his page contains important information regarding the use of Healico in caring for patients and wounds. Below you will find Healico’s General Terms & Conditions of Use, Specific Conditions of Use for Healthcare Providers, Healico’s Privacy Policy & Healico’s User Manual

The documents can also be downloaded here

For further information please email contact@healico.uk

HEALICO (hereinafter « HEALICO ») is a software edited by the company LABORATOIRES URGO, a simplified joint stock company, organized under French law and registered in the trade and company register of DIJON under number 433 842 044, whose registered office is 42 rue de Longvic 21300 CHENOVE, (hereinafter « URGO »).

The purpose of the present general terms and conditions of use is to set forth the terms and conditions of access and use of HEALICO provided to the User by URGO, and the rights and obligations of the Institution and the Users in the frame of this provision.

HEALICO application is intended to be used by the Users solely and strictly in the frame of their professional activity whatever the place of their practice.

USERS ARE ADVISED TO READ THE PRESENT GENERAL TERMS AND CONDITIONS OF USE VERY CAREFULLY BEFORE USING HEALICO.

All Users are deemed to have read and accepted the present general terms and conditions of use.

Table of contents

 

Article 1.      Definitions. 2

Article 2.      Description of HEALICO.. 4

Article 3.      Acceptance of the GTC. 4

 Article 4.     Access to HEALICO.. 5

Article 5.      Use of HEALICO.. 7

Article 6. Warranties. 9

Article 7. Maintenance services of HEALICO.. 10

Article 8. Liabilities. 11

Article 9. Intellectual property. 12

Article 10. Protection of Data. 13

Article 11. Term and termination. 20

Article 12. Governing law and competent courts. 20

Article 13. Contact 20

 

 

 

 

Article 1.            Definitions

 

In the present General Terms and Conditions of Use, the terms identified below by a capital letter have the following meanings, whether they are used in the singular or plural:

« Affiliates » means any company, which is directly or indirectly, controlling a company, controlled by a company, or under common control with a company. «Control » means holding directly or indirectly, a majority of share capital or voting rights of a company.

« Applicable Law » means any laws, regulations, professional and ethical rules, good practices and recommendations in force, in the Institution’s and/ or User’s place of professional practice (as applicable), and applicable to the Institution and/or User in the context of his/her professional activity.

« Data » means collectively Personal Data and Healthcare Data.

« Data Protection Regulation » means any regulation on privacy and data protection and, in particular, but without being limited thereto by the Regulation (EU) N°. 2016/679 of 27 April 2016 called “General Data Protection Regulation” (“GDPR”) and all legislation and regulation implementing it, including the French Data Protection Law N°. 78-17 of 6 January 1978, as modified by Law N°. 2018-493 of 20 June 2018 called « French Data Protection Act » and the United Kingdom Data Protection Act 2018.

« Employee User » means any healthcare professional (including a nurse) with authorisation to heal and monitor wounds, employed or otherwise engaged by an Institution, as an employee of this Institution, and using HEALICO put at his/her disposal with approval of the Institution.

« GTC » means the present general terms and conditions of use.

« Healthcare Data » means the only data related to the Patient that is necessary for the care provided by User in the course of his/her professional activity, namely personal data (First name, last name and birthdate, including health data: wound description and wound picture, and all data impacting healing: pathologies, surgery history, allergies/sensitivity of the skin, treatments/medications, information related to observance and autonomy, weight, height, body mass index, ankle brachial index) collected and processed by the User in the course of the provision of health care services in the frame of User’s professional activity.

« Healthcare Products » refers to healthcare products intended by their manufacturer for the treatment of wounds and referenced in HEALICO’s “Products” section.

« Independent User » means a healthcare professional (including a nurse) with authorisation to heal and monitor wounds as part of an independent mode of practice, and using HEALICO as part of its professional practice.

« Institution » means any healthcare establishment, any health center, and in general, any institution providing patient care, whatever its legal form, which employs or contracts the User to practice his/her profession as an employee or consultant, and which makes HEALICO available to the User in the exercise of their profession.

« Patient » means the patient to whom the User provides care intended for the follow-up and management of a wound and whose Healthcare Data is collected by the User during such care in the course of his/her professional practice.

« PIN Code » means Personal identification code; it is a numeric or an alpha-numeric passcode used in the process of authenticating a User accessing HEALICO application.

« Privacy Policy » means the privacy policy of HEALICO available in HEALICO application.

« Pseudonymisation » means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

« Pseudonymized Data »: refers to Personal Data not directly identifying Patients and Users, obtained from the extraction of Data entered by Users in HEALICO and processed by URGO through an automated Pseudonymization process.

« SCU » means the specific conditions of availability and use applicable for health institutions.

« User » means either an Independent User or an Employee User.

« User Manual » means the HEALICO User Manual including instructions to inform the User of the intended use and the good use of HEALICO available on User’s profile on HEALICO.

“Personal Data”, “Controller”, “Processor” and “Recipient” have the meaning given by the GDPR.

 

 

Article 2.            Description of HEALICO

• Purpose of HEALICO

HEALICO is an application for health professionals.

URGO intends HEALICO to be used during the treatment and the follow-up of wounds.

The User acknowledges and agrees that HEALICO is not a medical device within the meaning of article 2 of the Regulation (EU) 2017/745 on Medical Device, and that neither HEALICO nor any of its features is a prescription assistance software, within the meaning of articles L161-38 and R161-76-1 of the French Social Security Code, or a tele-expertise service, within the meaning of article R6316-1 of the French Public Health Code.

 

• Support for the use of HEALICO

To support the User for using HEALICO, a User Manual is provided by URGO which can be accessed on the User’s profile on HEALICO.

The User can also ask questions about HEALICO at the following email address:

• for Users based in France: contact@healico.fr
• for Users based in United Kingdom: contact@healico.uk
• for Users based in Germany: kontakt@healico.de
• for Users based in Spain: contacto@healico.es
• for Users based in Portugal: contact@healico.pt

Article 3.            Acceptance of the GTC

 

The GTC form a contract between the Institution, the User and URGO. The Independent User undertakes to comply with the terms of the GTC. Institution shall procure that all Employee Users comply with the terms of the GTC and SCU, the User Manual and Privacy Policy.  The Institution shall be liable for the acts and omissions of the Employee Users as if they were its own acts or omissions under the GTC and SCU. Independent Users shall be liable for their acts and omissions under the GTC. Institution and Users acknowledge and agree that access to HEALICO requires express and unreserved acceptance of the GTC. In addition to the Institution entering into these GTC (including the SCU), each User will be required to accept the GTC (as described below). Failure to accept the GTC by a User shall render User’s access to and use of HEALICO impossible.

Acceptance is processed in the following way:

• The first time the User connects up to HEALICO, User will access a page “Terms and conditions” on which the User shall read the GTC by clicking on “Terms and Conditions” and accept it by clicking on “I agree” or refuse it by clicking on “I decline”.
• By clicking on “I agree”, the User acknowledges that he/she has read the GTC and understood them, and unreservedly accepts all their provisions without restriction.
• By clicking on “I decline”, the User won’t be able to access HEALICO.

The User is informed that the current version of the GTC in force may be accessed from the home page or the menu when User is connected to HEALICO. That current version will automatically apply to the Users with respect to their direct contractual relationship with URGO as Users of HEALICO. In the event that the GTCs are updated or modified, a User’s access to HEALICO and its use will be subject to a new acceptance by the User of the modified GTCs. For the avoidance of doubt, notwithstanding the foregoing, the GTCs shall be the terms which shall apply to the Institution unless Institution is notified otherwise by URGO.

In the event that one of the provisions of the GTC is invalid due to a change in legislation or regulations or declared as such by a final court decision, this shall not affect the validity and compliance of the other provisions of the GTC.

Concerning Employees User, Institution acknowledges and agrees that by Employee Users accepting the GTCs within HEALICO, the Employee Users undertake to use HEALICO in compliance with the GTC, User Manual, and Privacy Policy. For the avoidance of doubt, in the event that an Employee User breaches the terms of those GTCs, User Manual and/or Privacy Policy, this shall constitute a breach of the Employee’s User’s contractual arrangement with URGO which Employee User shall be liable for and also constitute a breach of the Institution’s obligations under this article of this Agreement for which it shall be liable.

Concerning Independents Users, the latter acknowledge and agree that by accepting the GTCs within HEALICO, they undertake to use HEALICO in accordance with the GTC, the User Manual and the Privacy Policy. For the avoidance of doubt, if an Independent User breaches the terms of these GTCs, the User Manual and/or the Privacy Policy, this shall constitute a breach of the Independent User’s contractual arrangement with URGO for which the Independent User shall be liable and shall also constitute a breach of his obligations under this Article of this Agreement for which he shall be liable.

