The health data hosting appendix (hereinafter "HDS Appendix") is concluded between SCALINGO and the Client if the Data hosted by SCALINGO on behalf of the Client, under the Agreement, contains, in whole or in part, Personal Health Data.
The HDS Appendix is an integral part of the Agreement concluded between SCALINGO and the Client. It takes effect at the same time as the Agreement takes effect and remains in force throughout the term of the Agreement.
In the event of any contradiction between the clauses of the HDS Appendix and those of the Agreement, the clauses of the HDS Agreement shall prevail for the object that concerns them.
All terms identified in the HDS Appendix that begin with a capital letter, if they are not defined herein, have the meaning given to them in SCALINGO's General Terms and Conditions of Service (hereinafter the "GTC") and/or the Data Processing Agreement appendix (hereinafter the "DPA").
i. Personal health data or Health data: means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about that person's state of health, regardless of its source, whether it comes for example from a doctor or other healthcare professional, a hospital, medical device or in vitro diagnostic test. This data includes, but is not limited to:
ii. Hosting: refers to the storage service of Client's Resources including Personal Health Data.
A Personal Health Data is special data, within the meaning of Article 9 of the GDPR, which, due to its high sensitivity and confidentiality, requires enhanced protection when it is subject to automated processing.
This protection implies the implementation of a high level of security of the software and IT infrastructures hosting databases of Personal Health Data, adapted to the criticality of this data and the risks generated by their processing on the fundamental rights and freedoms of individuals.
Thus, when an outsourced hosting provider is used, Article L. 1111-8 of the Public Health Code provides that "I.- Any person who hosts personal health data collected during prevention, diagnosis, care or social and medico-social monitoring activities, on behalf of natural or legal persons at the origin of the production or collection of such data or on behalf of the patient himself, carry out such accommodation under the conditions set out in this Article.II.-The host of the data mentioned in the first paragraph I on digital medium holds a certificate of conformity."
Pursuant to Article L. 1111-8 of the Public Health Code, SCALINGO declares to benefit from HDS certification n°38436 issued on September 12th, 2022 by LNE (Laboratoire national de métrologie et d’essais - 1, rue Gaston Boissier – 75724 PARIS Cedex 15), on the following perimeter: Physical infrastructure hosting provider and Service hosting provider (the "Certification").
The Certification is valid for three (3) years, i.e. until September 11th, 2025 and renewable every three (3) years.
It concerns the following activities, provided by SCALINGO under the Contract:
The Certification is made available to the Client at any time, directly on the Platform, at the following address https://doc.scalingo.com/compliance.
SCALINGO guarantees that the hosting infrastructures for Personal Health Data are HDS certified on the date of signature of the HDS Appendix. SCALINGO undertakes to maintain this certification, or any equivalent authorization provided for by law, for the duration of the HDS Appendix.
At the Client's request, SCALINGO will make the Certification Audit Reports available to the Client for consultation at SCALINGO's premises only.
Pursuant to the Certification, the Client unreservedly adheres to this HDS Agreement as a whole without being able to claim any adjustment, except to risk derogating from the certified contractual obligations.
To ensure the availability of Resources and Personal Health Data as herein defined, SCALINGO implements a continuity and disaster recovery approach set out in the ISSP, available at the Client's request, in accordance with Article 13 of the GTC.
In particular, Personal Health Data is automatically backed up according to the periodicity appearing in the ISSP, SCALINGO committing at least to operate full weekly backups as well as daily differential backups.
In the event of restoration of Personal Health Data, SCALINGO undertakes to restore all such data and files within the period set out in the ISSP, from the Client's request. Data and files will be restored from their most recent backup.
SCALINGO provides for the provision of a backup site on which Personal Health Data is replicated and, if necessary, will ensure the management and communication between the active site and the backup site.
SCALINGO provides scheduled maintenance operations of all Resources, in accordance with the commitments made in the GTC and SLA.
Personal Health Data is stored in France on the sites listed in Article 13 of the DPA.
The security obligations of the Platform are set out in Article 13 of the GTC. It is also recalled that SCALINGO ensures the security of the Platform necessary for the performance of the Services according to the ISSP addressed to the Client on first request.
SCALINGO will implement, maintain, and ensure that each of its Subcontractors involved in the Services implements and maintains, security incident management and business continuity policies and procedures in accordance with the ISSP and, in any event, high industry standards.
The audit logs of SCALINGO administrators are provided on Client's request. The request shall be made via an e-mail to the following address: firstname.lastname@example.org. It shall specify the applications and add-ons concerned and the period of time, within the limit of one year.
The application traces generated by the Resources are the responsibility of the Client and must not contain any Personal Health Data.
