TERMS AND CONDITIONS OF USE
|Intermediate archiving:||means the transfer of Personal Data which still has an administrative interest for the Data Controller (such as for example in the event of litigation and/or in the event of a legal obligation) to a distinct, logically or physically separate database and to which access is restricted in all cases. This archive is an intermediate step before the deletion or anonymisation of the Personal Data concerned ;|
|General Terms and Conditions of Use:||means the general terms and conditions governing the use of the App and accessible at the URL https://fillmed.com/mentions-legales/ ;|
|Data Subject:||means a natural person (whether a User and/or a Professional or a third party) whose Personal Data is processed by the Data Controller ;|
|Professional:||means any health professional, natural person, capable and of legal age, including the representative (director, employee, etc.) of a legal entity acting on its behalf with an up to date and valid RPPS (collective database of health professionals) number, creating an Account (the “Account”) in order to benefit from all Fill-Med Content and Services (the “Services”) of the App and not subject to any legal, regulatory or contractual prohibition and/or restriction preventing them and having fulfilled, where applicable, all legal, regulatory and contractual formalities to do so, in order to use the Services ;|
|Personal Data Regulations:||means Law No. 78-17 of 6 January 1978 on data processing, files and freedoms, pursuant to the Community Regulation of 27 April 2016 published in the Official Journal of the European Union on 4 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (called “GDPR” for General Data Protection Regulation) ;|
|Data Controller:||means the company referred to in the legal notices accessible here: https://fillmed.com/mentions-legales/ ;|
|Terminal(s):||means the hardware equipment (computer, tablet, smartphone, phone, etc.) used by the User and/or the Professional to view or consult the App ;|
- Legal basis for processing
– The Data Subject has consented to the processing of their Personal Data for one or more specific purposes.
– The App has requested the express consent of the User and/or the Professional in order to carry out specific processing as explained when obtaining consent. In accordance with the recommendations of the CNIL on this matter, commercial marketing by email with regard to Professionals is carried out after the latter have been informed, at the time of the collection of their email address, of the use for prospecting purposes and the possibility of objecting to this in a simple and free manner.
– The processing is necessary for the performance of a contract to which the UserUser and/or the Professional is party or for the performance of pre-contractual measures taken at their request.
– In order to use the App and benefit from its services, and in particular to benefit from an Account for the Professional, as a minimum the Data Subject has accepted the General Terms and Conditions of Use. These documents formalise a contractual relationship between the Data Subject and the Data Controller, in particular serving as a legal basis for the collection and processing of the Data Subject’s Personal Data by the Data Controller.
– This Data is necessary for the performance of a certain number of processing measures related to the performance of the contractual relationship between the Data Subject and the Data Controller, the purposes of which are detailed in paragraph 4 – Purposes of processing.
– In the same sense, the App may offer Fill-Med Content which may be the subject of a vote, without subscription to an Account. Under these conditions, the completion of a vote may be subject to the processing of personal data (as a result of retention of logs for example).
– The processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
– Compliance with the legal obligations imposed on the Data Controller by the health vigilance systems provided for in particular by the Public Health Code may be used as the legal basis for the processing of Data.
– Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the UserUser and/or the Professional which require protection of personal data take precedence, in particular where the UserUser is a child.
– The Data Controller may have a legitimate interest justifying the processing of the Personal Data of the UserUser and/or the Professional, such as the processing of the subject of a contact by a UserUser and/or a Professional.
– In this case, the Data Controller shall ensure that the processing in question is indeed necessary for the fulfilment of its legitimate interest and assess the consequences of such processing on the UserUser and/or the Professional, particularly taking into account the nature of the Data processed, and the manner in which it is processed.
