Personal data protection policy mobile application Eczema Care +
Please note that it may be updated with each new version of the application that you download. We therefore invite you to consult it each time a new version is released.
The Eczema Care + mobile application (the "Application") is made available by the Pierre Fabre Eczema Foundation, Pierre Fabre Laboratories’ Corporate Foundation (dedicated to the fight against eczema)". The Foundation is responsible for processing the Personal Data collected and processed when you use the Application (as defined below).
By "Personal Data" we mean any information relating to an identified or identifiable natural person, as defined in the General Data Protection Regulation (EU) 2016/679.
By "Data Controller" we mean the natural or legal person, public authority, body or any other entity which, alone or jointly with others, determines the purposes and means of processing Personal Data, as defined in the General Data Protection Regulation (EU) 2016/679.
i. are at least 16 years old
II. About the Application
The Application has been designed to be used by atopic dermatitis sufferers outside of any healthcare institutions. The Application is a tool that allows you to track your symptoms and learn more about the status of your condition, atopic dermatitis in general and other relevant health topics. The evolution of your pathology can be assessed using scores applicable to patients suffering from atopic dermatitis (PO-SCORAD or ASCORAD, DLQI, TOPICOP).
The Application has been designed and is intended for international use by users aged 16 and over.
III. Personal Data Processed by the Application
Several types of Personal Data are processed when you download and use the Application. This Personal Data may be provided to us directly by you, or when you use the Application. The types of information that may be processed are listed below.
In order to use the Application, you must create a profile by entering your personal data (hereinafter referred to as "Personal Data") in the form below:
If you are a patient: Last name / First name / Date of birth / Gender / Skin color:
this information is required to create a profile
If you are a healthcare professional: Last name / First name / Gender
Authorization to receive alerts: this information is optional and may be added at a later date.
In order to be able to share your information with a healthcare professional if you so wish, you can also create an account by entering the following personal data in a form:
E-mail address / Last name / First name / Password: this information is mandatory to create an account. A registration token and a universally unique identifier are generated and stored on your equipment.
when you use the Application, you can add information about your health to the Application (evolution of your eczema severity score, photos of your skin lesions, itching and sleep disorder tracking; results provided by 2 reference scores (PO-SCORAD and DLQI)).
IV. Purposes of the processing of your Personal Data
Purpose of treatment
Associated legal basis
Manage your profile & account (creation/update/deletion) and assign you a unique identifier in our HDS database
Provide you with information about eczema and its manifestations.
Our legitimate interest
Quickly and regularly evaluate the state of your pathology by establishing an evolutionary curve of your or your child's eczema
Store your personal information and observations
Send your observations to the physician or caregiver in the form of an observation summary (pdf)
Enable the practitioner to determine the best course of action for your situation
V. Use and Sharing of Personal Data
Use and sharing of information listed in Section 3
The information listed in Section 3 is used to enable you to benefit from all the features and benefits offered by the Application.
Please note that Pierre Fabre Eczema Foundation only processes the following personal data:
• The unique identifier assigned to you and your e-mail address to enable you to retrieve your account and to enable the practitioner (to whom you will have sent your information via your personal e-mail address) to draw up a personalized action plan for you, covering the primary preventive measures to be implemented in addition to your prescribed treatment.
• The date of your last login in order to comply with our legal obligation to delete your account in the absence of any action on your part for a period of 3 years.
Other information is stored only on your device and is not accessible to The Foundation.
Consequently, if you delete the Application or if your device is lost, stolen or updated, most of the information contained in the Application will be lost. In such cases, we recommend that you reinstall the Application.
The Application also allows you to share the information listed in Section 3, for example:
• the information you enter on a daily basis, such as photos, information about itching and sleep disorders, or the results provided by reference scores (PO-SCORAD or ASCORAD, DLQI and TOPICOP), which you can share with your practitioners in the form of an "Observation Summary" in PDF format, which will be stored temporarily (for 24 hours) in an HDS-certified database (Hébergement de Données de Santé - Health Data Hosting) offering all the guarantees of confidentiality and security required by current legislation, the link to which will be sent by e-mail from your personal mailbox.
• with other applications installed on your mobile device (for example, you may decide to allow the Application to generate notifications, messages and reminders).