Article 4.            Access to HEALICO

 

• Provision of HEALICO by URGO

The User accesses HEALICO by downloading the application from the Google Play store and/or Apple App Store directly on his device (e.g. a smartphone, tablets etc.).

HEALICO is provided by URGO free of charge, however mobile network operators may charge to access HEALICO and charges may vary if used abroad.

• Creation of the account

Access to HEALICO needs the creation of an account. User’s account is created in the following two ways:

• First, User’s account is created by User by providing their email address and choosing a PIN Code or by providing his Apple/ Google ID. In the case where User creates its account with an email address then account will be automatically created.
• Then, the User needs to authenticate its healthcare professional status by URGO in order to have a full access to HEALICO, by providing information required by URGO to verify that the User is a healthcare professional. After validation of User’s account by URGO, User will receive a confirmation of the creation of his/ her account and will have full access to HEALICO. In the case where the User doesn’t authenticate its healthcare professional status, the User will only have a restricted access to HEALICO and won’t be able to share its patient data with other Users.

The User and/ or Institution undertake to obtain and maintain accurate, up-to-date and complete information, about Users. Under no circumstances shall URGO be held liable in the event of any delay or impossibility of providing access to HEALICO due to incorrect or incomplete information provided by Institution and/ or Users.

• Confidentiality of the authentication details

The authentication details of the User (email address, Password, Google/Apple IDs, and PIN Code) are personal and confidential. The User undertakes to keep these authentication elements and not to disclose them to third parties for any reason, in any way and in any form whatsoever.

In the case where the User quits HEALICO, the User will have to use his/ her device PIN code or face/touch ID (if using Apple/ Google ID) to have access again to HEALICO. URGO doesn’t have access to Users’ PIN code, or face/touch ID.

In the event of loss or theft of authentication details and if the email address is used to authenticate on HEALICO, the affected User shall inform URGO without delay, by e-mail at the following address:

• for Users based in France: contact@healico.fr
• for Users based in United Kingdom: contact@healico.uk
• for Users based in Germany: kontakt@healico.de
• for Users based in Spain: contacto@healico.es
• for Users based in Portugal: contact@healico.pt

so that new authentication details are provided for such User.

In no case, shall URGO be liable for the loss or theft of the User’s authentication details, or any use of HEALICO with its User’s authentication details. The User is solely responsible for any liability related to the access and use of HEALICO with its authentication details.

• Minimum configuration requirements

The access to HEALICO requires that the User has a device (e.g. a smartphone, tablets etc.) using a high-speed connection and an android version 11, 12, 13 or 14 at least, and/or an IOS version 15, 16 or 17, a high-speed Internet connection and a web browser, in their latest or penultimate version (N0, N-1) existing on the day of creation of the User account or his/her first connection to HEALICO.

URGO shall have no liability whatsoever in respect of any hardware, software, computer systems and networks or other equipment or infrastructure (or any costs associated with the same) required to be able to access and/or use HEALICO. All costs relating to access and use of HEALICO are the sole responsibility of the Institution and/or the User. The Institution and/or the User are solely responsible for the proper functioning of their hardware, software, device, computer systems and networks or other equipment or infrastructure (including those used by Users to access HEALICO).

The Institution and/or the User are solely responsible for: (i) the protection of hardware, software, network connections, systems or other infrastructure against viruses, spyware, Trojan horses, worms or other harmful elements or cyberbreaches; (ii) obtaining and implementing security updates of operating systems; and (iii) obtaining and implementing anti-virus installations, in each case which are used by the Institution and/or Users to access and use HEALICO.

• Availability of HEALICO

URGO shall use reasonable efforts to make HEALICO available 24 hours a day, 7 days a week, all year round, subject to: i) the occurrence of a case of force majeure or an event beyond the control of URGO; ii) interruption, suspension or limitation as part of corrective or progressive maintenance operations necessary for the proper functioning of HEALICO.

Moreover, URGO cannot guarantee HEALICO’s permanent availability and accessibility. URGO may interrupt, suspend or limit access to all or part of HEALICO for any reason whatsoever, and in particular for technical maintenance reasons, on occurrence of an event of force majeure or unforeseen accident, IT problems, difficulties relating to the structure of the communication networks, or of any other technical difficulties.

The User and/ or Institution expressly acknowledges that the aforementioned suspensions, interruptions or limitations of availability may occur at any time without notice and shall not give rise to any obligations or compensation for the benefit of the User or the Institution.

Article 5.            Use of HEALICO

 

• Undertakings and warranties of the User 

HEALICO is an application designed for use by healthcare professionals only. In this respect, the User represents, warrants, and undertakes that:

• User has all the rights, titles, powers, and authorization necessary, and that User has completed all the formalities required exercising his/her profession in compliance with the Applicable Law, and that User therefore complies with the legal conditions for exercising his/her profession in accordance with the Applicable Law.

 

• the User shall maintain, and renew if necessary, during the entire period of use of HEALICO, the steps required by the Applicable Law to lawfully exercise his/her profession.

 

• there is no professional and/or ethical rule to which User is subject pursuant to the Applicable Law which prevents User from using HEALICO in the context of his/her professional practice.

 

• no decision rendered by a disciplinary body or by any authority having competence in the context of his profession, nor any court decision, shall prevent User from exercising his/her professional activity.

 

• User acts as a health professional, in the context of his/her professional duties and for the needs of his/her professional activity. In this respect, User undertakes to use HEALICO exclusively for the purposes of this activity.

 

• User shall use HEALICO in compliance with Applicable Law, and in particular, without being limited thereto, in compliance with the rights of the Patient guaranteed by Applicable Law such as the right to respect the confidentiality of Health Data, the right to respect medical secrecy, and the respect of rules relating to shared secrecy medical and/or the transmission of Healthcare Data to persons authorized under Applicable Law.

 

• User shall process Healthcare Data in the context of the use of HEALICO and undertakes to comply with the provisions of Article 10 below.

 

• to its knowledge, none of the hardware, software, computer systems and networks or other equipment or infrastructure used by Institution or User contain any viruses, spyware, Trojan horses, worms or other harmful elements or components which might affect HEALICO.

 

• Prohibited behaviours

It is strictly forbidden using HEALICO in the following purposes:

• the exercise of illegal, fraudulent activities or activities that infringe the rights or safety of the Patient or third parties;
• the breach of public order or the violation of the Applicable Law;
• aiding or abetting, in any form and by any means, one or more of the acts and activities described above;
• and more generally any practice than those for which it was designed.

 

URGO may suspend any access and, if necessary, terminate the User’s access to HEALICO in the event of non-compliance with this Article, without prejudice to any damages that URGO may claim.

• Use of HEALICO’s secure comment section

The User can use a comment section within HEALICO, accessible in the details of each patient wound information added (photo, assessment, treatment, all three simultaneously)

The User agrees to use the secure comment section only as part of his professional activity related to HEALICO, namely for the care and / or follow-up and management of the wounds of the Patient concerned.

HEALICO’s comment section is only accessible to HEALICO Users who are intended to take charge of and / or monitor wounds of the same Patient. It allows facilitating exchanges between said Users and thus improving the management and / or follow-up of the Patient’s wounds.

The User agrees to use the comment section in accordance with the professional, ethical and legal obligations applicable to her/him due to his status as a health professional. The User undertakes in particular to provide in the comment section only the information necessary for the management and / or monitoring of the wounds of the Patient concerned, and not to transmit any information relating to Patients other than the Patient concerned.

The User agrees not to transmit, within the comment section, information that could be used to make decisions for therapeutic or diagnostic purposes.

• Use of the “Products” database (only available in some countries)

HEALICO’s “Products” section enables the User to consult the Healthcare Products for wound treatment referenced in HEALICO and to search by criteria for a specific Healthcare Product.

The Product database only contains non promotional information on Healthcare Products and is solely intended to provide factual information on the core characteristics of each Healthcare Product.

The User uses this database under his/her sole responsibility. In particular, it is the User’s responsibility to ensure that a Medical Device is suitable for the treatment of the Patient’s wound.

Article 6. Warranties

 

URGO warrants the physical and logical security of the server(s) on which HEALICO is hosted. URGO shall apply appropriate and commercially reasonable technical and organizational measures to secure the confidentiality and integrity of the Data processed, including Healthcare Data, taking into account the state of the art of technology and the cost of implementation.

URGO accepts no liability whatsoever for the integrity, accuracy, completeness, timeliness or other quality of the Healthcare Data entered, disseminated or validated by the User in HEALICO. The User is solely liable for the quality of the Healthcare Data that is entered and which is disseminated in HEALICO.

URGO attaches great importance to the quality of the information available in the Product database. However, URGO offers no guarantee as to (i) the exhaustiveness of its Product database regarding healthcare products available on the market for the treatment of wounds, (ii) the accuracy and completeness of the data relating to each Healthcare Product, (iii) the suitability of a Healthcare Product for the treatment of a patient’s wound.

URGO doesn’t grant any other express or implied warranties, including, but not limited to, the non-infringement of third-party rights, the continuity, performance and/or durability of HEALICO and/or the fitness for a particular purpose or suitability of HEALICO for the Institution and/or User’s needs, nor does it guarantee that HEALICO, nor any of its features is exempt from anomalies, errors or bugs or that it operates without failure or interruption. HEALICO is distributed “as is” and according to its availability.

Access to HEALICO implies knowledge and acceptance of the characteristics and limitations of the Internet, in particular with regard to technical performance, response times for consulting, querying or transferring information, risks of interruption, and more generally, the risks inherent in any connection and transmission over the Internet, the lack of protection of certain data against possible misuse and the risks of contamination by possible viruses circulating on the network. URGO does not warrant that HEALICO, or its server(s) will be free of viruses, spyware, Trojan horses or any other harmful elements or components that may cause damage at any time.

Article 7. Maintenance services of HEALICO

 

7.1. Scalable and adaptive maintenance

For the entire duration of the contract, URGO may, from time to time, maintain HEALICO and/or update the functionality and/or operation of HEALICO in order to maintain its compliance with current Applicable Laws, adapt it to the technological evolution of computer networks and equipment and/or improve its use.

URGO will ensure that the User is informed, as far as possible, of the existence and duration of the maintenance.

7.2. Corrective maintenance

URGO may also provide corrective maintenance services for HEALICO from time to time and shall use all reasonable efforts to ensure the continued proper functioning of HEALICO. In the event of discovery of an anomaly by the User or the Institution must notify URGO without delay by email to the following address:

• For Users based in France: contact@healico.fr
• For Users based in United Kingdom: contact@healico.uk
• For Users based in Germany: kontakt@healico.de
• For Users based in Spain: contacto@healico.es
• For Users based in Portugal: contact@healico.pt.

To be processed, the anomaly must be described by the User in a precise and documented manner.

URGO shall use all reasonable efforts to correct the anomaly as soon as possible, and with the least possible disruption in the access and use of HEALICO by the Institution and Users.

The method of resolving the anomaly will be determined at URGO’s discretion and may take the form of a program correction, the provision of a workaround solution or any other means to avoid the reproduction of the anomaly concerned.

Notwithstanding the foregoing, URGO shall have no liability whatsoever, and shall be under no obligation to resolve, any anomaly or other issue which results from: (i) improper use of HEALICO; (ii) breach of GTC and/or SCU; and/or (iii) a third party computer program used in conjunction or combination with HEALICO; (iv) any other intervention in the operation of the HEALICO, in each case by the Institution and/or a User or a third party (as applicable) which has not previously been authorised in writing by URGO.

 

 

Article 8. Liabilities

 

As the manufacturer of HEALICO, URGO ensure that the use of HEALICO by the User complies with the purposes assigned by URGO to HEALICO.

Without prejudice to the foregoing, URGO shall not be held liable for any damage caused to the Institution, User, Patient or any third party, for any reason whatsoever, in connection with the User’s access and use of HEALICO. All liability related to access to, and use of HEALICO by the User is the sole responsibility of the Institution and/or the User.

Under no circumstances shall URGO be held liable for any damage caused to the Patient as part of the User’s (or the Institution’s) medical care.

The User and the Institution therefore remains solely liable for the diagnostic, and the choice and technique of the care determined by the Institution and/or User and provided to the Patient in the context of wound treatment.

The User is solely liable for the proper use of HEALICO and using it with good clinical judgement and with the correct intentions.

The User and the Institution acknowledges that the User is solely responsible for Healthcare Data, and more generally for any data collected, processed, disseminated, published and/or communicated via HEALICO and, in particular, User is solely responsible for the quality of the data that may result from Users use of HEALICO and compliance with Data Protection Regulation and Applicable Law, and that URGO shall have no liability in respect of the same.

No advice or recommendation, whether oral or written, obtained by the User when using HEALICO shall give rise to any warranties other than those expressly provided for by the GTC or otherwise make URGO liable for any damages of any kind caused to the Institution, User, the Patient or third parties as a result of misuse of HEALICO by User, in violation of the provisions of this article and of the GTC.

The Institution and/ or the User is liable for any damage to its computer hardware, software, network connections, system or other infrastructure of for loss of data that may result from any of User’s use of HEALICO.

To the fullest extent permitted by the law, URGO expressly excludes its liability for any damage, direct or indirect, resulting from or in connection with access to HEALICO, its use, malfunction or unavailability of any kind and for any period of time whether such liability arises in contract, tort, breach of statutory duty or otherwise.

The User acknowledges that URGO remains free to correct and/or modify HEALICO at any time and without notice, without such correction and/or modification giving rise to any right of recourse on its part.

URGO cannot be held liable, in general, in any case where the non-execution or improper execution of the GTC’s and/or the User Manual results from a case of force majeure or fortuitous event beyond its control or in compliance with Applicable Law.

In the event of the Institution’s and/or User’s failure to comply with the GTC, and/or SCU, and/or Privacy Policy, and/or the User Manual, or more generally in the event of a breach of the Applicable Law, URGO reserves the right to suspend, terminate or limit, without prior notice, the User’s access to, and use of, HEALICO, without compensation and without prejudice to any remedy that may be available against the Institution and/or User.

The User therefore acknowledges that URGO may restrict, under the aforementioned conditions, its right of access and/or use to all or part of HEALICO.

The Institution and the User shall at all times during and after the term of GTC, indemnify URGO and keep URGO indemnified against all losses, damages, costs or expenses and other liabilities (including legal fees) incurred by, awarded against or agreed to be paid by URGO arising from any third party claim relating to: (i) the Healthcare Data; (ii) any breach of GTC by the Institution and/ or Users; and/or (iii) personal injury relating to Institution’s and/or User’s treatment of a Patient.

Article 9. Intellectual property

 

HEALICO is protected by intellectual property rights (including in particular all copyrights, patent rights, trademarks, and any other existing or future intellectual property rights) which belong to URGO or to third parties who have authorised URGO to use them.

In accordance with Article L.341-1 of the French Intellectual Property Code, URGO is the producer of all or part of the database contained in HEALICO.

As a result, URGO, as a database producer, expressly prohibits:

• Extraction, by permanent or temporary transfer of all or a qualitatively or quantitatively substantial part of the contents of its databases to another medium, by any means and in any form whatsoever;
• Reuse, by making available to the public all or a qualitatively or quantitatively substantial part of the contents of a database, in any form whatsoever;
• Reproduction, extraction or reuse, by any means, including methods akin to scrapping, of content (photographs, descriptions, etc.) published by URGO.

 

The use of HEALICO does not in any way confer on the User any ownership and/or intellectual property right over HEALICO with the exception of a free and non-exclusive personal right of access, to use HEALICO in accordance with its purpose and objectives and in compliance with the GTC.

It is strictly forbidden to represent, reproduce and/or exploit HEALICO, in whole or in part, in any form and by any means whatsoever, without the prior written consent of URGO.

The Institution and/or the User undertakes not to copy, modify, assemble, decompile, alter, sell, rent, lease, loan, broadcast, distribute or transfer HEALICO, create derivative works from these works, authorize or permit a third party to commit such acts, without the prior written consent of URGO.

Any breach of the above undertaking constitutes a violation of the intellectual property or other rights of URGO and/or third-party licensors and may result in civil and/or criminal proceedings.

Article 10. Protection of Data

 

URGO is concerned about the protection of personal data and is therefore committed to protecting them in accordance with the Data Protection Regulation.

10.1. Protection of User Data for access and use of HEALICO

For the purposes of this clause, “User Data” means :

• the Personal Data of the User provided by the User, i.e. his/her name, first name, email address, profession, identity documents and relevant certificate allowing to prove his/her status as a health professional;
• Data collected by URGO or generated automatically when the User uses HEALICO to improve User’s experience, to produce statistics and facilitate customer support.