- Purposes of processing
The Personal Data of the Data Subject is necessary to allow the App to be accessed, used and improved, as well as the consultation of the Fill-Med Content and to enable the Data Controller to :
– send to the Data Subject who has subscribed to the “Newsletter” and to Professionals who have read Fill-Med Content, information emails relating to the activity of the Data Controller;
– personalise its communication for Professionals, in particular for information emails, according to its noted preferences, its use of the services and/or Fill-Med Content and/or the App;
– respond to requests for information from the User and/or Professional;
– carry out commercial solicitations;
– develop commercial statistics, analyses and marketing tools (in particular classification, score, etc.);
– allow access to the Account by the Professional, in particular Services reserved for Professionals;
– identify the Professional on the databases of the Data Controller’s subsidiaries in order to prevent fraud;
– optimise the Professional’s navigation of the App by remembering its Identification Elements;
– manage requests to exercise the Specific Rights under the conditions of paragraph 10 – Exercise of the Specific Rights of Users and/or Professionals;
preserve evidence in the event of litigation related to the use of the App;
– comply with its legal obligations, in particular the health vigilance mechanisms provided for by the Public Health Code and in particular the collection, recording, analysis, monitoring, documentation, management of contacts, transmission and storage of Data relating to all adverse health events.
- Storage of Personal Data
– The App is hosted by the company whose contact details are available by clicking here Legal Notices.
– All precautions have been taken to store the Personal Data of Users and/or Professionals in a secure environment and to prevent it from being distorted, damaged or accessed by unauthorised third parties. The information transmitted by the User and/or Professional will never be passed on to third parties for a commercial purpose or sold or exchanged.
- Collection of Personal Data on the App
– Upon request for information made via the contact form here, the Data Controller collects the following Personal Data that the Data Subject provides and which is kept for a period of three (3) years on an active basis from the last request of the Data Subject, and then two (2) years in Intermediate Archiving:
- First name,
- Email address,
- Telephone number
- Any comment(s) accompanying the request for information,
– When creating the Account, the Data Controller collects the following Personal Data that the Professional provides or communicates spontaneously during their browsing and which is kept for a period of three (3) years, on an active basis, from the last connection of the Professional to the App and then two (2) years in Intermediate Archiving :
- First name,
- Email address,
- RPPS Number / Physician National Identification Number
– The connection data (date, time, IP address, pages visited) of the User and/or the Professional while browsing the App, including votes made by the User, are retained for a period of one (1) year.
– Data collected and processed to manage health vigilance is kept on an active basis during the current period of use of the Data and is then kept in intermediate archiving for the legal or regulatory period applicable to each health vigilance for a maximum of seventy years from the date of withdrawal from the market of the device or product, in the absence of a legal or regulatory period.
- Recipients or categories of recipients where applicable
|Hosting service provider OVH – 2 rue Kellermann – 59100 Roubaix – France||App hosting|
|App development and management service provider
Agence Karma – 29 Boulevard Maréchal Juin – 06800 Cagnes sur Mer – France
|Administration of the “back office” of the App and management of the database containing the Personal Data of Users and Professionals|
|Email Routing Service Provider
Sendinblue – 55 rue d’Amsterdam – 75008 Paris – France
|Sending of newsletters|
|Specialised Service Provider||Management of adverse health events|
|the other companies of the group to which the Data Controller belongs;||Management of the consequences of the participation of these other group companies in the operation or marketing of the device or product in question within the framework of the notification of an adverse health event;|
|Professional:||means any health professional, natural person, capable and of legal age, including the representative (director, employee, etc.) of a legal entity acting on its behalf with an up to date and valid RPPS (collective database of health professionals) number, creating an Account in order to benefit from all Fill-Med Content and Services of the App and not subject to any legal, regulatory or contractual prohibition and/or restriction preventing them and having fulfilled, where applicable, all legal, regulatory and contractual formalities to do so, in order to use the Services;|
|Healthcare professionals||Possible assistance in the management of an adverse health event;|
|Public or specialised professional bodies;||national public bodies (such as regional health agencies, healthcare agencies, etc.) or foreign bodies responsible for evaluating a device or product or in charge of vigilance in the performance of their tasks as defined by foreign national health legislation, authorities or agencies and international health authorities or agencies (for example: European Medicines Agency), with the exception of directly identifiable data of the person exposed to the adverse event, who notified the event.|
– Only the authorised employees of the Data Controller may, under the latter’s responsibility, access the Personal Data for each purpose, within the limits of their respective duties.
