General data protection policy

Part I - General provisions

 

  1. Informations

Ad Scientiam is a simplified joint stock company with a capital of 13,405.00 euros registered with the Paris Registre du Commerce et des Sociétés under number 795 083 336, and whose registered office is located at 38 rue Dunois 75647 Paris CEDEX 13.

The Ad Scientiam website consists of all the pages linked to the domain names "adscientiam.com" and "adscientiam.fr" (hereinafter “Site”). It is edited and managed by the company Ad Scientiam which ensures its design, production, technical integration and maintenance.

This Site is hosted on Microsoft's Cloud offering (Azure). It is geographically located in the Microsoft hosting center, based within the European Union.

Microsoft France, certified health data host, Société Anonyme par Actions Simplifiées, with a capital of 4,240,000.00 euros whose head office is located at 37 QUAI DU PRESIDENT ROOSEVELT 92130 ISSY-LES-MOULINEAUX, and registered with the Nanterre Registre du Commerce et des Sociétés under the number 327 733 184.

Microsoft website : https://azure.microsoft.com/fr-fr/

For more information, please refer to : https://www.windowsazure.com/fr-fr/support/trust-center/privacy/

The Ad Scientiam website uses Google Analytics (Google) to manage the Site's audience measurements. It is geographically located in the Google hosting center, located within the European Union. 

Google Ireland Limited, a company incorporated under Irish law, registered in Ireland (under number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland

Google Cloud, certified health data host

(https://cloud.google.com/security/compliance/hds).

Google website : https://cloud.google.com/

  1. Purposes

Ad Scientiam does not collect any personal data from users of the Website (hereinafter referred to as “User(s)”) when they browse the Website. 

However, when a User completes the online contact form, Ad Scientiam may collect personal data in order to respond to their request. 

  1. Collected data (online form)*

When the User completes the online contact form, the personal data likely to be collected are as follows: 

  • identification data: name, first name, email address, mobile phone *, information concerning your personal situation * (patient, doctor, other),

  • data relating to the request: description of the request,

* These data are optional, the choice of their communication is left to the User.

The User's personal data are only processed to the extent necessary for the purposes for which they were obtained.

  1. Data retention

The User's personal data is kept only for the purposes of processing online contact forms and for a period in accordance with the applicable legislation in force. 

  1. Data sharing

As part of the provision of the service, Ad Scientiam uses a subcontractor for the hosting of the data. The User's personal data that would have been collected with their consent is stored on Microsoft's servers, located in the European Union. They are under no circumstances transferred or transmitted to unauthorized third parties outside the European Union. 

Contractual guarantees of compliance with data protection legislation have been provided between Ad Scientiam and Microsoft in order to ensure the protection of User rights. Ad Scientiam does not transfer any personal data except in the cases provided for by the applicable legislation in force. 

Apart from the aforementioned cases, Ad Scientiam does not share User data with third parties.

  1. Cookies

Information about cookies is available here

  1. Contact

For any suggestions, information, reactions concerning this Site, the User can contact Ad Scientiam at the following address:

By mail: 

Ad Scientiam

38 rue Dunois

75647 Paris CEDEX 13 

France

By mail:

info@adscientiam.com

For more information, the User can consult the General Data Protection Policy below.

Part II - General Data Protection Policy

  1. Objectives and scope

Capitalized terms used in this general policy for the protection of Personal Data (hereinafter the "Policy") are defined in the Appendix "Definitions". 

  1. Objectives of the Policy

Ad Scientiam is a company involved in the research, development and operation of innovative health solutions, the purposes of its treatments may be those of monitoring and supporting the patient's pathology through an application, clinical research on a pathology targeting patients, or any other project related to its corporate purpose. 

Ad Scientiam undertakes to guarantee the protection of Personal Data recorded in the course of its activity, as well as to comply with the applicable laws and regulations regarding the Processing of Personal Data and Sensitive Personal Data.  

 

  1. Scope

The Policy is intended to apply to all users of the Ad Scientiam website and products, hereinafter referred to as "the Data Subjects". les Personnes Concernées ». 

In the event of any conflict between this policy and Applicable Law, the following rules will apply: 

  • If the Policy is more protective, it is intended to take precedence over the applicable Legislation.

  • If the Applicable Law is more protective, it will apply to the points concerned instead of the Policy.

If any doubt remains, the Data Subjects seek the advice of the Data Protection Officer (DPO), available by email at privacy@adscientiam.com. privacy@adscientiam.com.

