Charter concerning the protection of personal data

Health Integration Technology with its headquarters in Luxembourg, and its business address at 2-4, rue du Château d'Eau, L-3364 Leudelange, registered with the Luxembourg Trade and Companies Register under number B241390 is an IT company operating in the healthcare sector. The purpose of this charter is to reaffirm Health Integration Technology's commitment to these principles and to remind stakeholders of their rights in terms of personal data protection.

 

1. We always give priority to the security of the personal data you entrust to us

We reaffirm our commitment to ensuring that the security of our stakeholders' data is at the heart of everything we do.
The solutions we use to store or process our stakeholders' data are subject to rigorous validation and certification procedures.
We are committed to promoting good account security practices and prevention actions to our stakeholders.

2. We use the data you give us for your benefit.

We use the data to provide our stakeholders with high value, personalized services to help them make the best decisions.
We can transparently tell our stakeholders what is being done with their data. We can be reached by the following means:

By e-mail : dpo@health-it.lu
By phone : +352 621 285 798
By post: Health Integration Technology
For the attention of the Data Protection Officer
2-4, rue du Château d’eau / L-3364 Leudelange

3. We are completely transparent with you about the use of your personal data.

We undertake to explain to our stakeholders in a clear, concise and accessible manner how personal data is processed and to inform them of their rights in this regard and how to exercise them.
We undertake to maintain a dialogue with our Stakeholders, in order to be able to evolve with them and meet their expectations as best we can.

4. We leave you in control of the content of your personal data and the use that is made of it.

We undertake never to collect or process our Stakeholders' data without their knowledge and to respect the exercise of their rights while respecting the regulatory framework.

YOUR RIGHTS according to articles 13 and 14 of the General Data Protection Regulation:

Right of access: Faculty to obtain from the Data Protection Officer (DPO) the confirmation that personal data are processed, and if necessary the possibility to know the purposes of the processing, the category of data used, the recipients of the data, the period of time for which the data will be kept or the criteria used to determine this period their rights to request the rectification and deletion of the data, the limitation of their processing and the possibility of objecting to it, the right to lodge a complaint with the CNPD, or information on any transfer of personal data to a third country.

- Right of rectification: Right to obtain from the DPO the update or rectification of inaccurate personal data.

- Right to erasure: Right to obtain from the DPO the erasure of personal data when the data are no longer necessary for the purposes for which they are processed, when the data subject withdraws his consent, when he objects by virtue of his right to object to the processing or when the processing of the data is unlawful.

- Right of limitation: Right to obtain from the DPO the limitation of the processing when the data processing is unlawful, when the data are no longer necessary for the purpose of the processing but are still useful for the establishment, exercise or defence of legal claims or when the data subject has objected to the processing on the basis of his right to object.

- Right to data portability: The right to receive data provided to the DPO in a readable, structured and commonly used format and the ability to transfer it without hindrance to another organization.

- Right to object: The right to object at any time, for reasons relating to his or her particular situation, to the processing of his or her personal data, in particular when such data are processed for the purposes of canvassing, profiling, historical, scientific or statistical research. The DPO may continue such processing if he proves that it is necessary for a legitimate and compelling reason that overrides the interests and rights and freedoms of the data subject.

5. We do not sell our Stakeholders' personal data.

The possible communication of this data outside of Health Integration Technology's partners is only carried out, with clear information to the Stakeholders, within the framework of our regulatory obligations or for services defined with third parties that have been subject to rigorous validation and certification procedures beforehand.

Glossary

Personal data
Any information relating to a physical person allowing to identify him directly or indirectly. It can be name and surname, date of birth, personal address, email, photograph, telephone number or banking information, (non-exhaustive list).

Processing
Any operation carried out manually or by means of automated processes applied to personal data. This may include collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, reconciling or linking, limiting, erasing or destroying.

Stakeholders
Represents at Health Integration Technology, the Customer, the Prescriber, the Collaborator and any Partners used in the course of the company's business.