The Client must ensure that their Resources allow to provide the following information to the Personal Health Data Subject: the history of accesses, the history of consultations / modifications, the content of the information accessed, and the nature of any Processing carried out (reading, writing, modification and / or deletion). The Client acknowledges and accepts that this traceability of actions is their sole responsibility.
SCALINGO ensures constant monitoring to identify any incident and/or failure and, when an incident and/or a failure occurs, undertakes to implement the necessary means to remedy it as soon as possible.
SCALINGO will notify the Client of any attack and/or intrusion it observes, will make its best efforts to stop them or reduce the impact on the availability of the hosting service and the confidentiality of the data, and will transmit to the Client all the evidence collected to identify its author. SCALINGO will provide the Client with all the necessary assistance to stop the attack and/or intrusion.
SCALINGO will also notify the Client of any incident, whatever its nature (disclosure, alteration, deletion of its files and/or data, operational incident impacting availability) and will trigger the appropriate measures as set out in the ISSP.
The Client will inform SCALINGO, by any means and without delay, of any incident and / or failure found in the context of the performance of the service.
The Client will describe precisely the details of the incident and / or failure and in particular, will communicate to SCALINGO all the elements likely to precisely identify the incident and / or failure.
SCALINGO will inform the Client of the means implemented to regularize the situation.
In any case, SCALINGO will intervene according to the modalities and within the deadlines as set out in the SLA.
The Client's health professional contact will be involved in the entire incident management process, as the guarantor of the confidentiality of Personal Health Data.
SCALINGO shall carry out an internal control each year for the purpose of examining the compliance of its Personal Data hosting system. SCALINGO shall send the report to the Client on first request.
SCALINGO shall inform the Client about:
SCALINGO confirms that it has a staff composed of qualified professionals to provide hosting service, who are in particular bound by professional secrecy pursuant to the provisions of Article L.1111-8 of the Public Health Code.
SCALINGO is committed to compliance with the provisions hereof by the members of its staff required to intervene on the Services involving the hosting of Personal Health Data.
SCALINGO is prohibited from accessing the Client's Data and, in particular, the Personal Health Data hosted on the Platform. SCALINGO shall refrain from any use of Client Data for marketing, advertising, commercial or statistical purposes. If it is necessary for SCALINGO to access to the Personal Health Data, for example in the context of support, SCALINGO will contact the health professional contact designated by the Client. The health professional contact will access alone the Personal Health Data concerned.
In any case, the Client is reminded that it is its responsibility to ensure that the Users of the Platform do not display any Personal Data and, in particular, Personal Health Data, when they request the intervention of SCALINGO's support and/or in the traces of the Resources aggregated by SCALINGO.
Notwithstanding the foregoing, the Client expressly acknowledges that a staff member of SCALINGO may access the metadata (i.e. data structures) processed on the Platform for the purpose of advising on the optimization of the performance of the Client's Resources.
In accordance with the DPA, Personal Health Data is hosted with the professional hosting provider OUTSCALE. OUTSCALE has HDS certification n° 36741-2 issued by LNE on July 29, 2021, and covering the following "physical infrastructure host" perimeter:
SCALINGO ensures that such certification is maintained and that sufficient security measures are taken in accordance with the certification and applicable regulations. All the obligations taken by SCALINGO under the HDS Contract are reported in the specific hosting agreement concluded with this host. In any case, SCALINGO remains liable to the Client for this sub-processor, in accordance with Article 20 of the DPA.
SCALINGO has subscribed and will maintain for the duration of the Agreement an appropriate insurance policy with a leading insurance company to cover its obligations under this HDS Appendix.
The Client guarantees the lawfulness of the processing of the hosted Personal Health Data. In particular, the Client guarantees SCALINGO having informed the persons concerned that their Personal Health Data will be stored on the servers of the company OUTSCALE managed by SCALINGO and, if necessary, has obtained their consent for this purpose. The Client guarantees always respecting the rights of the persons concerned on their Personal Health Data and, more generally, the regulations applicable in this matter.
The Client guarantees SCALINGO against any claim that may be brought by a data subject by the storage of his/her Personal Health Data, as well as by any third party or any competent authority, and which would result, directly or indirectly, from the non-compliance by the Client, its servants, employees and / or subcontractors with the legal and regulatory obligations relating to the Client's activity and the processing of Personal Health Data.
The Client must designate as soon as the HDS Appendix is signed a designated person with the necessary skills and duly authorized to act on behalf of the Client for any decision relating to Personal Health Data under the HDS Appendix (access to data, management of patient requests, incident management, etc.).