  1. Revision 

In the event of significant changes in data protection regulations or exposure to risk, this Policy is updated by Ad Scientiam. 

  1. Data Protection Officer (« DPO »)

Ad Scientiam has appointed a Data Protection Officer (DPO) to ensure Ad Scientiam's compliance with Applicable Legislation and compliance with the commitments made under this Policy. 

  1. Principles to follow regarding Personal Data Processing 

In accordance with Applicable Law, Ad Scientiam undertakes to comply with the principles established below when collecting and Processing Personal Data.

  1. Categories and description of collected data

As part of its activity, Ad Scientiam undertakes to collect only the Data necessary for the Processing of Data such as: identification data (name, first name, email), sensitive data (state of health, history, diagnosis, etc.) , personal life data (professional, personal situation, etc.).

The Data collected differs depending on the type of the Data Subject: user of the website, an application and / or participating in a study.

For your information, the categories and descriptions of data collected will always be fully indicated to you in our consent forms relating to a study, an application or a nominative project. 

  1. Lawfulness, loyalty and transparency 

Personal Data must be collected and processed in a lawful, fair and transparent manner. 

As such, Ad Scientiam guarantees that any Processing is based on a legal basis recognized by applicable law, such as: 

  • The Data Subject has given their Consent to the Processing of their Personal Data for one or more specific purposes (subject to compliance with the additional requirements detailed in the "Consent" section); this Consent is required for any non-anonymized and direct collection of Data from Data Subjects. Consent is required by a Consent Form or checkbox on an app or website. 

  • Processing is necessary for the performance of a contract to which the Data Subject is a party or to take appropriate measures at the request of the Data Subject before entering into a contract;

  • Processing is necessary for compliance with the legal obligations to which Ad Scientiam is subject;

  • Processing is necessary for the legitimate interests pursued by Ad Scientiam;

  • Processing is necessary in order to protect the vital interests of the Data Subject;

  • Processing is necessary for the performance of a task of public interest. 

When a Processing is based on a legitimate interest, Ad Scientiam performs an analysis to determine whether or not this legitimate interest takes precedence over the interests or the fundamental rights and freedoms of the Data Subjects. This evaluation and its results must be documented and recorded for evidentiary purposes. 

In addition, Ad Scientiam ensures that Personal Data Processing activities are carried out in an apparent and transparent manner.To this end, Ad Scientiam provides accessible and intelligible information to Data Subjects on how their Personal Data is used, in accordance with the terms and requirements of the human rights management process.

  1.  Consent

When the Processing is based on the Consent of the Data Subject, Ad Scientiam ensures that this Consent has been obtained and is properly managed for the duration of the Processing.

  1. Conditions of validity of the Consent (characteristics and methods of collection)

Ad Scientiam ensures that the Consent obtained from the Data Subject meets the following criteria: 

  • Free true freedom of choice without negative consequences in the event of refusal

  • Informed informed consent

  • Specific consent given for a specific purpose / processing

  • Unambiguous no doubt about the intention to give consent

  • Explicit additional condition for high risk treatments 

In addition, Ad Scientiam must, where applicable, ensure compliance with local laws on the conditions of validity of the Consent. 

This Consent must be obtained before the collection of the Data and, at a minimum, at the same time as the collection of the Data. The Consent request must be distinguished from any other request / subject, in an intelligible and easily accessible form, in clear and simple language.

  1. Consent management (duration, proof)  

Ad Scientiam ensures the validity period of the Consent: when the Processing methods change or evolve, the original Consent is no longer valid. A new Consent must then be obtained. 

  1. Withdrawal of Consent 

The Data Subject must be able to withdraw their Consent at any time (article 7 of the GDPR). Ad Scientiam gives the Data Subject the means to withdraw their Consent as easily as it was given, as far as possible by a method equivalent to the one used to obtain the Consent.

  1. Limitation of purposes

Ad Scientiam is a company involved in the research, development and operation of innovative health solutions, the purposes of its treatments may be those of monitoring and supporting the patient's pathology through an application, clinical research on a pathology targeting patients, or any other project related to its corporate purpose. 

Before any collection of Personal Data, Ad Scientiam clearly defines the purpose (s) pursued by the collection, which must be déterminées, explicites et légitimesAd Scientiam also ensures that the purpose (s) thus defined are compatible with its activities.

