Privacy Policy

Introduction

Welcome to www.ibenseena.com (“we,” “us,” or “Ibenseena”). We are deeply committed to protecting the privacy and confidentiality of our users’ (“you,” “your,” or “users”) personal information. This Privacy Policy details the types of information we collect, how we use it, who processes it, how it is secured, and the comprehensive rights you have regarding your personal data. Our platform operates as an integrated health system, facilitating essential relationships and data exchange between patients and doctors across various international jurisdictions.

By accessing or using Ibenseena, regardless of your geographic location, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with any aspect of this policy, please do not use our website or services.

Information We Collect

We collect both personally identifiable information (“PII”) and non-personally identifiable information (“Non-PII”) to provide and improve our services. PII is information that can be used to identify an individual, while Non-PII is data that does not directly identify an individual.

Information You Provide Directly:

When you interact with our platform, you may provide us with the following types of information:

• Account Creation: When you create a user account, we may collect your name, email address, password, and other relevant contact information.
• Doctor Profile Submission: If you are a medical professional submitting a doctor’s profile, we collect detailed information such as the doctor’s name, specialty, professional contact details, educational background, work experience, and any other relevant professional qualifications.
• Health Data (via “My Health Space” / “Mon espace santé”): As part of your dedicated “Mon espace santé” (My Health Space) profile, implemented in accordance with the Public Health Code (Decree no. 2021-1048 of August 4, 2021 relating to the implementation of the digital health space), we collect data strictly necessary for the purpose of promoting health, prevention, coordination, quality, and continuity of care. This includes:
  
  • General identifying data (surname, first name, date of birth).
  • Health data contained in your shared medical file.
  • Data within your medical profile (which you manage).
  • Data from messages and documents in your secure health messaging system.

Automatically Collected Information:

When you access or use our website, we may automatically collect certain technical and usage data, including:

• Your IP address.
• Browser type and version.
• Operating system.
• Usage patterns on our website (e.g., pages visited, time spent on pages, clickstream data).
• Traceability data concerning access to your “Mon espace santé” profile.

How We Use Your Information

We utilize the collected information for various purposes crucial to providing and enhancing our services, as well as for compliance with legal obligations.

To Provide Services:

We use your information to grant you access to our website’s features and services, including the accurate display of doctor profiles and their contact information. For “My Health Space,” your data enables you to manage your health information in conjunction with healthcare, social, and medico-social professionals, promoting a truly integrated health system across different regions.

For Communication:

We may use your contact information to send you essential updates, notifications, and important information related to your account and the services we provide, including communications between patients and doctors facilitated by our platform.

To Improve User Experience:

We continuously analyze user behavior and engagement patterns on our website to enhance our services, optimize the user interface, and overall improve your experience. Certain anonymized data is used for statistical purposes to guide the improvement of “Mon espace santé” and the overall integrated health system.

For Legal Compliance and Security:

We may use your information to comply with applicable legal and regulatory obligations, resolve disputes, enforce our terms and conditions, and protect the security and integrity of our platform.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect information about your interactions with our website. These technologies help us to:

• Personalize your experience on Ibenseena.
• Analyze usage patterns and trends.
• Improve the functionality and services we offer.

You have the ability to manage your cookie preferences directly through your browser settings. Please note that disabling certain cookies may affect the functionality or availability of some features on our website.

Third-Party Sharing

We may share your information with third parties under specific and limited circumstances, always striving to protect your privacy and ensure seamless healthcare coordination. This may include:

• With Doctors: We share relevant information with doctors to accurately display their professional profiles and enable patient contact through our platform.
• With Service Providers: We may engage trusted third-party service providers who assist us in operating our website, providing services to you, or performing functions on our behalf (e.g., hosting, analytics, technical support). These providers are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
• For Legal Compliance: We may disclose your information if required to do so by law, court order, or governmental regulation, or to respond to lawful requests from public authorities in relevant jurisdictions.
• Special Cases (Healthcare Professionals within “My Health Space”): For “My Health Space,” healthcare professionals directly involved in your care, including your designated attending physician and members of your care team, have access to your health data in accordance with defined authorization matrices and legal frameworks (Public Health Code). This access is crucial for the integrated coordination of your care. Your consent for information exchange within a care team is presumed, but you retain rights over access (see Section 9).

