Your use of the CANCERCONSULT Platform and the Services offered therein requires the collection and processing of your personal data [” your Data“] as defined by the “Regulations” applicable in France:
- EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data of 27 April 2016 (“GDPR”) https://www.cnil.fr/fr/reglement-europeen-protection-donnees;
- The law 78-17 of January 6, 1978 modified relating to Data processing, the Files and Freedoms, modified https://www.cnil.fr/fr/la-loi-informatique-et-libertes.
Before using the CANCERCONSULT Platform and the Services offered therein, you are invited to inform yourself about how your Data is collected and processed and as such you acknowledge having read this Data Protection Policy.
In addition, if you are using the CANCERCONSULT Platform as a Patient User, you further acknowledge that you have read and accepted the Notice of Information and Consent.
You may at any time change your mind and without justification withdraw your consent to the processing of your Health Data by contacting the Data Protection Officer of CANCERCONSULT: contact@cancerconsult.fr. Withdrawal of your consent does not affect the lawfulness of the processing based on your consent given prior to such withdrawal.
The commitments of CancerConsult
CANCERCONSULT is committed to the protection of your Data:
- Data is used only for explicit, legitimate and specified purposes (objectives) as defined within this Data Protection Policy and within the Information and Consent Notice accepted by the Patient User,
- The Data is not kept beyond the period necessary for the operations for which it was collected, taking into account the nature of the operations, or those provided for by the standards and authorizations of the CNIL or by law (such as legal requirements),
- The Data is not transferred. Only authorized recipients within the strict framework of the purposes previously defined in this Data Protection Policy and in the Notice of Information and Consent accepted by the User-Patient, are likely to become aware of the Data,
- CANCERCONSULT and each Referring Expert (or the healthcare facility employing him/her) in their respective capacity as data controllers, entrust the Data to subcontractors chosen on the basis of appropriate technical and organizational safeguards, in order to ensure the protection of the data entrusted to them under their instructions,
- You are informed beforehand and regularly, in a clear and transparent manner, in particular on the purpose of use of your Data, the optional or compulsory nature of your answers in the forms, the rights you have in terms of data protection and the modalities of effective exercise of these rights, the recipients,
- Whenever required by the Regulations, explicit, informed, active and unequivocal consent of the User-Patient is obtained for the processing of his/her Data,
- Appropriate logical, technical, organizational and legal security measures have been defined on the basis of a risk analysis of the various personal data processing operations concerned, and are implemented to ensure the protection of the Data,
- Whenever the risks presented by a processing require it, CANCERCONSULT has carried out an impact analysis on the privacy and protection of your personal data, in order to adopt concrete measures adapted to these risks and to pilot it,
- CANCERCONSULT is committed to designing tools and systems embedding at the heart of their functionality the respect of the Regulation and the protection of the privacy of the persons concerned, by integrating the respect of these rules at the very stage of design and development: CANCERCONSULT thus applies the concept of privacy by design which allows the development of responsible tools and systems,
- Only Data that are strictly useful are collected and processed: CANCERCONSULT thus applies the concept of privacy by default which protects you from any excessive collection of data,
- CANCERCONSULT and its subcontractors are committed to monitor any possible and exceptional data breach and to take all protective and corrective measures following a breach by informing the CNIL and if necessary, the persons concerned.
All employees and contributors are made aware of the principles of data protection through regular training adapted to their activity and responsibilities.
Employees have access only to the information necessary for their activity, sensitive data are subject to specific authorizations and controls, and in particular health data are entrusted to an approved or certified health data host within the meaning of Article L. 1111-8 of the Public Health Code.
The data protection officer
CANCERCONSULT has appointed a data protection officer to ensure compliance with the Regulations and the rules described in this Privacy Policy.
The data protection officer ensures in particular:
- establish and maintain a register of Data processing,
- ensure that practices comply with the Regulations and their evolution,
- to make all teams aware of the requirements and good practices in terms of personal data protection,
- to ensure the effective exercise of Users’ rights.
Le délégué à la protection des données est Caroline HETROY, il est joignable par mail à l’adresse suivante : contact@cancerconsult.fr.
If the Lead Expert works within a care structure that employs him/her, please note that the data protection delegate of the care structure is indicated on the Lead Expert’s presentation sheet.
Who is responsible for your data and for what purpose ?
CANCERCONSULT is responsible for processing your Data in order to provide you with the Services it offers.
Each Referring Expert (or the care facility that employs him/her) to whom your file has been assigned is also responsible for processing your Data in order to provide you with a second or multidisciplinary opinion.
The processing of your Data is necessary to provide you with these Services. If your Data is not processed, you will not be able to create a Personal Account through the CANCERCONSULT Platform or use or subscribe to these Services.
