Privacy and GDPR policy

Last updated: 2 June 2026.

Controller and privacy contact

RB3L FRANCE, identified in the legal notice, is the controller for license, account, billing, support and service-security processing performed through the NanoCareRIP portal.

For patient documents and clinical workflow data, the clinic or hospital remains the healthcare controller. RB3L FRANCE acts as processor when it handles those data on the customer instructions.

Privacy contact / DPO contact point: nanocare@RB3L.com.

Data processed

The service processes only data required for licenses, quotas, support and secure patient documents:

Customer account: email, hashed password, sessions and login journal.
License: serial, machine ID, machine name, software version, plan, status and subscription dates.
Printing: page reservations, counters, printer, AET, timestamp and operation status.
Secure patient PDF: file name, size, deposit/expiry dates, hashed patient identifiers, download identifiers and download traces.
Billing: payment references, plans, page packs, amounts and statuses sent by the payment provider.
Security: IP address, user-agent, audit events and administrative actions.

Purposes and legal bases

Contract performance: provide licenses, quotas, print authorizations and portal access.
Legitimate interest: secure the service, prevent abuse, diagnose incidents and provide support.
Legal obligations: retain data needed for billing and accounting.
Health data: when patient PDFs are used, the clinic defines the lawful basis and Article 9 GDPR condition applicable to its healthcare workflow. RB3L FRANCE processes those data only under customer instructions.

Recipients and transfers

Data is accessible only to authorized people and providers according to their mission: support/administration team, host, payment provider and technical processors.

Infrastructure and support may involve India, France, Germany and payment-provider locations. Transfers outside the European Economic Area are managed through contractual, technical and organizational safeguards appropriate to the provider and processing context.

No data is sold to third parties or used for advertising.

Retention

Accounts and licenses: contract term, then limited archival according to applicable obligations.
Billing: applicable accounting legal period.
Print and audit logs: period required for support, security and anti-fraud checks.
Patient PDFs: customer-configurable retention, default 180 days on the demonstration server.
Download logs: limited to security and traceability needs.

Security

NanoCareRIP uses access controls, audit logs, API secrets, hashed passwords and encrypted PDF documents when secure patient PDF mode is enabled.

Final security also depends on customer configuration: Windows workstation, printers, network, local/VPS server, administrator accounts and retention policy.

Your rights

Under GDPR, data subjects have rights of access, rectification, erasure, restriction, objection and portability when applicable.

Requests must be sent to nanocare@RB3L.com. Patient-data requests may be redirected to the responsible clinic when RB3L FRANCE acts only as processor.

A complaint may also be lodged with the CNIL: www.cnil.fr.

Cookies

The portal uses strictly necessary cookies: customer/admin session and language preference. No advertising cookie is placed.

Legal notice India DPDP