Privacy Policy


The InterHop association undertakes to ensure that the processing of your personal data carried out on its site, as well as on **its various HDS (Health certified) ** services:

or its non-HDS services:

comply with the General Data Protection Regulation (hereinafter “GDPR”), the French Data Protection Act (hereinafter “LIL”) and other applicable laws.

To this end, InterHop shall take all necessary precautions to preserve the confidentiality and security of personal data (hereinafter “personal data”) communicated and processed in order to prevent their destruction, loss, alteration or unauthorised disclosure.

The purpose of InterHop’s privacy policy is therefore to share its commitments with regard to the collection, processing and transfer of personal data and, more broadly, to the protection of personal data.

It is recalled that the notion of personal data refers to any information relating to a person that allows that person to be identified directly or indirectly, such as name, telephone number, IP address or e-mail address.

To whom is InterHop’s policy addressed?

The InterHop Association’s privacy policy is intended for visitors to the website, users of its HDS or non-HDS services, members, donors, prospects, customers, suppliers or subcontractors, employees, or candidates for employment with InterHop and, more broadly, any person whose personal data may be or is collected, received, stored, processed, transferred and used, regardless of the format. By using the InterHop website and providing your personal data to InterHop, you acknowledge that you have read and understood this privacy policy and consent to your personal data being used and processed in accordance with the terms of this policy, within the framework of the legislation in force.

Data collected

The information you provide to InterHop

By using our website and our services, you may be required to provide us with personal data that can identify you and/or your organisation (company, association, public institution, etc.). This information includes in particular your identity, your email, your telephone number, your identifier, etc. In addition, in the context of a contractual relationship with InterHop, various documents are necessary for the proper execution of the relationship: address, place of execution of the service, name of the organisation, name and surname of the person responsible for processing, name and surname of the preferred contact person, email, telephone number, SIREN number, IC number, etc.

Data relating to social networks

In the event that you connect to our services using the social network features made available to you, InterHop will have access to some of your data such as your first name, last name, email address, from your account on the said social network in accordance with the general terms of use of the social network concerned.

**By using social networks, your personal data may be disseminated, used by anyone and everywhere, without your prior consent.

Data relating to Cookies

The website and its service sites are published by the InterHop association, and do not use cookies.,,,,,,,, et present the services administered by the InterHop association and do not use cookies.

For donations

Your donations are essential to guarantee our independence, to develop ethical health tools, to perpetuate InterHop’s projects, to change the law and apply the law. For donations, InterHop uses widgets from the website which contains “Google Tag Manager” trackers.

“Sensitive” health data

When the data controller collects health data with software provided by the InterHop association, this data is hosted by GPLExpert, a certified Health Data Host (hereinafter HDS) in the “Physical Infrastructure Host” and “Hosting Provider” categories (Art. R. 1111-11. - I; 1 CSP)

Today, health data processed using services via and benefit from an HDS.

The GPLExpert datacenter is located exclusively in France.

Personal data processed using non-HDS services are also hosted in France. For more details, see legal notice.

End-to-end encrypted data

Using InterHop services such as Crytpad (available at and ), Bitwarden (available at password. or Matrix/Element (available at your personal data is encrypted from end to end. Only the end user is able to exercise his or her GDPR rights as set out in the “Your rights to your personal data” section of this document.

InterHop will not be able to delete personal data in relation to these services as only the end user of the service can access their data.

Use of personal data

Personal data collected by InterHop is always hosted in France by an entity that is subject only to European law.

The personal data that you transmit to InterHop or that InterHop collects are processed in particular for the following purposes:

Depending on the task entrusted to InterHop, at least one of the following legal requirements is met (Article 6 of the GDPR): (a) the data subject has consented to the processing of his/her personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject; (c) processing is necessary for compliance with a legal obligation to which the controller is subject (d) processing is necessary to protect the vital interests of the data subject or of another natural person (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.

Recipients of personal data

InterHop will not pass on personal data to a third party unless the data subject has given prior consent to the sharing of his/her data with third parties, or the sharing of his/her personal data with such third party is necessary for the provision of products or services, or a competent judicial or administrative authority requires InterHop** to provide such personal data.

Duration of retention

Personal data is kept for as long as is necessary for the purposes for which it was communicated to InterHop, in compliance with the applicable regulations and is, in any event, destroyed at the end of this period. At the end of these periods, the data is destroyed in a secure manner or archived in accordance with the provisions of the deliberation of the CNIL adopting a recommendation concerning the modalities of electronic archiving of personal data for organisations in the private sector (Art. L. 232-21-2; art. R. 232-46; Art. R. 262-116-4; Art. 241-19-3 of the CASF and Art. R. 1112-7 of the CSP).

Transfer of your data

InterHop stores your personal data within the European Union (in France). No data is transferred outside the European Union.

If InterHop were to do so, you would be informed immediately. We will inform you of the measures taken to control this transfer and to ensure that the confidentiality of the data is respected.

Your rights over your personal data

At any time, you have the right to exercise any of your rights with respect to your personal data, namely. In accordance with the RGPD and the LIL, the data subject has the following rights:

To exercise your rights

For any information or to exercise your rights regarding the processing of personal data managed by InterHop, you can contact the Data Protection Officer (DPO) of InterHop:

Changes to InterHop’s Policy

InterHop may change its privacy policy from time to time. We will ensure that you are informed of such changes via our website and our newsletter.

You acknowledge that you have read and understood this policy and consent to the use and processing of your personal data in accordance with this privacy policy. Otherwise, you agree not to: