The InterHop association undertakes to ensure that the processing of your personal data carried out on its site, as well as on **its various HDS (Health certified) ** services:
or its non-HDS services:
comply with the General Data Protection Regulation (hereinafter “GDPR”), the French Data Protection Act (hereinafter “LIL”) and other applicable laws.
To this end, InterHop shall take all necessary precautions to preserve the confidentiality and security of personal data (hereinafter “personal data”) communicated and processed in order to prevent their destruction, loss, alteration or unauthorised disclosure.
It is recalled that the notion of personal data refers to any information relating to a person that allows that person to be identified directly or indirectly, such as name, telephone number, IP address or e-mail address.
By using our website and our services, you may be required to provide us with personal data that can identify you and/or your organisation (company, association, public institution, etc.). This information includes in particular your identity, your email, your telephone number, your identifier, etc. In addition, in the context of a contractual relationship with InterHop, various documents are necessary for the proper execution of the relationship: address, place of execution of the service, name of the organisation, name and surname of the person responsible for processing, name and surname of the preferred contact person, email, telephone number, SIREN number, IC number, etc.
**By using social networks, your personal data may be disseminated, used by anyone and everywhere, without your prior consent.
Your donations are essential to guarantee our independence, to develop ethical health tools, to perpetuate InterHop’s projects, to change the law and apply the law. For donations, InterHop uses widgets from the HelloAsso.com website which contains “Google Tag Manager” trackers.
When the data controller collects health data with software provided by the InterHop association, this data is hosted by GPLExpert, a certified Health Data Host (hereinafter HDS) in the “Physical Infrastructure Host” and “Hosting Provider” categories (Art. R. 1111-11. - I; 1 CSP)
The GPLExpert datacenter is located exclusively in France.
Personal data processed using non-HDS services are also hosted in France. For more details, see legal notice.
Using InterHop services such as Crytpad (available at cryptpad.hds.interhop.org and cpad.interhop.org ), Bitwarden (available at password. interhop.org) or Matrix/Element (available at element.interhop.org) your personal data is encrypted from end to end. Only the end user is able to exercise his or her GDPR rights as set out in the “Your rights to your personal data” section of this document.
InterHop will not be able to delete personal data in relation to these services as only the end user of the service can access their data.
Personal data collected by InterHop is always hosted in France by an entity that is subject only to European law.
The personal data that you transmit to InterHop or that InterHop collects are processed in particular for the following purposes:
Depending on the task entrusted to InterHop, at least one of the following legal requirements is met (Article 6 of the GDPR): (a) the data subject has consented to the processing of his/her personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject; (c) processing is necessary for compliance with a legal obligation to which the controller is subject (d) processing is necessary to protect the vital interests of the data subject or of another natural person (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
InterHop will not pass on personal data to a third party unless the data subject has given prior consent to the sharing of his/her data with third parties, or the sharing of his/her personal data with such third party is necessary for the provision of products or services, or a competent judicial or administrative authority requires InterHop** to provide such personal data.
Personal data is kept for as long as is necessary for the purposes for which it was communicated to InterHop, in compliance with the applicable regulations and is, in any event, destroyed at the end of this period. At the end of these periods, the data is destroyed in a secure manner or archived in accordance with the provisions of the deliberation of the CNIL adopting a recommendation concerning the modalities of electronic archiving of personal data for organisations in the private sector (Art. L. 232-21-2; art. R. 232-46; Art. R. 262-116-4; Art. 241-19-3 of the CASF and Art. R. 1112-7 of the CSP).
InterHop stores your personal data within the European Union (in France). No data is transferred outside the European Union.
If InterHop were to do so, you would be informed immediately. We will inform you of the measures taken to control this transfer and to ensure that the confidentiality of the data is respected.
At any time, you have the right to exercise any of your rights with respect to your personal data, namely. In accordance with the RGPD and the LIL, the data subject has the following rights:
Right to information: InterHop, the organisation that collects information on the data subject, provides clear information on the use of the data subject’s data and on his/her rights:
Right of access : Data subjects may submit an access request, requiring InterHop to provide them with a copy of all data it holds about them. **InterHop has one month to provide this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.
For any information or to exercise your rights regarding the processing of personal data managed by InterHop, you can contact the Data Protection Officer (DPO) of InterHop: