Your personal data

In connection with its activities, the CGFL may collect and process personal, administrative, and medical information about you. Unless you object with a justified objection, this data is subject to automated (computer) or non-automated (paper) processing intended to enable and facilitate your best care. The legal basis for this data processing is the execution of the CGFL’s public interest mission. Your information is necessary for the creation of your medical file at the CGFL, which is an obligation for our establishment under the Public Health Code. As part of the legal obligations incumbent on the CGFL, certain information is processed for the purposes of managing the establishment, evaluating and improving the quality of care, and public health (health monitoring, regulated vigilance, mandatory reporting). The processing concerns in particular administrative management, invoicing, and PMSI (Programme for the Medicalization of Information Systems) data.

The CGFL may process your data for its legitimate interest; more specifically, to respond to your requests, to improve the quality of care, to ensure the safety of people and property and for research purposes.

Some of your data is processed as part of the execution of a public interest mission with which the CGFL is entrusted.

Some processing is necessary for reasons of public interest in the area of ​​public health.

In the context of research (data reuse) and epidemiology

Beyond its healthcare missions, the CGFL also has missions in the field of teaching and research. Therefore, the data in your electronic medical record as well as the biological samples taken during your care may, according to the regulations in force, and in the absence of opposition on your part, be used, stored and shared, in order to conduct studies on cancer, for evaluation purposes or for teaching purposes. These studies, intended to improve knowledge on the causes, diagnosis, prognosis or treatment of cancers or meeting epidemiological or medico-economic evaluation objectives, may be conducted by the teams of the Georges François Leclerc Center alone or in partnership with one or more public or private organizations, in France or abroad.

The legal basis applicable to this data processing is the performance of a mission of public interest.

For more information: download the brochure

Access to the transparency portal

The list of all studies on the reuse of data and/or biological samples is available on https://mesdonnees.unicancer.fr

In the context of health data warehouses for research purposes

Health data warehouse for research purposes

The CGFL is a member of the UNICANCER network, which brings together 20 cancer treatment centers. One of the network’s goals is to pool the expertise of all teams to develop and design innovative databases to facilitate research and improve cancer care.

Unless you object, the CGFL may transmit non-identifying medical data extracted from medical records generated during your care to scientific partners with a health data warehouse under conditions of strict confidentiality and after authorization from the National Commission for Information Technology and Civil Liberties (CNIL).

The CGFL participates in various research projects led by UNICANCER.

Learn more at: https://recherche.unicancer.fr

For more information about your data rights, you can contact our Data Protection Officer by email: obuirey@cgfl.fr

The cancer data platform

The cancer data platform developed by the National Cancer Institute is a data warehouse which brings together, under the best conditions of security and confidentiality, health data from different sources.

Since 2011, the Cancer Data Platform has been collecting information on people who have cancer, who have had cancer or who are at risk of developing cancer.

The information transmitted to the Institute does not contain any data that could directly identify you.

The platform has been authorized by the CNIL since 2019.

Learn more at : https://www.e-cancer.fr/Expertises-et-publications/La-plateforme-de-donnees-en-cancerologie

The Côte d’Or specialized registry for breast and gynecological cancers: a dual mission of public health and research.

In France, cancer registries have been established for over 40 years in several departments to contribute to cancer surveillance and the advancement of research in this field. These missions are at the heart of the cancer control policy, affirmed by the public authorities as a national public health priority
(Articles L. 1413-3 and L. 1413-6 of the Public Health Code)
.

The registers have authorization from the National Commission for Information Technology and Civil Liberties (CNIL).

In Côte d’Or, the Specialized Registry of Breast Cancers and Gynecological Cancers, under the aegis of the CGFL, carries out an exhaustive and continuous census of all these cancer cases in the department. This Registry collects for each patient residing in Côte d’Or at the time of diagnosis, identification data (patient identity, address) as well as medical data (date of diagnosis, characteristics of cancers/tumors, types of treatment, progression of the disease).

For more information on registries, you can visit the INCA website at: https://lesdonnees.e-cancer.fr

You can download the full information note on the CGFL website:
https://www.cgfl.fr/la-recherche/

As part of online appointment support

For the purpose of managing online appointment bookings, the CGFL uses the services of DOCTOLIB. Personal data is collected when you choose to use this service rather than booking an appointment by telephone.

