Privacy policy

PROTECTION OF PERSONAL DATA

As an innovative player in the field of dematerialization in the health sector, protection of personal data is of paramount importance for DHN. 

DHN’s policy for the protection of personal data detailed on this page sets out how we process the personal data that we collect and that is provided to us. We invite you to carefully read this document to know and understand our practices for the processing of your personal data.

This privacy policy covers:

    1. The processed information 
    2. The reasons for the processing of personal data
    3. The lawfulness of personal data processing
    4. The retention period of your personal data
    5. The communication of your personal data to third parties
    6. The protection of your personal data
    7. Your rights regarding your personal data 

The processed information

On the mobile app

The operation of the DHN mobile app may require the collection and processing of the following personal information: 

–   name and surname;

–   gender

–   nationality ;

   photo ;

–   date of birth ;

–   mobile phone number ;

–   postal address ; 

–   National ID number 

–   elements of an identity document ; 

–   Identification elements of one or more of your physician(s)/doctor(s); 

–   Identification elements of your employer 

–   elements contained in documents prepared by your physician(s)/doctor(s) including, potentially, data regarding your health, genetics, sexuality or other sensitive data. 

On this website

When you contact us via the contact form on our website, the following personal data may be subject to processing by DHN:

    • name and surname;
    • email address; 
    • status (Doctor, citizen, etc.) 
    • company name;
    • reason for the request.

In addition to the information requested via the contact form, our website uses cookies. 

Cookies are small computer files that are stored on your computer when you visit our website. These files are used to track your activity on our website.

Cookies used are: 

Name Provider Purpose Transmission of data outside the EU Retention period
pll_language DHN Used to determine the preferred language of the visitor and set the language accordingly on the website.

 

No 6 months
_pk_ses.3.f1a1 DHN Short lived cookies used by Matomo (hosted by DHN) to temporarily store data for the visit

 

No 30 minutes
_pk_id.3.f1a1 DHN Used by Matomo (hosted by DHN) to store a few details about the user such as the unique visitor ID

 

No 1 year
cookielawinfo-check

box-functional-fr

DHN The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.

 

No 6 months
cookielawinfo-check

box-necessary-fr

DHN This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”

.

No 6 months
cookielawinfo-check

box-analytics-fr

DHN This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category “Analytics” No 6 months
cookielawinfo-check

box-advertisement-fr

DHN The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category

“Advertisement”.

 

No 6 months
cookielawinfo-check

box-others-fr

DHN Unclassified No 6 months
cookielawinfo-check

box-performance

DHN This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”.

 

No 6 months
CookieLawInfoConsent DHN The cookie is used to record the status of the user’s consent to the deposit of cookies.

 

Non 6 mois
viewed_cookie_policy DHN The cookie is used to record the user’s consent or lack of consent for the use of cookies.

 

Non 6 mois
VISITOR_INFO1_LIVE Youtube.com Used to estimate visitor bandwidth when viewing pages containing embedded YouTube videos

 

Yes (United States of America) 180 days
YSC Youtube.com Used to assign a unique ID to visitors to compile statistics on YouTube videos viewed

 

Yes (United States of America) Duration of the session
yt-remote-connected-devices Youtube.com Used to store user’s video player preferences using the built-in YouTube video.

 

Yes (United States of America) Permanent
yt-remote-device-id Youtube.com Used to store user’s video player preferences using the built-in YouTube video

 

Yes (United States of America) Permanent
CONSENT Youtube.com Used to detect whether the visitor has allowed marketing cookies.

 

Yes (United States of America) 2 years

The purpose of personal data processing

The collected personal data will be used for the operation of the services offered by DHN and/or the operation of the mobile app and/or the DHN website. 

In absence of consent to the processing of personal data, the services offered by DHN may be reduced or impossible to implement.

The lawfulness of personal data processing

The law requires a legally defined basis for the processing of your personal data.

All the personal data processing implemented by DHN is the subject of your prior consent, except for the processing of personal data carried under the joint liability of DHN and the eSanté agency, in relation to public services such as the creation of an “eSanté” account or the filing of health documents on the “eSanté” platform.

The retention period of your personal data

The following data will not be stored by DHN but are transmitted directly to the third parties identified below. Storage of such data is therefore strictly limited to the time necessary for their transmission: 

    • XML and PDF files of health documents generated by health professionals as well as information included in them such as name, surname, postal address, social security number, name and specialty of the treating physician, invoiced medical procedures, CIT code, genetic data or any other data relating to the health status of the citizen.

