Privacy Policy

Data Protection Policy - Per Ankh Project
Introduction and Definitions
The Per Ankh Project (PAP), a simplified joint-stock company (SAS), is concerned with the protection of your personal data. As the data controller, PAP ensures the best level of protection and confidentiality of the data collected as part of its missions.
PAP is committed to complying with the General Data Protection Regulation (GDPR) and the French Law No. 78-17 of January 6, 1978 on Information Technology, Data Files and Civil Liberties, as amended (LIL).
Important Definitions
Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Health data: personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about the state of health of that person.
Data processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller: the natural or legal person who determines the purposes and means of the data processing.
Processor: the natural or legal person who processes personal data on behalf of the data controller.
Personal data is collected when you use the PAP web application and mobile application. This information is subject to paper or electronic processing. We inform you below how we process this data. This document is regularly updated.
Categories of Data Processed
The data that may be collected are:
Identification Data
Patients: civil status, address, phone, email
Healthcare and rehabilitation professionals: civil status, professional address, phone and email
Personal and Professional Situation
Patients: current activity, profession before retirement if applicable, marital status, living environment, type of housing, smoking
Healthcare and rehabilitation professionals: profession, place of practice (type, name, address)
Other Data
Legal Information: existence of protective measures, etc.
Connection Data: IP address, logs, etc.
Health Data: medical history, diagnoses, treatments, vital signs MESImTABLET, questionnaire responses
Purposes and Legal Bases of Processing
Health Care Services and Management
Supports patients with chronic diseases to optimize and better manage their health, as active participants in their health, through educational materials, a medical chatbot, fitness programs...
2
Algorithm Training
Training of a predictive algorithm for the patients' health status (medical questionnaires, medication management and monitoring, clinical decision support) and the occurrence of adverse events.
Predictive Medicine
Predictive and personalized medical platform using a predictive algorithm for patients' health status, with the aim of making a medical decision before the occurrence of adverse events.
At this stage (in 2025), only the first purpose is deployed. The legal basis for these 3 types of data processing is the consent of the data subjects (Article 6 of the GDPR).
The consent of professionals and stakeholders to the processing of their data is obtained via the web application. The consent of patients to the processing of their data is obtained through a form within the application.
Management of Your Data
Origin of the Data
The data is collected during your registration on the PAP web application and at each login. The data of healthcare professionals is derived from their activity.
Recipients of the Data
The data is reserved for healthcare professionals, within the limits of their missions. Only the professionals involved in your care as members of the care team (Art. L.1110-12 of the French Public Health Code) have the right to access patients' medical data.
Your data may be transmitted to subcontractors performing services for PAP, in compliance with the GDPR and within the limits of the subcontracting contracts.
Data Retention Period
The collected data is retained for a limited period, defined according to the purposes of each data processing and the applicable regulations.
Except for connection data, which is retained for 1 year, all other collected data is retained for 5 years.
Data Security
PAP implements technical and organizational measures to ensure the security of personal data and protect it against the risks of unauthorized access, modification or unintended disappearance.
Health data is hosted by a certified host in accordance with the applicable regulations.
Your Rights
Access and Rectification
You can access the data concerning you and obtain its rectification if it is inaccurate.
Withdrawal of Consent
You can withdraw your consent to the processing of your data.
Erasure
You can request the erasure of all or part of the data concerning you.
Restriction
You can request the temporary freezing of the use of certain of your data.
Portability
You can request the portability of your data in certain specific cases provided for by the regulations.
Post-Mortem Directives
You can define directives regarding the retention, erasure and communication of your data after your death.
Contact Us
You can exercise your rights at any time or ask any question about the processing of your personal data by contacting:
Data Protection Officer
Email address: contact.dataprivacy@sylvanacare.com
If, after contacting us, you believe that your data rights are not being respected, you can file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL) (www.cnil.fr).
Data Protection Policy - Last updated: 04/25/2025