Privacy Policy
Last updated: March 2026
Table of Contents
Preamble
This privacy policy (the "Policy") describes the conditions under which ESPEIR (the "Company") processes personal data in the context of:
- consulting and using the ESPEIR website (the "Site");
- and, where applicable, using the CLARYS solution, a longitudinal clinical reading interface based on HL7 FHIR (R4), designed for read-only access to clinical data and documents from third-party systems (EHR, EDM, FHIR-exposing document repositories) and rendering them in a readable, temporal, and contextualized format.
ESPEIR attaches particular importance to the protection of personal data and acts in accordance with the GDPR and applicable laws.
1. Definitions
Personal data: any information relating to an identified or identifiable natural person.
Health data: personal data related to health (special category within the meaning of the GDPR).
Processing: any operation performed on data (collection, recording, use, disclosure, etc.).
Data Controller / Data Processor / Data Subject: within the meaning of the GDPR.
2. Our Role: Data Controller and Data Processor
2.1 ESPEIR as Data Controller
ESPEIR is the data controller for data related to:
- browsing the Site (technical data, cookies, security);
- inbound requests (contact, demo, meetings, commercial exchanges);
- managing contractual relationships with its clients (professional contacts, billing).
2.2 ESPEIR (and/or CLARYS) as Data Processor
When an establishment (or publisher/integrator) uses CLARYS, the client is generally the data controller for health data and defines the purposes (patient care, record access, etc.).
CLARYS acts as a transversal consultation block, downstream from producing systems, without replacing an EHR or a reference storage. In this context:
- CLARYS accesses FHIR servers in read-only mode;
- CLARYS does not create, modify, or validate clinical data;
- CLARYS does not implement automated clinical decision-making or interpretation;
- processing is governed by a data processing agreement (DPA).
3. Principles of Data Processing by ESPEIR
ESPEIR applies GDPR principles: lawfulness, fairness, transparency, minimization, accuracy, storage limitation, security.
CLARYS Product Principle (intentionally limited scope):
- CLARYS is designed for document visualization and navigation;
- authentication and identity authority are external; CLARYS does not manage 'business' accounts and only derives shadow users (identity references + preferences);
- the frontend does not handle OAuth tokens; auth and audit are centralized in a BFF (Backend For Frontend).
4. Legal Basis, Purposes, and Scope of Processing
4.1 Website (ESPEIR as Data Controller)
Purposes: operation, security, fraud/incident prevention, usage statistics; responding to requests (contact/demo); B2B communication.
Legal basis (depending on the case): legitimate interest (site security, administration); pre-contractual measures (responding to a request); consent (non-essential cookies, if used).
Data categories (site): browsing data and logs (IP, user-agent, pages viewed, timestamp); data provided via forms (name, email, organization, message).
4.2 CLARYS (Client as Data Controller / ESPEIR as Data Processor)
Purposes: providing longitudinal clinical reading from data exposed by FHIR servers, with contextualized and traceable rendering.
Scope (concrete principles):
- read-only access to FHIR resources; orchestration via BFF;
- logging/auditability of application accesses (compliant with HIS requirements);
- limited application storage (sessions, preferences, context parameters), with no proprietary 'clinical repository'.
5. Sources of Collection
- directly from you (site/forms/exchanges);
- automatically (security logs, cookies if used);
- via the client's source systems (FHIR servers / IdP) when CLARYS is used in a client environment.
6. Recipients
Depending on the case, data may be accessible to:
- authorized ESPEIR teams (need-to-know basis);
- technical service providers (hosting, managed services, support), under contracts;
- competent authorities in case of legal obligation.
Since CLARYS is designed to integrate with existing IS, most rules for accessing clinical data are determined by upstream systems (FHIR server / authorization mechanisms).
7. Retention Periods
7.1 Site Data (ESPEIR as Data Controller)
- contact / demo requests: duration necessary for processing + proportionate commercial follow-up duration;
- security logs: limited and proportionate duration.
7.2 CLARYS Data (ESPEIR as Data Processor)
- sessions / preferences / context parameters: duration necessary for operation (to be configured);
- logs/audits: according to client requirements and security policy;
- clinical data: no primary storage by CLARYS; possible retention/persistence only if provided for in the contract and configuration (e.g., indexes), with specified durations.
8. Hosting and Transfers
CLARYS can be deployed on-premise (hospital) or in a cloud compliant with applicable requirements (e.g., HDS if required), depending on the client's choice.
In principle, ESPEIR aims for EU/EEA localization; any transfer outside the EEA, if it exists (support/tools), must be governed by appropriate safeguards (SCCs, adequacy decision, supplementary measures).
9. Your Rights
When ESPEIR is the data controller: rights of access, rectification, erasure (under conditions), restriction, objection, portability (under conditions), withdrawal of consent (if applicable), complaint to the CNIL.
When ESPEIR acts as a data processor in CLARYS: requests are generally made to the data controller client, unless the contract provides for a different mechanism.
10. Exercising Your Rights / Contact
ESPEIR
contact@espeir.com
ESPEIR responds within applicable legal timeframes.
