Personal Data Protection Charter

Our company InnovSanté is concerned about the protection of the data of the users of its PassCare platform. Because you choose to entrust us with your health data, we must be attentive to the protection of your private life and do everything possible to respect the requirements of the law “Informatique et Libertés” n°78-17 of January 6, 1978 amended by the law n°2018-493 of June 20, 2018, as well as the requirements of the General Regulation on Data Protection n°2016/679 of April 27, 2016.

Identity of the controller

The data controller is the company InnovSanté, Société par Actions Simplifiée with a capital of 41,375 euros, registered with the RCS of Reims under the number 818991929, whose head office is located at 21, rue de Courcelles, 51100 Reims.

This charter (hereinafter “the Charter”) describes the information we process for the operation of the PassCare Site and for the use of PassCare. It sets out InnovSanté’s commitments to protect the personal data of Internet users visiting this site, the users of the PassCare platform (hereinafter referred to as “the Site”). The Charter also informs you of the procedures for collecting and using your personal data and the options available to you in this respect.

We use the information available to us (depending on the choices you make) in the manner described below to provide and operate the PassCare Site and for the use of PassCare and related services described in the Terms and Conditions of Use.

The present charter applies in addition to the general terms of use and the general terms of sale. It applies to the entire PassCare site and services.

The purpose of this charter is to inform data subjects in a clear, simple and complete manner about how InnovSanté, in its capacity as data controller, collects and uses personal data concerning you (“Personal Data”) and about the means at your disposal to control such use and exercise your rights relating thereto.

Why do we collect some of your data?

InnovSanté implements appropriate technical and organisational measures to ensure that, by default, only personal data that are necessary for each specific purpose of processing are processed. Consequently, relevant, adequate and limited information is collected only to that which is necessary for the purposes/purposes for which it is processed.

These purposes are specific and legitimate and, under no circumstances will your data be further processed in a manner incompatible with these purposes, except with your prior consent.

Mandatory declarative personal data are indicated on the collection medium. Apart from these cases, you are free to provide or not provide all or part of your personal data. You retain control of the data you wish to integrate into your health profile.

However, such a decision could result in limiting your access to certain services or other functionality offered by the Site.

First and foremost, in order to access and benefit from the PassCare platform, the user must first create an account and provide the necessary information for registration. They must also take out a paid subscription online and provide contact information for sending the PassCare.

Once the account is created, the user can access his or her PassCare profile and manage the information it contains by entering a wide range of health data if desired.

In addition, the user has the option of ordering additional PassCare. The processing of these orders also requires the user to fill in information necessary for the management of the order.

Finally, InnovSanté is likely to communicate with users as part of PassCare services.

We send you electronic communications, via e-mail, SMS or mobile notification, only in the following cases:

  • Order tracking: sending an order confirmation and any other message related to the service you have ordered;
  • The management of your customer account: confirmation of creation or closure, modification of passwords;
  • 2-factor authentication: sending an SMS containing a code to be filled in during connection;
  • Access to the platform by a third party: an SMS is sent to you to request authorisation to access your health platform;
  • Information about new features of the platform.

What data do we collect?

Within the framework of its PassCare platform, InnovSanté limits itself to collecting only data that is strictly necessary and essential for the purposes mentioned above and thus ensures that the principle of minimization is respected.

  • Identification data, surname / first name / date of birth / e-mail address / IP address in order to be able to create and register for a customer account and place orders online.
  • Bank details in order to proceed with any order on the PassCare site or any refund.
  • Anonymised health data such as, but not limited to, the following: Treating doctors, prescriptions, vaccinations, biological examinations, allergies, lifestyle habits, history, course of care, measurements, etc.

How long is your personal data kept?

Depending on the purpose of the processing, the retention period of Personal Data may vary.

Except in the case of mandatory legal provisions, InnovSanté retains Personal Data for the duration necessary to achieve the intended purpose.

Personal Data will thus be retained for the period during which you use our services, and deleted at the latest three years after our last contact, unless anonymised or legally required to retain certain data for a longer period of time.

The connection data to the Site will only be kept for a period of thirteen months.

Your rights on your personal data :

In accordance with the provisions of Regulation No 2016/679, known as the General Data Protection Regulation (GDPR), you have the following rights over your data and in order to ensure that InnovSanté respects its commitments.

  • Right to information on the processing of your personal data,
  • Right of access, rectification and deletion (or “right to forget”) of your personal data,
  • Right to limit the processing of your personal data,
  • Right to portability of personal data,
  • Right to withdraw consent to the processing of personal data,
  • Right to lodge a complaint with a supervisory authority,
  • Right to decide what happens to your personal data after your death.

What security measures are in place?

Any user opening an account is invited to fill in an email and a password. This password must be kept secret and you must restrict access to your computer or mobile devices and log out once you have finished using our services. An automatic disconnection in case of inactivity takes place every 10 minutes.

In addition, InnovSanté has implemented technical and organizational measures to protect personal data against accidental loss, destruction, deterioration, abuse, damage and unauthorized or illegal access.

As personal data are confidential, InnovSanté limits access to them only to the company’s employees or service providers who need them to carry out the processing.

All persons with access to personal data are bound by a duty of confidentiality and are liable to disciplinary measures and/or other sanctions if they fail to comply with these obligations.

When we use subcontractors, service providers or pass on personal data to partners, this communication is subject to a contract in order to ensure the protection of this information.

Data transfer and subcontracting :

InnovSanté does not transfer any personal data outside the French territory nor does it transfer any data to third party companies except in the cases provided for below.

InnovSanté uses the services of a service provider to host your health data. We work with the company COREYE société par actions simplifiée with a capital of €162,592 whose head office is located at Campus du Digital – Parc de la Haute borne – 61 Avenue de l’Harmonie – 59262 Sainghin en Mélantois – France, registered in the Lille Trade and Companies Register under the number 443 498 571 – E-mail address: contact@coreye.fr

This provider is specifically approved by the French Ministry of Health to host health data.

For payments made on the PassCare site, we work with the company Stripe. Stripe processes personal data for which it is responsible, as described in the Stripe privacy policy .

Specific case of minors

Minors under the age of 18 are not allowed to register on the Site. In the event that a minor under the age of 18 wishes to take out a subscription and obtain a PassCare, he or she may do so through a parent or guardian of legal age registered on the Site as part of a Family subscription.

How to exercise your rights

For any questions concerning this charter and subject to proving your identity, you can contact us by the means described below:

The data controller for your information is InnovSanté that you can contact by mail at the address below:

InnovSanté

21 rue de Courcelles – 51100 Reims

You can also contact our Data Protection Officer (dpo@innovhealth.com)

We will respond to all requests, inquiries or concerns within thirty (30) days.

Amendments to the personal data charter

We inform you that we may update this charter frequently, in particular to take into account changes in the law and regulations. If you have a registered account, you will be notified of any changes to the Policy by email to the email address associated with your account.

These modifications come into force immediately when they are available on the Site.