Ignicloud Data Privacy and Security Policy

This Privacy Policy explains how we use the personal information that Ignilife collects or generates both in relation to the Ignicloud website (https://ignicloud.ignilife.com) and Ignicloud products and services.

The list below sets out what is covered in this Privacy Policy.

BACKGROUND
THE PRODUCTS AND SERVICES WE PROVIDE
THE TYPES OF PERSONAL DATA WE COLLECT
HOW WE USE YOUR INFORMATION
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
INTERNATIONAL TRANSFERS OF PERSONAL DATA
HOW WE SAFEGUARD YOUR INFORMATION
HOW LONG WE KEEP YOUR PERSONAL DATA
YOUR RIGHTS
COOKIES
CONTACTING US

1. BACKGROUND

1.1. Ignilife France SAS with its registered office at 400 Avenue Roumanille BP 80037 06901 Sophia-Antipolis Cedex (France) and with company number 807 648 829 (RCS Antibes) and other companies in the Ignilife group collect and use certain Personal Data. Ignilife is responsible for ensuring that it uses that Personal Data in compliance with data protection laws, including (but not limited to) the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 and any applicable local law (including French law) implementing this Regulation.

1.2. At Ignilife, we respect the privacy of our clients and we are committed to keeping all your Personal Data secure. This Privacy Policy governs the handling of Personal Data by Ignilife in the course of carrying on commercial activities.

1.3. We use the following definitions in this Privacy Policy:

Cookie: means a small text file that includes a small quantity of information sent to the browser of website Users, by a web server, and stored on the hard disk drive of a computer for purposes of archiving, collecting navigation data for statistical analysis purposes, and offering Users services related to their interests or location.

Data concerning health: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status

End User(s) or Employees: means the users of the Ignilife Platform.

Ignicloud Platform: means the platform consisting of the Ignicloud software as a service (SaaS) and the Ignicloud website ignicloud.ignilife.com with restricted access.

Ignilife Platform: means the platform consisting of the Ignilife e-health application, available on the App Store and Google Play and the Ignilife website with restricted access:

Ignilife, we or us: means Ignilife France SAS and other companies of the Ignilife group.

Personal Data: means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Ignilife (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Ignilife or any other person in respect of an individual.

Privacy Policy: means this Ignicloud Data Privacy and Security Policy.

Professional User(s) or You: means the users of the Ignicloud Platform.

2. THE PRODUCTS AND SERVICES WE PROVIDE

2.1. This Privacy Policy relates to the processing of information that we collect about you when providing products and services as part of the Ignicloud Platform.

2.2. End-Users of the Ignilife Platform are specifically informed about the information that is collected about them when products and services are provided as part of the Ignilife Platform via a separate privacy policy ("Charte de confidentialité et de sécurité des données"), available at app.ignilife.fr/page/privacy.

3. THE TYPES OF PERSONAL DATA WE COLLECT

3.1. Many of the services offered by Ignilife require us to obtain Personal Data about you in order to perform the services we have been engaged to provide. Users may be unable to access the Ignicloud Platform if such Personal Data are not provided. We will collect and process the following Personal Data about you:

Information that you provide to Ignilife

This includes information about you that you provide to us. The nature of the services you are requesting will determine the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):

basic Personal Data (such as first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country);
any information that you choose to share on the Ignicloud Platform which may be considered Personal Data including, but not limited to, questions, remarks, comments.

Information that we collect or generate about you

This includes (by way of non-exhaustive list):

any information regarding the services purchased and/or used on the Ignicloud Platform and our interactions with you;
a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you;
activity data relating to the publication of content, the creation of targets or the use of protected documents on the Ignicloud Platform, such as altering a document’s permissions and information regarding the individual that performed the activity.

Information we obtain from other sources

This includes the Personal Data provided to us by third-party service providers, agencies or other publicly available sources where applicable.

Cookies

When you visit the Ignicloud Platform, cookies are used to collect technical information about the services that you use, and how you use them.

For more information on the cookies used by Ignilife please see Section 10 of this Privacy Policy.

Anonymized data

In addition to the categories of Personal Data described above, Ignilife will also process further anonymised information and data that is not processed by reference to a specific individual.

