Data protection
and privacy policy

1. Scope of application

Apart from the terms defined below, all capitalized terms in this Policy are defined in Article 4 of the GDPR.

• SB-Tech Europe : refers to SB-Tech Europe SA.

• VitalCare : refers to the brand and software developed by SB-Tech Europe SA, which is a digital medical device meeting the definition of medical device set out in Article 2 of Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 concerning medical devices,

• Application: refers to the “VitalCare” application available on a smartphone after downloading it from an application store.

• Website : refers to the https://vitalcare.ai/ website

• Monitoring platform (web console) : refers to the User monitoring interface used by facility staff when the Application is deployed in a healthcare, medico-social or social facility (e.g. EHPAD).

VitalCare is a complete solution for monitoring people losing their autonomy, using non-invasive technologies such as Balistocardiography (BCG) smart cameras and with innovative IoT devices.

By combining these tools with artificial intelligence, VitalCare can continuously monitor physiological constants, detect anomalies and inform caregivers, family and carers in real time.

Ensuring the security and confidentiality of its Users’ personal Data is an absolute priority for SB-Tech Europe through its VitalCare software.

SB-Tech Europe thus undertakes to comply with all French and European legislative and regulatory provisions relating to the protection of Personal Data, in particular Regulation (EU) n°2016/679 of April 27, 2016 (the General Data Protection Regulation, or “GDPR”) and the French Data Protection Act n°78-17 of January 6, 1978 as amended (“LIL”).

SB-Tech Europe also complies with the ethical rules laid down by the professional bodies representing the medical and paramedical professions present on its service.

This Privacy Policy presents the Processing carried out by SB-Tech Europe through its VitalCare software on your Personal Data and the measures adopted to protect them. In summary :

• Each VitalCare User remains in control of his or her data. SB-Tech Europe, through its VitalCare software, does not dispose of it freely outside the defined and communicated purposes;

• They are processed transparently, confidentially and securely;

• SB-Tech Europe is committed to the ongoing protection of its Users’ data, and is supported by a Data Protection Officer (DPO) registered with the French Data Protection Authority (CNIL);

• Data concerning Users’ health is hosted by a service provider that has received HDS (Health Data Host) certification issued by Asip Santé (Agence des Systèmes d’Information Partagés de Santé).

SB-Tech Europe through its VitalCare software wishes to inform its Users, and through this Policy, of the manner in which we process (i.e. collect, use, store…) and protect their Personal Data (e.g. name, first name, address, health-related information…) via the website, the “VitalCare” application (available on smartphone) and the Web Console.

This Policy may be modified, supplemented or updated in order to comply with any legal, regulatory, jurisprudential or technical developments.

Apart from the terms defined below, all capitalized terms in this Policy are defined in Article 4 of the GDPR.

2. Data controller

a) SB-Tech Europe : Responsible for processing

In the course of our business, we collect and use personal data relating to users who are natural persons (hereinafter referred to as the “Data Subject”).

For all Processing, SB-Tech Europe, Data Controller, registered under the SIREN number 982640328, whose registered office is at TECHNOPOLE IZARBEL, 97 ALLEE THEODORE MONOD, 64210 BIDART (France), determines the means and purposes of the Processing and therefore acts as Data Controller within the meaning of the regulations relating to personal data, i.e., it defines the purposes of the Processing and how to implement them. If you have any questions or complaints regarding SB-Tech Europe’s compliance with this Policy, our DPO is here to respond to all your requests, in particular to exercise your rights under the LIL and the RGPD, relating to your personal data. The aforementioned appointment bears the reference DPO-153347 and takes effect on 16/10/2024.

You can reach him by e-mail at the following address: contact@sbtech-europe.com

b) SB-Tech Europe : Subcontractor

In this context, SB-Tech Europe is :

Subcontractor within the meaning of the RGPD for the provision, hosting and maintenance of its medical device.

In all cases, SB-Tech Europe through its VitalCare software ensures that the data has been obtained in compliance with the principles of lawfulness, fairness and transparency towards you.

3. What data do we collect and how?

In the course of our various activities, you provide us with a certain amount of information about yourself, some of which may identify you (“personal data”). This is particularly the case when you browse our site, use our Application and Web Console or request our services. The nature and quality of the personal data collected about you will vary depending on the relationship you enter into with SB-Tech Europe through its VitalCare software :

– Identification data: this includes any information that would enable us to identify you, such as your surname, first name (of the person being cared for and of the carer), gender, telephone number, postal address (zip code and commune) or e-mail address, identity of the healthcare professional, as well as any information provided by you as part of your contact request and, where applicable, the content of the message, as well as any information communicated subsequently during your exchanges with SB-Tech Europe.

– Professional data: professional situation, position and/or function.

– Management data: this data enables us to monitor the relationship between the person being cared for and the caregiver, which is why we collect and store the date on which the caregiver fills in the questionnaire, as well as the history of teleconsultations and associated documents.

– Connection data: this is all the information we need to authenticate and identify “authorized users”, such as passwords and other information needed to authenticate and access an account, or your browsing data, such as your IP address.

– Education and training data: languages spoken.

– Financial data: SB-Tech Europe, through its VitalCare software, may collect bank details, the date and time of the transaction, the amount invoiced and the means of payment used in order to carry out its customer billing.

– Data relating to legal entities: Name of establishment, postal address, SIRET.

– Health data (qualified as sensitive data within the meaning of the RGPD): SB-Tech Europe through its VitalCare software may collect sensitive data concerning you, such as health data concerning your psychological, clinical or psychological state and other data in relation to your usual course of care. This data is strictly necessary for your care and support by SB-Tech Europe through its VitalCare software.

– Highly personal data: SB-Tech Europe through its VitalCare software may collect your social security number when it is necessary to carry out its mission (carrying out administrative procedures on your behalf, etc.).

SB-Tech Europe through its VitalCare software ensures that the collection of your Personal Data is relevant, adequate, not excessive and strictly necessary to its activities. You are informed that certain information is essential in order to benefit from our services (for example, when you fill in a form, this information is indicated by an asterisk). If you fail to provide this information, we will not be able to offer you the services concerned.

4. Why do we collect your personal data and how?

We collect your personal data for specific purposes and on various legal grounds.

As part of the provision of our Application and our web console, SB-Tech Europe, through its VitalCare software, uses the following personal data in particular :

SB-Tech Europe, through its VitalCare software, uses the following personal data to manage our website :

In the context of customer service management, SB-Tech Europe, through its VitalCare software, uses the following personal data in particular :

5. Do we share your personal data? (Subcontractors and recipients of personal data)

THE PERSONAL DATA OF USERS AND THEIR RELATIVES WILL NOT BE PASSED ON TO COMMERCIAL OR ADVERTISING ENTITIES WITHOUT THEIR CONSENT

Internal use :

The Personal Data of the User and his/her Relatives may be processed by the employees of SB-Tech Europe SA and its subsidiaries, within the limits of their respective responsibilities and exclusively in order to achieve the purposes of the present policy. In addition, SB-Tech Europe may be required to communicate information relating to the User to the competent administrative and judicial authorities in the context of legal requests (for example, on the basis of a rogatory commission from an examining magistrate in the context of legal proceedings). SB-Tech Europe may, for certain activities related to its operations, call upon the services of several specialized companies (mailing, audience analysis), a list of which may be consulted at the express request of the User.

Hosting:

In order to comply with the provisions of the French Public Health Code concerning personal health data, SB-Tech Europe, through its VitalCare software, uses Amazon Web Services EMEA SARL.

Sis 38 AV JOHN F KENNEDY L 1855, LUXEMBOURG

under the name “AWS Europe” as an HDS-certified Health Data Host. This state-approved certification requires advanced security measures to protect health data hosting centers, guaranteeing the confidentiality of said data.