– In the event of a transfer of Personal Data to a recipient located in a country which is not located within the territory of the European Union and which has not been the subject of an adequacy decision by the European Commission, the Data Controller undertakes to take all appropriate guarantees to ensure its full lawfulness in accordance with the Personal Data Regulations.
- Specific Rights
– In accordance with the Personal Data Regulations, the Data Subject may, at any time, benefit from the following Specific Rights of:
- limitation of processing,
- post-mortem instructions.
– To the extent that the processing related to the management of an adverse health event is based on compliance with a legal obligation, Data Subjects have neither the right to object, nor the right to erasure of the Data, nor the right to the portability of the Data.
- Right of access
– The User and the Professional have the option to obtain from the Data Controller confirmation that their Personal Data is or is not processed and, where it is, access to such Personal Data as well as the following information:
- the purposes of the processing;
- the categories of Personal Data;
- the recipients or categories of recipients to whom the Personal Data has been or will be disclosed;
- where possible, the retention period of the Personal Data envisaged or, where this is not possible, the criteria used to determine this period;
- the existence of the right to request rectification or erasure of Personal Data from the Data Controller, or a restriction on the processing of their Personal Data, or the right to object to such processing;
- the right to lodge a complaint with the supervisory authority for personal data (in France, the CNIL);
- where Personal Data is not collected from the User and/or the Professional, any information available as to its source;
- the existence of automated decision-making, including profiling, and, at least in such case, useful information concerning the underlying logic, and the extent and intended consequences of such processing for the User and/or Professional;
– Where Personal Data is transferred to a third country or international organisation, the User and the Professional shall have the right to be informed of the appropriate safeguards in respect of such transfer.
– The Data Controller shall provide a copy of the Personal Data subject to processing.
– The Data Controller may require the payment of reasonable costs based on administrative costs for any additional copies requested by the User and/or Professional or in the event of a request to transmit Personal Data in paper and/or physical form.
– When the User and/or the Professional submit their request electronically, the information shall be provided in a commonly used electronic form, unless otherwise requested.
– The right of the User and the Professional to obtain a copy of their Personal Data must not infringe the rights and freedoms of others.
- Right of rectification
– The User and the Professional have the right to obtain from the Data Controller, as soon as possible, the rectification of their Personal Data which is inaccurate. They also have the possibility of having incomplete Personal Data completed, including by providing an additional declaration.
- Right of erasure
– The User and the Professional have the option to obtain from the Data Controller, as soon as possible, the erasure of their Personal Data when one of the following applies:
- The Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed by the Data Controller;
- The User and/or Professional have withdrawn their consent for the processing of their Personal Data and there is no other legal basis for the processing;
- The User and/or Professional exercise their right of objection under the conditions set out below and there are no compelling legitimate grounds for the processing;
- The Personal Data has been unlawfully processed;
- The Personal Data must be deleted to comply with a legal obligation;
- Personal Data has been collected from a child
- Right of limitation
– The User and/or Professional have the option to obtain from the Data Controller the restriction of the processing of their Personal Data where one of the following applies:
- The Data Controller verifies the accuracy of the Personal Data following the objection by the User and/or the Professional regarding the accuracy of the Personal Data,
- The processing is unlawful and the User and/or the Professional oppose the erasure of Personal Data and require the restriction of its use instead;
- The Data Controller no longer needs Personal Data for the purposes of the processing but it is still necessary for the User and/or the Professional for the establishment, exercise or defence of legal claims;
- The User and/or the Professional has objected to the processing under the conditions set out below and the Data Controller verifies whether the legitimate reasons pursued prevail over the alleged grounds.
- Right of data portability
– The User and the Professional have the option to receive their Personal Data from the Data Controller in a structured, commonly used and machine-readable format when:
- The processing of Personal Data is based on consent; and
- Processing is carried out using automated processes.
