|
English

Privacy and data protection policy

Pursuant to articles 12, 13 and 14 of the GDPR legislation, our company informs you in a transparent manner about the use made of the personal data processed.

Data-prospects, requests for information, quotes and reminders as well as data sets provided by our potential customers

Data and information on our potential customers are recorded by TERASCOP which is the data controller. The purpose of this collection of information concerning potential customers (last name, first name, professional e-mail, professional telephone, function, associated questions and answers, datasets provided for a pre-sales need) is the management of the 'study of the feasibility and management of a pre-contractual prospect relationship. Only the Management and the personnel in relation with the prospects are authorized to have access to the communicated or recorded data. The maximum data retention period is set at 2 years after the inactivity of the prospect relationship. The data sets provided in a pre-contractual feasibility study are deleted immediately after the end of the operational need. The legal basis for the use and processing of the personal data of our prospects is based on our legitimate interest as a software publisher or, failing that, on the consent of the persons concerned or, failing that, on the establishment of a relationship. pre-contractual. We point out that, in rare cases, we are likely to enrich our prospect data with public information (for example from the commercial register).

Data of interlocutors working with our customers (care establishment and laboratories)

Personal information on the contacts working with our customers is recorded by TERASCOP, which is the data controller. The purpose of this collection and storage of personal data (last name, first name, professional e-mail, professional telephone, function, questions asked and associated answers) is the management of customer relations, customer support, file monitoring and associated billing. Only management and staff dealing with customers can access the necessary data. The maximum retention period for personal data is set at 5 years after the end of the contractual relationship and 10 years for nominative accounting documents. The legal basis for the use and processing of personal data is based on the performance of a contract (including the right of use or service) or failing that our legitimate interest as a software publisher. We point out that, in rare cases, we are likely to enrich our customer data with public information (for example from the commercial register).

Data of end users of the NETSIG SaaS software (healthcare professionals and employees in the medical sector)

As part of the registration for the NETSIG SaaS software, personal information about end users is recorded by TERASCOP as a processor on behalf of a customer who is the data controller. The purpose of this collection and storage of personal data (identity, possible RPPS number, function, contact details, possible professional specialization, establishment of attachment) is the management of the facilitation of registration and identification of the professional in view of creation, consultation, edition and secure sharing of medical files as well as the management of referring professionals concerned by medical files. End users and our customers (labs and healthcare facilities) only have access to data from medical records that concern them. The maximum retention period for personal data is set by the legal periods in this area (currently 20 years or 10 years after the patient's death) in the case of a user linked to a medical file or, failing that, 5 years after detected inactivity. of the user. In the event of termination of the contractual relationship, a copy of the data is given to the customer and the data is deleted as soon as possible. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations. We point out that we enrich our user data with public information.

Patient data contained in the medical records of the NETSIG SaaS software

As part of the use of the NETSIG SaaS software, personal information about patients is recorded by TERASCOP as a processor on behalf of a customer who is the data controller. The purpose of this collection and storage of personal data (identity, contact details, health data from medical files) is the management of the prescription and the execution of the service. End users and our customers (labs and healthcare facilities) only have access to data from medical records that concern them. The maximum retention period for personal data is set by the legal periods in this area (currently 20 years or 10 years after the patient's death). In the event of termination of the contractual relationship, a copy of the data is given to the customer and the data is deleted as soon as possible. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations.

Data visualized by our technical teams during maintenance interventions

TERASCOP minimizes access to customer data to what is strictly necessary. However, for a maintenance operation, TERASCOP can access samples of data belonging to its customers when the anonymization or encryption of data is not sufficient to operate. Only affected technicians can access sample data. Any recorded data samples are destroyed immediately after the end of the maintenance operation. The legal basis for the use and processing of the sample data is based on the performance of the contract or failing that on the legitimate interest of our customers or failing that on our legitimate interest as a software publisher. In accordance with the recommendations of the CNIL supervisory authority, TERASCOP undertakes to :

  • Record the nature and details of the interventions carried out in a handrail;
  • Respect professional secrecy and data confidentiality;
  • Take the cybersecurity guarantees necessary for its interventions (SSL VPN, https, TLS certificate, complex passwords, etc.).

