Information provided to the User with respect to his personal data (EU 2016/679 regulation of 27 April 2016 (GDPR) and law no. 78-17 of 6 January 1978)
MedOK is an authentication system for healthcare professionals on the internet, in compliance with Article L5122-6, paragraph 1 of the French Public Health code that requires certain sensitive and/or commercial information to be reserved only for authenticated healthcare professionals. Only one declaration regarding their status as a healthcare professional is not sufficient to authenticate their status as a healthcare professional on the internet.
MedOK is an SSO (Single Sign ON) developed by Imagence SAS (a Simplified Joint Stock company) registered with the Nanterre Companies Register under no. 401500327 enabling the healthcare professional to identify themselves once and then consult any website protected by the MedOK system according to the provisions laid down by the site publisher with regard to the medical specialisations concerned.
In the context of User’s request and/or use of services or Documents from MedOK and via the MedOK Site, after the consent of the User has been obtained to this effect and in compliance with the stipulations below, their personal data is collected by MedOK.
PERSONAL DATA SUBJECT TO COLLECTION.
The personal data collected is as follows: information provided by the User by filling in the forms related to the creation of their account and/or relating to their identification, or by communicating with MedOK (by any means of communication or online communication, or by answering satisfaction surveys or questionnaires, including the User's name, gender, date and place of birth, as well as the User's contact details such as their postal address, e-mail address, telephone numbers, CPS card data, and also, particularly the information related to the contractual and commercial relationship between the User and MedOK (particularly the details of products, services and/or Documents requested by the User). It also includes the data collected through cookies and similar technologies used on the Site (namely IP addresses) and in electronic messages enabling the User to be recognised, to remember their preferences and, where appropriate, displaying the content that may interest them.
This personal data may only be communicated to MedOK by the Users concerned by the said personal data and each User refrains from transmitting the personal data of another person and/or personal data that is not related to them.
LEGAL INFORMATION FOR THE USER
The purpose of these documents is to give the User the required legal information that is as follows (the said information is also given to the User before their personal data is collected, and this separately from any other information, in accordance with the provisions in force):
(a)The identity and contact details of the person in charge of processing personal data (hereinafter "processing")
The identity and contact details of the person in charge of processing personal data are as follows: Imagence SAS registered with the Nanterre Companies Register under number 401500327
(b)The Contact details of the Data Protection Officer
The Contact details of the Data Protection Officer are as follows: Cédric Tran Thiet Imagence, 1 Place des degrés, Tour Voltaire, La Défense 92800 Puteaux-La-Défense, the Users may send their requests related to personal data on: support@medok.
(c)Reasons for processing the data
The reasons for processing the personal data are as follows: (i) identification of persons requesting and/or using Documents via the Site and/or services accessible via the MedOK authentication system (ii) creation and/or delivery by MedOK of the Documents and/or services used and/or requested by the User (iii) administration of the services and/or Documents requested and/or used by the User (iv) prospecting and/or sending information to Users.
(d)Legal basis of processing
The legal basis of processing is as follows: (i) processing is necessary for establishing the contractual relationship that the User wishes to enter into with MedOK by requesting and/or using services and/or Documents, the said personal data being necessary for the execution of services requested by the User (ii) the processing is also necessary to protect the legitimate interests of MedOK by enabling it to keep proof of transactions with the User and/or, where applicable, to proceed with collection (iii) the processing is carried out with the consent of the User wanting to request and/or use Documents and/or services via the Site and/or the MedOK authentication system (iv) the processing being carried out in accordance with the provisions of Law No. 78-17 of 6 January 1978 and the EU 2016/679 Regulation of 27 April 2016 (GDPR) and the other legal provisions in force (hereinafter la " Regulation in force").
(e) The Recipients of personal data
The recipients of personal data are: the staff of Imagence in charge of execution and administration of services and/or Documents requested and/or used by the User, the execution and/or delivery by Imagence/MedOK of the Documents and/or services requested and/or used by the User and, if required, the sub-contracted service providers of Imagence/MedOK who are involved in the execution of these tasks and are required to intervene in this respect for the processing of data (only if it is necessary), given that in such cases, this is carried out in accordance with the Regulation in force applicable to sub-contractors.
(f)Transfer of personal data
The information sites using the MedOK authentication system may ask for the identification of visitors visiting their site. In this case, the MedOK user is informed in advance of the information that will be transmitted from the site publisher with their consent.
The User is informed that the data controller may, if necessary, transfer their personal data to a third country or an international organisation subject to an adequacy decision rendered by the European Commission, given that in case of a transfer to a country or an international organisation not subject to an adequacy decision, this may only be done provided that appropriate guarantees are put in place and that the Users concerned have enforceable rights and effective legal remedies in accordance with the Regulation in force.
