Politique de confidentialité
• Le traitement des données relève de la responsabilité de l’Agence allemande pour la coopération internationale (GIZ) GmbH, Bonn/Eschborn.
Adresse postale :
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn Allemagne
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn Allemagne
Contact :
info@giz.de
Coordonnées de la personne responsable de la protection des données :
datenschutzbeauftragter@giz.de
Généralités
openIMIS est une initiative conjointe entre :
• la Direction du développement et de la coopération suisse (DDC), Berne ;
• le ministère fédéral allemand de la Coopération économique et du développement (BMZ), Bonn/Berlin ;
• et l’Agence allemande pour la coopération internationale (GIZ) GmbH, Bonn/Eschborn.
L’initiative est dirigée par l’Agence allemande pour la coopération internationale (GIZ) GmbH. La GIZ est une entreprise fédérale d’utilité publique pour la coopération internationale. Nous travaillons comme entreprise fédérale de droit privé. Notre but est d’atteindre l’objectif de politique de développement consistant à améliorer les conditions de vie des populations du monde entier et à conserver les ressources naturelles dont dépendent les moyens de subsistance.
Analyse web
À des fins statistiques et pour améliorer notre service, notre site web utilise le service d’analyse web Matomo (auparavant nommé PIWIK). Les données ne sont pas utilisées à d’autres fins et ne sont pas transmises à des tiers. Les informations suivantes sont enregistrées pour chaque page que vous consultez et chaque fichier que vous téléchargez :
• détails techniques sur le navigateur utilisé ;
• adresse IP anonyme ;
• date et heure ;
• page ouverte/nom du fichier téléchargé ;
• quantité de données transférées ;
• et notification du succès de la visualisation ou du téléchargement.
Pour effectuer cette analyse web, Matomo utilise des cookies de session temporaires chaque fois que vous consultez une page individuelle, afin de faciliter la navigation. Les cookies sont de petits fichiers texte qui sont stockés localement dans le cache de votre navigateur. Les cookies de session ne contiennent aucune donnée personnelle et expirent à la fin de chaque session, ou après la réalisation d’une enquête auprès des utilisateur·trice·s, qui est menée en règle générale tous les deux ans.
Les informations générées par ces cookies, telles que l’heure, le lieu et la fréquence de vos visites sur notre site, y compris votre adresse IP, sont transmises à notre serveur Matomo et y sont stockées. Dans le cadre de ce processus, votre adresse IP est immédiatement rendue anonyme afin que vous, en tant qu’utilisateur·trice, restiez anonyme pour nous. Les cookies de session ne contiennent aucune donnée personnelle et expirent à la fin de chaque session, ou après la réalisation d’une enquête auprès des utilisateur·trice·s, qui est menée en règle générale tous les deux ans. Nous n’utilisons pas de méthodes telles que les applets Java ou les contrôles ActiveX qui permettent de suivre votre comportement de navigation.
Vous pouvez empêcher l’installation de cookies en modifiant les paramètres de votre logiciel de navigation en conséquence. Vous devez toutefois savoir qu’en procédant ainsi, vous risquez de ne pas pouvoir utiliser pleinement toutes les fonctions de notre site web.
Les données sont traitées sur la base de l’Art. 6, paragraphe 1 f) du Règlement général de l’UE sur la protection des données (RGPD), dans le but légitime d’analyser l’usage qui en est fait afin d’améliorer le site web de la société.
Si vous ne souhaitez pas que ces données relatives à votre utilisation du site soient stockées et analysées, vous pouvez à tout moment retirer votre consentement relatif à leur stockage et à notre utilisation en cliquant sur la souris. Un cookie nommé « opt out » apparaît alors sur votre navigateur et Matomo ne recueillera en conséquence plus aucune donnée sur vos visites.
Veuillez noter que si vous supprimez les cookies dans les paramètres de votre navigateur, le cookie de désactivation de Matomo peut également être supprimé et devra être réactivé.
Remarques concernant l’opposition
Si vous ne souhaitez pas que les données relatives à votre utilisation du site soient stockées et analysées, vous pouvez à tout moment retirer votre consentement par la suite, en cliquant sur la souris. Un cookie nommé « opt out » apparaît alors sur votre navigateur et Matomo ne recueillera en conséquence plus aucune donnée sur vos visites.
