Date of last update: 14/02/2024
RESILIENCE takes to heart and is committed to respecting the applicable regulations to protect your Personal Data.
This Data Protection Policy comes to detail how and why we use your Personal Data. It forms an integral part of the General Terms of Use (GTU ) that you accepted when you registered.
RESILIENCE takes the protection of personal data to heart and is committed to managing the information it collects about you securely and responsibly, in compliance with the General Data Protection Regulation (RGPD) and applicable data protection laws. The RGPD follows on from French law no. 78-17 of January 6, 1978 ("loi informatique et libertés") and has been applicable since May 25, 2018. The RGPD frames the use of Personal Data by public and private organizations, including RESILIENCE.
This Data Protection Policy is an integral part of the General Terms of Use (GTU) and aims to provide you with clear and transparent information on how we collect and use your Personal Data. Capitalized terms are defined in our GTCU and in the "Definitions" section of each article of this Policy.
This Policy may change from time to time. We will inform you of any substantial updates, but we also invite you to consult our Personal Data Protection Policy on a regular basis.
RESILIENCE (or "we" or "us") refers to the company RESILIENCE, a société par actions simplifiée (simplified joint stock company) with a capital of 16,611.98 euros, registered with the RCS of Paris under number 893 834 713, with VAT number FR67893834713 and head office located at 6, rue d'Armaillé - 75017 Paris (France), marketing the Resilience Solution.
The Resilience Solution provides remote monitoring and support for patients affected by cancer, thanks to:- Support via the Resilience care mobile application
- Remote monitoring via questionnaires
Application refers to the Resilience Care mobile application developed by RESILIENCE and accessible as part of the Resilience Solution. It is a support tool for Patients, providing personalized content and wellness programs.
Personal Data is any information that allows you to be identified. It includes in particular your first and last name, and data on your state of health.
RESILIENCE is the Data Controller.
The Data Controller is RESILIENCE, operator of the Resilience Care Application.
A Data Controller determines the purposes and means of processing Personal Data, i.e. the purpose of the processing and the ways in which it is carried out.
As part of your use of the Application, your Personal Data is collected, in particular to :
RESILIENCE collects and uses Personal Data in its capacity as Data Controller for the following purposes and on the following legal grounds:
Legal basis
Retention period
Recipient
The need to perform our contract with you for access and use of our Application
For the duration of your use of the Application, then 24 months after the last connection to the Account to enable you to retrieve your Account at any time.
RESILIENCE R&D team; RESILIENCE Operations team
Your consent
For the duration of your use of the Application, then 24 months after the last connection to the Account to enable you to retrieve your Account and your information at any time.
RESILIENCE R&D team
Our legitimate interest in conducting research
15 years
RESILIENCE research teams
Our legitimate interest in analyzing our services in order to provide you with the best possible user experience.
1 year
RESILIENCE R&D team
RESILIENCE, as Data Controller, may use external service providers.
Your Health Data will then be hosted in France, by certified hosts authorized to store Health Data.
RESILIENCE may use service providers located outside the European Union: RESILIENCE will implement appropriate safeguards to protect your Personal Data.
RESILIENCE uses third-party solutions for marketing, statistical and functional purposes.
Your Health Data, collected as part of your use of our Application, is stored by HDS-certified hosts (Hébergeur de Données de Santé) in France:- OVH ;
- CleverCloud.
RESILIENCE may also use service providers located outside the European Union. In the event of a transfer to a third country whose legislation has not been recognized as offering an adequate level of protection for Personal Data, RESILIENCE will put in place appropriate safeguards, such as standard contractual clauses.
All our service providers and the appropriate safeguards taken by RESILIENCE are listed on our website.
Your Personal Data is retained for the duration of your registration and use of our Application.
For more details on how long we keep your Personal Data, please refer to the "How long we keep it" column of the table in Article 3 of this Policy.
Your Personal Data is stored for the duration of your registration and use of our Application, subject to compliance with applicable legal provisions.
With your consent, your data (not including your first name, surname or any other directly identifying information), collected as part of your use of the Application, may be collected in RESILIENCE's Health Data Warehouse and may in particular enable us to carry out scientific research in order to improve the care and quality of life of Patients.
Your refusal has no impact on your use of our Application.
In its capacity as Data Controller, RESILIENCE carries out scientific research to improve the care and quality of life of cancer patients. To this end, RESILIENCE has set up a health data warehouse, authorized by the Commission Nationale de l'Informatique et des Libertés (CNIL) on April 21, 2022. As part of the use of our Application, and with your consent, your Personal Data, including your health data, may be collected in pseudonymized form (i.e. without your first name, last name and contact details) in our Health Data Warehouse.
Your data will be kept there for fifteen (15) years from the date of collection.
Your refusal has no impact on your use of the Application. You may exercise your rights, and in particular object to the collection and re-use of your Personal Data, by contacting our Data Protection Officer at the following address: privacy@resilience.careor by post at RESILIENCE (for the attention of the Data Protection Officer), 6 rue d'Armaillé - 75017 Paris (France).You can also contact us if you have any questions about our Health Data Warehouse and our research.
To access the list of research, studies and evaluations, or for more information about our warehouse, please consult our Transparency Portal.
