Centralise et partage vos donnes médicales

Privacy Policy

Who we are and what this policy covers

Our website address is: https://medysto.fr.

This Privacy Policy applies to information that we collect about you when you use:

  • Our website https://medysto.fr
  • Our mobile application including the medysto mobile app for Android and iOS);

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select « Remember Me », your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In accordance with the regulations concerning the processing of personal data, the user has the rights listed below. In order for the data controller to comply with his request, the user is required to communicate to him: his first and last name as well as his e-mail address, and if relevant, his account or personal space number or subscriber.

The Data Controller is required to respond to the User within 30 (thirty) max days.

A. Presentation of the user’s rights in terms of collection and processing of data 

a. Right of access, rectification and right to erasure

The user can read, update, modify or request the deletion of the data concerning him, by respecting the procedure set out below:

In order to modify his personal data, the user can go to his personal space in order to modify them. On the other hand, if he wants to delete them, he must send an email to the contact address.

If they have one, the user has the right to request the deletion of their personal space by following the following procedure:

The user must send an e-mail to the data processor specifying this personal information. The request will be processed within 10 days.

b. Right to data portability

The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the following procedure:

The user must make a request for the portability of his personal data to the data controller, by sending an e-mail to the address provided above

 c. Right to restriction and opposition of data processing

The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and the rights and freedoms of the user.
In order to request the limitation of the processing of their data or to oppose the processing of their data, the user must follow the following procedure:

The user must make a request to limit the processing of his personal data by e-mail to the data processor.

d. Right not to be the subject of a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him similar way.

e. Right to determine fate of data after death

The user is reminded that he can organize what should become of his collected and processed data if he dies, in accordance with law n°2016-1321 of October 7, 2016.

f. Right to appeal to the competent supervisory authority

In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or, if he thinks that one of the rights listed above, he is entitled to appeal to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.

B. Personal data of the minors

In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act
Freedoms, only minors aged 15 or over can consent to the processing of their personal data.
If the user is a minor under the age of 15, the agreement of a legal representative will be required so that personal data can be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years old, or that he has obtained the agreement of a legal representative before browsing the site.

Data processor

A. The data processor

The person responsible for processing personal data is:
following way:

....
He can be contacted from: 

...

The data controller is responsible for determining the purposes and means used for the processing of personal data.

B. Obligations of the data processor

The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.


The site has an SSL certificate to ensure that information and data transfer passing through the site are secure.
An SSL certificate ("Secure Socket Layer" Certificate) is intended to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the user's personal data is compromised, the controller undertakes to inform the user by any means.

Personal data collected and processed in the framework of the website navigation

A. Data collected and processed and mode of collection

The personal data collected on the medysto site are as follows:
First name, last name, address, telephone number, email address, postal address, sex, situation, mobile, date of birth.

This data is collected when the user performs one of the following operations on the site:

- When the user registers for the application.
- When the user completes a medical form.

The data controller will keep in his computer systems of the site and under reasonable security conditions all the data collected for a period of: 

- personal data (surname, first name, date of birth, address, mobile ...): 3 years.

The collection and processing of data meets the following purposes:

- Provide personalized health services.
- Monitoring and management of health conditions.
- Security and authentication.
- Communications and notices.
- Regulatory conformity.

The data processing carried out is based on the following legal bases:

- Consent of the user.
- Compliance with a legal obligation.

B. Transmission of data to third parties

the data may be transmitted to the third party(ies) listed below:

The third parties to whom user’s personal data may be transmitted are generally doctors or healthcare professionals involved in the medical treatment of users.

User’s personal data may be passed on to attending physicians to provide personalized medical care and to monitor the user’s health status. This data is essential to help doctors make informed medical decisions based on the user’s medical history, current symptoms, test results, and previous treatments.

C. Data hosting

The medysto site is hosted by: IONOS, whose head office is located at the following address:

7 FT. de la Gare, 57200 Sarreguemines.

The host can be contacted at the following telephone number:

09 70 80 89 11.

The data collected and processed by the site and the mobile application are exclusively hosted and processed in France.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

Terms of modification of the privacy policy

This privacy policy can be consulted at any time at the address indicated below:

https://www.medysto.fr/cgu

The publisher of the site reserves the right to modify it in order to guarantee its conformity with the law in force.
Consequently, the user is invited to regularly consult this privacy policy in order to stay informed of the latest changes that will be made to it.
However, in the event of a substantial modification of this policy, the user will be informed as follows:

- By "push" notification during a user visit.

It is brought to the user's attention that the last update of this privacy policy took place on: 07/31/2023.