 

Recipients: The User Data may be provided by the User to URGO or to its Affiliates, namely the companies:

• URGO Affiliates, namely:
  • URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG, United Kingdom;
  • URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany;
  • LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain;
  • URGO MEDICAL PORTUGAL having its registered office located Av. Do Forte 6, 2790- 072 Carnaxide, Portugal;

And to:

• BAM, a simplified joint-stock company with a capital of 200,000 EUR whose head office is located at 5 rue du Helder 75009 Paris, and registered in the Paris Trade and Companies Register under number 808 556 567, in charge of the development of HEALICO;
• PADOK, the certified health data host (a company organized under French law, registered in the trade and company register of Paris, France, under number 843 957 465, whose registered office is at 48 Boulevard des Batignolles, 75 017 Paris, France) which is subcontracting hosting services to AMAZON WEB SERVICES Inc. (“AWS”) (AMAZON WEB SERVICES EMEA SARL, French branch, registered in the trade and company register of Nanterre under number 831 001 334, whose registered office is located Tour Carpe Diem 31 Place Des Corolles, 92400 Courbevoie France);
• DATALYO in charge of data analysis services (a company organized under French law and registered in the trade and company register of Lyon, France under number 805 063 286, whose registered office is 8 rue Paul Montrochet – Quartier Confluence 69002 Lyon, France),
• FOREST ADMIN Inc. the owner of the tool used by URGO for the back office of HEALICO (Users’ account management, etc.)
• GOOGLE Inc. and its Affiliates, due to the use of the tool FIREBASE for the authentication of Users with their email address and/or Google ID and/or Apple ID;
• TWILIO Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 and its Affiliates due to the use of the SENDGRID tool for the sending of automatic email and SMS to Users to be added to a care team in HEALICO;
• ZENDESK Inc. 989 Market Street, San Francisco, CA 94103, USA, for customer support
• MAILCHIMP Inc., Intuit Mailchimp 405 N Angier Ave. NE Atlanta, GA 30308 USA, for automated mailing campaigns
• POWERBI Inc., 39 quai du Président Roosevelt, 92130 Issy les Moulineaux, for data visualization and analysis
• SNOWFLAKE Inc., 88 avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, for analytical data storage

• AIRBYTE Inc, 32 AV Hoche, 75008 Paris, for data integration between platforms

as a result of or in connection with him/her accessing HEALICO.

URGO undertakes to protect the User’s Data, recorded during access and/or use of HEALICO, as Controller, in accordance with the Data Protection Regulation.

Purposes: The processing of User Data is necessary for access and use of HEALICO and for responding to requests, support and maintenance of HEALICO. The User is informed that User Data may be processed for statistical purposes for the purpose of improving HEALICO or for communication purposes. The personal data provided by the User is accessible to other Users of the same patient care team.

Transfers: The User Data is strictly confidential and intended for use by URGO and its Affiliates. URGO undertakes not to transfer, rent or transmit the User Data to third parties other than the Recipients above listed, in the course of carrying out their mission, unless it is required by law or court order.

Duration: User Data will be kept for the duration of HEALICO’s use by the User and will be deleted immediately on User’s request, or no later than five (5) years from last connection to HEALICO by the User.

Confidentiality: In accordance with the Data Protection Regulation, URGO undertakes to take all appropriate and commercially reasonable technical and organisational security measures, with regard to the nature of the User Data and the risks presented by the processing, to preserve their security and confidentiality and, in particular, to prevent the destruction, loss, alteration, disclosure or unauthorised access to such data.

Right of access, rectification, limitation, deletion: The User has the right:

• to request access to User Data, their rectification, deletion, restriction of data processing and the right of portability;
• to object to the processing;
• to withdraw its consent at any time, without affecting the lawfulness of the processing based on the consent before it is withdrawn;
• to set guidelines on the fate of the User Data after his death (only applicable in France)

The User may exercise his/her rights at any time by sending a request to URGO at the following address:

• For Users based in France: by writing at: Laboratoires URGO having its registered office at 42, rue de Longvic – 21300 Chenôve, France or at dpo@group.urgo.com;
• For Users based in the UK: URGO Ltd at the following:
• by writing: at URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG or at dpo@uk.urgo.com or on :
  • Twitter: https://twitter.com/urgomedicaluk ; Facebook – Healico:  https://facebook.com/healicouk ;
  • Facebook – UrgoMedical UK: https://en-gb.facebook.com/urgomedical/ ;
  • Linkedin: https://www.linkedin.com/company/urgo-medical-uk-ie/
• by calling: 0330 128 0898.
• For Users based in Spain: by writing at: LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain or at dpo@group.urgo.com;
• For Users based in Germany: by writing at: URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany or at dpo@group.urgo.com;
• For Users based in Portugal: by writing at: URGO MEDICAL PORTUGAL having its registered office located Av. do Forte 6, 2790-072 Carnaxide, Portugal or at dpo@group.urgo.com;

When making this request, the User shall specify precisely the purpose and data concerned. To process the request, the User may be asked to provide proof of identity. The User’s requests are processed as soon as possible with all due diligence. In the event of the deletion of User Data, or the exercise of User’s right to object, the User acknowledges and accepts that the User will no longer have access and may no longer use HEALICO.

Should the User have any cause for complaint regarding the use of User Data, the User has the right to lodge a complaint with the relevant supervisory authority:

• • For France: https://www.cnil.fr/fr/plaintes
  • For Great Britain: https://ico.org.uk/make-a-complaint/
  • For Germany: https://www.bfdi.bund.de/EN/Buerger/Inhalte/Allgemein/Datenschutz/BeschwerdeBeiDatenschutzbe hoerden.html
  • For Spain: https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/tramitesCiudadanoMorosidad.jsf
  • For Portugal: https://www.cnpd.pt/cidadaos/participacoes

 

10.2. Protection of Healthcare Data processed in the frame of use of HEALICO

The Healthcare Data collected by the User in HEALICO is strictly covered by professional secrecy that the User undertakes to respect.

In the context of their contractual relationships, the parties undertake to comply with the applicable regulations on the protection of Personal Data

10.2.1. Healthcare Data collected by User

This section defines the conditions under which URGO as a Processor processes Personal Data on behalf of the User as a Controller, as defined below.

• General provisions on Healthcare Data processed by User

In accordance with Data Protection Regulation, when the Independent User collects and processes Healthcare Data in connection with the use of HEALICO, he/she is the Controller according to the Data Protection Regulation. However, in case the User is employed or contracted by an Institution (Employee User), the Institution through which the User accesses HEALICO is responsible for the processing of the Healthcare Data (including any Healthcare Data residing in electronic health records maintained by or on behalf of the UK National Health Service) performed as a Controller for the purposes of Data Protection Regulation. As such, it is the responsibility of the Institution, through the Employee User, or of the Independent User, to ensure that the processing and use of the Healthcare Data by the User is in strict compliance with the Data Protection Regulation.

The Institution, through the Employe User, or Independent User agrees to obtain written consent from Patients before processing any Healthcare Data in HEALICO. In addition, for any subsequent exchange with an external healthcare professional or for the addition of a new User to the Patient’s care team, it is necessary to obtain the Patient’s express consent.

It is also the responsibility of the Independent User or the Institution, through the Employee User, to provide all useful information to its Patients, upon collecting the data that will be processed by the User.

The Employee User undertakes in particular to notify the Institution in the event of a request for the exercise of his/her rights by the Patient whose Healthcare Data are being processed.

The Independent User undertakes to satisfy any request to exercise his rights made by a Patient whose Healthcare data is being processed.

For patients based in the United Kingdom, the Institution is also Data Controller when:

• the User accesses HEALICO and integrate in HEALICO Healthcare Data from the electronic medical records maintained by or on behalf of the National Health Service; and
• the User accesses HEALICO and uses Healthcare Data from HEALICO to update the electronic medical records maintained by or on behalf of the National Health Service.

HEALICO has functionalities allowing in particular the implementation of Patients’ rights over their Personal Data such as the consent form for the Patient. If the User is part of an Institution, the Institution through which the User access HEALICO, acknowledges that the consent form is provided to help the Institution to comply with Data Protection Regulation.

Under no circumstances shall URGO be held liable for the non-use of these functionalities by the Institution or the User or failure of these functionalities to fulfill the Institution’s obligations under Data Protection Regulation.

In general, URGO cannot be held liable in the event of non-compliance by the Institution or by the Independent User, depending on the case, with its obligations as Controller.

• Transfer of Healthcare Data collected by Users to other Users

The User may, at any time, to offer the Patient the transfer of their Healthcare Data to any other User, in order to ensure better follow-up and / or better management of wounds of the Patient. This transfer is only possible if the User has previously received the express consent of the Patient for the transfer of his Healthcare Data to the identified User.

In this case, only the User identified in the Patient’s consent will be able to have access to the Patient’s Healthcare Data.

