The company MédecinDirect (hereinafter « MEDECINDIRECT« ), gives primary importance to the respect of the privacy of its customers and prospects, and the privacy of its website and mobile application users, which manages confidential personal data.
MEDECINDIRECT agrees to process data in compliance with applicable regulations such as Law No. 2018-493 of 20 June 2018, amending the Data Protection Act of 6 January 1978 related to data processing, files and freedoms and the general regulation on the protection of personal data (hereinafter the Data Protection Act).
The MEDECINDIRECT Application is accessible through a web application at www.medecindirect.fr and a mobile application, published by MEDECINDIRECT.
It allows Users to access the teleconsultation Service provided by MEDECINDIRECT’s Health Professionals in the context of a written online exchange, in real time via videoconference or telephone, under conditions which guarantee the security and confidentiality of their data, after creating a Personal Account.
It is an integral part of:
MEDECINDIRECT is a simplified joint-stock company, whose registered office is located at 1 Chemin de Saulxier, in LONGJUMEAU (91160), FRANCE, with a capital of 87,100 €, registered with the Trade and Commerce Register of Evry under the number B 508 346 673.
MEDECINDIRECT is operational since 2010, and is responsible for the processing of data, with respect to the Data Protection Act, on the basis of personal data concerning Users and Health Professionals with regard to access and use of the Application.
The main subcontractor involved in the processing of personal data is COREYE in its capacity as an approved database hosting company in accordance with Article L. 1111-8 of the Public Health Code.
The automated processing of personal data for the purpose of teleconsultation acts was authorised by the French Data Protection Authority (CNIL) by Resolution No. 2016-184 on June 16th, 2016.
This activity and its organisation are the subject of a special contract concluded between the Director General of the Île-de-France Regional Health Agency and MEDECINDIRECT, in accordance with Article R. 6316-6 of the Public Health Code.
The purpose of the data processing by MEDECINDIRECT is to manage Users and Health Professionals who participate in a Personalised Teleconsultation Service and associated services.
The User and the Health Professional are informed that the personal data collected and processed through the Application are necessary for the use and provision of the Teleconsultation Service and for evaluating the quality of the service.
The User and the Health Professional are also informed and accept that once anonymized and aggregated, their data may be subject to statistical analyses. When applicable, this use is in compliance with the formalities defined by the French Data Protection Authority (CNIL).
When collecting data, the User and the Health Professional are informed whether or not the collection of their personal data is mandatory. As part of the collection and processing of health data, MEDECINDIRECT maintains a register that describes the purpose of the data processing, which data is collected and for which User, information concerning the recipients of the data, the storage periods and a description of the protection measures currently is use.
For Users, the following data, identified by an asterisk, is mandatory for the creation of a Personal Account allowing access to a private and secure space in order to provide/benefit from the Teleconsultation Service:
And mandatory medical data:
For Healthcare Professionals, the following data, identified by an asterisk, are mandatory for the creation of a Personal Account allowing access to a private and secure space in order to provide/benefit from the Teleconsultation Service:
Otherwise, the User and the Health Professional cannot access the Teleconsultation Service.
When using the Teleconsultation Service, data relating to the User’s health are collected and processed.
In this respect, the User and the Health Professional acknowledge that the personal health data collected and any information exchanged as part of the Personalised Teleconsultation Service is sensitive data/information and is protected by medical confidentiality. They therefore require particular vigilance.
For this reason, the User and the Healthcare Professional are invited to implement, under their responsibility, all useful and relevant security measures to protect access to their computer, smartphone and/or tablet or any other terminal used to access the Application, in particular towards third-parties. (Article 11 – Safety instructions)
In particular, the User and the Health Professional are informed and acknowledge that their authentication details on the Application, including their password, are strictly personal and confidential.
As such, they are fully responsible for their authentication details and agree to take all necessary measures to ensure their protection and to not communicate, transfer or make them available to a third-party.
In addition, priori to engaging in the Teleconsultation Service, the User is encouraged to find an appropriate area to ensure the utmost confidentiality of his/her exchanges with the Health Professional.
MEDECINDIRECT regularly conducts audits to ensure compliance in terms of security and data protection in order to comply with the obligations of the regulations related to personal data.
The use of the Application involves the collection and processing of the User’s personal data, including personal health data.
Personal health data are sensitive data under the Data Protection Act. Collecting this data requires the User’s informed consent that he/she gives, after authentication, by clicking on the « validate » button associated with an agreement contained in the General Terms and Conditions of Use of the Teleconsultation Service.