Please be aware that CANCERCONSULT may produce and publicly distribute statistics in full respect of your anonymity, i.e., aggregate and non-individualized data, for the strict purpose of statistical measurement and without any possibility of identifying you directly or indirectly.
User Data may also be used for studies, research and of public interest, for the purpose of improving knowledge and patient care, and after completion of all required formalities with the CNIL when applicable.
To this end, you should know that for each study, research or evaluation that may be conducted using your Data, you will be kept informed and you may object if you so wish.
What are the legal bases for processing your data ?
The legal bases for the processing of your personal data are the following according to the purposes implemented respectively by CANCERCONSULT and by each Referring Expert (or the care structure that employs him):
- For CancerConsult
| Purposes AND legal basis (Article 6 GDPR) | Categories of data collected Processing of health data ? | Categories of data collected Processing of health data ? |
| Purpose: Management of the personal accounts of the Patient Users of the CancerConsult Platform Legal basis: Execution of the General Terms of Use and Sale – Article 6, 1, b RGPD | Identification data (last name, first name, e-mail address, cell phone, health insurance company or employer if it is a partner of the platform.) | No |
| Purpose: Management of the allocation of second opinion request files by CancerConsult with its scientific committee according to the speciality and availability of the Lead Experts Legal basis: Execution of the General Terms of Use and Sale – Article 6, 1, b RGPD | Identification data (last name, first name, e-mail address cell phone number Mutual insurance company or employer if it is a partner of the platform.) | Yes – this is data related to your health status (history, current medication, medical reports, etc.) Irm, your oncologist’s report, blood tests, molecular biology, CT scan, reports of various tests. Your explicit consent is required for the processing of your health data – Art. 9, 2, a RGPD |
| Purpose: Management of the online advice service on the disease environment provided by CancerConsult with its scientific committee Legal basis: Execution of the General Terms of Use and Sale – Article 6, 1, b RGPD | Identification data (last name, first name, e-mail address, cell phone number of the mutual insurance company or employer if it is a partner of the platform.) | Yes – this is your health related data (history, current medication, medical reports, etc.) Irm, your oncologist’s report, blood tests, molecular biology, CT scan, reports of various tests. Your explicit consent is required for the processing of your health data – Art. 9, 2, a RGPD |
| Purpose: Production of aggregated statistics on the use of the Platform Legal basis: Legitimate interest – Art. 6, 1, f RGPD | No | |
| Purpose: Management of billing and collection of CANCERCONSULT Services Legal basis: Execution of the General Terms of Use and Sale – Art. 6, 1, b RGPD | -Identification data (last name, first name, e-mail address) – Data related to the means of payment used | No |
| Purpose: Sending newsletters to Patient Users about the Services (including commercial prospecting on similar services provided by CANCERCONSULT) Legal basis: As applicable: * Consent – Article 6, 1, a GDPR *Legitimate interest of CancerConsult – Article 6, 1, f RGPD | Identification data (name, first name, e-mail address) | No |
| Purpose: Sending newsletters to Visitors (including commercial prospecting) Legal basis: Consent – Art. 6, 1, a, RGP | Identification data (e-mail address) | No |
2. Referring Expert (or the care facility that employs him/her)
| Purposes AND Legal basis – Article 6 GDPR | Category of data collected | Categories of data collected Processing of health data ? |
| Purpose: Paid services rendered by each Lead Expert to Patient Users including (i) the second expert opinion service and (ii) the multidisciplinary opinion service (only upon recommendation of a Lead Expert after submission of a second expert opinion)Response to patient’s questions about the disease environment Legal basis: Execution of the General Terms of Use and Sale – Article 6, 1, b RGPD | Identification data (last name, first name, e-mail address, | Yes – this is data related to your health status (history, current medication, medical reports, etc.) Irm, your oncologist’s report, blood tests, molecular biology, CT scan, reports of various tests. Processing necessary for medical diagnosis, health care – Art. 9, 2, h RGPD and Art. 44, 1 of the Data Protection Act |
| Purpose: Management of the invoicing and collection of the services rendered by the Referring Expert(s) (or the care structures that employ them) Legal basis: Execution of the General Terms of Use and Sale – Article 6, 1, b RGPD | Identification data (last name, first name, e-mail address, – Data related to the means of payment used | No |
Who is your data intended for ?