For more information: Download the brochure

As part of the exchange and sharing of information

For the purpose of sending documents, the CGFL uses the services of MSSANTE. This is a secure healthcare messaging service that allows medical documents to be sent to all healthcare professionals and the patients concerned, by mail and/or electronically, in a secure manner. As a subcontractor, MSSANTE will process your data, in the name and on behalf of the CGFL.

For more information: visit the page

As part of video protection

The CGFL is under video surveillance for the safety of people and property. As such, a certain amount of data is collected and processed (images, videos). The legal basis that applies is that of the CGFL’s legitimate interest. The retention period for video surveillance images is limited to the intended purpose, and viewing is secure.

Generally speaking, the CGFL does not process any of your data for purposes incompatible with those for which they were collected, unless you have given your prior consent.

The data that may be collected are:

• information about your personal and professional situation: lifestyle, family situation, people to contact, trusted person, treating physician, employer, profession, health insurance, mutual insurance companies, economic and financial information, etc.;
• legal information: existence of protective measures, etc.;
• health data and other sensitive data: medical history, diagnoses, test results, imaging, treatments, genetic data, ethnicity, sexual life, videos and photographs, etc.

Data may be collected directly from you upon admission and during your care.

Providing your personal data is voluntary. However, certain information is essential for the CGFL to process your requests.

They can also be obtained from other sources, such as from other external professionals as part of the coordination or continuity of care, prevention or medical-social monitoring.

Some of this data may come from exchanges of information between healthcare professionals or from exchanges of information within secure healthcare networks.

Data may also be transmitted to the CGFL by subcontractors, for example, for online appointment booking. Identification data: first and last names, date of birth, gender, address, telephone numbers, email address, hospital file number, social security number (NIR), national health identifier (INS), nationality, place of birth, etc.;

The data collected is kept for a limited period, defined according to the purposes of each data processing and the regulations in force.

The medical record is kept, in accordance with the Public Health Code, for twenty years from the date of the patient’s last visit or at least until the patient’s twenty-eighth birthday, or for ten years from the date of death. Certain data may be kept for longer if the law so provides.

The information used is kept until the final report or publication of the research results. It is then archived on paper or electronic media for a period in accordance with current regulations.

Video surveillance images are kept for 1 month.

Other personal data is kept for a limited period that does not exceed the period necessary for the purposes of collection. This varies depending on the nature of the data, the purpose of the processing, or legal or regulatory requirements.

The CGFL undertakes to delete or archive, where appropriate, data concerning you when their retention periods have expired.

Your data is reserved for medical, administrative and technical professionals of the CGFL subject to professional secrecy, within the limits of their missions and the categories of data which are necessary for them.

Some of your data may be made available to professionals outside the CGFL who are part of the care team.

Information may also be shared with public bodies, health authorities, regulated professions (Public Treasury, Regional Health Agencies, health and supplementary insurance organizations, lawyers, auditors, etc.) upon request and within the limits of what is permitted by the regulations.

Your data may be transferred to service providers and subcontractors who perform services for the CGFL. In this case, General Data Protection Regulation (GDPR) compliance clauses are included in the data processing contracts with our subcontractors.

As part of research projects, the CGFL may also be required, after having informed you and unless you object, to transmit your data, previously made non-nominative, to other health professionals.

Your data may be used to feed data warehouses, i.e., a large database, which will be used to carry out several research projects. You will be able to object, consent, or refuse the inclusion of your data in these databases.

As part of measuring patient satisfaction and their experience of the service provided by the establishment (e-SATIS), your email address and the following data: gender, date of birth, date of entry and exit from the establishment, department in which you were hospitalized, are transmitted to the High Authority for Health (HAS).

As part of the calculation of indicators enabling the improvement of the quality and safety of care in healthcare establishments (IQSS), certain files of patients who have stayed in hospital are randomly selected. The following data, from the randomly selected files: age, sex, length of stay, date of discharge, data relating to the quality of your care during your hospital stay, are transmitted to the High Authority for Health (HAS).

Any person subject to personal data processing managed by the CGFL may exercise their rights granted by the GDPR and the LIL.

Only the person concerned (or their legal representative) is authorized to request for themselves (or for the person they represent) the exercise of their rights.

