Privacy policy ClinicalCompanion | V1.0

This English version of the privacy policy concerns a translation, in case of any ambiguities or contradictions the Dutch text is leading.

1. Privacy policy

Protecting the privacy of visitors and users of the websites and services is important to ClinicalCompanion B.V. very important. Personal data is therefore treated and secured with the utmost care. This privacy statement has been drawn up in accordance with applicable laws and regulations in the Netherlands (and therefore also the European Union). This mainly relates to the General Data Protection Regulation (GDPR).

2. Patients

ClinicalCompanion B.V. only processes patient data on behalf of a healthcare provider. Patients are registered for the ClinicalCompanion service by their healthcare provider. As a patient you have a treatment agreement with your healthcare provider. Before healthcare providers transfer patient data to ClinicalCompanion B.V. they are required to sign a Data Processing Agreement. ClinicalCompanion B.V. is designated in this agreement as the processor of the healthcare provider in the context of the ClinicalCompanion service.

Prior to making patient data available or entering such data into the platform, the healthcare provider and ClinicalCompanion B.V. enter into a data processing agreement. Under this agreement, ClinicalCompanion B.V. is designated as the processor, and arrangements are laid down regarding, among other things, purpose limitation, security measures, confidentiality, subprocessors, and assistance with the exercise of data subject rights.

ClinicalCompanion B.V. processes only those data that are necessary for the performance of the agreed services and strictly in accordance with the documented instructions of the healthcare provider. Depending on the configured care pathway and the intended purpose of the processing, this may include, among others:

  • identification and administrative data;

  • contact details;

  • medical and health data, including medical history, measurements, questionnaire responses, and outcomes of clinical decision support;

  • data originating from connected devices or home monitoring;

  • log and usage data insofar as necessary for security, traceability, and quality assurance.

Processing takes place within the European Economic Area, unless explicitly agreed otherwise and subject to the applicable legal safeguards. ClinicalCompanion B.V. implements appropriate technical and organizational measures to protect personal data against loss or any form of unlawful processing.

If the above data is processed for patients of healthcare providers for whom ClinicalCompanion B.V. takes care of the declaration process, your data may be shared with your health insurer and parties (intermediaries) who technically facilitate the declaration process. This is usually the case for general practices or lifestyle coaches, but not for a hospital (department), for example. If ClinicalCompanion B.V. does not take care of the declaration process, only the data that is necessary to provide access to the app and the data that your healthcare provider or coach requests or registers are processed.

3. Healthcare providers

Healthcare providers or coaches refer to all persons who have an account to log in as a healthcare provider at www.clinicalcompanion.health/login. Before healthcare providers transfer patient data to ClinicalCompanion B.V. they are required to sign a Data Processing Agreement. ClinicalCompanion B.V. is designated in this agreement as the processor of the healthcare provider in the context of the ClinicalCompanion service. In order to identify healthcare providers as users and to ensure that healthcare providers only have access to patient data of 'own' patients, the following personal data is recorded:

  • Name
  • Practice name / Name of institution and Department
  • Address (practice/institution)
  • Email address
  • Phone number
  • AGB code (practice and/or personal)
  • Role (physician, general practitioner, assistant, POH, etc.)
  • Care group (if applicable)

The processing of this data is necessary for the execution of the Data Processing Agreement with the healthcare providers.

4. Job applicants

If you apply for a job with us, for example in response to a vacancy posted by us, but also if you submit an open application, you may provide us with your personal data (for example by sending us an email with your CV). ClinicalCompanion B.V. is the controller of this data. We process this data if you provide it to us voluntarily. We will only store and use this data for the application procedure. As soon as the application procedure has been completed, we will delete your data from our systems. If you send us an open application, this in no way obliges us to provide you with a response.

5. Website visitors

When you visit our website without using the healthcare functionalities, personal data may be processed depending on your interaction with the site.

This may include:

  • language or regional preferences that you select in order to ensure the proper functioning of the website;

  • your name, email address, telephone number, and the content of your message when you use the contact form;

  • your name, email address, telephone number, practice name, postal code, house number, and the content of your message when you use the registration form for healthcare professionals.

For these processing activities, ClinicalCompanion B.V. acts as the data controller. The data are used to handle your request, to communicate with you and—where applicable—to take the necessary steps prior to the potential conclusion of an agreement. Depending on the nature of the contact, the legal basis for the processing is either your consent or the necessity to take pre-contractual measures at your request (Article 6 of the GDPR).

6. General

ClinicalCompanion B.V. acts as the data controller (as defined in applicable data protection legislation) with respect to the described Personal Data.

The services are intended for individuals aged sixteen and older. The terms of use stipulate that access to the platform is not permitted for users under the age of sixteen. ClinicalCompanion B.V. does not intend to collect or process personal data relating to individuals below this age without the involvement of the legally authorized representative and the responsible healthcare provider.

