Contact us

Data Protection

Data Privacy and Protection Charter

Legal Framework & Data Protection at HCI

At HealthCare Innovation (HCI), we ensure the highest standards of personal data protection in accordance with Tunisian law and, where applicable, European data protection principles.
 Our primary legal reference is:

  • Organic Law n° 2004-63 of 27 July 2004 on the Protection of Personal Data 

HCI has declared relevant processing operations to the INPDP (Instance Nationale de Protection des Données Personnelles) and adheres strictly to its regulatory requirements.

When HCI collaborates with European partners, or when the processing concerns EU residents, we voluntarily align our practices with the General Data Protection Regulation (GDPR), including its core principles of lawfulness, fairness, transparency, and security.

Your Rights Under Tunisian Law

Tunisian personal data legislation grants you the following rights:

1. Right of Access

You may request a copy of your personal data held by HCI.

2. Right of Rectification

You may request the correction or updating of inaccurate or incomplete information.

3. Right of Opposition

You may object to the processing of your data for legitimate reasons, except where required by law or contractual necessity.

If you are an EU resident, additional GDPR rights (such as portability and restriction of processing) may apply in contexts where HCI processes your data under EU collaboration frameworks.

Data Security & Confidentiality

In accordance with Article 18 of Law 2004-63, HCI implements robust technical and organizational measures to protect personal data against:

  • Unauthorized access
  • Alteration or loss
  • Destruction or misuse 

For health data (considered Sensitive Data under Tunisian law), HCI complies with:

  • Decree n° 2018-137 on the hosting and processing of health data
  • Mandatory INPDP authorization when required
  • Storage in approved, secure environments 

When data processing involves European partners or cross-border exchanges, HCI applies GDPR-equivalent security standards and ensures lawful transfer mechanisms.

How to Exercise Your Rights

To request access, correction, or opposition — or to obtain clarifications on how we process your data — you may contact our Data Protection Officer (DPO).

📩 dpo@healthcareinnovation.tn

Download file for more details