• in the case of the use of functionalities involving Artificial Intelligence, the following personal data, necessary for the algorithms to function, will be transmitted to our service provider LegitHealth in order to provide you with a result: Photos of lesions, areas affected by eczema, sleep disorders, itching, history of eczema severity scores. This data will be pseudonymized.
VI. Storage of your personal data
In all cases, if you do not use our application for a period of 3 years, your account and all associated data will be automatically deleted from the central server. You will keep locally the data and the action plans recommended by your practitioner, but your ID will no longer be recognized when you connect to our database. You will have to recreate another account to exchange with your practitioner.
A cookie is a small file that may be placed on your device's hard drive or on a website's server.We do not use any cookies or tracking devices in this application.
VIII. Your Rights and Choices
In accordance with the General Data Protection Regulation, you have the following rights:
Right of Access:
You can contact us to find out whether or not we process Personal Data about you. Where this is the case, we will inform you about the categories of Personal Data we process, the purposes of the processing, the categories of recipients to whom the Personal Data has been or will be disclosed and the period of storage of such data, or the criteria taken into account to determine such period.
Right of Rectification:
You have the right to correct or complete any Personal Data we hold about you, should it be inaccurate or incomplete.
Right to Object:
In the event that our processing operations are based on a legitimate interest of "The Foundation", you have the right to object to such processing operations at any time. We will then no longer process your Personal Data, unless we can demonstrate compelling legitimate grounds for continuing such processing which outweigh your interests, rights and freedoms, or we need to initiate, make or defend against a claim.
Right to Restrict Processing:
You have the right to request and obtain from us the restriction of the processing of your Personal Data in specific situations as provided for by applicable data protection law (for example, when you dispute the accuracy of your Personal Data, for a period that allows us to verify the accuracy of your Personal Data).
Right to Deletion:
You have the right to ask us to delete your Personal Data from our systems if your Personal Data is no longer necessary for the purposes for which it was collected or processed. In addition, you have the right to have them deleted if you successfully exercise your right to deletion as described above, unless we have an overriding legitimate reason not to delete the relevant data. We may not immediately be able to remove all residual copies from our servers and backup systems once active data has been deleted. These copies will be removed as soon as possible.
Right to Data Portability:
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and/or to request that we transmit this data to a third party where technically feasible. Please note that this right only applies to Personal Data that you have provided to us.
Right to Withdraw Consent:
If we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. However, such withdrawal will not affect the lawfulness of processing previously carried out on the basis of your valid consent. If you withdraw your consent, we may not be able to provide you with access to certain features of the Application. In this case, we will notify you when you withdraw your consent.
You also have the right to lodge a complaint with your local data protection authority if you believe that "the Foundation" has processed your Personal Data unlawfully. In France, this authority is the Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority) (www.cnil.fr).
IX. Data Retention
The information listed in Section 3 above will only be stored on your device (with the exception of your login information, as described in Section 5 above). This information will be kept until you delete it or delete the Application. Your login information will be kept until you delete your account. If you do not use your account for 3 years, it will be deleted automatically.
We are committed to protecting your Personal Data from unauthorized access, use or loss. We have implemented appropriate administrative, technical and physical measures to protect your information.
The information listed in Section 3 (with the exception of your login information, as described in Section 5 above, is stored on your mobile device only and the security of this information is your responsibility. Please consult your mobile device documentation to find out how to manage local storage and how to apply the appropriate security controls to your mobile device to protect this information. We advise you to exercise caution when storing information in the Application or transferring information over the internet, especially when this information relates to your health. Please keep your login information confidential. Please be aware that, although we strive to provide a reasonable level of security in the operation of the Application, no security system can prevent all potential security breaches.
XI. Third-Party Websites and Services
The Application may contain links to websites, other applications and other online services operated by third parties that we do not control. We are not responsible for the collection, use and disclosure of your Personal Information on these websites and other online services offered by these third parties. We encourage you to review the privacy policies of each website and other online services you visit.
XIII. Contact and Questions
In order to exercise the rights mentioned above, or if you have any questions about our privacy practices or our use or disclosure of your Personal Data when using the Application, please contact our Privacy Officer at the following address: firstname.lastname@example.org