Effective from December 5, 2024
The purpose of this privacy policy is to inform users (hereinafter referred to as "the User", "you") of the policy of the company DIGIKARE (hereinafter referred to as "DIGIKARE", "we") concerning the management of their personal data, particularly their confidentiality in connection with the use of the Orthense service (hereinafter referred to as "Orthense", "Service").
Welcome to our users. Who are we? DIGIKARE is a French data processing company serving healthcare. It publishes the Orthense service. This service, created by and for orthopedics, supports caregivers and patients for the success of medical care.
Only an orthopedic surgeon, subscribed to the Service, can offer it to the patient who is free to refuse it without this calling into question the nature of the care that he will provide.
Our motto is "Better measurement for better care". We will never stop repeating it, but your data is only used for one purpose: the success of your care, and once anonymized, it only serves one purpose: the improvement of care, care pathways or medical devices.
DIGIKARE has a medical committee composed exclusively of orthopedic surgeons whose primary mission is to ensure the ethics and professional conduct of its decisions.
The Orthense service, initially created for orthopedics, was requested by doctors from all specialties to assist them in conducting large-scale clinical studies. This is in line with our leitmotif "Better measurement for better care". We agreed to open the Orthense service for this purpose.
Your data is only used for one purpose: carrying out the study, and it is only once anonymized that it can serve the objective of the study.
The Service is published by us, that is, by the company DIGIKARE SAS whose head office is located at 2 avenue de l'Escadrille Normandie Niémen, 31700 BLAGNAC . Do not hesitate to contact us for any information at the following email address: [email protected]
The Service is hosted by the companies: CLARANET and MICROSOFT.
All health data is hosted by the company CLARANET, an approved Health Data Host (HDS) since 2010, and HDS certified since 2018 (HDS Infrastructure Host and IT Manager ).
That being said, since MICROSOFT has obtained HDS certification since 2019, all data collected, whether medical or not, and processed by the Orthense service is in an environment that strictly complies with the regulatory framework associated with personal data and, more importantly, health data.
Securing your data is a given, our duty and your right. We respect the rules of privacy protection imposed by French laws and the directives and regulations of the European Community. We have notified the CNIL of the provision of our Service to the public, under the declarations bearing the numbers: 2173700 and 2173703. These declarations attest that DIGIKARE adheres to the directives of protection of personal data with regard to their security, integrity and the limitations of their use. If an inconsistency arises between the clauses of the DIGIKARE data protection charter and the principles set out by the CNIL, the rules of the CNIL will prevail. To better understand its rules on the protection of privacy, do not hesitate to read the European regulation on the CNIL website: https://www.cnil.fr/fr/reglement-europeen-protection-donnees
All this being said, we wanted to go further, so on May 13, 2019, the Orthense service obtained ADEL certification, guaranteeing the ethics of its processing and use of digital data.
This privacy policy does not replace our general terms of use, its purpose is to clarify our use of your personal data. It applies to all of our services.
We focus on personal data that is useful for carrying out the mission entrusted to us, your medical support, and we ensure that we offer you the best possible experience, of course.
Thus, the personal data we collect can be categorized as follows:
Data relating to your identity: first name, last name, telephone number, postal address, email, etc.
Data relating to your use of the service: connection time, authentication failure, etc.
Data related to your payment or purchase of the service, this is only the case if you are a surgeon.
Data related to your use of partner authentication services: if you use a third-party authentication service such as FranceConnect , e-CPS, etc.
Data relating to your use of other partner services that you authorize us to access, for example, an application associated with a connected object such as a pedometer.
You may be surprised that we do not list medical data. This is the subject of another chapter of this document, but first of all, know that we have explicitly separated medical data from identifying data (first name, last name, etc.). That being said, we collect:
DIGIKARE collects personal data when a healthcare professional (surgeon, etc.) registers, when he registers a patient, when a patient completes his user profile, when you use our Service.
We will use your email address to enable you to use our Service and we may also contact you by telephone to ensure optimal monitoring of this use. You may refuse at any time to be contacted by email by DIGIKARE Services, knowing that if you choose to no longer accept email contacts, you may no longer be able to use our Services.
Below are some examples of situations where we collect your personal data:
When you register, we collect your personal data such as your name. If you are a patient, the name of your surgeon, your pathology and the date of the operation. This allows us to prepare our Service, such as the convalescence questionnaires, perfectly adapted to your personal case.
When contacting us electronically, we save the email address you used.
During a satisfaction survey, we may indeed contact you to find out your level of satisfaction with the use of our Service. You will have the choice to respond or not to these satisfaction surveys and your responses will not influence your access to our Service.
Regardless of your device (mobile, computer, tablet), we will collect information in the same way.
If you are a patient, at the cost of insisting and tiring yourself, we undertake to process your personal data in a manner consistent with the one you have given us permission to, to help your preparation or convalescence. No collection of personal data will be done without your permission. We collect personal data:
When you use our Service, we may collect, after having given us your explicit consent, data automatically: location data (GPS), accelerometer or connected object data, cookies, helping to better assess your state of health or to provide identity monitoring.
When you answer the various questionnaires decided by your surgeon or the investigating physician of the clinical study in which you are participating, we record your responses and ensure that they cannot be shared with third parties without your authorization.