In accordance with applicable regulations, you have various rights, namely:

• Right of access: you can obtain information concerning the processing of your personal data as well as a copy of this personal data.
• Right to rectification: If you believe that your personal data is inaccurate or incomplete, you can request that this personal data be rectified accordingly.
• Right to erasure: you can request the erasure of your personal data except for processing necessary for the purposes of medical diagnosis, management of healthcare services, or for reasons of public interest in the area of ​​public health.
• Right to restriction of processing: you can request a temporary freeze on the processing of your personal data
• Right to object: you can object to certain processing of data concerning you, for example to the reuse of your data in the context of research (or the Data Warehouse). → link to objection form
• Right to withdraw your consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
• Right to data portability: for processing based on consent or a contract, you have the right to the return of the personal data you have provided to us or, where technically feasible, to transfer them to a third party.

Right to give post-mortem instructions

The person has the possibility to organize the fate of their personal data after their death through instructions to a trusted third party.

You have the option to define guidelines regarding the retention, deletion, and communication of your data after your death. These guidelines define how you wish your rights over your data to be exercised after your death. You can send us these guidelines by sending a letter to the CGFL DPO, stating “Postmortem Guidelines” in the subject line. You can modify or revoke your guidelines at any time.

Terms of exercise of rights

To exercise any of your rights at any time, please send your request to our Data Protection Officer:

• by email to obuirey@cgfl.fr
• or by mail to the address:
  • Déléguée à la Protection des Données
  • Centre Georges François Leclerc
  • 1 rue Professeur Marion
  • BP 77980
  • 21079 Dijon cedex – France

You may be asked for proof of identity.

Download the form

Right to lodge a complaint with the CNIL

If you consider that your rights are not respected or that the protection of your data is not ensured in accordance with the GDPR, you can, at any time, lodge a complaint with a competent supervisory authority (in France, the CNIL), directly on the CNIL website or by post to: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

If your data were to be transferred outside the EU, particularly through our subcontractors, we would pay particular attention to ensuring that they process your data in strict compliance with the regulations in force regarding the protection of personal data.

In the event that the latter are located in a country not subject to an adequacy decision by the European Commission, recognizing a level of protection equivalent to that provided by the European Union, a standard contract will be drawn up in order to comply with the model established by the European Commission.

As part of international medical research, your data would be made non-personal and standard contractual clauses approved by the European Commission would be put in place.

The CGFL implements all technical and organizational measures aimed at protecting your data against any form of damage, destruction, loss, alteration, disclosure or unauthorized access, whether accidental or unlawful.

These measures include in particular:

• User awareness
• Authorization management
• Securing workstations and mobile computing
• Securing workstations and mobile computing
• Backup and business continuity procedures
• Subcontracting management
• Securing exchanges
• Protection of premises

The security of your terminal, from which you connect to our Site, is your responsibility.

In the event that the CGFL is likely to use service providers to process part of your data, it undertakes to verify that they provide sufficient guarantees to ensure the protection of the personal data entrusted to them and to have them sign confidentiality clauses in accordance with article 28 of the GDPR.

The DCC, developed by Onco-BFC, is a shared and secure computerized patient record, which is made available to healthcare professionals to facilitate the care of cancer patients.

This tool allows you to manage multidisciplinary consultation meetings during which your medical file is discussed by a group of specialists with the aim of providing you with the best possible treatment.
Access to your personal information meets strict confidentiality and security standards: only professionals may access the DCC.

DCC data may be subject to anonymized analyses to evaluate professional practices in cancer care. It may also be shared with authorities responsible for evaluating public health policies.
In accordance with applicable regulations, you may exercise your rights regarding your data processed within the DCC: the right to access, rectify, object, erase, and limit data processing. To do so, you can contact your doctor directly or submit your request by post to the GRADeS BFC Data Protection Officer (DPO), specifying the nature of your request, at the following email address: dpo@esante-bfc.fr

Subject to a breach of the above provisions, you have the right to lodge a complaint with the National Commission for Information Technology and Civil Liberties (CNIL).
To find out more: www.projet-eticss.fr.fr

Access to information concerning you during your treatment
You have access to your medical records, either personally or through the doctor you have designated for this purpose. However, without your express consent, neither your family, loved ones, nor your trusted person may have direct access to your medical records.
In the event of a serious diagnosis or prognosis, and unless you object, medical confidentiality does not prevent your family, loved ones, or the trusted person you have designated from receiving the necessary information to enable them to provide you with direct support.

Access to a deceased person’s medical record:
Unless the deceased patient has objected during their lifetime, the beneficiaries of the deceased patient, their common-law partner, or their civil partner have access to their medical record. However, this access does not apply to the entire medical record, but only to information that allows them to determine the cause of death, defend the memory of the deceased, or assert a right.
Requests for access to the file must be submitted in writing to the management of the facility.