PERSONAL DATA CHARTER 

Our company, InnovSanté, strives to protect the data of users of its PassCare website. Because you choose to entrust us with your health data, we have a duty to protect your privacy and make every effort to comply with the requirements of French Data Protection law no. 78 -17 of 6 January 1978, amended by law no. 2018-493 of 20 June 2018, as well as the requirements of the General Data Protection Regulation no. 2016/679 of 27 April 2016.

Identity of the data controller

The data controller is InnovSanté, a French simplified joint-stock company (société par actions simplifiées) with share capital of €41,375, registered in the Reims trade and companies register (RCS) under number 818991929 with its registered office at 21, Rond-Point de l’Europe, 51430 Bezannes.

This charter (hereinafter “the Charter”) describes the information we process for the functioning of the PassCare website and the use of PassCare. It presents InnovSanté’s commitments to protecting the personal data of internet users visiting this site and users of the PassCare platform (hereinafter referred to as “the Site”). The Charter also informs you of the procedures for collecting and using your personal data and your rights in that respect.

We use the information at our disposal (according to the choices you make) as described below, in order to provide and ensure the functioning of the PassCare website and the use of PassCare as well as the associated services described in the General Terms and Conditions of Use.

This charter applies in addition to the general terms and conditions of use and the general terms and conditions of sale. It applies to the entire site and all PassCare services.

The purpose of this charter is to inform people in a clear, simple and comprehensive way about how InnovSanté, as data controller, collects and uses your personal data (the “Personal Data”) and how you can control that use and exercise your rights.

Why do we collect certain data about you?

InnovSanté implements appropriate technical and organisational measures to ensure that, by default, only personal data that is necessary for each specific purpose of the processing is processed. This means that information is only collected if it is relevant, appropriate and limited to what is necessary for the purposes for which it is processed.

These objectives are specific and legitimate and under no circumstances will your data be processed in a manner incompatible with those purposes, unless your prior consent is obtained.

Personal data which it is mandatory to declare is indicated on the collection form. Apart from those cases, you are free to choose which items of your personal data to provide or withhold. You retain control over the data you wish to include in your health profile.

However, such a decision could limit your access to certain services or other features available on the Site.

Firstly, to access and benefit from the PassCare website, the user must create an account and provide the information necessary for registration. The user must also subscribe to a paid online subscription and enter delivery details for PassCare.

Once the account is created, the user can access his/her PassCare profile and manage the information it contains by entering a wide range of health data, if he/she so wishes.

The user also has the option to order additional PassCare subscriptions. The processing of those orders also requires the inputting of information necessary for management of the order.

Finally, InnovSanté may communicate with users in the context of the PassCare services.

We do only send you electronic communications, via email, SMS or mobile notifications, in the following cases:

  • Order tracking: sending an order confirmation and any other message related to the service you ordered;
  • Management of your customer account: confirmation of creation or closure or changes to passwords;
  • Two-factor authentication: sending an SMS containing a code to be entered when logging in;
  • Third-party access to the platform: sending an SMS to ask you to authorise access to your health platform;
  • Information about new features of the platform.

What data do we collect?

In the context of its PassCare website, InnovSanté only collects data strictly necessary and essential for the purposes mentioned above and thereby ensures compliance with the minimisation principle.

  • Data identification, i.e. the name/date of birth/email address/IP address in order to create and register for a customer account and place orders online.
  • Bank datain order to process any order or refund via the PassCare website.
  • Anonymous health data, including but not limited to: GP, prescriptions, vaccinations, biological tests, allergies, lifestyle, medical history, care pathways, measurements, etc.

How long will your personal data be retained?

The Personal Data retention period may vary depending on the purpose of the processing.

Except in the case of imperative legal provisions, InnovSanté retains Personal Data for the time necessary to achieve the intended purpose.

Personal Data will be kept for the period during which you use our services and deleted no later than three years from our last contact, unless it is rendered anonymous or in the case of a legal obligation to retain certain data for a longer period.

Site log-in data will be kept for a period of 13 months

Your rights concerning your personal data:

In accordance with the provisions of regulation no. 2016/679, known as the General Data Protection Regulation (GDPR), you have the following rights in relation to your data and ensuring that InnovSanté complies with its commitments.

  • Right of information regarding the processing of your personal data,
  • Right of access, rectification and erasure of your personal data (the “right to be forgotten”),
  • Right to limit the processing of your personal data,
  • Right to portability of your personal data,
  • Right of withdrawal of consent to the processing of your personal data,
  • Right to lodge a complaint with a supervisory authority,
  • Right to decide what happens to your personal data after your death.

What are the existing security measures?

All users opening an account are asked to enter an email and a password. That password must strictly be kept secret and you must restrict access to your computer or mobile devices and log out once you have finished using our services. You will be automatically logged out after 10 minutes of inactivity.

Furthermore, InnovSanté has put in place technical and organisational measures to protect personal data against accidental loss, destruction, deterioration, abuse, damage and unauthorised or illegal access.

Since personal data is confidential, InnovSanté restricts access to employees of the company or service providers that it to carry out processing.

All persons with access to the personal data are bound by a duty of confidentiality and may be subject to disciplinary measures and/or other penalties if they fail to comply with those obligations.

When we use subcontractors, service providers or send the personal data to partners, that communication is subject to a contract ensuring that the information is protected.

Data transfer and subcontracting:

InnovSanté does not transfer any personal data outside French territory, nor does it transfer any data to third-party companies except in the cases specified below.

InnovSanté uses a service provider for the hosting of your health data. We work with the company COREYE, a French simplified joint-stock company (société par actions simplifiées) with share capital of €162,592 whose head office is located at Campus du Digital, Haute Terminal Park, 61 Avenue de l’Harmonie, 59262 Sainghin-en-Mélantois, France, registered with the Lille trade and companies register (RCS) under number 443 498 571 – Email address: contact@coreye.fr

This service provider is specifically approved to host health data by the French Ministry of Health.

with regard to payments made via the PassCare website, we work with Stripe. Stripe processes the personal data for which it is responsible, as described in Stripe’s privacy policy.

Specific case of minors

Minors under 18 years old are not authorised to register on the Site. In the event that a minor under 18 years wishes to subscribe to PassCare, he/she may do so via a parent or guardian registered on the Site as part of a Family subscription.

How to exercise your rights

For all questions about this charter, subject to providing evidence of your identity, you may contact us by any of the following means:

The data controller for your information is InnovSanté, which you can contact by post at the following address:

InnovSanté

21 Rond-Point de l’Europe, 51430 Bezannes

You can also contact our Data Protection Officer (dpo@innovhealth.com)

We will respond to all queries, information requests or concerns within thirty (30) days.

Changes to the personal data charter

We hereby inform you that we may update this charter frequently to take account of changes to the law or regulations. If you have a registered account, you will be informed of any changes to the Charter by email to the email address associated with your account.

These changes shall come into effect as soon as they are published on the Site.