Pour que l’opposition prenne effet, le cookie doit être stocké sur chaque appareil utilisé. Comme le cookie est stocké dans des navigateurs spécifiques (programmes internet), le cookie doit être stocké dans chaque navigateur si plusieurs navigateurs sont utilisés sur un même appareil (par exemple, Internet Explorer, Chrome, Mozilla Firefox). Veuillez également noter que, si vous supprimez tous les cookies, le cookie d’opposition sera également supprimé et devra à nouveau être stocké.
Formulaire de contact
Lorsque vous utilisez le formulaire de contact, nous traitons votre titre de civilité, vos noms et prénoms et votre adresse électronique. Les données sont traitées sur la base de l’Art. 6, paragraphe 1b) du RGPD de l’UE dans l’objectif de recevoir la demande exprimée dans le formulaire de contact.
Bulletin d’information / Liste de diffusion
Les données personnelles recueillies dans le cadre de l’abonnement à la liste de diffusion ne seront utilisées que dans le but de traiter l’abonnement et de répondre à vos demandes. Vos données ne seront pas transmises à des tiers. Vos données ne seront pas utilisées à des fins de conseil, de publicité ou d’étude de marché.
Si vous résiliez votre abonnement, toutes vos données personnelles seront supprimées de notre base de données. Les adresses postales et les adresses électroniques que vous fournissez lorsque vous faites une demande ou commandez du matériel d’information sont utilisées exclusivement à des fins de correspondance ou de livraison. Lorsque vous utilisez d’autres services en ligne qui nécessitent la transmission de données personnelles plus complètes, comme les demandes d’emploi en ligne ou l’inscription à des cours de formation, les déclarations de protection des données adaptées à ces services s’appliquent également.
Durée de la conservation des données
Les données à caractère personnel sont régulièrement supprimées lorsque :
• elles ne sont plus nécessaires à des fins contractuelles (par exemple, pour les contrats de travail, les compléments de prix, les contrats de location, de vente ou de service) ;
• les personnes concernées n’ont pas donné d’autorisation distincte ;
• les obligations et les délais légaux de stockage des données ont expiré.
Référence aux droits des utilisateur·trice·s
Vous avez le droit :
• de vous opposer au traitement des données ;
• de vous renseigner sur vos données personnelles et sur leur traitement ;
• de faire, si nécessaire, rectifier ces données, ou de demander la limitation du traitement ou l’effacement des données.
Les données seront ensuite effacées.
Si vous avez des questions ou des plaintes concernant ce site web, veuillez adresser votre demande à l’adresse électronique suivante : (contact@openimis.org)
Vous avez également le droit de déposer une plainte auprès de l’autorité de contrôle de la protection des données compétentes. En l’occurrence, l’autorité responsable est le Commissaire fédéral allemand pour la protection des données et la liberté d’information (BfDI).
Privacy Policy openIMIS software
The protection of your privacy and your personal data (as defined in Article 4(1) of the Data Protection Basic Regulation (EU) 2016/679 ("DSGVO") is very important to openIMIS ("us", "our" or "we"). It is extremely important for us that openIMIS users ("users") feel secure when using our services.
This Privacy Policy forms the basis on which personal data are collected from you. Please read this Privacy Policy carefully to understand the categories of personal information we collect from you, the circumstances in which we may disclose it to third parties and your rights regarding the personal information you provide to us.
When you use our mobile applications "openIMIS Policies Demo" or "openIMIS Claims Demo" (the "App") or openIMIS web-based application ("Web-embed") (together the App and Web-embed referred to as the "Services"), you might be asked to confirm that you have read and understood the information described in this Privacy Policy.
Who we are
This Privacy Policy applies to the processing of personal data by the openIMIS software as well as the openIMIS Initiative. The copyright for the openIMIS software is held by the Swiss Agency for Development and Cooperation (SDC), and is licensed as open-source software using the AGPL3 licence. Details on the license can be found in openIMIS Software License. The openIMIS Initiative, to promote and streamline the further development of the software, is currently financed by the German Federal Ministry for Economic Cooperation and Development (BMZ) and the Swiss Agency for Development and Cooperation (SDC), and is managed by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ).
