Contact

Health data

Health Data and Algorithms

INFORMATION RELATING TO THE USE OF DATA FOR THE PURPOSES OF DEVELOPING AND VALIDATING HEALTH DATA ANALYSIS ALGORITHMS

BioSerenity cares about the protection of personal data, including health data (“personal data “).

As part of your medical examinations, or that of children for whom you have parental authority, your Personal Data or those of children for whom you have parental authority may have been collected directly by BioSerenity, or collected for your physician through the services of BioSerenity.

On this occasion, you were able to give your consent for the reuse of your Personal Data by BioSerenity for research and development purposes to improve its products and services.

To date, if you have given your consent, BioSerenity plans to reuse your Personal Data to carry out a study whose purpose is the development of algorithms allowing the automatic analysis of physiological signals (electrocardiograms, electroencephalograms, polysomnographies). that is, health data.

The main objectives of these algorithms are to provide information on the quality of the signals collected and the identification of pathological events for an aid in medical diagnosis. In other words, BioSerenity’s goal is to help doctors provide a medical diagnosis.

You will find below the rules that BioSerenity applies when it uses information allowing you to be identified.

ARTICLE 1. HOW BIOSERENITY USE YOUR PERSONAL DATA AND WHY?

BioSerenity is the controller of your data, i.e. the person who decides how and why your data will be used.

BioSerenity has appointed a data protection officer (person who advises BioSerenity with regard to the protection of Personal Data) with the National Commission for Computing (the “CNIL”).

BioSerenity collects and uses your Personal Data in accordance with the laws in force: Law no. ° 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data applicable since May 25, 2018 (together, the “Applicable Regulations”).

BioSerenity undertakes to use your Personal Data fairly and respecting your rights.

BioSerenity uses your Personal Data for the following reasons:

  • Development of algorithms, i.e. of an automated process making it possible to obtain a result (here, the identification of pathological events) from the data recorded by a doctor;
  • Training and validation of the developed algorithms.

The objective of these algorithms is to provide physicians with assistance in the diagnosis of their patients. The algorithms will allow patients to benefit from a faster and more accurate diagnosis, and doctors to more easily adapt the treatment they can choose for their patients.

To carry out this processing of your Personal Data, BioSerenity relies on your consent as well as its legitimate interests in carrying out research and development.

If you do not consent to the use of your Personal Data for this study, BioSerenity will not use your Personal Data.

In the event that the Personal Data processed by BioSerenity is Personal Data relating to minors, BioSerenity will endeavor to obtain the consent of the minor who has become an adult during the study.

ARTICLE 2. WHAT PERSONAL DATA ARE USED BY BIOSERENITY?

As part of its research and development activities, BioSerenity will use the following data:

  • identification data: registration numbers, sex, height, weight and age, voice recordings of snoring in the context of polysomnography examinations;
  • data relating to your health: electroencephalograms, electrocardiograms, polysomnographies, diagnosed pathology(ies), medications, questionnaires completed by patients prior to an examination and the dates of the research. These last two pieces of information provide context for characterizing the population of studies targeted by the algorithms;
  • annotations of examinations by third-party doctors;
  • lifestyle habits: smoking, alcohol, drugs.

None of this data includes your surnames, first names, email or postal address, and does not allow you to be identified directly.

BioSerenity makes sure to use exact data to train its algorithms.

ARTICLE 3. HOW PERSONAL DATA ARE PROTECTED
AND PRESERVED?

BioSerenity implements technical and organizational security measures to prevent the loss, misappropriation, intrusion, unauthorized disclosure, alteration or deletion of your Personal Data, in particular by keeping your Personal Data on certified servers. “Health Data Host” in accordance with French regulations.

Only pseudonymised Personal Data will be used by BioSerenity in order to limit any risk of re-identification.

The Personal Data used to create and validate BioSerenity algorithms are kept for:

  • two years from the end of the research;
  • then for twenty years on an archival database with restricted access.

ARTICLE 4. DOES BIOSERENITY SHARE
YOUR PERSONAL DATA?

The Personal Data used for research purposes is hosted by the Amazon Web Service company, within a data center certified as a “Health Data Host”, in France only. Amazon Web Services has, in this context, been audited by an independent body, certifying that its data centers comply with all the legal and technical obligations applicable to the hosting of health data.

Personal Data is accessible:

  • the BioSerenity team in charge of algorithm development;
  • doctors and technicians employed by BioSerenity or external, who will be responsible for annotating the signals used to validate the algorithms.

Some of these doctors and technicians may be located outside the European Union, and in particular in the United States. In order to protect your Personal Data, BioSerenity and third-party physicians have entered into the European Commission’s 2021 Standard Contractual Clauses. In addition, doctors and technicians cannot make copies of your Personal Data, they can only consult them in order to make their annotations.

All persons who can access your Personal Data are subject to a confidentiality clause.

ARTICLE 5. WHAT ARE YOUR RIGHTS
ON YOUR PERSONAL DATA?

Subject to the conditions of the Applicable Regulations, you have the following rights over your Personal Data:

  • Right of access: you can request access to your Personal Data. In this case, we will send you, in a secure manner, a copy of your Personal Data accompanied by information relating to the processing that we implement;
  • Right to rectification: you can ask us to correct your Personal Data if it is inaccurate or incomplete;
  • Right to deletion: you can ask us to delete your Personal Data;
  • Right to the portability of your Personal Data: you can obtain a copy, in a format allowing the use of your Personal Data, or ask us to transmit it directly to another data controller;
  • Right to limit the processing of your Personal Data: you can ask us to freeze the use of your Personal Data. In this case, we will keep them but we will no longer use them.

You can also object, at any time, to your Personal Data or that of the children for whom you have parental authority, being used for research purposes, your participation in BioSerenity’s research being optional, by writing has compliance@bioserenity.com. In this case, BioSerenity will no longer process your Personal Data, but the processing that will have been carried out before your opposition will remain lawful.

You can file a complaint with the CNIL by writing to the National Commission for Computing and Liberties 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – France. or via the CNIL website www.cnil.fr.

You have the option of defining directives relating to their digital will to determine the fate of your data after your death.

You can withdraw your consent at any time, on the understanding that any previous processing will remain lawful.

You can, including if you are a child, at any time, contact BioSerenity’s data protection officer at the email address: compliance@bioserenity.com, or at the postal address BioSerenity – for the attention of the Data Protection Officer, 20 rue Berbier du Mets – 75013 Paris – France.

BioSerenity will ensure that it responds to you within one month of receipt of your request, subject to a possible extension of two months, and BioSerenity reserves the right to oppose any request considered abusive due to of its repeated character.