When you have authorized a healthcare professional to enter or modify information on your behalf.
When you specify your identity (age, gender), necessary for the constraints of identity vigilance associated with health data, allowing the collection of demographic data
DIGIKARE will not rent, sell, or share your personal data with third parties or companies not affiliated with DIGIKARE. The exceptions are: if you ask us to do so in connection with a service we must provide to you, if you authorize us to do so.
Your surgeon may prescribe or recommend the acquisition of a medical device (such as a splint) or access to a home care service (such as cryotherapy). To ensure that you receive the right product or service, at the right time and in the best conditions, we may offer to put you in touch with a supplier who meets quality criteria. Your choice to accept or not to this supplier will have no impact on your care. If this connection is facilitated by the Orthense service, we may be required to share some of your personal data with the supplier:
Common data used when ordering a product remotely
First and last name
Mailing address
Your phone number
Your email address
In the event that the supplier ensures delivery of the product and the latter must be provided to you by a specific date.
In the event that the supplier practices partial third-party payment
In the event that the supplier practices total third-party payment
The supplier will be named explicitly and you will have their email and telephone contact details.
The data collected has essentially two purposes, but one is of course our priority as much as yours: the success of the support, the second purpose is the improvement of the service provided, that is to say your user experience.
So, if we collect your first and last name, this is only to serve the support and feed an identity monitoring process.
Some of you may be invited to participate in medical research, to support the continued improvement of medicine. In view of the methodology that will be used to conduct the research, you will receive documents detailing its own purpose and the data used to do so.
Please note that, even in this context, your personal data will only be used after they have been anonymized. And this is a crucial point of our commitment, even when anonymized, your data only serves the purpose of improvement, whether it be care, care pathways or medical devices.
We make every effort within our means to guarantee the reliability and accuracy of the data you entrust to us. Beyond personal data, we collect and process health data, as such, we have implemented a policy for our employees reminding them of their responsibility and prohibiting them from any access (for unauthorized persons), any use or disclosure of personal information in an inappropriate or illegal manner.
We have implemented security measures to protect personal data from unauthorized access, improper use, alteration, loss or destruction.
We indicated this in a previous chapter: our technical manager, in order to best serve his responsibility as data protection officer, has implemented an IT architecture that explicitly separates identifying data from medical data. You are the only ones who can re-associate this data, with the exception of authorized, declared employees who have this ability to ensure assistance and continuity of service.
All these measures will be useless without your participation: keep your username and password confidential, do not share your password with anyone, even us, use it only to authenticate yourself with the Orthense service.
DIGIKARE is not responsible for transactions and exchanges of information between you and a third party, who does not use DIGIKARE Services. Any information that you exchange with a third party will be under your sole responsibility.
You have rights, the General Data Protection Regulation (GDPR) lists them, we help you exercise them.
You can consult and modify a large part of your personal data simply from Orthense.
That being said, do not hesitate to contact our data protection officer, at the following email address: [email protected] , to exercise all of your rights: access, rectification, limitation, erasure and opposition.
If you are a patient, because you are a user of our service in response to a surgeon's wish to support you remotely in your preparation and recovery from surgery, we will inform him of your request for limitation, erasure or opposition of your personal data. Our goal is that he does not interpret your non-participation incorrectly, and this without calling into question the exercise of your right.
We do our utmost to keep your personal data up to date and as accurately and completely as possible. You can help us keep your personal information up to date by informing us of any changes ( email address , telephone number, etc.) as soon as possible via Orthense.
Only a limitation imposed by legislation could oblige us to refuse you the exercise of one of your rights.
Finally, if you have concerns about our full respect of your rights, and we are unable to convince you that we are working to address them, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) or your local data protection authority.
By default, we will not share your personal data, if such a case arises, and we find ourselves having to mobilize a company to help us with the end of the stated processing, this company will not have any particular rights and is obliged to respect this confidentiality policy.
Except in connection with your exercise of your right to delete data, if your personal data is health data, we will keep it for a period, a priori, of 10 years with regard to the updated regulation targeting the archiving of medical data within the framework of the shared medical record.
We will not transfer any of your data, whether personal or medical, outside the European Union.
The information presented by Orthense is defined by doctors, they use all the resources they deem relevant for it. Thus, we cannot control or be held responsible for this content and the practices of third parties who manage it. For example, doctors can take advantage of video services such as YouTube, Vimeo ... It is impossible for us to act on the practices of these companies, you may therefore face advertisements, or content of any kind, in no way related to our service. We can only recommend that you pay attention to their privacy policy.
We may need to change all or part of the clauses of our privacy policy. We will then notify you electronically. Adherence to this new version will be necessary for you to continue using our Services. You will always be informed of how DIGIKARE collects and uses your data and under what conditions your data is processed.
Thank you for taking the time and care to read our privacy policy. If you have any questions about it, suggestions for improvement, do not hesitate to contact our data protection officer, via email: [email protected] , or by post: DIGIKARE, DPO, Ethics Village, 2 avenue de l'escadrille Normandie Niémen, 31 700 BLAGNAC, France.
Now we are eager to count you among our users. Together we are changing orthopedics.
Digikare © 2024 v1.102.0.0-20241205.1+ddb859f