Within the scope of the services, no solely automated decisions are taken that produce legal effects or similarly significant consequences for data subjects. Any outcomes generated by digital triage, questionnaires, or algorithms are supportive in nature and are applied under the professional responsibility of the caregiver.

The ClinicalCompanion service is hosted on Amazon's (AWS) cloud environment. AWS is certified according to ISO-27001 standard for technical measures, ISO-27017 for cloud security, ISO-27018 for cloud privacy, among others. Within this cloud infrastructure, ClinicalCompanion B.V. has taken measures to ensure that your data is sent, processed, and stored securely (encrypted). ClinicalCompanion B.V. is the only entity with access to these servers and the data stored on them. Physically, all data is processed and stored on servers located within the European Union, in Ireland.

7. Functional cookies

Our website only uses functional cookies. Cookies are small pieces of information that your internet browser stores on your computer. We use cookies for example to make logging into our website easier and to keep statistics (Google Analytics). ClinicalCompanion B.V. only uses cookies that are necessary for the functioning and optimization of the website, as this improves the user-friendliness of the website. We do not use cookies for marketing purposes, or to enable the functionality of other websites (like sharing via social media, etc.). This does not require you to accept or reject cookies.

8. Data security

ClinicalCompanion B.V. has taken precautions to secure your Personal Data against loss, theft and misuse, and unauthorized access, disclosure, alteration, and destruction through the use of appropriate administrative, physical and technical security measures.

As part of our obligations under these information security certifications, our Service is periodically scanned for security breaches and known vulnerabilities to make your visit to our site as safe as possible. Your Personal Information is located behind secure networks and is only accessible by a limited number of individuals who have special access rights to such systems, and are required to keep the information confidential.

9. Data retention

ClinicalCompanion B.V. has established a data retention policy in relation to your Personal Data.

Information you provide as a healthcare provider as part of your user profile will be stored for as long as your profile exists. Partially, certain information may be kept longer due to legal requirements (e.g. due to legislation regarding the use of medical devices, or legislation regarding business administration).

  • Information you provide as part of claims and billing (e.g., payment, tax, or business information) we must retain by law for 10 years.
  • Information we receive from you through online forms on our website is retained for 5 years.
  • Information collected by the Service in the context of a Data Processing Agreement will be retained as set out in the relevant Data Processing Agreement.

10. Sharing your data

We may need to share (a subset of) your Personal Data with third parties:

  • To respond to or comply with a law, regulation, subpoena, court order, or other legal obligation;
  • To enforce and protect our rights and property;
  • To detect, investigate and help prevent security threats, fraud, or other malicious activity;
  • To protect the rights, property, or safety of our users, employees, or others;

11. Your rights

You have the right to be informed about the Personal Data processed by the Service, the right to rectification/correction, erasure, and restriction of processing. Upon request, you have the right to receive a structured, normal, and machine-readable summary of the Personal Data you have provided to us. We may need to ask you for specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that you are the data subject entitled to receive such Personal Data.

Access to your Personal Data will be provided free of charge. However, we may charge a reasonable fee (in advance) if your request is clearly unfounded, repetitive, or excessive. We may refuse to comply with your request in these circumstances at our sole discretion.

 

For your information: Patients whose data is processed through our systems can only request access through their healthcare provider and not directly from ClinicalCompanion B.V..

As a registered user, you may review your account information and make corrections or updates at any time. The accuracy of such information is solely your own responsibility.

Where you have given consent, you can withdraw it at any time, without affecting the lawfulness of the processing that took place before you withdrew your consent. Whenever you withdraw your consent, you acknowledge and accept that this may negatively impact the scope and quality of the Service. We will attempt to comply with your request within 30 days, but some Personal Data may remain in backup copies for a period of time and may be retained as necessary for legitimate business purposes or to comply with our legal obligations. You agree that ClinicalCompanion B.V. cannot be held liable for any loss and/or damage to your Personal Data if you choose to withdraw your consent.

To exercise any of the rights mentioned in this Privacy Policy and/or in case of questions or comments regarding the use of your Personal Data, please contact ClinicalCompanion B.V. at: privacy@clinicalcompanion.eu

You have the right to file a possible complaint with the Personal Data Authority. However, we would greatly appreciate it if you would file your complaint with us before going to the Personal Data Authority.

12. Contact

If you have any questions, comments, or requests regarding our policy or our processing of your personal data, please contact us:

 

ClinicalCompanion B.V.
Attn: Privacy Officer

privacy@clinicalcompanion.eu 

 

Visiting address:

Irenesingel 19
7481 GJ Haaksbergen

Registered office:

Spirealaan 34

9741 PC Groningen