It is the sole responsibility of the Client to ensure that the person designated has the necessary and up-to-date qualities and authorizations to access the Personal Health Data. The Client must inform SCALINGO immediately in the event of a change of contact person. Under no circumstances shall SCALINGO be held liable for a breach by the Client of this essential obligation of the HDS Appendix. SCALINGO shall not carrying out any verification of the authorizations and quality of the Client's contact.
The Client's contact must be designated at the time of subscription to the HDS Appendix and kept up to date by the Client directly from the interface of its Account on the Platform.
SCALINGO reminds the Client that only a health professional is authorized to access the Personal Health Data and that this access requires that the health professional can justify his/her accreditation by using his/her health professional card (CPS) or any other equivalent device approved under the conditions provided for in Article L. 1110-4 of the Public Health Code.
Any access to the Personal Health Data necessary to respond to a request from a data subject or any authorized third party, must be through the intermediary of the Client health professional contact, it being understood that the Client, Data Controller, remains in any case, responsible for the exercise of the rights of individuals on the Personal Health Data concerning them.
More generally, the Client will take care to keep the information that will be communicated by SCALINGO concerning its authentication and access control methods to the Platform, using secure means in accordance with the PGSSI-S.
The Client will inform SCALINGO as soon as possible in the event of loss or theft of the authentication elements and more generally, in the event of a malfunction observed concerning access to Personal Health Data.
In addition to the obligation of confidentiality to which the Client is bound under Article 14 of the GTC, the Client ensures that its employees, subcontractors, and more generally any person carrying out a mission related to the hosting service, respect the confidentiality of Personal Health Data as long as access to said data is based on a valid legal basis. The Client indemnifies SCALINGO against any claim that may be brought by the data subject, as well as by any third party or competent Authority, against SCALINGO and that results, directly or indirectly, from the Client's, its employees and/or subcontractors' failure to comply with the obligations relating to the confidentiality of Personal Health Data.
The Client guarantees that the Resources make it possible to save and archive the Personal Health Data in such a way as to guarantee its retention over time, its integrity and their confidentiality, during the applicable legal deadlines.
The Client shall comply with all the rules set out by the PGSSI-S standard, in its most up-to-date version, when processing Personal Health Data through the Resources hosted on the Platform. As such, the Client undertakes to maintain a level of security of the Resources and, more generally, of its information system, at least as strict as those set out by the aforementioned standard.
At the end of the HDS Appendix, for any reason whatsoever, SCALINGO will ensure reversibility of the Services and will return all of the Client's Personal Health Data in accordance with the following clause.
Reversibility consists in allowing the Client to retrieve all the Data hosted on the Platform. To do this, SCALINGO makes available open APIs, as well as the associated documentation, to the Client or competent third parties designated by it which allow it/them to recover and transfer the Data.
In the event of termination of the Contract, for any reason whatsoever, including at the initiative of SCALINGO, SCALINGO will guarantee access to backups of the Data and access to the Platform for one (1) month from the date of termination of the Agreement, allowing the Client to recover all of its Data.
At the end of this period of one (1) month, the Client will send SCALINGO a signed "Data Recovery completed" report. Upon receipt of this report, SCALINGO will close the access necessary for the recovery of the Data, erase all Client Data and will not keep any record of it.
If at the end of this period of one (1) month, the Client has not sent the signed "Completed Data Recovery " report or request for deletion of its Client Account, and after formal notice by registered letter with acknowledgment of receipt to the Client, to sign the "Data Recovery completed" report, remained unsuccessful during the fifteen (15) working days following its receipt, SCALINGO may invoice the immobilization of the storage spaces on which the Data are still present for a maximum of 11 (eleven) months. Beyond this period, SCALINGO reserves the right to delete the Data in question, which the Client acknowledges and accepts.
All Client Data is permanently deleted no later than thirty (30) days after the end of the reversibility phase. This is the retention period of the backup.
SCALINGO will immediately inform the Client in the event of loss of the Certification, resulting in the automatic termination of the HDS Contract.
In accordance with the applicable regulations, SCALINGO will delete the Personal Health Data, and will destroy any copies and backups it may have on its servers, with the express authorization of the Client. SCALINGO will issue a certificate of destruction of Personal Health Data at the request of the Client.
This authorization must be given within twenty-four (24) hours of notification of the loss of the Certification. Beyond that, SCALINGO can no longer be held liable for non-compliance by the Client with its legal obligations for hosting Personal Health Data.
Except in the case of termination of the HDS Appendix for loss of Certification, it is agreed that any request for retention of Personal Health Data beyond the term of the HDS Appendix, must be communicated to SCALINGO at the time of subscription to the HDS Appendix and will be the subject of a specific quote.