• Description of the data processing

Purposes: The Healthcare Data are processed to ensure the follow-up of the care provided to the Patient by the User in the context of his professional activity by allowing the Users to collect, organize and analyze via an organized and ergonomic interface the Healthcare Data in a structured and secure format.

Legal basis for processing: The legal basis for the processing activity is the Patient’s consent obtained by the User as well as the present contract governing the relationship between the User and URGO.

Data subjects of the processing activity: Patients registered by Users in HEALICO.

Personal Data collected: Healthcare Data.

• Healthcare Data at the closure of the User’s account

Before closing his/her User account for any reason whatsoever, the User will have the possibility of exporting in a readable format the Healthcare Data he/she has integrated into HEALICO and which have not been deleted by him/her.

If the User fails to take action when closing his/her account, the Healthcare Data will be destroyed no later than six (6) years from last connection to HEALICO by the User.

In addition, a Patient’s profile (and its Healthcare Data) for which all Users have left the care team and/or closed their User account, is deleted after five (5) year.

The User is responsible for the extraction of the necessary Patient Personal Data, which must be kept for the period specified by Data Protection Regulation.

In those cases URGO shall have no liability to the User in respect of such destruction.

• Access to Healthcare Data by URGO

Under no circumstances will URGO have access to the Healthcare Data, with the exception of an ad hoc request from a User concerning the restoration of lost Healthcare Data.

If such a User makes any ad hoc request to URGO regarding the user of HEALICO (data restoration) the related Healthcare Data may be accessible by URGO only for this specific purpose.

URGO will act as a Data Controller for this purpose.

• URGO’s obligations

URGO, as a processor of the User, undertakes to:

• process the Healthcare Data only for the purposes agreed upon in accordance with the applicable Privacy Policy and the instructions of the Users;
• respect the confidentiality of the Healthcare Data;
• provide Users with a template for the collection of Patient consent;
• inform Users within the time limits provided for in the GDPR of requests from Patients to exercise their rights of access, rectification, deletion, opposition and limitation with respect to the Health Care Data that are the subject of the processing;
• to communicate to the Users the name and contact details of its Data Protection Officer:
  • For Users based in France: by writing at: Laboratoires URGO having its registered office at 42, rue de Longvic – 21300 Chenôve, France or at dpo@group.urgo.com;
  • For Users based in the United Kingdom:

• by writing: at URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG, United Kingdom or at dpo@group.urgo.com or on :
  • Twitter: https://twitter.com/urgomedicaluk ;
  • Facebook – Healico:  https://facebook.com/healicouk ;
  • Facebook – UrgoMedical UK: https://en-gb.facebook.com/urgomedical/ ;
  • Linkedin: https://linkedin.com/company/urgo-medical-uk-ie/
• by calling: 0330 128 0898.
• For Users based in Spain: by writing at: LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain or at dpo@group.urgo.com;
• For Users based in Germany: by writing at: URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany or at dpo@group.urgo.com;
• For Users based in Portugal: by writing at: URGO MEDICAL PORTUGAL having its registered office located Av. do Forte 6, 2790-072 Carnaxide, Portugal or at dpo@group.urgo.com;

• keep a written record of the categories of processing activities carried out in the context of this processing, including the information provided for in Article 30 paragraph 2 of the GDPR;
• make available to Users the documentation necessary to demonstrate compliance with its obligations;
• if applicable:
  • assist the Controller in the performance of data protection impact assessments;
  • assist the Controller in carrying out the prior consultation with the supervisory authority.
• take appropriate and commercially reasonable technical and organizational measures to preserve the security, integrity, availability and confidentiality of the Healthcare Data, including :
  • commitment by Users to collect consent from Patients;
  • means to restore the availability of and access to Personal Data within appropriate timeframes in the event of a physical or technical breach;
  • an data breach register;
• notify Users by email of any breach of Healthcare Data as soon as possible after becoming aware of it
• notify the competent supervisory authority, in the name and on behalf of the Users, of violations of Personal Data as soon as possible and, if possible, no later than 72 hours after becoming aware of them, unless the violation in question is not likely to result in a risk to the rights and freedoms of natural persons.

 

10.2.2. Processing of Healthcare Data by URGO  

The User undertakes to inform its Patients that URGO may process Pseudonymized Health Data, and to obtain their prior consent for this processing, the following purposes:

• In order to improve HEALICO’s functioning and performance
• for statistical or communication purposes
• For Research and development purposes (to predict the duration of wound healing and analyze wound healing characteristics).

In accordance with the Data Protection Regulation, URGO is the Data Controller for the processing of Patient Health Data for the purposes set out above.

The legal basis for the further processing of the Patient Healthcare Data for the aforementioned purposes is the patient consent obtained by the signature of the “Patient Consent” document by the Patient. The User undertakes to give the Patient the “Patient Consent” document and, in the event of signing this document, the User undertakes to signify this consent in HEALICO.

To this end, the User undertakes to give the “Patient Consent” document to the Patients concerned by the re-use of their data by URGO, which specifies all the information that must be delivered to them in accordance with Article 14 of the GDPR.

The Pseudonymized Healthcare Data files are the property of URGO. They may not therefore be transferred to a third party without the prior written consent of URGO.

 

10.3 Hosting of HEALICO

HEALICO is hosted by a certified health data host, in accordance with Article L. 1111-8 of the French Public Health Code, the company  PADOK (a company organized under French law, registered in the trade and company register of  Paris, France, under number 843 957 465 , whose registered office is located 48 Boulevard des Batignolles 75017 Paris, France) which is subcontracting these hosting services to AMAZON WEB SERVICES Inc (“AWS”) (AMAZON WEB SERVICES EMEA SARL, French branch, registered in the trade and company register of Nanterre under number 831 001 334, whose registered office is located Tour Carpe Diem 31 Place Des Corolles, 92400 Courbevoie France).

The Healthcare Data, as well as the User Data, are stored on servers of AWS, and only User Data and Pseudonymized Data are made available to URGO.  PADOK acts as a subcontractor of URGO, under a contract signed between PADOK and URGO which imposes Processor obligations on PADOK within the meaning of and in accordance with the Data Protection Regulation and which may not derogate from this article. In accordance with Article L. 1111-8 of the French Public Health Code, PADOK is bound by professional secrecy under the conditions and under the penalties provided for in Article 226-13 of the French Criminal Code.

10.4. Transfers outside the European Union

URGO will not transfer Healthcare Data or Pseudonymized Data to a country outside the European Economic Area without the prior written consent of the User. If the User is located in the United Kingdom, URGO will not transfer Healthcare Data to a country outside the United Kingdom without the prior written consent of the User.

Article 11. Term and termination

 

The GTC shall come into force upon acceptance by the User and for the duration of access and use of HEALICO by the User.

The GTC and therefore all or part of the access to HEALICO may be terminated automatically, without prior notice or compensation, in the event of non-compliance by the Institution and/or the User with the provisions of the GTC, the User Manual, the Privacy Policy and, more generally, in the event of a violation of Applicable Law, without prejudice to any damages that URGO may claim.

In the event of termination of these GTC, the User Data and Healthcare Data shall be treated in accordance with the provisions of Articles 10.1 and 10.2.

Article 12. Governing law and competent courts

 

The GTC shall be executed and interpreted in accordance with French law. URGO and the User declare their intention to seek an amicable solution to any difficulty that may arise regarding the validity, interpretation or execution of the GTC. To the extent permitted by law, in the event of persistent disagreement, the dispute shall be submitted to the French courts in Dijon.

Article 13. Contact

For any information, you can contact URGO by e-mail at the following address:

• For Users based in France: contact@healico.fr
• For Users based in United Kingdom: contact@healico.uk
• For Users based in Germany: kontakt@healico.de
• For Users based in Spain: contacto@healico.es

For Users based in Portugal: contact@healico.pt

HEALICO (hereinafter « HEALICO ») is a software edited by LABORATOIRES URGO, a simplified joint stock company, registered in the Trade and Companies Register of DIJON under number n°433 842 044et whose registered office is 42 rue de Longvic 21300 CHENOVE, (hereinafter « URGO »).

1. Purpose

The present Specific Conditions of availability and use (hereinafter « SCU ») govern the terms and conditions for making HEALICO available to Institutions and for its use by Users, and thus supplement the General Terms and Conditions of Use (hereinafter the « GTC »).

All provisions of the GTC that are not in conflict with those of the SCUs shall remain applicable. In the event of any contradiction between the provisions of these SCU and those of the GTC, the former shall prevail over the latter.