The User is informed and acknowledges that by clicking on the « validate » button, he/she will give his/her express, active and unequivocal consent to the collection and processing of his/her personal health data in connection with the use of the Teleconsultation Service and the purposes and objectives of the processing, after having read the information and consent notice made available to him/her.
Otherwise, the User will not be able to benefit from the Teleconsultation Service offered by MEDECINDIRECT. However, this will not affect his/her care within the health system insofar as he/she may use the services of any other competent health professional of his/her choice.
As such, the User may withdraw his consent at any time by contacting MEDECINDIRECT directly or by sending a request by email to: firstname.lastname@example.org.
In this case, he/she is informed that his/her Personal Account will be closed and that he/she will no longer be able to access the Application.
The Data Protection Officer is Vincent WABLE, he can be contacted by email at: email@example.com.
The personal data of Users and Health Professionals are intended exclusively:
MEDECINDIRECT guarantees that the User’s/Health Professional’s personal data will not be transmitted to any unauthorised third-party without their consent.
In accordance with the Data Protection Regulations, the User and the Health Professional have rights regarding the personal data that is collected and processed within the framework of the Application:
To exercise these rights and in particular to request the closure of their Personal Account, the User and the Health Professional must contact the support service available on the website www.medecindirect.fr or by sending a request by:
Or by sending a request directly to the approved health database host by:
The User’s/Health Professional’s request must (i) specify his/her last name, first name, postal address, (ii) be signed and (iii) be accompanied by a photocopy of an identity document bearing the holder’s signature.
A register of requests for access, rectification and opposition is kept by MEDECINDIRECT’s dedicated service in electronic and paper format and contains the various dates and a description of the exchanges with the applicants. It is stored and backed up in compliance with security and confidentiality requirements.
The processing of requests from Users and Health Professionals takes place within a maximum period of one (1) month following the request.
The User and Health Professional’s connection to their Personal Account is controlled by a two-factor identification and authentication system: once the password is entered, for each connection, a six (6) digit code is sent to the User and Health Professional’s phone or email.
The authentication of the User/Health Professional in the context of his/her access to the Application, is irrefutably imputable to the User/Health Professional for the operations carried out by means of his authentication elements.
In other words, any action carried out by the User/Health Professional via his Personal Account, based on his authentication details, will be deemed to have been carried out by the User/Health Professional and under his exclusive responsibility.
As such, the User/Healthcare Professional agrees to keep his/her authentication elements secret. It is understood that MEDECINDIRECT cannot be held liable for any loss or damage occurring in the event of failure to comply with this obligation, any use of the aforementioned elements being made under the sole responsibility of the User/Healthcare Professional.
In the event of loss or theft of its authentication elements, or suspicion of their use by an unauthorized third-party, the User/Health Professional agrees to inform MEDECINDIRECT without delay, at the following e-mail address: firstname.lastname@example.org.
The notification of the User/Health Professional will systematically lead to the deactivation by MEDECINDIRECT of the User/Health Professional’s compromised authentication elements as soon as possible and will generate a procedure allowing the creation of new authentication elements in compliance with the French Data Protection Authority’s (CNIL) recommendations.
In accordance with the recommendations of the French Data Protection Authority’s (CNIL), a technical device encourages the User/Health Professional to change their password periodically, every twenty-four (24) months.
The User/Healthcare Professional also has the possibility to renew his/her password by clicking on the « lost password » link. An email will be sent to the User/Healthcare Professional with a temporary link, he/she will be asked to enter his/her old password followed by a new password, that is to be chosen in accordance with the recommendations of the French Data Protection Authority (CNIL).
The User/Healthcare Professional agrees, in general, to take all necessary measures to ensure the complete confidentiality of his authentication details and agrees not to communicate, transfer or share with a third-party.
If applicable, MEDECINDIRECT agrees to notify the breach of the User’s/Health Professional’s password or renewal data as soon as possible after the breach is detected. The User/Healthcare Professional will be asked to change their password the next time they log in.
In the event of leaks, losses, data modifications, MEDECINDIRECT will inform the French Data Protection Authority (CNIL) within a period not exceeding seventy-two (72) hours.
This obligation to provide legal information cannot be interpreted as an acknowledgement of liability or negligence on the part of MEDECINDIRECT or its subcontractors.
The User/Healthcare Professional is also aware that it is recommended to change their password for other services if they have used the same password for those services.
MEDECINDIRECT, in its capacity as a data controller under the Data Protection Act, sets up enhanced security measures to enable the collection and processing of personal data (including administrative and health data of Users) under conditions that guarantee their confidentiality, integrity and, more generally, their security in compliance with the provisions of the Data Protection Act and applicable legal provisions.
