Personal Data Processing
Who is responsible for processing your data?
logicoss application and its main functionalities (medical form, medical file, etc.) are operated by a rescue organisation. This is generally a rescue or medical service association or company . In some cases, the Data Controller may be the event organizer or site manager directly.
This organisation is the sole Controller of your personal data in accordance with Article 1 of the RGPD and Principle No. 1 of the PIPEDA. This organisation is the client of LOGICOSS DIGITAL HEALTHCARE, the company behind logicoss.
Personal data processing is an operation, or set of operations, relating to personal data […]: collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission or dissemination or any other form of provision, reconciliationCommission Nationale de l’Informatique et des Libertés.
How do we use your data ?
The purpose of processing the personal data that you entrust to us or that are entered by the care staff is to :
- Collect, on a voluntary basis, the medical history of people attending a Site/Event. The questions asked concern allergies, hospitalizations, past or chronic illnesses, chronic treatments, as well as recent signs of contagiousness of the persons.
- Assess the individual and collective health risk induced by the presence of each person on the Site/Event.
- Prior to the event, this helps to assess the risk of epidemic spread.
- During or after the event, this makes it possible to monitor the most vulnerable people more closely.
- Know the medical history of the persons taken in charge, in order to improve the therapy in particular for the most serious accidents and illnesses.
- Ensure traceability of every care provided to each patient, which is a medico-legal obligation.
- Centralize data, in order to create and calculate pseudonymised statistical analyses. These analyses can be used for research and development purposes. In particular, they aim to better understand the cause of an accident or illness. The ultimate goal is to improve the safety and quality of health care at the Site/Event. All research projects based on data collected on the logicoss platform are and will remain available for consultation in the coming years on the MEDICAL RESEARCH page. Only projects based on coded and/or pseudonymised Data will be conducted. Any processing of Data requiring the removal of anonymisation by the Data Controller can only be carried out after having obtained a Declaration of Consent concerning access to the medical file, signed by the patient.
In addition to these processing operations, the Data Controller (see below) may carry out further processing on your data. In such a case, the Data Controller must have informed you in advance and obtained your consent to do so.
The manner in which the logicoss platform collects and processes data on behalf of the Data Controller complies with Articles 6, 13 & 14 of the European General Data Protection Regulation (GDPR), Principle 2 and Principle 4 of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
In what context can you receive e-mails from logicoss.net?
logicoss.net is able to send you emails in the following cases:
- Share a personal health quiz response link to event attendees. The decision to send an email of this type is systematically validated and carried out by the LOGICOSS DIGITAL HEALTHCARE support teams on the instructions of the Data Controller. This initial e-mail can be accompanied by a maximum of two mass reminders sent only to people who have not answered the health questionnaire. The list of recipients is provided by the Data Controller.
- Share a link to (re)set the password of a logicoss User.
- Inform users of the granting of a right of access to a Rescue or Medical Service.
What processing limitations are imposed by/on LOGICOSS?
- LOGICOSS DIGITAL HEALTHCARE formally prohibits its Data Controller client from using the logicoss application for the purposes of dissemination, publication or mass sending of emails for the sole purpose of advertising or promotion.
- Under no circumstances is LOGICOS DIGITAL HEALTHCARE authorized to share the personal data collected on the instructions of the Data Controller (contact, e-mail, address, etc.) with a third party for commercial, charitable, etc
Who is involved in the processing of your data ?
In order to provide a secure and resilient application, LOGICOSS DIGITAL HEALTHCARE relies on companies with expertise in application development and health data hosting services. All these companies and LOGICOSS DIGITAL HEALTHCARE process health data in strict compliance with the instructions provided by the Data Controller. In the sense of the RGPD, this means that all these companies and LOGICOSS DIGITAL HEALTHCARE are “subcontractors” of the Controller of your data.
The name of the Controller of your data can be found at
- in the e-mail you received containing the link to the Logicoss Medical Form,
- by consulting the general and special conditions that you have accepted by purchasing a number/ticket,
- by contacting the organiser of the event you will be attending.
As a last resort, any person having difficulties in identifying the Data Controller may send an e-mail to the Data Protection Officer (DPO) of LOGICOSS DIGITAL HEALTHCARE at email@example.com to obtain this information.
Who is hosting your data?
The health data hosting service is provided by the Luxembourg company Amazon Web Services EMEA SARL and its French and its subcontractors Amazon Data Services France SAS and Amazon Technological Services SAS.
Where do we host your data ?
The hosting of health data is provided by complementary and redundant servers located in different location in Paris Area – FRANCE (AWS region “Paris”). The exact addresses of the data centers are kept confidential by their operator.
How can you access & modify your data ?
In application of I/ Articles 15 and following of the GDPR and II/ Principle n°9 of the PIPEDA, each person has the right to object to the storage of his/her data, subject to the expression of a legitimate reason. Similarly, each person has the right to access and rectify information concerning him or her.
Consequently, any person wishing to exercise these rights of access, rectification or opposition to the deposit of their data with this host is requested to write to :
Monsieur le Délégué à la Protection des Données (DPO)
LOGICOSS DIGITAL HEALTHCARE,
109 boulevard de l’Europe,
69310 Pierre Benite, FRANCE
Please mention in the letter the event/site where you were present. The letter will be forwarded to the Data Controller’s DPO in charge of your data. A reply will be given within the legal time limits (European citizen: 8 days to 60 days; Canadian citizen: 30 days to 60 days).
As a last resort, any person having difficulties in exercising their rights may also contact the data host. To do so, you can send an e-mail to firstname.lastname@example.org, with a copy to email@example.com. Please mention in the subject line: “Access and modification rights to personal data – logicoss application provided by logicoss digital healthcare”.
Note : medical care organisations are subject to legal obligations to trace all care actions performed. Under the GDPR, this obligation constitutes a legitimate reason for storing your personal data.
How do we secure your data ?
Health data are secured by a consortium of two actors, whose respective skills allow to cover the 6 areas of Certification related to Health Data Hosting (HDS), according to the version 1.1 of June 2018:
- Pictime Groupe SA ( 61 rue de l’Harmonie – 59262 Sainghinen-Mélantois FRANCE – SIREN 443 498 571 61 – RCS LILLE) : Management of certification domains n°4, 5, 6
- Amazon Web Service EMEA SARL (38 AV JOHN F KENNEDY L 1855 99137 LUXEMBOURG – SIREN 831001334 : Management of Certification Domains n°1, 2, 3, 4, 6
The data centers used also meet the ISO/IEC 27001:2013 International Certification for Information Security Management