  1. Minimization and accuracy  

The Personal Data collected must be adequate, relevant and not excessive in relation to the purpose pursued by the Processing. In other words, Ad Scientiam ensures that the collection relates only to Data strictly necessary to achieve the purpose. strictement nécessaires pour atteindre la finalité. 

  1. Limited storage 

Ad Scientiam ensures that the Personal Data processed is not kept longer than necessary for the purposes for which it is collected. The retention periods for personal data are specific to each Ad Scientiam project, application or study. 

To know the retention period of your data, please refer to the processing policy of the project or study concerned. 

  1. Personal Data security

Ad Scientiam takes technical and organizational measures to ensure the security, confidentiality and integrity of Personal Data throughout the Processing.

They vary depending on the project, application or study. 

You will find attached the most commonly used technical security measures:

Type of security

Mesures de sécurité techniques

Access to premises and equipment

  • Badge

  • Key security

  • SSO

  • Active Directory

  • Double authentification

  • Logical access control

  • Saving data

  • Securing the computer system

Access to data support

  • Digitized patient consent collection (checkbox)

  • Strong password

  • Double authentification 

  • Intrusion Protection Policy 

  • Securing IT channels

Data transmission and identification of recipients

  • Encryption of network exchanges using an https protocol

  • Special feeds 

  • Secure identification protocol 

  • Nominative accounts

  • Encryption of communication by electronic certificate

  • Securing IT channels

  • IT backup

Access right management

  •  Access control

  • Account activation / deactivation procedure

  • Request for access by managers, granted according to business profile

Journalisation des connexions

  • Gestion des logs

  • Securing IT channels

  • IT backup

  • Saving data

Gestion de la continuité

Redundant servers located in EU territory

Clauses contractuelles

  • Annual audit on data security

  • Data Privacy Agreement

  • Data processing policy

  • Consent Forms

Transfer of Personal Data outside the European Union

The Transfer of Personal Data requires additional care and safeguards. Ad Scientiam ensures that any Transfer of Personal Data is sécurisé de façon adéquate work environment, adequately secured and legally framed in accordance with the requirements of applicable law. 

  1. Documentation and risk management 

All evidence of regulatory compliance must be kept in order to demonstrate Ad Scientiam's compliance with the Supervisory Authority.

  1. Protection des Données dès la conception et par défaut (« Privacy by Design/by default”)

For any new project involving the Processing of Personal Data, Ad Scientiam implements measures to protect Personal Data from the design of the Processing, but also throughout the project and the life cycle of Personal Data (from collection to destruction).

  1. Data Protection Impact Analysis (DPIA)

When a Processing is likely to generate a high risk for the rights and freedoms of the Data Subjects, Ad Scientiam performs a Data Protection Impact Assessment (DPIA) on the Processing, before the implementation Processing. 

  1. Records of Processing Activities  

As Data Controller, Ad Scientiam maintains a Records of Processing Activities in accordance with the requirements of applicable Legislation.

  1. Staff training and awareness

Ad Scientiam ensures that all of its employees are aware of the issue of Personal Data protection and understand the intent and scope of the Applicable Legislation as well as the risks in the event of non-compliance. 

All new employees follow appropriate awareness-raising / training with regard to their missions and their level of knowledge. 

  1. Exercise of rights

Ad Scientiam is committed to guaranteeing the exercise of the rights of Data Subjects granted to them by Applicable Law. Applicable Law grants Data Subjects the following rights: 

  • Right to be informed: the right to have clear, precise and complete information on the use of Personal Data by Ad Scientiam. 

  • Right of access: the right to obtain a copy of the Personal Data that the Data Controller holds on the requester. (article 15 of the GDPR). 

  • Right to rectification: the right to have Personal Data rectified if they are inaccurate or obsolete and / or to complete them if they are incomplete. (article 16 of the GDPR).

  • Right to erasure / right to be forgotten: the right to object to the Processing of Personal Data by Ad Scientiam for reasons relating to the particular situation of the applicant (under conditions). (article 21 of the GDPR).

  • Right to object: the right to object to the Processing of Personal Data by Ad Scientiam for reasons relating to the particular situation of the applicant (under conditions). (article 21 of the GDPR). 

  • Right to withdraw Consent: the right at any time to withdraw Consent when the Processing is based on Consent. (article 7 of the GDPR).

  • Right to restrict processing: the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended. (article 18 of the GDPR).

