1. Name and address of the controller
Controller within the meaning of the General Data Protection Regulation (GDPR) and the national privacy legislation of other Member States as well as other data protection regulations:
Embloom B.V., Gelissendomein 8, 6229 GJ Maastricht, tel.: +31 (0)88 203 7 203, e-mail: firstname.lastname@example.org, www.embloom.com
2. Name and address of the Data Protection Officer
Data Protection Officer at the controller:
6229 GJ Maastricht
Tel.: +31 (0)88 203 7 203,
3. Information on the collection of personal data
(1) Below you will find information about the collection of personal data when using our website. Personal data is all data that can be linked to you personally, such as name, address, e-mail addresses and user behaviour.
(2) When you contact us via e-mail or via a contact form, the information you provide (your e-mail address, possibly your name and telephone number) will be saved by us in order to answer your questions. The legal basis for processing this data is that it is necessary for the purposes of our legitimate interests as referred to in Article 6.1 (f) of the GDPR, i.e. to provide information about our services and to answer your question or request If you contact us for the purpose of concluding a contract, Article 6.1(b) of the GDPR also serves as the legal basis for processing data.
(3) Below you will find more detailed information about our procedures if we use authorized service providers for individual functions offered by us. We also specify the criteria for the retention period.
4. Your rights
(1) You have the following rights regarding the personal data we hold about you:
- Right to access
- Right to information
- Right to rectification
- Right to erasure
- Right to be forgotten
- Right to restriction of processing
- Right to object to processing
- Right not to be subject to automated decision making, including profiling
- Right to data portability
(2) You also have the right to lodge a complaint about our processing of your personal data with a supervisory authority.
5. Collection of personal data when visiting our website
(1) When visiting the website for information purposes only (i.e. if you do not register or otherwise provide information to us), we only collect the personal data that your browser sends to our server. When you visit our website, we collect the information below. This information is necessary for us from a technical point of view, so that we can display our website to you and guarantee its stability and security (the legal basis for this is Article 6, first paragraph, first sentence under f of the GDPR).
The following data are collected:
- IP address
- Date and time of the request
- Access status/HTTP status code
- Amount of data sent
- Website from which the request originates
- Name, language and version of the browser software
(2) The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. If the data is collected in order to display the website, this will be deleted when the session in question has ended.
Data stored in log files is stored for up to seven days. Data may be saved for a longer period of time. In this case, the IP addresses of the users are anonymized, making it impossible to link them to the client from which the request originates.
a) This website only uses functional cookies. These are necessary to ensure that the features of the website function properly, and are therefore not used for advertisements. This concerns the following cookies, the scope and purpose of which are explained below:
- com sess* cookie (see b)
- com has_js cookie (see c)
- vimeo.com vuid cookie (see d)
b) The sess* cookie stores a session ID, which allows different requests from your browser to be linked to a specific session. Your computer is then recognized when you return to our website. The session cookie is deleted when you close the browser.
d) The vuid cookie is essential for playing videos which feature on the website. The videos run using the third-party Vimeo video player, and these cookies are only stored when you visit a page that uses the video player. The cookie is stored in your browser for an extended period of time. You can delete or block the cookie at any time via your browser’s settings. However, without this cookie, you will not be able to watch the videos on the website.
e) You can change your browser’s settings according to your wishes and, for example, block third-party cookies or all cookies. Please note that this may prevent you from using all of the features of this website.
7. Withdrawal of your consent, or objection to the processing of your data
(1) If you have consented to the processing of your data, you may withdraw it at any time. Withdrawal of your consent will only affect the legitimacy of the processing of your personal data after you have communicated this to us.
(2) If the processing of your personal data is based on a balancing of interests, you can object to the processing. This is particularly the case if the processing of data is not necessary for the purpose of fulfilling a contract with you, as indicated by us in the description of the features below.
8. Client account/membership
(1) As a healthcare provider, you can open a client account. If you open a client account, your data (name, address, e-mail address, telephone number, profession and practice data) as well as your user data (username and password) will be processed. This allows us to identify you as a client and allows you to manage your client account and data. The data will be processed on the basis of the contract concluded with you (Article 6.1(b) of the GDPR).
(2) The client account provides you with access to various applications that allow you to process your patients’ medical data. Assuming that there is a treatment agreement between you as a healthcare provider and your patient, the medical data will be processed by you or under your responsibility as a professional who is bound by professional secrecy under Dutch law or under regulations laid down by a Dutch competent authority, as referred to in Article 9.3 of the GDPR. Your data processing is necessary for the provision of healthcare and medical diagnoses as referred to in Article 9.2(h) of the GDPR. We conclude a processing agreement with you, which specifies how the data processed by you or under your auspices will be handled. In all cases, you are the controller. We are considered to be a processor and will follow your instructions with due observance of the provisions of the processing agreement.
9. Video chat
We offer healthcare providers the opportunity to hold video conferences and send messages directly via the platform. This feature has been specially developed in accordance with healthcare sector requirements and offers healthcare providers a safe, personal and swift method of communication. That way, healthcare providers are able to reach their patients and colleagues at all times via a computer, a laptop or a smartphone. Communication is encrypted using the latest technology.
The third-party provider of the video chat feature is E-Zorg B.V., Karspeldreef 6b, 1101 CJ Amsterdam, www.ezorg.nl, a subsidiary of KPN B.V., Wilhelminakade 123, 3072 AP Rotterdam, www.kpn.com.
The aforementioned parties can be regarded as sub-processors with whom a sub-processing agreement has been concluded.
10. Duration of data storage
Unless otherwise stated, we only store personal data as long as this is necessary for the purposes for which they are processed or until you withdraw your consent. Where statutory retention obligations apply, certain data may be stored for up to ten years, regardless of the purposes for which they are processed.