Your personal data are destined exclusively, according to the treatments, to the following recipients:
- For CancerConsult
| Purposes | Recipients of your Data |
| Management of the personal accounts of the Patient Users of the CancerConsult Platform | Your Data is intended for: ▪ To staff members of CANCERCONSULT specifically authorized, in strict compliance with their missions, for administrative and technical management of your Personal Account. ▪ To staff members of technical providers specifically authorized, in strict compliance with their missions intervening as a subcontractor of rank 1. |
| Management of the allocation of files requesting a second opinion by CancerConsult with its scientific committee according to the specialty and the availability of the Lead Experts | Your Data is intended for: ▪ To the staff members of CANCERCONSULT accompanied by its scientific committee, specifically empowered, in strict compliance with their missions for the purpose of managing the allocation of your file ▪ To members of the staff of technical providers specifically authorized, in strict compliance with their missions intervening as a subcontractor of rank 1 ; ▪ To the Referring Expert(s) to whom your file will be assigned. |
| Management of the online advice service on the disease environment provided by CancerConsult with its scientific committee | Your Data is intended for: ▪ To the staff members of CANCERCONSULT accompanied by its scientific committee, specifically empowered, in strict compliance with their missions in order to make you benefit from the online counseling service on the disease environment; ▪ To the staff members of the technical providers specifically empowered, in strict compliance with their missions intervening as a rank 1 subcontractor. |
| Production of aggregated statistics on the use of the Platform | Your Data is intended for: ▪ To specifically authorized CANCERCONSULT staff members, in strict compliance with their missions. ▪ To members of staff of technical providers specifically authorized, in strict compliance with their missions. |
| Management of billing and collection of CANCERCONSULT services | Your Data is intended for: ▪ To staff members of CANCERCONSULT specifically authorized, in strict compliance with their missions in order to manage the billing and collection ▪ To staff members of technical providers specifically authorized, in strict compliance with their missions intervening as subcontractor of rank 1. |
| Sending Newsletters on the Services (including commercial prospecting on similar services provided by CANCERCONSULT) | Your Data is intended for: ▪ To the staff members of CANCERCONSULT specifically empowered, in strict compliance with their missions to allow you to receive Newsletters, unless you withdraw your consent or object. ▪ To staff members of technical providers specifically authorized, in strict compliance with their missions intervening as a subcontractor of rank 1. |
| Sending newsletters to Visitors (including commercial prospecting) | Your Data is intended for: ▪ To the staff members of CANCERCONSULT specifically empowered, in strict compliance with their missions to allow you to receive Newsletters, unless you withdraw your consent or object. ▪ To staff members of technical providers specifically authorized, in strict compliance with their missions intervening as subcontractor of rank 1. |
2. Referring Expert (or the care facility that employs him/her)
| Purposes | Recipients |
| Paid services rendered by each Referring Expert to Patient Users including (i) the second expert opinion service and (ii) the multidisciplinary opinion service (only upon referral from a Referring Expert after submission of a second expert opinion) | Your Data is intended for: ▪ A ou aux Expert(s) Référent(s) au(x)quel(s) votre dossier a été attribué ; ▪ To specifically empowered CANCERCONSULT staff members, in strict compliance with their missions intervening as rank 1 subcontractor of the Referring Expert(s). ▪ To the staff members of specifically empowered technical providers, in strict compliance with their missions intervening as a rank 2 subcontractor of the Referring Expert(s) ; |
| Management of the invoicing and collection of the services rendered by the Referring Expert(s) (or the care structures that employ them) | Your Data is intended for: To the staff members of CANCERCONSULT specifically authorized, in strict compliance with their missions in order to manage the billing and collection on behalf of the Referring Expert(s) (or the care structures that employ them) To the staff members of the specifically authorized technical service providers, in strict compliance with their missions, intervening as subcontractors of rank 2. |
CANCERCONSULT guarantees that your Data will not be passed on to any unauthorized third party without your prior explicit consent. Publications resulting from studies conducted with your Data will not identify you.
How long will your data be kept ?
- As part of the Services provided by CANCERCONSULT :
Your Data is retained by CANCERCONSULT for the provision of Services by CANCERCONSULT for the duration of the contractual relationship with CANCERCONSULT. Beyond that, your Data is archived for a period of 15 years for the purpose of managing pre-litigation and litigation and at the end of the archiving, only non-identifying statistical Data is retained.
Your Data processed for billing purposes is archived for 10 years in fulfillment of CANCERCONSULT’s accounting obligations.
Your Data processed for newsletter management purposes is retained until you withdraw your consent or for 3 years from the last contact.
- As part of the Services provided by the Referring Expert(s) (or the care structure that employs him)
Your Data will be archived with an approved/certified host for a period of ten(10) years, one (1) month after the publication of the second opinion by the Lead Expert on the CancerConsult Platform. In other words, your data (the documents you have transmitted and the opinion given by the Lead Expert) will remain accessible on the Platform for one month and then at the end of the month, your data will be archived for a period of 15 years with the approved/certified host.
Your Data processed for invoicing purposes will be archived for 10 years in compliance with the accounting obligations of the Referring Expert (or the care structure that employs him/her).