Questions, comments and inquiries regarding this data protection and privacy declaration are welcome and should be directed to openIMIS Service Desk.
General overview of our data processing activities in connection with the Services
openIMIS will collect and process the following data from you:
- Last Name, Other Names
- Address
- Date Of Birth
- ID number
- Phone, Fax, Email
- Geo Location
- Photo
You are asked to provide us with the above listed information when you:
- Create an account on the "Web-embed"
- Create or update a family on the "Web-embed" or on the "app"
- Create or update a family member on the "Web-embed" or on the "app"
- Create or update a policy on the "Web-embed" or on the "app"
- Create or update a contribution/payment on the "Web-embed" or on the "app"
- Create or update a claim on the "Web-embed" or on the "app"
We highly recommend and expect that the data entered in the openIMIS Apps or Web-embeds is not your real personal data, but is fictitious.
Specific processing activities and the nature and purpose of data use
If you create an account on the "Web-embed"
- Categories of data: language, names, e-mail address and password, user id, main health facility (optional), location of works, phone (optional), permanent address (optional), date of birth (optional) and time and date of registration.
- Purposes of processing: to grant access to the "app" and "Web-embed", to generate reports for the enrolment officer(s) and the claim administrator(s), and to perform audits.
- Legal basis: legitimate interest (Article 6 (1) (f) GDPR): processing is necessary for the purposes of legitimate interests.
- Storage period: as long as the user is registered in the "Web-embed" and not more that one week after the account is created.
If you create or update a family or a family member on the "Web-embed" or on the "app"
- Categories of data for a family: id, head of the family, region, district, municipality, village, poverty status (optional), confirmation type (optional), family group type (optional), and time and date of registration.
- Categories of data for family members: photo, id, insurance number, names, date of birth, gender, marital status (optional), beneficiary card (optional), region (optional), district (optional), municipality (optional), village (optional), current address (optional), profession (optional), education (optional), phone (optional), email (optional), identification type (optional), identification number (optional), first point of care (optional) and time and date of registration.
- Purposes of processing: to validate claims generated by the health facilities on behalf of the family and its members.
- Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
- Storage period: as long as the user is registered in the "Web-embed" and not more that one week after the family or family member is created.
If you create or update a policy, contribution/payment on the "Web-embed" or on the "app"
- Categories of data for policy: id, enrolment date, product, start date, expiry date, enrolment officer, policy value and time and date of registration.
- Categories of data for contributions/payment: id, payer (optional), contribution category (optional), amount, receipt no., payment date, payment type, and time and date of registration.
- Purposes of processing: to activate a (insurance) contract with the family.
- Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
- Storage period: as long as the user is registered in the "Web-embed" and not more that one week after the creation of the policy.
If you create or update claim on the "Web-embed" or on the "app"
- Categories of data: health facility, claim administrator, diagnoses, insuree number, claim date, care dates, visit type, claim id, claim number, services and items claimed, guarantee number (optional).
- Purposes of processing: to calculate of the amount to be reimbursed to the health facility based on the service provided (claim valuation and capitation on claim number/amounts); also for auditing.
- Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
- Storage period: as long as the "Web-embed" is active and not more that one week after the creation of the claim.
Where is your personal information stored
When you submit data using the Apps or the web interface, the data collected from you will be stored the "Web-embed" server.
If collected via the app, they will be:
- stored on the IMIS folder in your root directory for the photos and connection tokens
- in the application database located in the application folder for the other information (not accessible for non-root user)
Those data are erased after synchronisation with the service of generation of an export archive (encrypted via password, stored in the IMIS folder).
Sensitive information exchanged between your browser and our website is transmitted in encrypted form using Transport Layer Security ("TLS").
Recipient of your personal data
In order to provide and maintain the services, the data recipient is the entity managing the openIMIS server the mobile app is configured to connect to. By default, the mobile apps are configured to connect to the openIMIS demo server. The data in this demo server is available to anyone accessing it, however, all data is erased every week.
How long we store your personal data
openIMIS will retain any, including personal, data entered into the openIMIS demo server for a maximum period of one week.