1. Definitions

In the present SCU the terms identified by a capital letter have the following meaning or, in the case of terms not mentioned below, the meaning specified in Article 1 of the GTC:

« Anomaly » refers to a reproducible and documented malfunction by the Institution of all or part of HEALICO’s functionalities that prevents HEALICO from operating correctly.

« Blocking Anomaly » refers to any Anomaly that makes it impossible to access the Patient’s file.

« Non-Blocking Anomaly » means any Anomaly that (i) interrupts or prevents the correct operation of HEALICO without such interruption or prevention being significant and rises to the level of a Blocking Anomaly or (ii) disables one or more non-essential features of HEALICO.

1. License

All rights, titles and interests relating to HEALICO, including associated intellectual property rights (including, without limitation, all copyrights, patent rights, database rights, trademarks, and any other existing or future French and international intellectual property rights) are the exclusive property of URGO or third parties having authorized URGO to use them. SCU and GTC do not grant to the Institution any right or interest in HEALICO save for a limited right to access and use of HEALICO under the conditions defined below.

URGO grants the Institution, for the duration of HEALICO’s use, worldwide, royalty-free, non-exclusive, non-transferable license to access and use HEALICO. Institution may sublicense its rights to Users authorized by the Institution who need to access HEALICO in order to perform their healthcare functions. The Institution undertakes to use (and to procure that Users use) HEALICO solely and strictly within the limits authorized by the GTC and SCU.

The Institution further undertakes not to perform one or more of the following acts, nor to allow or authorize the User to perform one or more of the following acts without the prior written consent of URGO: (i) reproduce and/or exploit HEALICO, in whole or in part, in any form and by any means whatsoever; (ii) copy, modify, translate, adapt, assemble, decompile, alter, sell, rent, lease, loan, broadcast, distribute or transfer HEALICO; (iii) create derivative works from HEALICO or allow to bind or to incorporate all or part of one or more elements of HEALICO into other works; (iv) attempt in any way to obtain HEALICO’s source codes in whole or in part; or (v) knowingly transmit or upload any data or material that contains viruses, spyware, Trojan horses, worms or other harmful elements or causes cyberbreaches.

Any breach of the above undertaking constitutes a violation of the intellectual property or other rights of URGO and/or third-party licensors and may result in civil and/or criminal proceedings.

This license is concluded on an intuitu personae basis. In this respect the Institution may not assign, delegate or transfer by any means whatsoever the rights or obligations to which it is bound under this license without the prior written consent of URGO.

1. Provisions of HEALICO

URGO makes HEALICO available to the Institution free of charge by providing the Institution Users their personal authentication details (accounts) in response to a provided list of Users’ emails, surname and last name. The Users must keep these authentication elements confidential and undertakes not to disclose them to third parties for any reason, in any way and in any form whatsoever. In the event of loss, omission or theft of its authentication details, the User shall inform URGO without delay, by email to the following address:

• For Users based in France: contact@healico.fr
• For Users based in United Kingdom: contact@healico.uk
• For Users based in Germany: kontakt@healico.de
• For Users based in Spain: contacto@healico.es
• For Users based in Portugal: contact@healico.pt

URGO shall suspend User’s access to HEALICO and send new authentication details to the User.

Under no circumstances shall URGO be liable for the loss or theft of authentication details by the User or any use of HEALICO by a third party using such authentication details. The User is solely responsible for any liability related to the access and use of HEALICO with its authentication details whether by User or third party.

1. Availability of HEALICO

URGO shall use reasonable efforts to ensure that HEALICO is sufficiently available to Users.

In calculating when HEALICO is deemed “unavailable”, only Blocking Anomalies shall be taken into account. Any time that HEALICO is not available to Users due to: (i) scheduled maintenance operations for which the Institution has been notified in advance; (ii) interruption, disconnection or malfunction of the Institution’s Internet access networks and/or systems; (iii) failure of the Institution’s equipment, including any computer hardware, software or other equipment; (iv) malicious intrusions by third parties into the Institution’s computer systems and networks (including hardware and software); (v)transmission of viruses or other harmful elements on the Institution’s computer systems and networks (including hardware and software); and/or (vi)a case of force majeure, shall not be taken into consideration when calculating the availability of HEALICO as described above or constitute a breach of the SCU and/or GTC by URGO and URGO shall have no liability in respect of unavailability of HEALICO for these reasons.

For the avoidance of doubt, Institution shall be solely responsible for protecting its computer systems and networks (including hardware and software) against viruses, spyware, Trojan horses, worms or other harmful elements and cyberbreaches.

1. Corrective maintenance

URGO will provide corrective maintenance for HEALICO and use reasonable efforts to ensure its proper functioning. In the event of discovery of an Anomaly by the Institution (howsoever discovered), the Institution must notify it to URGO without delay by email to the following address:

• For Users based in France: contact@healico.fr
• For Users based in United Kingdom: contact@healico.uk
• For Users based in Germany: kontakt@healico.de
• For Users based in Spain: contacto@healico.es
• For Users based in Portugal: contact@healico.pt

To be processed, the Anomaly must be precisely described by the Institution which must be able to give any relevant documentation.

Whatever the nature of the Anomaly, URGO undertakes to respond within 2 business days of receipt of such notice, and will use all reasonable efforts to correct the Anomaly with the least possible disruption in the access and use of HEALICO by the Institution and the Users.

The response given within 2 business days will specify:

• Either the procedure to follow in order to correct the Anomaly;
• Or, in the event that the correction of the Anomaly would require a specific development, the time frame needed to resolve the said Anomaly.

In any event, the method of treating the Anomaly will be at URGO’s discretion and may take the form of a program correction, the provision of a workaround solution or any other means to avoid the reproduction and repetition of the Anomaly concerned.

Notwithstanding the foregoing, URGO shall have no liability whatsoever, and shall be under no obligation to resolve, any Anomaly or other issue which results from: (i) improper use of HEALICO; (ii) breach of the SCU and/ or GTC ; and/or (iii) a third party computer program used in conjunction or combination with HEALICO; (iv) any other intervention in the operation of the HEALICO, in each case by the Institution, a User or a third party (as applicable) which has not previously been authorized in writing by URGO.

1. Institution’s obligations

The Institution warrants and undertakes that:

• it will only allow Users to access HEALICO and no other employees or consultants of the Institution.
• no decision rendered by a disciplinary body or by any competent authority in the context of the Institution’s, User’s professional activities, nor any court decision, prevents the exercise of the professional activity and that no professional and/or ethical rule to which the Institution, the User are bound by under the Applicable Law prevents them from using HEALICO in the context of their professional activity.
• the Institution and Users shall only use HEALICO within the strict framework of the exercise of their professional activity, and more generally in compliance with the Applicable Law and the Regulations applicable to the protection of personal data.

The company Laboratoires URGO (hereinafter referred to as “URGO“) is a company specializing in the development of wound care products.

URGO is concerned about the protection of Personal Data and is therefore committed to protecting them in accordance with the Data Protection Regulation.

The purpose of this personal data protection policy (hereinafter the “Privacy Policy“) is to describe the conditions for compliance with Data Protection Regulation in connection with the processing of Personal Data by URGO.

URGO, a simplified joint stock company with a single shareholder, with a share capital of €13,987,328, registered with the Dijon Trade and Companies Register under number B 433 842 044 and with its registered office at 42, rue de Longvic – 21300 Chenôve, France, provides the HEALICO application (hereinafter the “Application” or “HEALICO”), a support application for the treatment and monitoring of wounds.

By accepting the Privacy Policy, you consent to the processing of your Personal Data as set forth in this Policy and agree to inform and obtain consent from your patients prior to using HEALICO’s services.

This Privacy Policy applies only to your use of the Application.

For the needs of the present Privacy Policy, the terms identified below have the following meanings, whether they are used in the singular or plural:

“Affiliates” means any company, which is directly or indirectly, controlling a company, controlled by a company, or under common control with a company. “Control” means holding directly or indirectly, a majority of share capital or voting rights of a company.

“Data Protection Regulation” means any regulation on privacy and data protection and, in particular, but without being limited thereto by the Regulation (EU) N°. 2016/679 of 27 April 2016 called “General Data Protection Regulation” (“GDPR”) and the French Data Protection Law N°. 78-17 of 6 January 1978, as modified by Law N°. 2018-493 of 20 June 2018 called «French Data Protection Act» and the United Kingdom Data Protection Act 2018.

« Employee User » means any healthcare professional (including a nurse) with authorisation to heal and monitor wounds, employed or otherwise engaged by an Institution, as an employee of this Institution, and using HEALICO put at his/her disposal with approval of the Institution.