- Your payment data
Your payment data (credit card data) are transmitted in encrypted form to the bank in order to guarantee their confidentiality.
Credit card data is kept until full payment for the online Services has been made. Any online payment within the framework of the CancerConsult Platform implies an immediate debit.
What are your rights to your data ?
In accordance with the Regulations, you have :
– a right to information: the User has the right to obtain clear, transparent, understandable and easily accessible information on how CANCERCONSULT and the Referring Experts (or the structures that employ them) use their personal data and on their rights. That is why CANCERCONSULT has drafted this Privacy Policy and the Information-Consent Notice.
– a right to accessthe User has the right to access the personal data that CANCERCONSULT and the Referring Experts (or the structures that employ them) has on him (provided that the request is not manifestly unfounded or excessive, especially because of its repetitive nature), and to obtain a copy.
– a right of rectification: the User has the right to demand that his personal data be rectified if they are inaccurate or outdated and/or that they be completed if they are incomplete (provided that the request is not manifestly unfounded or excessive, particularly because of its repetitive nature).
– a right to object: the User may at any time object to the processing of his or her personal data for reasons relating to his or her particular situation where the processing of the Data is based on the legitimate interests of CANCERCONSULT, unless CANCERCONSULT can show compelling legitimate grounds for processing such data which override the interests, rights and freedoms of the User or where such data is necessary for the establishment, exercise or defense of legal claims.
You also have the following rights, which you may exercise in the same way
– a right to erasure (right to be forgotten): in certain cases, the User has the right to obtain the erasure or deletion of his/her personal data. This is not an absolute right, insofar as CANCERCONSULT or the Referring Experts (or the structures that employ them) may be obliged to retain the User’s personal data for legal or legitimate reasons.
– a right to request a limitation of the processing of your personal data: the User has the right to request that the processing of his personal data be limited, so that CANCERCONSULT or the Referring Experts (or the structures that employ them) may retain this data, but may not use or process them;
– a right to portability : the User has the right to receive the personal data concerning him, which he has provided to CANCERCONSULT and the Referring Experts (or the structures that employ them), in a structured, commonly used and machine-readable format. This applies only to data that the User has provided directly or indirectly, where the processing is based on the User’s consent or on a contract.
– a right to to lodge a complaint with the CNIL – www.cnil.fr: : the User has the right to seize and lodge a complaint with the CNIL to challenge the practices of CANCERCONSULT and the Referring Experts (or the structures that employ them) in terms of protection of personal data and respect for privacy.
These rights can be exercised with the Data Protection Officer (DPO) of CANCERCONSULT by email at the following address: contact@cancerconsult.fr
If you exercise your rights under the processing of your Data, CANCERCONSULT undertakes to forward your requests to the relevant study sponsor in a timely manner in order to facilitate the exercise of your rights to your Data.
You may withdraw your consent at any time, without providing any reason, by sending an email to contact@cancerconsult.fr. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent issued prior to such withdrawal.
You also have the right to define your general directives concerning the conservation, deletion and communication of your personal data after your death which can be registered with a trusted digital third party certified by the CNIL, and specific directives which can be registered with the Data Protection Officer (DPO) of CANCERCONSULT by e-mail at the following address: contact@cancerconsult.fr
Data security
Data security refers to the measures taken to protect Data from the following:
- destruction,
- loss,
- alteration,
- unauthorized disclosure of personal data transmitted, stored or processed,
- unauthorized access to such data, whether accidental or unlawful.
CANCERCONSULT implements all security measures to ensure the protection and security of your Data, in particular against unauthorized access by third parties.
Reinforced devices in terms of security are set up in order to allow a collection and a treatment of the Data in the conditions guaranteeing their confidentiality, their integrity and more generally their safety in the respect of the Regulation.
In this respect and whenever necessary, the following measures have been taken
- Pseudonymization and encryption of Data;
- the deployment of means to guarantee the confidentiality, integrity, availability and constant resilience of systems and processing;
- the deployment of means to restore the availability of the Data and access to them within appropriate timeframes in the event of a physical or technical incident;
- the implementation of a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.
Thus, CANCERCONSULT and its subcontractors have equipped themselves with appropriate devices and comply with the rules of the art and standards imposed, to ensure the protection of your Data.
In particular, your data are hosted in France by an approved or certified host within the meaning of Article L. 1111-8 Code of Public Health, by the company Cheops Technology
You are informed that in the context of the CancerConsult Platform, this hosting is necessary to :
- Guarantee the conservation, archiving and security of your Data,
- Ensure compliance with the requirements of confidentiality, security and durability of your Data
In addition, you are informed that you have the right to object to the hosting of your Data by this approved or certified host for a legitimate reason by contacting the following address: contact@cancerconsult.fr