When the User and the Professional exercise their right of portability, they have the right to have Personal Data transmitted directly by the Data Controller to another data controller they designate where technically possible.
The right of portability of the Personal Data of the User and the Professional must not infringe the rights and freedoms of others.
- Right of objection
– The User and the Professional may object at any time, for reasons relating to their particular situation, to the processing of their Personal Data based on the legitimate interests of the Data Controller. The latter shall then no longer process the Personal Data, unless it demonstrates that there are compelling and legitimate grounds for processing which prevail over the interests and rights and freedoms of the User and/or the Professional, or may retain it for the establishment, exercise or defence of legal claims.
- Post-mortem instructions
– The User and the Professional have the option to communicate instructions to the Data Controller regarding the retention, erasure and sharing of their Personal Data after their death; these instructions may also be recorded with “a certified digital trusted third party”. These instructions, or sort of “digital will”, may designate a person responsible for their execution; failing this, the heirs of the User and/or the Professional shall be designated.
– In the absence of any instructions, the heirs of the User and the Professional may contact the Data Controller in order to:
- access the processing of Personal Data allowing “the organisation and settlement of the estate of the deceased”;
- receive communication of “digital property” or “data such as family mementos that are transferable to heirs”;
- have the Professional Account closed on the App and oppose the continued processing of its Personal Data.
– In any event, the User and the Professional have the option to inform the Data Controller, at any time, that they do not wish for their Personal Data to be communicated to a third party in the event of their death.
⦁ Exercise of the Specific Rights of Users and/or Professionals
These Specific Rights may be exercised at any time with the Data Controller:
By email to the following address:
By post to the following address:
Service en charge des données personnelles
2-4, rue de Lisbonne
For the purpose of asserting its Specific Rights in accordance with the conditions set out above, the Data Controller may ask them to prove their identity by mentioning their full name and email address and to accompany their request with a copy of a valid identity document, such as any information or document likely to confirm their identity.
A response will be sent to the Data Subject within a maximum of one (1) month from the date of receipt of the request.
If necessary, this period may be extended by two (2) months by the Data Controller who will notify the Data Subject thereof, taking into account the complexity and/or number of requests.
The User and/or the Professional may also lodge a complaint with the competent supervisory authority (In France, the ⦁ CNIL).
⦁ Password security
The Data Controller shall take all necessary precautions to ensure the secure storage of the Professional’s password to access their Account.
However, the security of this password also depends on its design.
The Professional is also reminded that in order to be valid, their password must comprise at least 8 characters, including at least 3 of the following 4 types: capital letters, lower case letters, figures, special characters
Mnemonics make it possible to create complex passwords, such as:
⦁ Keep only the first letters of the words in a sentence; for example, the sentence “One Password to remember!” becomes the password, 1pw@2r!
⦁ Capitalized if the word is a noun (e.g.: word)
⦁ Keeping punctuation marks (e.g.: !)
⦁ Expressing numbers using figures from 0 to 9 (e.g: One -> 1)
Cookies saved on the User’s and/or Professional’s Terminal following their browsing on the App
Cookies are used on the App.
A cookie is information stored on the Terminal that is used by the User and/or the Professional to access the App.
Cookies are linked to the browsing of the User and/or the Professional on the App and make it possible to determine the pages they have visited, and the date and time of consultation.
At no time do these cookies allow the Data Controller to personally identify the User and/or the Professional.
More specifically, the Personal Data collected from cookies issued by the Data Controller or third parties allow:
statistics and volumes of visits and use of the App to be established in order to improve the interest and ergonomics of the services;
information relating to a form completed by the Professional on the App (access to your Account) to be stored;
- Objection to cookies
The User and/or the Professional are informed, during their first visit, of the presence of cookies and their identity as well as that of their issuer by a banner and are invited to indicate their choice.
Cookies will only be stored if the User and/or the Professional accepts them.
The User and/or the Professional may at any time find further information and configure cookies by [complete and return to cookie settings]