As part of its activities and in accordance with the regulations applicable in France and in Europe, particularly the EU General Data Protection Regulation, HIPAA.Info is committed to ensuring the protection, confidentiality and security of the personal data of its users, customers, prospects and suppliers, as well as to respecting their privacy.

The Personal Data Protection Policy applies to the data collection and processing performed on the websites of HIPAA.Info (the “Websites”), online applications for smartphones, tablets and other mobile devices (the “Apps”), as well as the use of our services or online content.

Our Websites and Apps are not intended for minors unless authorised by their legal representatives.

The Personal Data Protection Policy may be subject to changes. It is specified that HIPAA.Info may amend the Personal Data Protection Policy at any time, including to adapt it to current legislation. Users are made aware of these modifications simply through their publication online. We recommend that you regularly check the current version available.

The Personal Data Protection Policy sets out the principles and methods of the data processing.

Principles of data and privacy protection

1. Fair collection of the personal data of its customers, prospects and users

The data is collected in a fair and transparent way. HIPAA.Info is prohibited from collecting personal data without first informing the persons concerned, including what their data is used for.

HIPAA.Info collects this data in order to:

• provide the services requested by its users and customers,
• meet the management needs of its users, its customers and prospects.

HIPAA.Info informs users of: the placing of cookies and other trackers on the websites it produces; their purposes; the legal basis; and the option to object to them.

2. Use of the personal data of its customers, prospects and users

HIPAA.Info uses the data of natural persons for purposes of authentication, providing subscribed services and suggesting offers tailored to the needs of its customers, prospects and visitors. To this end, HIPAA.Info is likely to carry out statistical studies based on this data.

HIPAA.Info complies with the legal framework in force concerning the protection of personal data and the conditions of security and confidentiality. HIPAA.Info only communicates the personal data to its authorised service providers and ensures that they meet strict conditions of confidentiality, use and protection of this data.

HIPAA.Info is prohibited from communicating the personal data to business partners without informing its customers, prospects and visitors, and without having offered them the opportunity to exercise their right to object.

3. Necessary measures to ensure the security of the personal data of its customers, prospects and users

HIPAA.Info ensures the protection of the personal data entrusted to it, from the design stage and throughout the lifecycle of the services of the sites or apps.

• It implements security measures appropriate to the degree of sensitivity of the data in order to protect personal data against malicious intrusion, any loss, alteration or disclosure to unauthorised third parties.
• The information system, servers and networks that it uses to process and store personal data have security and protection systems (data encryption, firewall, redundancy, backup, etc.).
• It guarantees the security of the information exchanged in transactions or payments.
• It only issues access permissions for its information system to those who need them to perform their duties.
• It educates its employees on the protection of the personal data made available to them as part of their duties and ensures that they comply with the rules in force and company’s ethics.
• It requires its suppliers to adhere to these same principles of protection.

Data protection at HIPAA.Info 

1. What data is collected and how?

By browsing our Websites or using our Apps and services, HIPAA.Info , its service providers or business partners may collect data subject to your prior consent.

Some data is communicated to us directly by you, such as your first and last names, email address, password, phone number, complaints or opinions you might share with us.

Some data, subject to your prior consent, may be collected automatically as a result of your actions on the Websites and apps through cookies or similar technologies such as IP address, connection and browsing data, your preferences and hobbies, and general geographic location.

This information is provided whenever you browse our Websites and Apps.

2. What are the purposes of the data collected about you?

We use the collected data to:

• Provide content and services which:
  • recognise you when you return to browse our Websites or use our Apps;
  • manage your User accounts and inform you of updates about your accounts and the services you use;
  • reply to your requests expressed on our Websites and Apps, including on forms;
  • offer you Services and personalised content according to your general geographic location (country);
  • allow you to write comments about the content of our Websites and Apps;
  • customise the display of content and Services;
  • send you newsletters and push notifications, news alerts;
• Advertise our content and services, and those of our partners, which:
  • offer content tailored to your interests and carry out targeted advertising;
  • send communications and analyse their effectiveness;
• Perform studies and analyses on our content and services in order to:
  • better understand the users of our Websites and Apps;
  • perform data analysis and statistical studies to develop and improve our Websites or Apps;
• To ensure the security of your data.

3. Who are the recipients of the data collected?

The data collected on the Sites and Apps are intended for HIPAA.Info.

They may be transmitted or accessed by the service providers of HIPAA.Info in the context of performing processing, data analysis and computer services.

HIPAA.Info requires its service providers to only use your personal data to manage the services entrusted to them, in accordance with the regulations applicable for the protection of personal data and confidentiality of this data.

HIPAA.Info informs you that it has reached agreements with the business partners that may collect data about you. HIPAA.Info has no visibility regarding this data. We invite you to consult the list of our main partners in the policy on cookies.

4. Where is your personal data stored?

Your personal data is stored inside the European Union, either in our databases or in those of our service providers.

In some cases, and mainly for technical reasons, data may be stored on servers located outside the European Union.

5. Data transfers outside the EU

Due in particular to the international dimension of HIPAA.Info , some of our partners are located outside the European Union. The data collected may therefore be transferred to countries outside the European Union which have different personal data protection legislation from those inside the European Union.

In this case, HIPAA.Info implements the means to ensure the security and confidentiality of such data and ensures that the transfer meets the legal framework: the transfer to a country ensuring a sufficient level of protection, signature of contractual clauses issued by the European Commission, or any other regulatory or contractual means to ensure a sufficient level of protection.

HIPAA.Info strictly requires its partners to only use your personal data to manage or provide the services requested, and also asks its partners to always act in compliance with the applicable laws on personal data protection and pay particular attention to the confidentiality of such data.

Transfers outside the European Union may be carried out, in particular, as part of our subsequent activities such as computer services on the systems in HIPAA.Info .

6. How and for how long is your data stored?

HIPAA.Info implements all administrative, technical and physical measures to protect personal data.

Personal data is stored for the duration required for the processing purposes for which it was collected except where retention for a longer duration is required by law, regulations or for trial purposes.

7. What are your rights?

HIPAA.Info is committed to respecting the exercising of all of the rights of its customers, prospects, and visitors, with regard to access, correction, additional information and objection. As of 25 May 2018, the persons concerned also have limitation, portability and erasure rights (right to be forgotten).