Privacy policy
PROTECTION OF PERSONAL DATA
As an innovative player in the field of dematerialization in the health sector, protection of personal data is of paramount importance for DHN.
DHN’s policy for the protection of personal data detailed on this page sets out how we process the personal data that we collect and that is provided to us. We invite you to carefully read this document to know and understand our practices for the processing of your personal data.
This privacy policy covers:
-
- The processed information
- The reasons for the processing of personal data
- The lawfulness of personal data processing
- The retention period of your personal data
- The communication of your personal data to third parties
- The protection of your personal data
- Your rights regarding your personal data
The processed information
On the mobile app
The operation of the DHN mobile app may require the collection and processing of the following personal information:
– name and surname;
– gender
– nationality ;
– photo ;
– date of birth ;
– mobile phone number ;
– postal address ;
– National ID number
– elements of an identity document ;
– Identification elements of one or more of your physician(s)/doctor(s);
– Identification elements of your employer
– elements contained in documents prepared by your physician(s)/doctor(s) including, potentially, data regarding your health, genetics, sexuality or other sensitive data.
On this website
When you contact us via the contact form on our website, the following personal data may be subject to processing by DHN:
-
- name and surname;
- email address;
- status (Doctor, citizen, etc.)
- company name;
- reason for the request.
In addition to the information requested via the contact form, our website uses cookies.
Cookies are small computer files that are stored on your computer when you visit our website. These files are used to track your activity on our website.
Cookies used are:
Name | Provider | Purpose | Transmission of data outside the EU | Retention period |
pll_language | DHN | Used to determine the preferred language of the visitor and set the language accordingly on the website.
|
No | 6 months |
_pk_ses.3.f1a1 | DHN | Short lived cookies used by Matomo (hosted by DHN) to temporarily store data for the visit
|
No | 30 minutes |
_pk_id.3.f1a1 | DHN | Used by Matomo (hosted by DHN) to store a few details about the user such as the unique visitor ID
|
No | 1 year |
cookielawinfo-check
box-functional-fr |
DHN | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.
|
No | 6 months |
cookielawinfo-check
box-necessary-fr |
DHN | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”
. |
No | 6 months |
cookielawinfo-check
box-analytics-fr |
DHN | This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category “Analytics” | No | 6 months |
cookielawinfo-check
box-advertisement-fr |
DHN | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category
“Advertisement”.
|
No | 6 months |
cookielawinfo-check
box-others-fr |
DHN | Unclassified | No | 6 months |
cookielawinfo-check
box-performance |
DHN | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”.
|
No | 6 months |
CookieLawInfoConsent | DHN | The cookie is used to record the status of the user’s consent to the deposit of cookies.
|
Non | 6 mois |
viewed_cookie_policy | DHN | The cookie is used to record the user’s consent or lack of consent for the use of cookies.
|
Non | 6 mois |
VISITOR_INFO1_LIVE | Youtube.com | Used to estimate visitor bandwidth when viewing pages containing embedded YouTube videos
|
Yes (United States of America) | 180 days |
YSC | Youtube.com | Used to assign a unique ID to visitors to compile statistics on YouTube videos viewed
|
Yes (United States of America) | Duration of the session |
yt-remote-connected-devices | Youtube.com | Used to store user’s video player preferences using the built-in YouTube video.
|
Yes (United States of America) | Permanent |
yt-remote-device-id | Youtube.com | Used to store user’s video player preferences using the built-in YouTube video
|
Yes (United States of America) | Permanent |
CONSENT | Youtube.com | Used to detect whether the visitor has allowed marketing cookies.
|
Yes (United States of America) | 2 years |
The purpose of personal data processing
The collected personal data will be used for the operation of the services offered by DHN and/or the operation of the mobile app and/or the DHN website.
In absence of consent to the processing of personal data, the services offered by DHN may be reduced or impossible to implement.
The lawfulness of personal data processing
The law requires a legally defined basis for the processing of your personal data.
All the personal data processing implemented by DHN is the subject of your prior consent, except for the processing of personal data carried under the joint liability of DHN and the eSanté agency, in relation to public services such as the creation of an “eSanté” account or the filing of health documents on the “eSanté” platform.
The retention period of your personal data
The following data will not be stored by DHN but are transmitted directly to the third parties identified below. Storage of such data is therefore strictly limited to the time necessary for their transmission:
-
- XML and PDF files of health documents generated by health professionals as well as information included in them such as name, surname, postal address, social security number, name and specialty of the treating physician, invoiced medical procedures, CIT code, genetic data or any other data relating to the health status of the citizen.