In particular, the data collected and processed within the framework of the Application are hosted by an approved database hosting company under Article L. 1111-8 of the French Public Health Code, COREYE.
The User is informed and acknowledges that he/she may object to the hosting of his/her data with the approved database hosting company for any legitimate reason by contacting directly:
MEDECINDIRECT implements procedures for securing data transport and recipient or « server » authentication, including the use of the most up-to-date version of the TLS encryption protocol.
The connection dates and times concerning access to the Application and any consultation, creation, updating and deletion of data, as well as the time limits and durations of responses to beneficiaries are recorded in order to track the use of the Teleconsultation Service.
A supervision tool allows all access to data to be tracked in the database. In particular, it records successful and failed connection attempts, account name, and public IP addresses. It is possible for the administrator to extract a log of this information.
All traces of medical exchanges are thus stored in the file of the User, and will be stored actively for five (5) years, plus five (5) years as archived.
With respect to the sensitivity of the personal data collected by using the Application, the User/Health Professional agrees to the following:
In particular, it is the User/Healthcare Professional’s responsibility to take all appropriate measures to protect their own data and equipment from contamination by viruses or other forms of attacks that may circulate through the Application.
The User/Health Professional is informed that technical interventions within the Application are carried out in compliance with the provisions of the Data Protection Act and all the provisions of the Public Health Code.
The User/Healthcare Professional acknowledges the existence of risks inherent to the use of telecommunications, even in the presence of secure access as implemented in the Application, and in particular:
In no event shall MEDECINDIRECT be liable for these risks and their detrimental consequences, regardless of their extent, to the User/Health Care Professional.
In addition, the User is warned that saving his/her identifiers and passwords using Internet browsers is not recommended. This is not recommended due to security reasons and the sensitive and confidential nature of the data contained in his/her Personal Account.
The User/Healthcare Professional is informed that his or her personal data is stored for a period of five (5) years in an active database and then archived for five (5) years by MEDECINDIRECT under the required security conditions. Beyond that, only non-identifying aggregated statistical data are kept.
The MEDECINDIRECT service allows beneficiaries to print a copy of a prescription signed by doctors following a teleconsultation.
Pharmacists can verify the authenticity and integrity of a prescription by contacting the health professional or administrative staff from MEDECINDIRECT who are authorized by the Chief Physician to access medical records (with the consent of the beneficiary).
Each member of MEDECINDIRECT’s administrative staff authorized to access the data has signed a confidentiality agreement.
The User/Healthcare Professional is informed that the closure of his Personal Account will not result in the automatic destruction of his personal data, which will be stored for technical reasons regarding database consistency, in compliance with the requirements of the Data Protection Act, as well as the legal and regulatory obligations of MEDECINDIRECT, which the User/Healthcare Professional accepts.
The User/Healthcare Professional is informed that at the end of this action, he/she will no longer be able to access the Application and Content.
MEDECINDIRECT does not transfer the personal data of Users/Health Professionals outside the European Union.
The Application uses both session cookies, which are deleted upon closing the User’s/Health Professional’s browser, and permanent cookies, which remain on the computer, smartphone, digital tablet used by the User/Health Professional to access the Application, for a specified period of time.
The cookies used in the Application are used exclusively to:
You will find below the list of cookies used on the Application:
Name of the Cookie used : session cookie
Function : management of the functional aspects related to a website visit
Category : cookie strictly necessary
Session/permanent cookie : session
Name of the Cookie used : Google Analytics
Function : records the number of visits made to the site, including the first visit, as well as the most recent
Category : performance cookie
Session/permanent cookie : permanent
With regard to the use of audience measurement cookies (Mobile Application), an information banner is displayed when the User/Healthcare Professional connects to his/her Personal Account, in order to inform him/her of the storage before the cookies are stored to obtain his/her prior consent.
By continuing his/her navigation, the User is presumed to have given his/her agreement i.e. when the User has clicked on an element of the Application (content, link, « search » button etc.) or has gone to another page of the Application.
The agreement given by the User is only valid for a period of thirteen (13) months from the first deposit in the User’s terminal equipment, following the User’s consent.
At the end of the thirteen (13) month period, the User’s consent needs to be renewed.
In order to configure the audience measurement cookie, Users/Healthcare Professionals can use the tracking opposition tools offered by Google Analytics, the audience measurement cookie used within the Application by clicking here.
At any time, the User may choose to express and modify his/her wishes regarding cookies.
Users and Health Professionals will be notified of changes via the website www.medecindirect.fr or by email.