Privacy policy
The haab-urologie.fr website is the official website of Pr François Haab, a specialist registered with the Conseil national de l’Ordre des médecins.
What personal data do we collect?
| Situation | Collected data | Main purpose |
|---|---|---|
| Contact/appointment form | Surname, first name, e-mail, telephone number, reason for request, desired time slots | Appointment management and response to requests |
| Comment area (if applicable) | Comment content, IP, user agent | Spam prevention and security |
| Uploading medical documents | Documents you choose to transmit (X-rays, reports, etc.) | Create or update your medical file |
| Site navigation | Technical cookies and anonymous audience measurement | Site operation, aggregated statistics |
No health data is collected without your explicit consent (by sending a secure form or submitting a document).
Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Management of appointments, remote monitoring, creation of medical records | Execution of the care relationship (article 9 §2 h RGPD) |
| Response to requests via form or e-mail | Legitimate interest in communicating with patients |
| Anonymous audience measurement | Consent (cookies banner) |
Shelf life
| Data | Duration |
|---|---|
| Medical file | 20 years from last treatment (article R1112-7 CSP) |
| Inquiries with no medical follow-up | 1 year |
| Technical cookies | 13 months maximum |
| Security logs | 6 months |
Cookies
Strictly necessary cookies: provide basic functions (session, language).
Audience measurement cookies (Matomo or equivalent configured in RGPD mode, IP anonymized).
You can configure your choices at any time via the “Cookie management” banner.
Integrated content (videos, maps, etc.)
Content integrated from third-party platforms (YouTube, Doctolib, Google Maps…) acts as if you were visiting these services directly; they may therefore deposit their own cookies and collect data according to their respective policies. You can block such content via your browser or our consent manager.
Where and with whom is your data shared?
| Recipient | Role | Guarantees |
|---|---|---|
| HDS hosting (OVH) | Secure storage of healthcare data | Health Data Hosting” certification (decree of 22/03/2017) |
| Appointment scheduling service (e.g. Doctolib) | Calendar, SMS reminders | RGPD subcontractor, HDS servers |
| Health or judicial authorities | Legal obligations | Transmission restricted to what is strictly necessary |
No data is transferred outside the European Union without adequate safeguards (EU standard contractual clauses / adequacy decision).
Your rights
You have the following rights at all times:
- Access to and copying of your data,
- Rectification of inaccurate data,
- Deletion (unless legally required to retain),
- Limiting or objecting to certain treatments,
- Portability (medical file in compatible format).
To exercise these rights: contact us or write to the DPO (contact details below). Proof of identity may be required. You can also lodge a complaint with the CNIL.
Security
- TLS encryption for all HTTPS connections.
- HDS-certified hosting, encrypted daily backups.
- Access to medical records restricted to doctors and authorized personnel, via strong authentication.
- Automated traffic analysis (firewall, anti-spam protection, logging).
Data Protection Officer (DPO)
Nanor Beley – direction@urologieparisopera.fr
Policy update
Last update: June 30, 2025. Any substantial modification will be announced on the site.