These data are stored for the following periods:
Data categories |
Retention period |
Physician data: Title, name, surname, CNS code, eHealthID, Email address, Billing address; Physician Group Name, Group CNS Code, Group Email Address, IBAN Group, Group Members; Assistants/Secretaries who use the eAdmin Connector: Title, same, surname, Social Security No., Role
|
10 years from the end of the contractual relationship between DHN and the physician |
Data of users of the DHN mobile application: Name, surname, Social Security Number, the last 4 digits of the ID card or passport, mobile number, Preferred language, eDocument ID, relatives
|
10 years from the end of the relationship between DHN and the mobile app user |
Data relating to the transmitted document: The type of document (e.g. Doctors bill), Name and surname of the doctor who issued the document, Name and surname of the citizen concerned, Date of creation of the document, Date of sending to the eAdmin server, Document ID in eDocument (UUID), Date of sharing and recipient of the document (e.g. forwarded to CNS on 29.03.2021), regarding doctors’ bills: Amount charged , Currency and status (Paid or not paid)
|
2 years |
Data shown on the contact form of the DHN website
|
Duration of the processing of the user’s request |
Cookies
|
See table above |
The protection of your personal data
We use various technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, modification or destruction, in accordance with applicable data protection laws.
Any transmission of collected data, except those obtained through cookies, is encrypted.
In order to provide our services, we may transfer your personal data to sites located outside the country, in which you provide such data or if you visit one of our websites, for the purposes set out above.
This may result in your information being transferred from a location within the European Economic Area (“EEA “) to a location outside the EEA, or from outside the EEA to a location in the EEA. The level of protection of the information in non-EEA countries may be lower than the one offered in the EEA. In this case, we will take appropriate measures to ensure that your personal information remains protected and secured in accordance with applicable data protection provisions. If our third-party service providers process personal data outside the EEA as part of the provision of services, our written agreement with them will include appropriate measures, usually standard contractual clauses.
The communication of your personal data to third parties
The services offered by DHN are entirely based on the dematerialization of document transfers in connection with your health care.
Collected data will not be sold.
However, all or part of the third parties identified below may pay DHN to enable the operation and use of the services offered by DHN.
Accordingly, your personal data may be transmitted, on your express order and with your consent, to one or the other of the following entities :
– a health professional (doctor, physiotherapist, etc.) ;
– a biological or medical analysis laboratory ;
– the eSanté agency ;
– social security agencies ;
– a supplementary insurer ;
– an employer.
It is further specified that the services offered by DHN make it possible to generate an electronic document that can be stored, on your express request, in the DHN mobile app. This document can then be transmitted to any third party of your choice but will never be automatically or spontaneously transmitted by DHN to any third party.
Your rights regarding your personal data
You have the right to request details about the information we hold about you and how we process it. You may also have the right, in accordance with the European data protection regulation, to rectify or delete your personal data, to restrict the processing thereof, to prevent unauthorized transfers of your personal data to third parties and, in some cases, to request that it be transferred to another entity.
If you object to the processing of your personal data, or if you have given your consent to the processing and subsequently choose to withdraw it, we will comply with that choice in accordance with our legal obligations.
Please note that even after you choose to withdraw your consent, we may continue to process your personal data to the extent required or otherwise permitted by law, in particular with respect to the exercise and defense of our legally conferred and protected rights or the compliance with our legal, regulatory or contractual obligations.
We must ensure that your personal information is accurate and reflects your current situation. Therefore, please keep the information provided to us up to date.
You can exercise your rights by submitting a request to the data protection officer of the data controller:
Digital Health Network S. à r.l.
To the attention of the data protection officer
29 rue de Vianden
L-2680 Luxembourg
dpo@dhn.lu
Please note that processing may be under the joint liability of DHN and the eSanté agency. In this case, you can also contact:
Agence eSanté G.I.E.
To the attention of the data protection officer
125 route d’Esch
L-1471 Luxembourg
privacy@esante.lu
https://cnpd.public.lu/fr.htmlhttps://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.htmlYou have the right to lodge a complaint regarding the processing of your personal data by DHN with the National Data Protection Commission (hereinafter “CNPD”) via the website: https://cnpd.public.lu/fr.html (the complaint page is available at: https://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.html)