International Data Transfers

As an international website, Ibenseena may process, store, and transfer your information across borders, including to countries outside of your own jurisdiction. This means your personal data may be transferred to, and processed in, countries where data protection laws may differ from those in your country of residence.

When transferring personal data internationally, we implement appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable laws. These safeguards may include:

• Standard Contractual Clauses (SCCs): For transfers of personal data from the European Economic Area (EEA) to countries not deemed to provide an adequate level of data protection by the European Commission, we rely on SCCs as a legal mechanism.
• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing an adequate level of data protection.
• Other Legal Grounds: We may also rely on other legal grounds for transfers, such as your explicit consent or where the transfer is necessary for the performance of a contract or for the establishment, exercise, or defense of legal claims.

By using our services, you consent to the transfer of your information to countries outside your country of residence as described in this policy.

Data Security

We implement robust technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption, access controls, secure storage solutions, and regular security audits. In accordance with Article 35 of the GDPR, a Data Protection Impact Assessment (DPIA) has been carried out for “My Health Space” to ensure that your privacy is respected.

While we strive for maximum security, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. Therefore, we cannot guarantee absolute security.

Your Role in Data Security: We also encourage you to be vigilant in protecting your data. Please ensure that the browser or network you use to access “My Health Space” (e.g., home network, mobile operator network) and the operating environment of your devices are configured securely. We strongly recommend against accessing “My Health Space” from public Wi-Fi networks (e.g., train stations, airports, hotels). Always ensure your computer’s configuration is secure, free of viruses, and in good working order. Consultation of the data in your “My Health Space” profile is reserved directly for you, members of your healthcare team and any healthcare professional you have authorized.

Who Processes Your Personal Data?

Your data is processed in strict accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and relevant national legislation applicable in the jurisdictions where we operate or serve users.

Data Controller and Data Processor: Ibenseena administrators are primarily responsible for processing the data of all ibenseena.com website users. In specific cases, doctors authorized to access patients’ health spaces, as part of the integrated system, may also access patient data within “My Health Space.” In this regard, we undertake to take all necessary precautions, considering the nature of the data collected and the risks associated with its processing, to preserve the security of your data and prevent it from being distorted, damaged, or accessed by unauthorized third parties.

How is Your Data Used in “My Health Space”?

“Mon espace santé” is implemented in accordance with Articles R. 1111-26 et seq. of the Public Health Code (Decree no. 2021-1048 of August 4, 2021). The processing of your data within “My Health Space” is therefore based on grounds of public interest, as defined in Article 6(e) of the GDPR.

The primary aim of “My Health Space” is to empower individuals throughout their lives to manage and improve their health. This secure digital public service enables you to manage your health data in collaboration with professionals from the health, social, and medico-social sectors, thereby promoting prevention, coordination, quality, and continuity of care within an integrated framework.

Certain anonymized data, used for statistical purposes concerning the overall use of “Mon espace santé,” will be utilized to guide improvements and strategic development of the service.

What Data is Collected for “My Health Space”? Only personal data strictly necessary for the purpose of processing within “My Health Space” is collected. This includes:

• General identifying data (surname, first name, date of birth, etc.).
• Health data contained in your shared medical file.
• Data contained in your medical profile (which you populate).
• Data concerning messages and documents within your secure health messaging system.
• Traceability data concerning access to your “Mon espace santé” profile.

How Long Will Your Personal Data Be Kept?

For “My Health Space,” your data will be kept for one (1) year from the time you officially close your “My Health Space” account.

Some data may be automatically deleted from your account if you voluntarily delete them from your medical profile, your health measures, or your messaging system. The deletion of these specific elements will result in their immediate and definitive removal from your “Mon espace santé” profile.

