and sensitive information about you, and we take keeping your data safe very seriously. For this, we have our own expert teams and use a robust information security management system so that your data is treated appropriately does not end up in the wrong hands. To achieve this, we use a three-layered approach: People, Processes and Technology.
We use a number of technology systems to control how your data is accessed and secured. All our staff members are trained in personal data and confidentiality. They follow strict policies and procedures to ensure security is kept to a high level.
We operate function-based access control. Therefore, our staff members can only access your personal data if it is necessary for them to perform their tasks.
We evaluate our systems regularly using internal and external audits to identify possible weaknesses have rectified them.
YOUR RIGHTS OVER YOUR DATA
You can access and obtain a copy of the data concerning you, object to the processing of this data, have it rectified or have it deleted. You also have the right to restrict the processing of your data.
When the Patient is a minor, the rights are exercised by the User who represents him.
EXERCISING YOUR RIGHTS
The Data Protection Officer (DPO) is your contact person for any request to exercise your rights over this processing.
The Data Protection Officer
Sciensus Pharma Services Limited
107 Station Street
Burton-On-Trent
DE14 1SZ
United Kingdom
COMPLAINT TO THE CNIL
If you feel, after contacting us, that your rights over your data are not respected, you
can send a complaint directly to the CNIL https://www.cnil.fr/en/home