Bureau Veritas Certification France certifies that the management system of the above-mentioned organization has been audited and found compliant with the requirements of the standard : Certification HDS

In particular by :

– THE PROVISION AND MAINTENANCE IN OPERATIONAL CONDITION OF PHYSICAL SITES TO HOST THE HARDWARE INFRASTRUCTURE OF THE INFORMATION SYSTEM USED TO PROCESS HEALTH DATA;

– PROVISION AND MAINTENANCE IN OPERATIONAL CONDITION OF THE HARDWARE INFRASTRUCTURE OF THE INFORMATION SYSTEM USED TO PROCESS HEALTH DATA;

– PROVISION AND MAINTENANCE IN OPERATIONAL CONDITION OF THE INFORMATION SYSTEM’S APPLICATION HOSTING PLATFORM;

– PROVISION AND MAINTENANCE IN OPERATIONAL CONDITION OF THE VIRTUAL INFRASTRUCTURE OF THE INFORMATION SYSTEM USED TO PROCESS HEALTH DATA;

– ADMINISTRATION AND OPERATION OF THE INFORMATION SYSTEM CONTAINING HEALTH DATA.

– BACKUP OF HEALTH DATA.

The above organization is also certified to ISO 27001 v2013 standards.

Declaration of applicability : version 1 dated 30/06/2022

Certification cycle start date : January 13, 2022

Certificate valid until : January 12, 2025

Certificate n° : FR071635 – Version 5

Case n° : 12164167

Revision date : 03 September 2024

Address of certifying body : Bureau Veritas Certification France 1 place Zaha Hadid, 92400 Courbevoie, France.

ALL PERSONAL HEALTH DATA IS HOSTED WITHIN THE EUROPEAN UNION.

To further secure personal health data, SB-Tech Europe, through its VitalCare software, uses data processing technology with its Edge AI Platform. Data is collected, analyzed and processed locally via the Edge AI Platform, with only event notifications sent to the cloud (which is also HDS-certified). This guarantees an additional level of security in compliance with current regulations. No raw data is hosted in the cloud.
What’s more, VitalCare’s Edge AI platform does not store any data; it is only collected, analyzed and then processed in real time in its raw form. Furthermore, the Edge AI platform, installed locally, uses the highest level of data encryption of existing standards (AES 256).
Notwithstanding all the above-mentioned considerations concerning personal health data, linked to the real-time collection of metrics, sensitive user information in terms of health parameters, or other personal data deemed sensitive or qualified as such, and the measures put in place to secure and protect data and respect privacy beyond regulatory standards; the processing of data concerning the aforementioned Shared Medical Record functionality is subject to the following conditions:

– The authorization and consent of the owner of the data to be communicated in the event of an absolute emergency.

– to be configured to be communicated only in the event of critical emergency events, without being available for consultation.

Regardless of critical events, the management of access authorizations to the health data of the owner of said shared medical record can be configured so that only :

– Health professionals who are members of the care team in charge of the patient can consult the data

Naturally, the software’s initial configuration ensures that the data in the Shared Medical Record cannot be consulted or shared by anyone other than the owner of the data.

The user (and/or data owner) has full control over the authorizations he/she wishes to allocate to peripheral VitalCare users (carers, caregivers, care assistants, etc.).

Data collected through the contact page and/or newsletter (Name + e-mail), SB-Tech Europe through its website VitalCare.ai uses GoDaddy Deutschland GmbH as Data Host.

6. Is your data transferred to third countries?

No, no data is transferred to a third country outside the EU.

7. How long do we keep your data?

We keep your personal data only for as long as is necessary to fulfill the purpose for which we hold it, to meet your needs or to meet our legal obligations (see article 4).
Retention periods vary according to a number of factors, such as :

– The needs of SB-Tech Europe’s activities through its VitalCare software
– Contractual requirements
– Legal obligations
– Recommendations from supervisory authorities

8. How do we guarantee the security of your data?

SB-Tech Europe, through its VitalCare software, is committed to protecting the personal data we collect or process against loss, destruction, alteration, unauthorized access or disclosure. SB-Tech Europe implements all appropriate technical and organizational measures, according to the nature of the data and the risks that their processing entails, to preserve the security and confidentiality of your personal Data.

In this respect, SB-Tech Europe, through its VitalCare software, takes all necessary precautions, with regard to the nature of the data and the risks presented by the Processing, in order to preserve the security of the data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).

9. What cookies do we use on our site?

9.1) What is a cookie?

Cookies are computer files that are automatically deposited on the hard disk of your computer, tablet or cell phone when you browse our website. They are managed by your web browser (Internet Explorer, Firefox, Safari or Google Chrome).