  • Right to Data portability: the right to request that Personal Data be transmitted in a re-usable format allowing it to be used in another Database.

  • Right in relation to automated decision making and profiling: the right for the applicant to refuse fully authorized decision-making and / or to exercise the additional guarantees offered in this matter. 

  • Right to define post-mortem directives: the right for the applicant to define directives relating to the fate of Personal Data after his death.

For any information or for any exercise of the rights granted to you by Applicable Law, you can contact the Ad Scientiam DPO at the email address: privacy@adscientiam.com

If, despite everything, you believe that Ad Scientiam has not satisfied your request to exercise your rights, you can contact the competent data protection authorities (for the CNIL: www.cnil.fr).

  1. Management of Personal Data Breaches

In accordance with its security obligation, Ad Scientiam defines, documents and implements a process to detect, qualify and respond to Personal Data Breaches.  

In the event of a data breach, and when possible, Ad Scientiam warns Affected Persons of any breach of their personal data. 

  1. Cookies

Information about cookies is available here

  1. Management of intervening third parties 

In accordance with applicable legislation, Ad Scientiam undertakes to choose Service Providers who provide sufficient guarantees as to the implementation of appropriate technical and organizational measures. 

  1. Commitments of Ad Scientiam as a Subcontractor 

In accordance with Applicable Legislation, Ad Scientiam undertakes to keep an up-to-date register of Processing activities implemented on behalf of third-party Processing Managers. 

Appendix 1 : Definitions

Data protection impact analysis (DPIA): analysis to be carried out by Ad Scientiam for Processing likely to generate a high risk for the rights and freedoms of individuals. 

Supervisory authority: independent public authority established by a Member State under Article 51 of the GDPR, responsible for monitoring the application of the GDPR, in order to protect the fundamental rights and freedoms of individuals with regard to Processing and facilitate the free flow of Personal Data from the European Union. 

Consent : any free, specific, enlightened and unambiguous manifestation of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Personal Data concerning him / her be the subject of Processing. 

Data Protection Officer (or "DPO"): the person appointed by Ad Scientiam in charge of the protection of Personal Data within Ad Scientiam and Ad Scientiam's compliance with Applicable Legislation.  

Recipient: natural or legal person, public authority, service or any other body that receives communication of Personal Data, whether or not it is a Third Party. In principle, data is collected directly from the Recipient. 

Personal data: any information relating to a Data Subject, in particular by reference to an identifier such as a name, an identification number, an identity card number, salary, health records, bank account information, driving or consumption habits, Location Data, online identifier, etc. The term “Personal Data” includes Sensitive Personal Data.  

Applicable legislation: set of regulations relating to the protection of Personal Data and applicable to the Processing of Personal Data carried out by Ad Scientiam, namely European Regulation No. 2016/679 relating to the protection of Personal Data (RGPD), the IT Law and modified freedoms, and any other regulations relating thereto, applicable to Ad Scientiam. 

Data subject: individual to whom the Personal Data relates and who can be identified or identifiable, directly or indirectly, thanks to this Personal Data. This includes current and past customers, prospects, and collaborators.

Data Controller: natural or legal person who, individually or jointly, decides what Personal Data is collected, why and how it is collected and processed. 

GDPR abbreviation of European Regulation No. 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 

Subcontractor: any natural or legal person, public authority, department or other body that processes Personal Data on behalf of the Data Controller and according to their instructions (for example service providers or suppliers).

Third party: any natural or legal person, public authority, agency or any other body other than the Data Subject, the Data Controller, the Processor and the persons who, under the direct authority of the Data Controller or the Processor , are empowered or authorized to process the Data.

Processing: any operation or set of operations carried out or not using automated processes and applied to Personal Data such as collection, access, recording, copying, transfer, conservation, storage, cross-referencing, modification, structuring, provision, communication, recording, destruction, whether automatically, semi-automatically or otherwise. This list is not exhaustive. 

Data Transfer: any communication, copying or moving of Data via a network, or any communication, copying or movement of such Data from one medium to another, whatever that medium, of Personal Data to a country outside the European Union or to an international organization which are or are intended to be processed after this transfer. 

Personal Data Breach: breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of Personal Data transmitted, stored or otherwise processed, or unauthorized access authorized to such Data.

MSCopilot®: New clinical results confirm central role of digital biomarkers in the monitoring of patients with multiple sclerosis Our news
en_USEnglish