Privacy Policy

How we protect and use your personal information

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

Table of content

  • Definitions
  • Who we are and what we do
  • The legal framework we follow regarding your Protected Health Information and personal data
  • How we protect your data
  • What authorization we require from you
  • What data we store
  • Who can access them
  • How we may use them
  • Your rights and how you can exercise them
  • How this notice is updated

Definitions

  • "Information": PHI and personal data together
  • "Orientation Questionnaire": Questionnaire to provide recommendation whether a medical advice is needed
  • "PHI": Protected Health Information
  • "Qualification Questionnaire": Questionnaire to assess potential eligibility for a research study
  • "Services": Orientation Questionnaire and Qualification Questionnaire together
  • "Site": docmemo.com
  • "User", "Users": Individual using our services

Who we are and what we do

Qairnel, a simplified joint-stock company registered with the Nanterre Trade and Companies Register under number 919 730 390, headquartered at 24 B Avenue Victor Hugo, 92340 Bourg-La-Reine, France ("Qairnel"), develops a website accessible at "docmemo.com".

Qairnel provides services for people who are concerned about their memory and/or who may be interested in participating in research studies

Qairnel is not a medical provider, and the User should always consult a qualified healthcare professional regarding any medical condition or concern.

To provide the Services, Qairnel collects and processes personal data. This Privacy Policy informs Users about these processing activities and, where required, seeks their consent for specific uses.

Legal framework for collecting, using, and disclosing Information.

Qairnel processes User's Information to provide the Services, in compliance with applicable U.S. privacy laws, including the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws, as well as guidance from the U.S. Federal Trade Commission (FTC). We do not perform treatment, payment, or health care operations. Qairnel may act as a Business Associate, as defined by the HIPAA. When we act only as a vendor not subject to HIPAA for certain activities, those activities are governed by consumer privacy laws.

Certain personal information we collect may qualify as PHI. PHI is safeguarded under the HIPAA, as updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Personal information that does not qualify as PHI may also be protected by Section 5 of the Federal Trade Commission Act and/or applicable state privacy laws. This means that such information may also be subject to protections regarding transparency, minimization, and user rights.

User information is subject to strict rules governing how it can be used and shared. We are required by law to maintain the privacy of User information. We are also required to provide Users with this Notice to explain our legal duties and privacy practices. In addition, we must notify Users if a breach occurs that involves personal and/or health information.

Certain uses and disclosures of PHI (e.g., marketing communications, any sale) require the User's authorization; other uses not described in this Notice will occur only with the User's authorization.

In certain situations, we may be required or permitted by law to use or disclose User information without prior authorization. These situations include, but are not limited to, public health reporting, cases of abuse or neglect, legal and administrative proceedings, compliance with workers' compensation laws, law enforcement requests, prevention of serious threats to health or safety, oversight by regulatory authorities, limited disclosures to coroners or for organ donation, research approved by an ethics or institutional review board, and certain government functions such as national security.

How we protect User data

We take the protection of User personal and health information seriously. All Information is stored in a secure environment that meets applicable requirements for the storage of PHI. This secure environment is located in France. We apply procedures designed to limit access to User information to authorized personnel only, and we follow the principles of data minimization to collect and use only what is necessary. Access to this Information is restricted to authorized staff whose role requires it, such as evaluating eligibility or contacting Users with their consent. When we share information with third parties, we disclose only the minimum necessary to fulfill the specific purpose, such as connecting a User with a clinical study site. Whenever possible, information is de-identified or aggregated before disclosure. In addition, we apply technical, organizational, and cybersecurity safeguards, together with administrative controls, consistent with applicable legal standards, to protect User information against unauthorized access, disclosure, or loss.

Authorization for Use & Disclosure of Protected Health Information

By providing an authorization below, the User grant Qairnel permission to use and/or disclose Information for the specific purposes described below. These purposes may include disclosure of PHI by us in exchange for direct or indirect remuneration. We do not sell or share personal data for cross-context behavioral advertising. Except as permitted or required by law, Qairnel will not use or disclose information without a valid authorization (45 CFR § 164.508(a), (b)).

By clicking the checkbox associated with a link to this page, the User acknowledges that they have read this authorization, agree to its terms, and expressly authorize Qairnel to use and/or disclose Information as described in this Notice.

We retain required HIPAA documentation (including signed authorizations) for at least six (6) years (45 CFR § 164.530(j)(2)). PHI retention periods otherwise follow applicable law and our data-minimization policies.

What data do we store

We collect certain health-related information provided by the User, such as family medical history, diagnoses of conditions (including mental health, metabolic, cancer, or other diseases), and self-assessments. In addition, we may collect identifying details such as the User's name, contact information (e.g., email address, phone number), and postal code.

For non-PHI personal data, we may also process:

  • Email addresses and phone numbers used solely for delivering requested communications through trusted providers. A separate consent is requested from the User for such communications.
  • Lifestyle or history data collected through questionnaires, which we may anonymize for research or statistical purposes.

Who can access User information

Access to User information is strictly limited. Within Qairnel, only authorized personnel who need the information to perform their duties may use it. We may enter into Business Associate Agreements with service providers that handle PHI and require equivalent protections for subcontractors. We may share User's contact details with clinical trial investigator sites or companies working with those sites for the purposes defined below.