« Healthcare Data » means the only data related to the Patient that is necessary for the care provided by User in the course of his/her professional activity, namely Personal Data (including health data) collected by the User in the course of the provision of health care services in the frame of User’s professional activity.

« Independent User » means a healthcare professional (including a nurse) with authorisation to heal and monitor wounds as part of an independent mode of practice, and using HEALICO as part of its professional practice.

« Institution » means any healthcare establishment or any health center, and in general, any institution providing patient care, whatever its legal form, which employs or contracts the User to practice his/her profession as an employee or consultant, and which makes HEALICO available to the User in the exercise of their profession.

« Patient » means the patient to whom the User provides care intended for the follow-up and management of a wound and whose Healthcare Data is collected by the User during such care in the course of his/her professional practice.

« Pseudonymisation » means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

« Pseudonymized Data »: refers to Personal Data not directly identifying Patients and Users, obtained from the extraction of Data entered by Users in HEALICO and processed by URGO through an automated Pseudonymization process.

« User » means either an Independent User or an Employee User.

“Personal Data“, “Controller“, “Processor” and “Recipient” have the meaning given by the GDPR.

 

• Protection of User Data for access and use of HEALICO

For the purposes of this clause, “User Data” means :

• the Personal Data of the User provided by the User, i.e. his/her name, first name, email address, profession, identity documents and relevant certificate allowing to prove his/her status as a health professional;
• Data collected by URGO or generated automatically when the User uses HEALICO to improve User’s experience, to produce statistics and facilitate customer support.

 

Recipients: The User Data may be provided by the User to URGO or to its Affiliates, namely the companies:

• URGO Affiliates, namely:
  • URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG, United Kingdom;
  • URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany;
  • LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain;
  • URGO MEDICAL PORTUGAL having its registered office located Av. Do Forte 6, 2790- 072 Carnaxide, Portugal;

And to:

• BAM, a simplified joint-stock company with a capital of 200,000 EUR whose head office is located at 5 rue du Helder 75009 Paris, and registered in the Paris Trade and Companies Register under number 808 556 567, in charge of the development of HEALICO;
• PADOK, the certified health data host (a company organized under French law, registered in the trade and company register of Paris, France, under number 843 957 465, whose registered office is at 48 Boulevard des Batignolles, 75 017 Paris, France) which is subcontracting hosting services to AMAZON WEB SERVICES Inc. (“AWS”) (AMAZON WEB SERVICES EMEA SARL, French branch, registered in the trade and company register of Nanterre under number 831 001 334, whose registered office is located Tour Carpe Diem 31 Place Des Corolles, 92400 Courbevoie France);
• DATALYO in charge of data analysis services (a company organized under French law and registered in the trade and company register of Lyon, France under number 805 063 286, whose registered office is 8 rue Paul Montrochet – Quartier Confluence 69002 Lyon, France),
• FOREST ADMIN Inc. the owner of the tool used by URGO for the back office of HEALICO (Users’ account management, etc.)
• GOOGLE Inc. and its Affiliates, due to the use of the tool FIREBASE for the authentication of Users with their email address and/or Google ID and/or Apple ID;
• TWILIO Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 and its Affiliates due to the use of the SENDGRID tool for the sending of automatic email and SMS to Users to be added to a care team in HEALICO;
• ZENDESK Inc. 989 Market Street, San Francisco, CA 94103, USA, for customer support
• MAILCHIMP Inc., Intuit Mailchimp 405 N Angier Ave. NE Atlanta, GA 30308 USA, for automated mailing campaigns
• POWERBI Inc., 39 quai du Président Roosevelt, 92130 Issy les Moulineaux, for data visualization and analysis
• SNOWFLAKE Inc., 88 avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, for analytical data storage

• AIRBYTE Inc, 32 AV Hoche, 75008 Paris, for data integration between platforms

as a result of or in connection with him/her accessing HEALICO.

URGO undertakes to protect the User’s Data, recorded during access and/or use of HEALICO, as Controller, in accordance with the Data Protection Regulation.

Purposes: The processing of User Data is necessary for access and use of HEALICO and for responding to requests, support and maintenance of HEALICO. The User is informed that User Data may be processed for statistical purposes for the purpose of improving HEALICO or for communication purposes. The personal data provided by the User is accessible to other Users of the same patient care team.

Transfers: The User Data is strictly confidential and intended for use by URGO and its Affiliates. URGO undertakes not to transfer, rent or transmit the User Data to third parties other than the Recipients above listed, in the course of carrying out their mission, unless it is required by law or court order.

Duration: User Data will be kept for the duration of HEALICO’s use by the User and will be deleted immediately on User’s request, or no later than five (5) years from last connection to HEALICO by the User.

Confidentiality: In accordance with the Data Protection Regulation, URGO undertakes to take all appropriate and commercially reasonable technical and organisational security measures, with regard to the nature of the User Data and the risks presented by the processing, to preserve their security and confidentiality and, in particular, to prevent the destruction, loss, alteration, disclosure or unauthorised access to such data.

Right of access, rectification, limitation, deletion: The User has the right:

• to request access to User Data, their rectification, deletion, restriction of data processing and the right of portability;
• to object to the processing;
• to withdraw its consent at any time, without affecting the lawfulness of the processing based on the consent before it is withdrawn;
• to set guidelines on the fate of the User Data after his death (only applicable in France)

The User may exercise his/her rights at any time by sending a request to URGO at the following address:

• For Users based in France: by writing at: Laboratoires URGO having its registered office at 42, rue de Longvic – 21300 Chenôve, France or at dpo@group.urgo.com;
• For Users based in the UK: URGO Ltd at the following:
• by writing: at URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG or at dpo@uk.urgo.com or on :
  • Twitter: https://twitter.com/urgomedicaluk ; Facebook – Healico:  https://facebook.com/healicouk ;
  • Facebook – UrgoMedical UK: https://en-gb.facebook.com/urgomedical/ ;
  • Linkedin: https://www.linkedin.com/company/urgo-medical-uk-ie/
• by calling: 0330 128 0898.
• For Users based in Spain: by writing at: LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain or at dpo@group.urgo.com;
• For Users based in Germany: by writing at: URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany or at dpo@group.urgo.com;
• For Users based in Portugal: by writing at: URGO MEDICAL PORTUGAL having its registered office located Av. do Forte 6, 2790-072 Carnaxide, Portugal or at dpo@group.urgo.com;

When making this request, the User shall specify precisely the purpose and data concerned. To process the request, the User may be asked to provide proof of identity. The User’s requests are processed as soon as possible with all due diligence. In the event of the deletion of User Data, or the exercise of User’s right to object, the User acknowledges and accepts that the User will no longer have access and may no longer use HEALICO.

Should the User have any cause for complaint regarding the use of User Data, the User has the right to lodge a complaint with the relevant supervisory authority:

• • For France: https://www.cnil.fr/fr/plaintes
  • For Great Britain: https://ico.org.uk/make-a-complaint/
  • For Germany: https://www.bfdi.bund.de/EN/Buerger/Inhalte/Allgemein/Datenschutz/BeschwerdeBeiDatenschutzbe hoerden.html
  • For Spain: https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/tramitesCiudadanoMorosidad.jsf
  • For Portugal: https://www.cnpd.pt/cidadaos/participacoes

 

• Protection of Healthcare Data processed in the frame of use of HEALICO

The Healthcare Data collected by the User in HEALICO is strictly covered by professional secrecy that the User undertakes to respect.

In the context of their contractual relationships, the parties undertake to comply with the applicable regulations on the protection of Personal Data

2.1) Healthcare Data collected by User

This section defines the conditions under which URGO as a Processor processes Personal Data on behalf of the User as a Controller, as defined below.

• General provisions on Healthcare Data processed by User

In accordance with Data Protection Regulation, when the Independent User collects and processes Healthcare Data in connection with the use of HEALICO, he/she is the Controller according to the Data Protection Regulation. However, in case the User is employed or contracted by an Institution (Employee User), the Institution through which the User accesses HEALICO is responsible for the processing of the Healthcare Data (including any Healthcare Data residing in electronic health records maintained by or on behalf of the UK National Health Service) performed as a Controller for the purposes of Data Protection Regulation. As such, it is the responsibility of the Institution, through the Employee User, or of the Independent User, to ensure that the processing and use of the Healthcare Data by the User is in strict compliance with the Data Protection Regulation.

The Institution, through the Employe User, or Independent User agrees to obtain written consent from Patients before processing any Healthcare Data in HEALICO. In addition, for any subsequent exchange with an external healthcare professional or for the addition of a new User to the Patient’s care team, it is necessary to obtain the Patient’s express consent.

