In the interests of transparency regarding the use of data collected through social networks, and in accordance with Regulation (EU) 2016/679 (hereinafter referred to as GDPR – General Data Protection Regulation), this document presents the means used by Magentine Healthcare to collect and process all the personal data in its possession.

1. DATA PROTECTION POLICY

In the interests of transparency regarding the use of data collected through social networks, and in accordance with Regulation (EU) 2016/679 (hereinafter referred to as GDPR – General Data Protection Regulation), this document presents the means used by Magentine Healthcare to collect and process all the personal data in its possession.

2. DEFINITIONS

Processing: any operation or set of operations (from collection to use) performed on data, whether by automated means or not.

Purpose: the objective pursued by the data controller making the collection lawful.

Data controller: the party who creates the data collection by defining its purpose.

Personal data or data of a personal nature: any data relating to a natural person or legal entity.

DPO: Data Protection Officer

GDPR: General Data Protection Regulation

3. CONTACT INFORMATION

You can contact MAGENTINE HEALTHCARE's DPO (Data Protection Officer) at any time for information at the following addresses:

This email address is being protected from spambots. You need JavaScript enabled to view it.

Magentine Healthcare

1 montée de la lauziére

34980 Saint Clément de la Rivière

FRANCE

4. INFORMATION ON DATA COLLECTION AND PROCESSING

Data collection is carried out at the request of customers (the customer is considered to be the data controller – MAGENTINE HEALTHCARE is considered to be a subcontractor). The contract signed between the customer and MAGENTINE HEALTHCARE specifies the methods of data collection and processing:

• Data concerned
• Purposes of collection
• Processing procedures
• Duration of data retention by MAGENTINE HEALTHCARE
• Methods for transferring data from MAGENTINE HEALTHCARE to the customer
• Contact information of the DPOs of the two companies.

The contract signed between the two entities also ensures compliance with the regulations in force concerning the protection of personal data.

The collection is carried out from tags and keywords on the public pages of social networks, on the private pages of Magentine Healthcare’s customer who commissioned us for the study, and on the Facebook pages built by Magentine Healthcare according to a specific theme.

According to the contract signed with the customer, the data may be processed by MAGENTINE HEALTHCARE. The data is processed in accordance with the purpose defined contractually by both parties. Magentine Healthcare collects data (comments, tags, reviews, shares, emoticons, sender alias) using APIs delivered by social networks, without using other third parties. Magentine Healthcare data processing is done using market or open source tools (R, Python, SAS, etc.) to meet the purposes of customer requests (understanding of appetites) and only the Magentine Healthcare teams in charge of processing have access to the project data.

In accordance with the GDPR, the persons concerned may at any time exercise their rights of access, opposition, rectification and deletion, through the intermediary of Facebook. In the event of a complaint, Facebook will contact the DPO of MAGENTINE HEALTHCARE: This email address is being protected from spambots. You need JavaScript enabled to view it..

5. SECURITY AND CONFIDENTIALITY

The data collected is stored on a server external to MAGENTINE HEALTHCARE: OVH.

The computer system is managed by a subcontractor in compliance with the GDPR. It is secured by anti-virus protection and a firewall

Access to the computerized data is only possible from the OVH network, in a manner that is defined and limited according to the user's profile. Any intrusion into the computer network or attempted unauthorized access is immediately reported to the information systems security department and to the general management of the MAGENTINE HEALTHCARE group.

6. TRANSFER OF PERSONAL DATA

Subject to the provisions of this personal data protection policy, we may communicate personal data (alias) to persons employed by MAGENTINE HEALTHCARE and only to the extent necessary for the performance of the tasks assigned to them.

The data collected is not transferred to the customer. Only the analysis and the results of the analysis are provided to the end customer via:

• Email
• Secure FTP server compartmentalized by customer
• Web visualization tools (datavizz) on a secure server and compartmentalized by customer

Due in particular to the international dimension of our customers, communications are likely to involve the transfer of tests and results (excluding raw data) to countries that are not members of the European Economic Area, whose legislation on the protection of personal data differ from those of the European Union.

In this case, the contracts between MAGENTINE HEALTHCARE and customers are adapted. Rigorous and appropriate organizational, technical and personnel measures ensure the security and confidentiality of personal data in accordance with European regulations.

7. DATA RETENTION

We aim to always store personal data securely, and only for as long as necessary to achieve the purpose for which they are processed. To this end, we implement the appropriate technical and organizational measures.

Once the data has been collected and/or processed, we leave access to the data to the customer for 6 months. Subsequently, this access is blocked and the data is archived and kept by MAGENTINE HEALTHCARE for a period defined contractually beforehand, depending on the intended purpose. If no deadline has been established, the data collected are deleted 3 years after the date of archiving