The storage period for personal data:
The storage period for personal data is as follows: since the personal data is necessary for the execution, administration and/or delivery of services and/or requests made via the Site, the User's personal data is stored (i) as long as the User may be able to place requests, i.e. as long as the User has not expressed their intention to unsubscribe from MedOK or has refused to have their personal data stored, and this by sending a request to the following address: firstname.lastname@example.org (in compliance with the stipulations given below) (ii) within a period of 36 (thirty-six) months from the last use of the MedOK authentication system or requesting of services and/or Documents by the User via the Site, date after which the personal data is no longer stored.
(h) Rights of the User that can be exercised with the Data controller (as identified above)
These documents are also prepared to inform the User of the existence of their right to request the data controller (as identified above) for the following:
- access to their personal data as well as any available information as for their source;
- correction or deletion of this information;
- restriction on the processing of their personal data
- User's opposition to the processing of their personal data;
- User's opposition at any time to the processing of their personal data for prospecting purposes, including profiling;
- the portability of their personal data in accordance with the Regulation in force, which provide in particular that the persons concerned by the processing of personal data have the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another data controller without the data controller to whom the personal data has been sent opposing this process, where: (i) the processing is based on consent in accordance with the Regulation in force, or on a contract in accordance with the Regulation in force and (ii) where the processing is carried out using automated processes, given that where the data subject exercises their right of portability of their personal data, they have the right to know that their personal data can be transmitted directly from one data controller to another, where this is technically possible.
- Withdrawal by the User, at any time, of their consent to the processing of their personal data (without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal);
The Users exercise their rights as identified in this document (h) by means of a request sent by them on the following address: email@example.com
Where necessary, it is stipulated that, the exercise of their right to erase their personal data and/or the exercise of their right to object the processing of their personal data and/or the exercise of their right to restrict the processing of their personal data and/or the exercise of their right to withdraw, at any time, their consent to the processing of their personal data (in accordance with the aforementioned stipulations) shall stop the delivery of services and/or Documents requested and/or used by the User and, more generally, make it impossible to carry out the services requested and/or used, in such a way that, in similar circumstances (i) from the moment the User exercises the said rights, the User will no longer be able to access the services and benefits offered by MedOK via the Site or its authentication system (ii) if these rights are exercised at the time of requesting services or Documents, the said request may not be placed by the User (iii) and, if the User is the holder of a subscription contract, the account of the User receiving their personal data will be deleted.
Complaint to CNIL
The User is informed of the right to lodge a complaint with the supervisory authority, which is the French data protection authority (CNIL): 3 Place de Fontenoy - TSA 80715 - 75334 Paris 07.
Information about the contractual nature of the provision of personal data
As part of the User's provision of information on whether the requirement to provide personal data is of a regulatory or contractual nature or whether it is a condition for the establishment of a contract and whether the data subject needs to provide the personal data, as well as on the possible consequences of the failure to provide such data, the User is provided with the following information: (i) the request for the provision of personal data is of a contractual nature (within the framework of the relationship that the User wishes to develop with MedOK by placing a request for services or Documents and/or by using the said services) (ii) the provision of this data, inasmuch as it is necessary for the execution of the services and/or services requested is a precondition for the conclusion of this contractual relationship (iii) in this respect the User is obliged to provide their personal data if they wish to request and/or use services and/or Documents from MedOK and via the Site (iv) the failure to provide this personal data does not allow them to request for services and/or Documents from MedOK.
It is stated that the collected personal data is not used for automated decision-making in accordance with the Regulation in force.
(l)Possible further processing of personal data
In case the personal data is further processed for purposes other than those for which the personal data was collected and as identified above, the data controller (identified above) will inform the data subject about this other purpose in advance and about any other required relevant legal information.
AGE OF THE PERSON WHO CAN PROVIDE THEIR PERSONAL DATA
The collection of personal data can only concern those who are at least 15 years old and as the personal data is, as indicated above, necessary for the execution and administration of the services or Documents ordered or requested via the Site, those under the age of 15 (fifteen) years can only give their consent to the collection of their personal data (and consequently access the services offered via the Site) provided that they are authorised by their legal guardian in such way that by requesting for benefits and/or services accessible via the Site and/or by communicating personal data to MedOK, Users declare and guarantee to MedOK that they are (i) either at least 15 years old (ii) or are authorised by their legal guardian. This stipulation is without prejudice to the undertaking made by the User to MedOK according to which they declare and guarantee to Infogreffe that they have the legal and statutory capacity to use the MedOK services and/or benefits offered via the Site and, where applicable, to pay for the said services and/or benefits.
CHANGES TO THESE DOCUMENTS