4. HOW WE USE YOUR INFORMATION

4.1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:

to set up and register Professional Users on the Ignicloud Platform;
to allow Professional Users to manage their account on the Ignicloud Platform, during the free-trial period or against payment, and to access all functionalities;
to allow you to use and access the functionalities provided by the Ignicloud Platform (including Dashboard, Promote, Monitor and Publish, as may be modified from time to time);
to bill or invoice products or services purchased through the Ignicloud Platform;
to enable and authorise requests for permission on the Ignicloud Platform (including for the purpose of publishing or sharing information with End-Users on the Ignicloud Platform);
to assess your application for services provided through the Ignicloud Platform or the Ignilife Platform (whether such services are provided by Ignilife or third-party providers), where applicable;
for ongoing review and improvement of the information provided on the Ignicloud Platform to ensure they are user friendly and to prevent any potential disruptions or cyber-attacks;
to conduct analysis required to detect malicious data and understand how this may affect your IT system;
for statistical monitoring and analysis of current attacks on devices and systems and for the on-going adaptation of the solutions provided to secure devices and systems against current attacks;
to understand feedback on the Ignicloud Platform, Ignilife services and to help provide more information on the use of such services quickly and easily;
to communicate with you in order to provide you with services or information about Ignilife, the Ignilife Platform, the Ignicloud Platform or other related services;
for in-depth threat analysis;
to understand your needs and interests;
for the management and administration of our business;
in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and Ignilife’s internal policies and procedures; or
for the administration and maintenance of databases storing Personal Data.

4.2. When we use Personal Data we make sure that the usage complies with law and the law allows us or requires us to use Personal Data for a variety of reasons. We may process your Personal Data because:

- we have obtained your consent;

- we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings

- the use of your Personal Data as described is necessary for our legitimate business interests, such as:

we need to do so in order to perform our contractual obligations with our customers and third-party providers such as Stripe (payment solutions), Médecin Direct (medical teleconsultations), gyms / sports clubs, healthcare professionals or institutions, and other providers;
allowing us to effectively and efficiently manage and administer the operation of our business;
maintaining compliance with internal policies and procedures;
monitoring the use of our copyrighted materials;
enabling quick and easy access to information on the Ignicloud Platform and/or the Ignilife Platform;
offering optimal, up-to-date security solutions for mobile devices and IT systems; and
obtaining further knowledge of current threats to network security in order to update our security solutions and provide these to the market.

5. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

5.1. We may share your Personal Data within the Ignilife group of companies for the purposes described above. We will take steps to ensure that access to Personal Data is restricted to Ignilife employees who have a legitimate interest in the purposes described in this Privacy Policy.

5.2. We may also share your Personal Data outside of the Ignilife group of companies for the following purposes:

With our business partners: for example, this could include partners to whom we have been presented to you, through whom you are using the Ignicloud Platform, or from whom you or your company purchased product(s) or services(s) through the Ignicloud Platform. By way of example, this could include business partners providing medical teleconsultations (such as Médecin Direct), gyms / sports clubs, and other business partners where applicable. Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation.
With third party agents and contractors providing services to Ignilife: for example, this could include Ignilife’s accountants, professional advisors, IT and communications providers and debt collectors. This could also include approved hosts of Personal Data (such as OVH) or providers of payment solutions (such as Stripe). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;
To third parties designated by Professional Users: these may be, as the case may be, members of the community / communities to which the End-Users have registered, health professionals that may be appointed by you, and other users of the Ignilife Platform or Ignicloud Platform specifically selected by you.
To the extent required by law: for example, if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights.
If we sell our business or assets, or if we are acquired by a third party: in that case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

6.1. Ignilife is a global business. Our customers and our operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.

6.2. Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the EEA, for example, this may be done in one of the following ways:

the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (by way of example, Switzerland is an approved country);
the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
the recipient may have adhered to binding corporate rules (only for intragroup transfers);
where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
in other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.

6.3. You can obtain more details on the protection given to your Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in Section 11 below.

7. HOW WE SAFEGUARD YOUR INFORMATION

7.1. We have extensive controls in place to maintain the security of our information and information systems. Professional Users, End-Users and client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.

7.2. As a condition of employment, Ignilife employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to it to perform their roles. Unauthorised use or disclosure of confidential client information by an Ignilife employee is prohibited and may result in disciplinary measures.

7.3. When you contact an Ignilife employee about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

8.1. How long we will hold your Personal Data for will vary and will be determined by the following cumulative criteria:

The purpose for which we are using it: Ignilife will need to keep your Personal Data for as long as is necessary for that purpose. Ignilife’s standard retention policy is to keep Personal Data for a duration of 18 months after the end of each contractual relationship, unless a longer period may be required for example in case of dispute or for litigation purposes.
Legal obligations: laws or regulation may set a minimum period for which Ignilife has to keep your Personal Data.

