DATA PROTECTION POLICY

DATA PROTECTION POLICY

With the aim of transparency regarding the use of data collected through social networks, and in accordance with Regulation (EU) 2016/679 (hereinafter referred to as GDPR – General Regulation for the Protection of Personal Data, this document has for the purpose of presenting the means used by Magentine Healthcare to collect and process all the personal data in its possession.

DEFINITIONS

Processing: any operation or set of operations (from collection to use) carried out on data, whether by automated means or not.

Purpose: the objective pursued by the data controller making the collection carried out lawful.

Data controller: the person behind the creation of the data collection by defining its purpose.

Personal data or personal data: any data relating to a natural or legal person.

DPO: Data Protection Officer

GDPR: General Data Protection Regulation

CONTACT INFORMATION

You can contact the DPO (Data Protection Officer) of MAGENTINE HEALTHCARE at any time to obtain information through the following contact details:

dpo@magentinehealtcare.com

Magentine Healthcare

1 montée de la Lauzière

34980 Saint Clément de la Rivière

INFORMATION ON THE COLLECTION AND PROCESSING OF DATA

Data collection is carried out at the request of customers (the customer is considered as data controller – MAGENTINE HEALTHCARE is considered as a subcontractor). The contract signed between the customer and MAGENTINE HEALTHCARE specifies the methods of data collection and processing:

  • Data concerned
  • Purposes of the collection
  • Processing methods
  • Duration of data retention by MAGENTINE HEALTHCARE
  • Methods of transferring data from MAGENTINE HEALTHCARE to the customer
  • Contact of the DPOs of the two companies.

The contract signed between the two entities also ensures compliance with the regulations in force concerning the protection of personal data.

The collection is carried out from tags and keywords on the public pages of social networks, on the private pages of the Magentine Healthcare client who commissioned us for the study, and on the Facebook pages built by Magentine Healthcare based on of a specific theme.

Depending on the contract signed with the customer, the data may be processed by MAGENTINE HEALTHCARE. The data are processed in accordance with the purpose defined contractually by both parties. Magentine Healthcare collects data (comments, tags, reviews, share, emoticons, sender’s nickname) using APIs delivered by social networks, without using other third parties. The Magentine Healthcare data processing is done on market or open source tools (R, Python, SAS …) to meet the purposes of customer requests (understanding of appetites) and only the Magentine Healthcare teams in charge of the processing have access to the data. of the project.

In accordance with the GDPR, data subjects can exercise their rights of access, opposition, rectification and erasure at any time, through the Facebook company. In the event of a complaint, Facebook will contact the MAGENTINE HEALTHCARE DPO: dpo@magentinehealthcare.com.

SECURITY AND CONFIDENTIALITY

The data collected is stored on a server external to MAGENTINE HEALTHCARE: OVH.

The IT system is managed by a subcontractor in accordance with the GDPR. It is secured by an anti-virus and a firewall

Access to computer data is only possible from the OVH network, defined and limited according to the user’s profile. Any intrusion into the computer network or attempted unauthorized access is immediately reported to the information systems security service and to the general management of the MAGENTINE HEALTHCARE group.

TRANSFER OF PERSONAL DATA

Subject to what is indicated in this personal data protection policy, we are likely to communicate personal data (pseudo) with persons employed by MAGENTINE HEALTHCARE and only to the extent necessary for the accomplishment of the tasks which are theirs. entrusted.

The data collected is not transferred to the customer. Only the analysis and the results of the analysis reach the end customer by:

  • Mail
  • Secure FTP server compartmentalized by client
  • Web visualization tools (datvizz) on secure server and compartmentalized by client

Due in particular to the international dimension of our customers, communications are likely to involve transfers of analyzes and results (excluding raw data) to countries that are not members of the European Economic Area, including legislation on protection of personal data differ from those of the European Union.

In this case, the contracts between MAGENTINE HEALTHCARE and customers are adapted and organizational, technical and personnel measures, rigorous and appropriate, ensure the security and confidentiality of personal data in accordance with European regulations.

CONSERVATION OF DATA

We aim to always keep personal data in a secure manner, and only for the time necessary to achieve the purpose pursued by the processing. We are implementing the appropriate technical and organizational measures in this regard.

Once the data has been collected and / or processed, we leave access to the data to the customer for 6 months. Subsequently, these accesses are blocked and the data are archived and kept by MAGENTINE HEALTHCARE for a period defined contractually in advance, with regard to the intended purpose. If no time limit has been established, the data collected is deleted 3 years after the date of archiving.