9.2) Are cookies deposited when you browse the VitalCare Website, Application or Web Console?

When you visit the VitalCare website for the first time, a banner informs you of the presence of these cookies and invites you to indicate your choice. Cookies requiring your consent in accordance with regulations are deposited only if you accept them. You can inform yourself at any time and configure your cookies to accept or refuse them by going to the Cookie Policy at the bottom of each page of the Site or by configuring your browser.

9.3) What data is collected through cookies?

Cookies may be used to collect all data relating to a terminal at a given time, in particular

– One or more technical identifier(s) enabling your Internet box to be identified

– The date, time and duration of a terminal’s connection to a Website.

– The Internet address of the page from which the terminal accessing the Website originates.

– The type of terminal operating system (e.g. Windows, MacOs, Linux, Unix, etc.).

– The type and version of browser software used by the terminal (Internet Explorer, Firefox, Safari, Chrome, Opera, etc.).

– Make and model of mobile terminal or tablet

– Possible download errors

– The language of the browsing software used by the terminal.

– The characteristics of the content consulted and shared (name of the show, of the website).

10. What are your rights?

You may exercise the following rights with regard to the personal data we collect/process :

– A right of access (Article 15 of the GDPR): you have the right to request access to the personal data we hold about you, and you can request a copy of it (Read More) ;

– A right of rectification (Article 16 of the RGPD): you can request rectification of any inaccurate data concerning you (Read More) ;

– A right of deletion (Article 17 of the GDPR): you can request the deletion of your personal data in certain circumstances (Read More)

– A right to portability (Article 20 of the RGPD): under certain conditions you can receive all the personal data concerning you that you have provided to us, in a structured format. You also have the right to demand that we transfer them, as far as possible, to another controller (Read More) ;

– A right to object to processing on the grounds of legitimate interests (Article 21 of the RGPD – read more) ;

– A right to withdraw consent at any time (Article 7-3 of the RGPD – Read More ) ;

– A right to restrict processing (Article 18 of the GDPR): you have the right to restrict the processing of your data if:

o You dispute the accuracy of your data, until we verify its accuracy ;

o The processing is unlawful, but you do not want us to delete your data;

o We no longer need your personal data for the purposes of processing, but you need it in order to bring, assert or defend against legal claims;

o You object to the processing on related grounds pending verification of whether our compelling legitimate grounds for continuing the processing override these interests;

If such personal data is subject to such restrictions, we will only process your data with your consent, or for the purpose of bringing, enforcing or defending against legal claims. (Read More) ;

– A right to define the fate of your data after your death and to choose that we communicate (or not) your data to a third party that you have previously designated (Article 40-1 of the Data Protection Act). (Read More).

11. Nous contacter – Coordonnées de notre DPO

Vous pouvez exercer l’ensemble de ces droits sur simple demande auprès du Délégué à la Protection des Données (DPO) de SB-Tech Europe, à l’adresse suivante : contact@sbtech-europe.com

Lorsque vous nous transmettez une demande d’exercice de droit, il vous est demandé de préciser autant que possible le périmètre de la demande, le type de droit exercé, le traitement de données personnelles concerné, et tout autre élément utile, afin de faciliter l’examen de votre demande. En outre, en cas de doute raisonnable sur votre identité, un justificatif d’identité pourra vous être demandé.

Si vous estimez, après nous avoir contactés, que vos droits sur vos données ne sont pas respectés, vous pouvez adresser une réclamation à la Commission nationale de l’informatique et des libertés (CNIL).

12. Date de mise à jour de la politique de confidentialité

La présente politique peut régulièrement être mise à jour afin de tenir compte des évolutions de la réglementation relative aux données personnelles.

Date de dernière mise à jour 16/10/2024.

Copyright © 2024 Powered by SB-Tech Europe SA,
All Rights Reserved.

Contact us

VitalCare™ By
SB-Tech Europe SA,
97 Allée Théodore Monod
64210 Bidart,
FRANCE, EU.

Email
contact@sbtech-europe.com

Phone
+33 (0)7 59 26 85 83

Data protection and privacy policy

Terms of use

Cookies Policy

Newsletter