Your rights
According to the basic data protection regulation (EU) 2016/679, you have various rights with regard to your personal data.
These rights can be exercised by sending a service desk request.
- Verification: To verify your request, we will take reasonable steps, such as asking you to send us confirmation from the email address associated with your account so that we can verify that you are the owner of that email account. If no email address is associated with your account, we may ask you for a copy of your ID.
- Right to withdraw consent: You have the right to withdraw your consent at any time by notifying us by email to contact@openimis.org . A revocation of your consent does not affect the legality of the processing based on your consent up to the time of revocation.
- Right of objection: You have a right of objection under the conditions of Article 21 DSGVO. You will find more detailed information on this below:
- Right of objection in case of processing based on legitimate interests: As a data subject, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you carried out pursuant to Article 6 (1) (e) or (f) FADP, including profiling based on these provisions. In the event of an objection for reasons arising from your particular situation, we shall no longer process the personal data concerned unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing is for the purpose of asserting, exercising or defending legal claims.
- Right to object to processing for statistical purposes: If we process your personal data for statistical purposes pursuant to Art. 9 (2)(j) GDPR, § 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such objection, we will no longer process the personal data concerned for this purpose, unless the processing is necessary for the performance of a task carried out in the public interest or if the discontinuation of the processing is likely to make the achievement of the statistical purposes impossible or seriously prejudice them and the continuation of the processing is necessary for the fulfilment of the statistical purposes.
- Right to object to direct marketing: Where personal data are processed for the purpose of carrying out direct marketing activities, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing activities, including profiling, insofar as it relates to such direct marketing activities. In the event of an objection to processing for the purposes of direct marketing, we shall no longer process the personal data concerned for those purposes.
- To exercise your right of objection, you can contact us at any time by e-mail at contact@openimis.org.
- Right of access: As a data subject, you have a right of access under the conditions of Article 15 GDPR. This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right of access to this personal data and to the information listed in Article 15 (1) GDPR. This includes, for example, information about the purposes of the processing, the categories of personal data processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
- Right to delete/"right to be forgotten": As a data subject, you have a right of deletion ("right to be forgotten") under the conditions laid down in Article 17 GDPR. This means that you are in principle entitled to demand that we delete personal data relating to you without delay and we are obliged to delete personal data without delay if one of the reasons listed in Article 17 (1) GDPR applies. You can do this at any time, for example, by deleting your account. If we have made the personal data public and we are obliged to delete them, we are also obliged, taking into account the available technology and the implementation costs, to take reasonable measures, including technical measures, to inform other data controllers who process the personal data that a data subject has requested that all links to these personal data or copies or replications of these personal data be deleted (Article 17 (2) GDPR). The right to erasure ("right to be forgotten") does not apply by way of exception if the processing is necessary for the reasons listed in Article 17 (3) FADP. This may be the case, for example, if the processing is necessary for the fulfilment of a legal obligation or for the assertion, exercise or defence of legal claims (Article 17 (3) (a) and (e) FADP).
- Right to restrict processing: As a data subject, you have a right to restrict processing under the conditions of Article 18 GDPR. This means that you have the right to demand that we restrict processing if one of the conditions listed in Article 18 (1) GDPR is met. This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the processing will be limited for a period of time that allows us to verify the accuracy of the personal data (Article 18 (1) (a) FADP). Restriction means the marking of stored personal data with the aim of restricting their future processing (Article 4 (3) GDPR).
- Right of rectification: As a data subject, you have a right of rectification under the conditions of Article 16 of the GDPR. This means in particular that you have the right to demand that we correct incorrect personal data relating to you without delay and complete incomplete personal data.
- Right of appeal: As a data subject, you have the right to appeal to a supervisory authority under the conditions of Article 77 of the GDPR. The responsible authority in this case is the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).
If you request us to stop processing your personal data or to delete them, this will mean that you will no longer be able to use our services or at least those parts of the services which require the processing of the types of personal data you have asked us to delete, which may mean that you will no longer be able to use the services as a whole.
Changes to this privacy policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or by notification via the App. Therefore, we encourage you to check this page from time to time so that you are kept informed of how we are processing your information.