9. YOUR RIGHTS

9.1. In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:

the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to Ignilife;
the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

9.2. You can exercise your rights by contacting us using the details listed in Section 11 below.

9.3. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

For France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés ("CNIL"), whose offices are located 3 Place Fontenoy - TSA 80715 - 75334 Paris Cedex 07 (France) and having for website www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil.

For Switzerland, the supervisory authority is the Federal Data Protection and Information Commissioner ("FDPIC"), with registered office at Feldeggweg 1, CH – 3003 Berne, Switzerland. The FDPIC may be contacted via https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. You will find the Ignilife declaration to FDPIC at: www.datareg.admin.ch/RegPdf/Registration_d7405b06-a5a7-42b9-adf4-39dd386c6050.pdf

10. COOKIES

10.1. This section on Cookies and the consent that you gave for the use of Cookies apply specifically to each use of the website ignicloud.ignilife.com. You gave your consent to the use of Cookies in the cookie banner as described in the Cookie banner and this section.

Ignilife tries to keep the information on the Cookies up-to-date but insists on the fact that the information is always a snapshot. Because of the constant innovation of the website, the non-static character of the internet and the third parties involved in the use of Cookies, it is possible that all Cookies and information are not available here.

To the extent that we collect personal data with the help of Cookies we will process them in accordance with this Privacy Policy.

10.2. Types of cookies and purposes

Cookies used on the Ignicloud Platform are used to record information necessary for the proper functioning of the Ignicloud Platform and the services offered to you, the audience measurement, use monitoring and security.

Cookies are placed by Ignilife and, if applicable, its business partners, third party agents and contractors (without Ignilife being held responsible for the placement of Cookies by its partners, third party agents and contractors).

Each time a Professional User is identified on the Ignicloud Platform, a Cookie is placed allowing to identify the computer or hardware used and the Professional User navigating on the Ignicloud Platform. This Cookie allows services to be provided seamlessly and therefore without re-identification. This Cookie is invalidated when the browser is closed or after a period of inactivity on the Ignicloud Platform.

To help Professional Users navigate on the Ignicloud Platform, a presentation of the various functionalities, called "web tour", is activated by default upon first visit. To store the use of this web tour by the Professional Users, we use a Cookie that allows us to define when to display the messages on the screen.

In order to protect all personal accounts on the Ignicloud Platform against theft attempts, we are placing a Cookie to identify the origin of the browser opening a form on the Ignicloud Platform. This Cookie does not contain any information about the Professional User. Its purpose is to avoid attacks of the type "Cross-site Request Forgery".

10.3. Deactivation of cookies

Cookies following visits are kept for a maximum of 13 months from the first visit.

The Professional User has the option to disable the use of cookies by selecting the appropriate settings in his browser. In case of deactivation by the Professional User, access and certain features of the Ignicloud Platform may no longer be operational.

The Professional User can configure his browser software so that Cookies are saved in his/her terminal or rejected, either systematically or according to their issuer.

The Professional User can also configure his/her browser so that the acceptance or rejection of Cookies are proposed to him/her punctually, before a Cookie is likely to be registered in his/her terminal.

For the management of Cookies and related choices, the configuration of each browser is different. It is described in the help menu of the browser of the Professional User, which will allow him to know how to modify his/her preferences in terms of Cookies.

The procedures are described in the help menu for the following software:

For Edge™

For Safari™

For Chrome™

For Firefox™

In order to give more control to the users of websites, Google has developed Google Analytics Opt-out Browser Add-on. This extension prevents that data relating to your visit be sent to Google Analytics. Google Analytics Opt-out Browser Add-on does not prevent that information be sent to other of web analytics software.

11. CONTACTING US

11.1. For further information regarding the processing of your Personal Data by Ignilife, this Privacy Policy, questions relating to consent, or in order to exercise the rights mentioned above, please contact our data protection officer using the following contact details:

Address: Renaud Calmont, Ignilife France SAS, 400 Avenue Roumanille, BP 80037, 06901 Sophia-Antipolis Cedex, France

Email address: legal@ignilife.com

11.2. Any written request must be accompanied by a photocopy of an identity (ID) card bearing the signature of the holder. Ignilife will address request within a period of one (1) month, following receipt of the request, except in exceptional circumstances.