Data of end users of the SECONDAVIS SaaS software (reserved for healthcare professionals)

As part of the registration for the SaaS SECONDAVIS software, personal information about end users is recorded by TERASCOP as a subcontractor on behalf of a medical expert who is the controller. The purpose of this collection and storage of personal data (identity, possible RPPS number, function, contact details, possible professional specialization, establishment of attachment) is the management of the facilitation of registration and identification of the professional in view of creation, consultation, edition and secure sharing of medical records. End users and medical experts only have access to the data in the medical files that concern them. The maximum retention period for personal data is set by the legal periods in this area (currently 20 years or 10 years after the patient's death) in the case of a user linked to a medical file or, failing that, 5 years after detected inactivity. of the user. In the event of the end of the contractual relationship, a copy of the data is given to the customer at his request and the data is deleted as soon as possible. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations.

Patient data contained in the medical records of the SECONDAVIS SaaS software

As part of the use of the SaaS SECONDAVIS software, personal information about patients is recorded by TERASCOP as a subcontractor on behalf of an expert doctor who is the controller. The purpose of this collection and storage of personal data (identity, contact details, health data from medical files) is to manage the request for expertise and the performance of the service. End users and medical experts only have access to the data in the medical files that concern them. The maximum retention period for personal data is set by the legal periods in this area (currently 20 years or 10 years after the patient's death). In the event of termination of the contractual relationship, a copy of the data is given to the customer and the data is deleted as soon as possible. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations.

EKOI SaaS software end-user data (opticians and manufacturer-distributors)

As part of the registration for the SaaS EKOI SPORT OPTICAL software, personal information about end users is recorded by TERASCOP as a processor on behalf of an optician who is the data controller. The purpose of this collection and storage of personal data (identity, function, contact details) is the management of registration. Manufacturer-distributors only have access to the identification data communicated by the opticians concerned. Opticians only have access to patient data that concerns them. The maximum retention period for personal data is set by the legal periods in this area (currently 20 years or 10 years after the patient's death) in the case of a user linked to a medical file or, failing that, 5 years after detected inactivity. of the user. In the event of the end of the contractual relationship, a copy of the data is given to the customer at his request and the data is deleted as soon as possible. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations.

Patient data contained in EKOI SaaS software medical records

As part of the use of the SaaS EKOI SPORT OPTICAL software, personal information about patients is recorded by TERASCOP as a subcontractor on behalf of an optician who is the data controller. The purpose of this collection and storage of personal data (identity, contact details, order number, order date, customer account number, number of the optician concerned and details of patient-optician exchanges) is the management of the tripartite relationship between optician, manufacturer / distributor, patient. Opticians and manufacturers / distributors only have access to patient data that concerns them, however manufacturers / distributors do not have access to exchanges between opticians and patients. The maximum retention period for personal data is set by the relevant contractual clauses. The legal basis for the use and processing of personal data is based on the performance of a contractual relationship or, failing that, on legal obligations.

Software log data

Within the framework of the regulatory obligations of traceability, personal data (IP address, login, user-agent, actions carried out, times of actions) on users of SaaS software are collected by TERASCOP as data controller. The purpose of the processing is the management of the traceability of the actions carried out as well as the analysis of security risks. Only the technicians concerned are authorized to have access to the recorded data. The maximum data retention period is set at 6 months or at personalized periods within the framework of software at risk in terms of sensitive data. The data can be transmitted to a customer concerned by a security issue. The legal basis for the use and processing of personal data is based on the execution of the contractual relationship or, failing that, compliance with applicable regulatory or legal obligations or, failing that, our legitimate interests as a software publisher.

Directory and directory of partner contacts

A listing-partner system (potential or active) has been set up by TERASCOP, which is the data controller. The purpose of this recording, which contains personal data (name, first name, function, telephone, email, etc.) is to manage the partner relationship. Only the Management and the staff concerned are authorized to have access to the data communicated or recorded. We inform our partners that we are likely to enrich our data with public information. The retention period for personal data is set at 5 years after inactivity. The legal basis for the use and processing of personal data is the consent of the parties concerned or our legitimate interest as a company.

Data from referenced or potential suppliers

The identity of the interlocutors with our referenced or potential suppliers, all the documents or data provided to become a supplier as well as the accounting documents of our suppliers are collected by TERASCOP which is the data controller with a view to managing the supplier relationship and accountability. Only the Management, the personnel in charge of purchases, projects linked to a supplier, the accounting department are authorized to have access to the data recorded or communicated. The maximum data retention period is set at 3 years for potential suppliers, 5 years after the last purchase for active suppliers and 10 years for accounting documents. The legal basis for the use and processing of your personal data is based on the consent of the parties concerned or our legitimate interest as a buyer or the execution of a purchase contract. We point out that, in rare cases, we may enrich our data from active or potential suppliers with public information.

Job application or internship request

Your CV, possible cover letter and all other documents or data provided during an application (spontaneous or not) for a job as well as any data provided by former employers are collected by TERASCOP which is the data controller in view assess the suitability of a professional profile in relation to a possible position to be filled. Only the Management and the personnel concerned by the recruitment are authorized to have access to the communicated data. The maximum data retention period is set at 2 years after inactivity of the relationship with the candidate. The legal basis for the use and processing of your personal data may be based on your consent or your legitimate interest as a job seeker or our legitimate interest as a recruiter which is the basis chosen. We point out that, in rare cases, we are likely to transfer candidate profiles to institutional partners or those carrying out similar, related or complementary activities. We point out that we are likely to enrich our candidate database with public information (in particular from the CV database) or from partner companies.

Newsletters and invitations to events

Our customers and our professional contacts (suppliers, institutions, partners, etc.) are likely to receive our informative or commercial communications by e-mail, telephone or letter. In this context, a newsletter or guest listing system can be set up by TERASCOP, which is the data controller. You can indicate to dpo@terascop.com that you no longer wish to receive our communications or modify their possible consents via the indications contained in the messages. The purpose of this recording, which contains personal data (name, first name, address, function, telephone, email, etc.) is the dissemination of news or even commercial offers or the organizational and promotional management of events. Only the Management and the operational staff concerned are authorized to have access to the data communicated or recorded. We point out that, in rare cases, we may enrich our invitation data with public information (eg from the commercial register) and transfer data to outsourced event organization companies. The retention period for personal data is set at 3 years after detected inactivity of the relationship with guests or subscribers. The legal basis for the use and processing of personal data is based on the consent of the parties concerned or, failing that, on our legitimate interest as a business or, failing that, on the legitimate interest of the data subject.

Secure IT architecture

Our software data is hosted in France in the AZNETWORK® datacenter which is ISO27001 and HDS certified. The data on our “Corporate” website are hosted outside the EU at Google® in a secure and lawful environment via “C.C.T.” guarantees. ("S.C.C." in English) and ISO27001 as well as HDS. However, we would like to point out the use of tools with a B.C.R. or C.C.T. (standard contractual clauses), in particular Mailgun®, which can transit data outside of Europe in a secure and lawful environment. The rest of our data is located in France in our secure premises and our ISO27001 certified Microsoft Cloud / Drive Datacenter.

Your rights

We inform you that information on our contacts of all types (customers, suppliers, partners, etc.) may be transferred to dispute resolution or control partners: outsourced lawyers, outsourced accounting and HR firms, institutions, etc. In application European laws and the law of January 6, 1978 (relating to computers, files and freedoms), you have the rights of access, rectification, limitation, portability and deletion of your personal data as well as the right to oppose their processing for legitimate reasons. You can exercise all of these rights by emailing dpo@terascop.com, or by post to Service DPO, 3 Allée du moulin Berger, 69130 Ecully. You also have the right to withdraw your consents at any time and to lodge a complaint with the National Commission for Computing and Liberties (CNIL), in particular on its website www.cnil.fr

Coordonnées
Terascop
3 Allée du moulin Berger,
Bat 3
69130 Ecully – France

SIRET: 83503996700020 RCS Lyon ...