These data are stored for the following periods: 

Data categories

Retention period

Physician data: Title, name, surname, CNS code, eHealthID, Email address, Billing address; Physician Group Name, Group CNS Code, Group Email Address, IBAN Group, Group Members; Assistants/Secretaries who use the eAdmin Connector: Title, same, surname, Social Security No., Role

10 years from the end of the contractual relationship between DHN and the physician

Data of users of the DHN mobile application: Name, surname, Social Security Number, the last 4 digits of the ID card or passport, mobile number, Preferred language, eDocument ID, relatives

10 years from the end of the relationship between DHN and the mobile app user

Data relating to the transmitted document: The type of document (e.g. Doctors bill), Name and surname of the doctor who issued the document, Name and surname of the citizen concerned, Date of creation of the document, Date of sending to the eAdmin server, Document ID in eDocument (UUID), Date of sharing and recipient of the document (e.g. forwarded to CNS on 29.03.2021), regarding doctors’ bills: Amount charged , Currency and status (Paid or not paid)

2 years 

Data shown on the contact form of the DHN website

Duration of the processing of the user’s request

Cookies

See table above

The protection of your personal data

We use various technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, modification or destruction, in accordance with applicable data protection laws. 

Any transmission of collected data, except those obtained through cookies, is encrypted. 

In order to provide our services, we may transfer your personal data to sites located outside the country, in which you provide such data or if you visit one of our websites, for the purposes set out above. 

This may result in your information being transferred from a location within the European Economic Area (“EEA “) to a location outside the EEA, or from outside the EEA to a location in the EEA. The level of protection of the information in non-EEA countries may be lower than the one offered in the EEA. In this case, we will take appropriate measures to ensure that your personal information remains protected and secured in accordance with applicable data protection provisions. If our third-party service providers process personal data outside the EEA as part of the provision of services, our written agreement with them will include appropriate measures, usually standard contractual clauses.

The communication of your personal data to third parties

The services offered by DHN are entirely based on the dematerialization of document transfers in connection with your health care. 

Collected data will not be sold. 

However, all or part of the third parties identified below may pay DHN to enable the operation and use of the services offered by DHN. 

Accordingly, your personal data may be transmitted, on your express order and with your consent, to one or the other of the following entities : 

–   a health professional (doctor, physiotherapist, etc.) ; 

–   a biological or medical analysis laboratory ; 

   the eSanté agency ; 

–   social security agencies ; 

–   a supplementary insurer ; 

–   an employer. 

It is further specified that the services offered by DHN make it possible to generate an electronic document that can be stored, on your express request, in the DHN mobile app. This document can then be transmitted to any third party of your choice but will never be automatically or spontaneously transmitted by DHN to any third party. 

Your rights regarding your personal data

You have the right to request details about the information we hold about you and how we process it. You may also have the right, in accordance with the European data protection regulation, to rectify or delete your personal data, to restrict the processing thereof, to prevent unauthorized transfers of your personal data to third parties and, in some cases, to request that it be transferred to another entity. 

If you object to the processing of your personal data, or if you have given your consent to the processing and subsequently choose to withdraw it, we will comply with that choice in accordance with our legal obligations.

Please note that even after you choose to withdraw your consent, we may continue to process your personal data to the extent required or otherwise permitted by law, in particular with respect to the exercise and defense of our legally conferred and protected rights or the compliance with our legal, regulatory or contractual obligations. 

We must ensure that your personal information is accurate and reflects your current situation. Therefore, please keep the information provided to us up to date.

You can exercise your rights by submitting a request to the data protection officer of the data controller: 

   Digital Health Network S. à r.l.
   To the attention of the data protection officer
   29 rue de Vianden
   L-2680 Luxembourg
   dpo@dhn.lu

Please note that processing may be under the joint liability of DHN and the eSanté agency. In this case, you can also contact: 

   Agence eSanté G.I.E.
   To the attention of the data protection officer
   125 route d’Esch
   L-1471 Luxembourg
   privacy@esante.lu

https://cnpd.public.lu/fr.htmlhttps://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.htmlYou have the right to lodge a complaint regarding the processing of your personal data by DHN with the National Data Protection Commission (hereinafter “CNPD”) via the website: https://cnpd.public.lu/fr.html (the complaint page is available at: https://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.html)