Who Can Access Your Data in “My Health Space”?

Access to your data within “My Health Space” is strictly controlled and limited to authorized individuals and entities to ensure proper patient-doctor relations and care coordination.

You (The Adult Holder):

You can directly access all data within your “My Health Space” profile using your unique identification and authentication credentials. Once logged in, you will have comprehensive access to your stored data. You can also use your credentials to access your child’s “My Health Space” profile, subject to respect for the minor’s right to privacy.

Professionals Who Care for You:

The access rights of various categories of authorized professionals are defined by an authorization matrix that specifies which data are accessible based on their profession or specialty, facilitating their involvement in your care.

Your Care Team:

A “care team” refers to a group of professionals directly involved in providing or coordinating your care or treatments. This includes professionals you have consulted, or those working together in a formal cooperation, shared practice, or health/medical-social coordination structure, including at least one healthcare professional, with a formal organization based on predefined procedures. For professionals who are part of the same care team, your prior explicit consent is not required for the exchange and sharing of confidential information within this team, as your consent is presumed in this context for care coordination.

Special Cases: The Attending Physician:

If you designate an attending physician in your shared medical file, they will have extensive rights to access all information stored in your file. This includes access to information that you may have marked as “masked” (inaccessible) to other professionals, unless a legitimate reason exists for masking and is justified by the attending physician for your care.

Your Rights Regarding Your Personal Data

In accordance with the GDPR, and other applicable international data protection laws, you have several important rights concerning your data processed in your “My Health Space” profile and on Ibenseena.com generally. These rights aim to give you control over your personal information.

Right to Object:

• Creation of “My Health Space”: You have the right to object to the automatic creation of your “My Health Space” profile. From the date you receive the email or letter informing you of its creation, you have a six-week period to express your opposition. If you do not object within this period, “My Health Space” will be automatically created, but you may close it at any time thereafter.
• Access to the Medical Record in “My Health Space”: Once your “Mon Espace Santé” profile is created, you generally cannot refuse, without a legitimate reason, an authorized professional or persons working under their responsibility from entering information into your shared medical record that is useful for the prevention, continuity, and coordination of your care. However, you can block access to your shared medical record at any time by a specific professional, and unblock it subsequently.

Access and Portability Rights:

You have direct and immediate access to all your data processed in “Mon espace santé.” If your account was created automatically, you can consult its contents at any time by activating your account on the “Mon espace santé” website. As part of the general rollout of “Mon espace santé,” the right to data portability will be implemented at a later date by data controllers and can be exercised once the system is fully deployed.

Right to Rectification and Limitation:

• You can directly rectify data you have entered yourself (e.g., health measures, medical profile data).
• For documents filed in your medical file by healthcare professionals, rectification must be requested from the professional who filed the document. The professional can then delete the incorrect document and submit a new, corrected version.
• The right to rectification and the right to limit processing related to “Mon espace santé” must be exercised directly with the director or Data Protection Officer (DPO) of your local health insurance fund.

Right of Deletion (Erasure):

• You can directly delete information you have entered yourself (e.g., your medical profile, health measures, documents you have deposited in your medical record, or messages in your mailbox). The deletion of these elements will result in their immediate and definitive removal.
• Similar to rectification, you cannot directly delete data entered in your shared medical record by a healthcare professional. You can request deletion, if there is a legitimate and justifiable reason, from the professional or establishment that created the document.

Opt-out of Non-Essential Communications:

You have the right to opt-out of receiving non-essential communications from us. Instructions for opting out are typically provided within the communications themselves.

Children’s Privacy

Our website and services are not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you believe that we have inadvertently collected such information, please contact us immediately so that we can take appropriate steps to remove it from our records.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our data processing practices, legal obligations (including international regulations), or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website and updating the “Last Updated” date at the top of this policy. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights, please do not hesitate to contact us at:

📧 Email: support@ibenseena.com
📍 Address: [Your legal business address]
🌐 Website: [www.ibenseena.com]