This page has been translated in English for information purpose.  The legal version is and always remain the French version, available here: https://www.luna-endometriose.com/ethique-securite-donnees/

Personal data

The notion of “personal data” is to be understood in a very broad way. Personal data” is “any information relating to an identified or identifiable natural person. When registering for LUNA’s services, users create their client account and give their consent to any use of their personal data. The user provides a certain amount of information that qualifies as personal data. In addition, in order to be able to offer its LUNA services of scoring, alerts, monitoring and more generally any service, LUNA collects health data from users. Personal data is stored from the time of collection in accordance with the applicable legal provisions for the period of time defined by the laws and regulations, after which it will be deleted immediately. All users have the right to access, rectify and delete their personal data. To exercise this right, they can send their request directly to HDSI: info@luna-endo.fr.

 

With a view to respecting the privacy of its Users, HDSI undertakes to ensure that the collection and processing of personal information is carried out in accordance with the French law n°78-17 of 6 January 1978 relating to information technology, files and freedoms, known as the “Information Technology and Freedom” law https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000886460, and with Regulation n°2016/679, known as the General Data Protection Regulation (RGPD)

 

The entirety of the data of the platform and the site are hosted by HOSTEUR SARL is part of the hosts certified by the Ministry of Health, whose list is available on the site esante.gouv.fr via the following link: https://esante.gouv.fr/labels-certifications/hds/liste-des-herbergeurs-certifies.

 

The purpose of this data is to manage the Client Account of each user and to provide LUNA services. This data may also be used to send information to each user.

CE Medical Device Standard

LUNA develops services to support users in their daily choices, but also in the orientation and decisions of their care path.

 

As such, LUNA does not compromise with safety and has had its algorithms CE certified as a medical device (DM). To achieve this standard, all calculation methods have been scientifically, medically and computationally validated to ensure that the results are real and the help is proven.

 

In addition, in the medical device sector, quality and safety are of paramount importance, which is why LUNA has implemented a Quality Management System (QMS) for the entire company operation and is currently in the process of obtaining ISO 13485 certification. This regulation imposes increasingly stringent requirements at every stage of a product’s life cycle. To obtain certification, companies must be able to demonstrate the effectiveness of their quality management processes and implement best practices in all their activities. ISO 13485, an internationally recognized standard, establishes the requirements for a quality management system specific to the medical device sector.

Data encryption & hosting

Data encryption

Wherever the data are encrypted. On the server of the host where they are decrypted according to the conditions of strong authentication, time-limited access token and connection instance ID. But also, on any user workstation (smartphone, tablet, computer or other) where they are decrypted on the fly.

 

Data exchanges between the server and the user’s computer are systematically encrypted to avoid any possibility of data leakage.

Data hosting in an HDS environment

Personal health data are sensitive data. Access to it is regulated by law to protect the rights of individuals. Consequently, the hosting of this data must be carried out under security conditions adapted to its criticality. The regulations define the terms and conditions expected.

 

“Any natural or legal person who hosts personal health data collected during preventive, diagnostic, care or medico-social monitoring activities on behalf of the natural or legal persons who produced or collected the data or on behalf of the patient himself must be approved or certified for this purpose. Article L.1111-8 of the public health code, amended by law no. 2016-41 of January 26, 2016

 

Hosting providers of health data on digital media (apart from electronic archiving services) must be certified.

 

As part of the approval procedure for hosts of personal health data specified by Decree 2018-137 of February 26, 2018 approved by the Minister of Health are listed on the government website: https://esante.gouv.fr/labels-certifications/hds/liste-des-herbergeurs-certifies.

 

We have subscribed to an approved “personal health data host” solution with Hosteur SARL, referenced by the government.

 

This environment is protected by all IT security standards (authentication, firewall, antivirus, temporary and unique token, etc.) and is automatically backed up every day: the servers are copied every night to another computer center in another city.