It is also the responsibility of the Independent User or the Institution, through the Employee User, to provide all useful information to its Patients, upon collecting the data that will be processed by the User.

The Employee User undertakes in particular to notify the Institution in the event of a request for the exercise of his/her rights by the Patient whose Healthcare Data are being processed.

The Independent User undertakes to satisfy any request to exercise his rights made by a Patient whose Healthcare data is being processed.

For patients based in the United Kingdom, the Institution is also Data Controller when:

• the User accesses HEALICO and integrate in HEALICO Healthcare Data from the electronic medical records maintained by or on behalf of the National Health Service; and
• the User accesses HEALICO and uses Healthcare Data from HEALICO to update the electronic medical records maintained by or on behalf of the National Health Service.

HEALICO has functionalities allowing in particular the implementation of Patients’ rights over their Personal Data such as the consent form for the Patient. If the User is part of an Institution, the Institution through which the User access HEALICO, acknowledges that the consent form is provided to help the Institution to comply with Data Protection Regulation.

Under no circumstances shall URGO be held liable for the non-use of these functionalities by the Institution or the User or failure of these functionalities to fulfill the Institution’s obligations under Data Protection Regulation.

In general, URGO cannot be held liable in the event of non-compliance by the Institution or by the Independent User, depending on the case, with its obligations as Controller.

• Transfer of Healthcare Data collected by Users to other Users

The User may, at any time, to offer the Patient the transfer of their Healthcare Data to any other User, in order to ensure better follow-up and / or better management of wounds of the Patient. This transfer is only possible if the User has previously received the express consent of the Patient for the transfer of his Healthcare Data to the identified User.

In this case, only the User identified in the Patient’s consent will be able to have access to the Patient’s Healthcare Data.

• Description of the data processing

Purposes: The Healthcare Data are processed to ensure the follow-up of the care provided to the Patient by the User in the context of his professional activity by allowing the Users to collect, organize and analyze via an organized and ergonomic interface the Healthcare Data in a structured and secure format.

Legal basis for processing: The legal basis for the processing activity is the Patient’s consent obtained by the User as well as the present contract governing the relationship between the User and URGO.

Data subjects of the processing activity: Patients registered by Users in HEALICO.

Personal Data collected: Healthcare Data.

• Healthcare Data at the closure of the User’s account

Before closing his/her User account for any reason whatsoever, the User will have the possibility of exporting in a readable format the Healthcare Data he/she has integrated into HEALICO and which have not been deleted by him/her.

If the User fails to take action when closing his/her account, the Healthcare Data will be destroyed no later than six (6) years from last connection to HEALICO by the User.

In addition, a Patient’s profile (and its Healthcare Data) for which all Users have left the care team and/or closed their User account, is deleted after five (5) year.

The User is responsible for the extraction of the necessary Patient Personal Data, which must be kept for the period specified by Data Protection Regulation.

In those cases URGO shall have no liability to the User in respect of such destruction.

• Access to Healthcare Data by URGO

Under no circumstances will URGO have access to the Healthcare Data, with the exception of an ad hoc request from a User concerning the restoration of lost Healthcare Data.

If such a User makes any ad hoc request to URGO regarding the user of HEALICO (data restoration) the related Healthcare Data may be accessible by URGO only for this specific purpose.

URGO will act as a Data Controller for this purpose.

• URGO’s obligations

URGO, as a processor of the User, undertakes to:

• process the Healthcare Data only for the purposes agreed upon in accordance with the applicable Privacy Policy and the instructions of the Users;
• respect the confidentiality of the Healthcare Data;
• provide Users with a template for the collection of Patient consent;
• inform Users within the time limits provided for in the GDPR of requests from Patients to exercise their rights of access, rectification, deletion, opposition and limitation with respect to the Health Care Data that are the subject of the processing;
• to communicate to the Users the name and contact details of its Data Protection Officer:
  • For Users based in France: by writing at: Laboratoires URGO having its registered office at 42, rue de Longvic – 21300 Chenôve, France or at dpo@group.urgo.com;
  • For Users based in the United Kingdom:

• by writing: at URGO Ltd having its registered office located Sullington Road Shepshed – LOUGHBOROUGH – LEICESTERSHIRE – LE12 9JG, United Kingdom or at dpo@group.urgo.com or on :
  • Twitter: https://twitter.com/urgomedicaluk ;
  • Facebook – Healico:  https://facebook.com/healicouk ;
  • Facebook – UrgoMedical UK: https://en-gb.facebook.com/urgomedical/ ;
  • Linkedin: https://linkedin.com/company/urgo-medical-uk-ie/
• by calling: 0330 128 0898.
• For Users based in Spain: by writing at: LABORATORIOS URGO having its registered office located Barrio La Florida nº29, Hernani (Guipúzcoa), Spain or at dpo@group.urgo.com;
• For Users based in Germany: by writing at: URGO GmbH having its registered office located Justus-von-Liebig-Str. 16, 66280 Sulzbach, Germany or at dpo@group.urgo.com;
• For Users based in Portugal: by writing at: URGO MEDICAL PORTUGAL having its registered office located Av. do Forte 6, 2790-072 Carnaxide, Portugal or at dpo@group.urgo.com;

• keep a written record of the categories of processing activities carried out in the context of this processing, including the information provided for in Article 30 paragraph 2 of the GDPR;
• make available to Users the documentation necessary to demonstrate compliance with its obligations;
• if applicable:
  • assist the Controller in the performance of data protection impact assessments;
  • assist the Controller in carrying out the prior consultation with the supervisory authority.
• take appropriate and commercially reasonable technical and organizational measures to preserve the security, integrity, availability and confidentiality of the Healthcare Data, including :
  • commitment by Users to collect consent from Patients;
  • means to restore the availability of and access to Personal Data within appropriate timeframes in the event of a physical or technical breach;
  • an data breach register;
• notify Users by email of any breach of Healthcare Data as soon as possible after becoming aware of it
• notify the competent supervisory authority, in the name and on behalf of the Users, of violations of Personal Data as soon as possible and, if possible, no later than 72 hours after becoming aware of them, unless the violation in question is not likely to result in a risk to the rights and freedoms of natural persons.

 

2.2)  Processing of Healthcare Data by URGO  

The User undertakes to inform its Patients that URGO may process Pseudonymized Health Data, and to obtain their prior consent for this processing, the following purposes:

• In order to improve HEALICO’s functioning and performance
• for statistical or communication purposes
• For Research and development purposes (to predict the duration of wound healing and analyze wound healing characteristics).

In accordance with the Data Protection Regulation, URGO is the Data Controller for the processing of Patient Health Data for the purposes set out above.

The legal basis for the further processing of the Patient Healthcare Data for the aforementioned purposes is the patient consent obtained by the signature of the “Patient Consent” document by the Patient. The User undertakes to give the Patient the “Patient Consent” document and, in the event of signing this document, the User undertakes to signify this consent in HEALICO.

To this end, the User undertakes to give the “Patient Consent” document to the Patients concerned by the re-use of their data by URGO, which specifies all the information that must be delivered to them in accordance with Article 14 of the GDPR.

The Pseudonymized Healthcare Data files are the property of URGO. They may not therefore be transferred to a third party without the prior written consent of URGO.

 

• Hosting of HEALICO

HEALICO is hosted by a certified health data host, in accordance with Article L. 1111-8 of the French Public Health Code, the company  PADOK (a company organized under French law, registered in the trade and company register of  Paris, France, under number 843 957 465 , whose registered office is located 48 Boulevard des Batignolles 75017 Paris, France) which is subcontracting these hosting services to AMAZON WEB SERVICES Inc (“AWS”) (AMAZON WEB SERVICES EMEA SARL, French branch, registered in the trade and company register of Nanterre under number 831 001 334, whose registered office is located Tour Carpe Diem 31 Place Des Corolles, 92400 Courbevoie France).

The Healthcare Data, as well as the User Data, are stored on servers of AWS, and only User Data and Pseudonymized Data are made available to URGO.  PADOK acts as a subcontractor of URGO, under a contract signed between PADOK and URGO which imposes Processor obligations on PADOK within the meaning of and in accordance with the Data Protection Regulation and which may not derogate from this article. In accordance with Article L. 1111-8 of the French Public Health Code, PADOK is bound by professional secrecy under the conditions and under the penalties provided for in Article 226-13 of the French Criminal Code.

 

• Transfers outside the European Union

URGO will not transfer Healthcare Data or Pseudonymized Data to a country outside the European Economic Area without the prior written consent of the User. If the User is located in the United Kingdom, URGO will not transfer Healthcare Data to a country outside the United Kingdom without the prior written consent of the User.