Once we share User's Information with an authorized third party, that Information may be used or disclosed again by the recipient, as they may no longer be subject to HIPAA protection. We carefully choose to work with partners who are subject to the same privacy and security obligations that apply to us, or who agree to follow comparable standards designed to protect User's information.

How we may use User information

The User may complete the Orientation Questionnaire or the Qualification Questionnaire to get recommendation or assessment. These recommendations and assessment are for informational purposes only and do not constitute medical advice, diagnosis, or treatment.

The data collected through the questionnaires is anonymous, unless the User consents to be contacted for participation in research studies. Services are all free for the User.

In addition, Qairnel, an investigator site, or a service provider acting on behalf of the site may contact the User to provide Information about one or more clinical studies and, if the User agrees, to carry out further steps to assess the User's possible participation.

With User authorization, Qairnel may use User medical Information for its own internal research purposes, such as improving our matching services and developing new methods to support clinical studies. Any research findings or publications based on this work will use only de-identified information, prepared in accordance with HIPAA standards.

For non-PHI data, we may also use User information to:

  • Provide the User with the Orientation Questionnaire and deliver a copy by email at the User's request.
  • Contact the User regarding participation in medical studies, based on explicit consent.

We may share hashed identifiers (such as first name, last name, email addresses or phone numbers) with advertising platforms (e.g., Google Ads) solely for conversion measurement and ad optimization purposes. These identifiers are hashed with SHA256 before transmission and are not used by these platforms for any other purpose.

What are User rights and how they can exercise them

User Rights Regarding PHI

  • Right to access and obtain a copy: The User may request a copy of their PHI that we maintain, delivered in a confidential and secure format (electronic or paper).
  • Right to request corrections (amendments): The User may request changes if they believe their PHI is incomplete or inaccurate.
  • Right to request restrictions: The User may ask us to limit how we use or disclose their PHI, or revoke a prior authorization. Such requests may be denied if they conflict with HIPAA requirements or other applicable laws.
  • Right to receive an accounting of disclosures: The User may request a record of when and to whom we shared their PHI, for purposes other than treatment, payment, or healthcare operations.
  • Right to request alternative communications: The User may request to receive communications at an alternative address or by a different method.
  • Right to a paper copy of this Notice: The User may request a paper copy of this Privacy Policy, even if they previously agreed to receive it electronically.
  • Right to file a complaint: The User may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) if they believe their privacy rights have been violated.

User Rights Regarding Personal Data

  • Right to access and obtain a copy: The User may request a copy of the personal data we hold about them.
  • Right to request corrections: The User may ask us to correct personal data they believe is inaccurate or incomplete.
  • Right to request deletion: The User may ask us to delete their personal data, subject to applicable legal exceptions.
  • Right to object to processing: The User may object to certain uses of their personal data, such as marketing or profiling.
  • Right to data portability: The User may request a copy of their personal data in a portable and machine-readable format so that it can be transferred to another service.

To exercise any of these rights regarding Information, the User may contact us at dpo@docteurmemo.fr. Requests must be submitted in writing. We will respond within 45 days (with a possible 45-day extension where permitted by law). Exercising these rights will not affect the User's access to our services or result in any discrimination or retaliation against them.

Users may exercise their right to opt out of the sale or sharing of their personal information at any time by using the "Do Not Sell or Share My Personal Information" link available on our website, which directs them to the opt-out request form.

Breach Notification

If a breach of unsecured Information occurs, we will notify affected without unreasonable delay and no later than 60 days after discovery. In accordance with HIPAA requirements, we will also notify the U.S. Department of Health and Human Services (HHS) through the OCR portal, and, if the breach involves more than 500 individuals, we will provide notice to the media. For personal health information not subject to HIPAA but covered by the FTC Health Breach Notification Rule, we will provide notice to affected individuals, to the FTC, and, when applicable, to the media, within the same 60-day period.

Each breach notification to Users will include, to the extent possible:

  • A brief description of what happened, including the date of the breach and the date of discovery.
  • A description of the types of information involved (e.g., name, contact details, health information).
  • Steps Users should take to protect themselves from potential harm.
  • A description of what we are doing to investigate the breach, mitigate harm, and prevent further occurrences.
  • Contact information for Users to obtain more details or assistance (e.g., toll-free number, email, mailing address).

Consequences of refusing to agree to this privacy term

The User is not required to agree to our privacy terms. However, if they choose not to do so, we will not be able to provide them with our Services. This does not affect the User's ability to check their compatibility with research study by other means, nor does it prevent them from being recruited for a study through other channels. The User's decision not to authorize will not affect their right to obtain healthcare or benefits through other means.

Cookies and Tracking

To ensure the Site and Services function properly and to measure site traffic, we use:

  • Technical cookies, which are essential for the operation of the Site and therefore do not require prior consent
  • Statistical cookies, which measure Site traffic and usage trends using anonymized data.

Changes to this Notice

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain, including information created or received before the change. Whenever we make a significant change, we will post the revised Notice on our website and make it available upon request.

The current version of this Privacy Policy is available on the Site and was last updated on November 13, 2025.