The Resilience Data Warehouse is the database intended for use by RESILIENCE, in particular for research, studies or evaluations in the healthcare field. RESILIENCE was authorized by resolution no. 2022-049 of April 21, 2022.
We implement appropriate technical and organizational measures to preserve the security and confidentiality of your Personal Data.
In particular, we have appointed a Data Protection Officer (DPO) responsible for raising awareness and training internal teams in compliance with the General Data Protection Regulation (GDPR). Our DPO can be contacted at privacy@resilience.care for any questions or requests to create/update/delete your data.
RESILIENCE is committed to protecting your Personal Data against loss, destruction, alteration, unauthorized access or disclosure.
RESILIENCE therefore implements appropriate technical and organizational measures to preserve the security and confidentiality of your Personal Data, such as:
These measures are regularly reviewed.RESILIENCE undertakes to ensure that your Health Data is hosted by a service provider that has obtained HDS (Health Data Hosting) certification. Thus, for the Application, your Personal Data is stored by OVH. For further information, please consult the OVH Privacy Policy.
We may use internal tracers to measure our audience, i.e. they will not be communicated outside RESILIENCE or for advertising purposes.
A "cookie" is a string of information containing your browsing data, which will be stored by your web browser for a specific period of time.
RESILIENCE may use internal tracers. These tracers enable us to track your activity within the Application, in order to offer you personalized content and to measure our audiences (performance measurement, detection of navigation problems, optimization of technical performance or ergonomics, estimation of server power required, analysis of content consulted).
However, these tracers are only used internally and are not communicated outside RESILIENCE or for advertising purposes.
You have several rights regarding your Personal Data. You can exercise these rights by contacting RESILIENCE at the following address:privacy@resilience.care.
If you are not satisfied with the response, you can submit a complaint to your data protection authority, in France the CNIL.
You will find all the competent authorities in Europe on this link.
You can modify, delete and access your Personal Data directly from your RESILIENCE Account. Any deletion of your RESILIENCE Account will result in the immediate deletion of your Personal Data. In accordance with applicable data protection laws and regulations, you have the right to :
These rights may be exercised by contacting RESILIENCE at: privacy@resilience.care, or at the following postal address: RESILIENCE - A l'attention du Délégué à la protection des données - 6, rue d'Armaillé - 75017 Paris (France).
When you submit a request to exercise your rights, we have one month from receipt to respond. This one-month period may be extended by two months depending on the complexity of your request.In order to respond to your request and guarantee the confidentiality of your Personal Data, we may ask you to prove your identity by any means.
If, after contacting us, you feel that your rights have not been respected, you have the right to lodge a complaint with the supervisory authority in France or in your country, for example the Commission Nationale de l'Informatique et des Libertés (CNIL) in France or the Autorité de Protection des Données (APD) in Belgium. You can find a list of all the competent authorities in Europe here.
SPECIFICITIES RELATED TO THE UNITED STATES:
All of the articles mentioned above concern you and are applicable in the context of your use of the Resilience Mobile Application. However, if you are an American patient or reside on American soil, specific provisions apply.
RESILIENCE takes the protection of personal data to heart and is committed to managing the information it collects about you in a secure and responsible manner, in compliance with applicable data protection laws on US territory, including: the HIPAA 1996 Health Insurance Portability and Accountability Act, the Food and Drug Administration Amendments Act (FDAAA 801), the Federal Trade Commission Act and the laws of the states in which you reside (e.g. the California Consumer Act).
If you are a California resident (even if you are temporarily out of state), you have the following rights under the California Consumer Privacy Act "CCPA"):
- Right to know and right to request deletion: you have the right to request (i) information about our collection, use, disclosure and sale of your personal dataand (ii) access to the specific items of personal data we have about you. You also have the right to ask us to delete your personal data. You can request to exercise these rights by sending us an e-mail to privacy@resilience.care. We will verify your request by comparing the information you provide as part of your request with the information (if any) we hold about you in an identifiable form. To make your request, you must provide us with your first and last name, e-mail address, city and state of residence, and the nature of your request (i.e., whether you would like information about how we process your personal data, would like us to process certain parts of your personal data, or would like to delete your personal data)
- You may designate an authorized agent to make a request on your behalf by drafting, signing and notarizing a letter that specifies (i) the identity of your agent and (ii) the purposes for which you are appointing the agentIf you are an authorized agent, you must provide us with the information described above regarding the consumer on whose behalf you are acting as agent, as well as your own first and last name and e-mail address, and a letter signed and notarized by the consumer appointing you as agent
- Right to refuse the sale of personal data: We do not "sell" personal data, as this term is defined in the CCPA.
- Right to non-discrimination: you have the right not to receive discriminatory treatment from Resilience in exercising your privacy rights.
You have several rights regarding your Personal Data. You may exercise these rights by contacting RESILIENCE at the following address: privacy@resilience.care.If you are not satisfied with the response provided, you may file a complaint with your competent data protection authority in the United States: Federal Trade Commission or the Office for Civil Rights.
CANADA SPECIFICS:
If you are not satisfied with the response provided, you may file a complaint with your competent data protection authority in Canada: the Office of the Privacy Commissioner of Canada.
