Privacy declaration

Version: 15.12.2022

 

1. FocusCura

FocusCura B.V. is a Dutch company. Our business activities take place in the European Economic Area (EEA) and unless otherwise indicated, we store our data on servers in the EEA.

This privacy notice summarises when and how your personal data is collected, used, secured and disclosed in connection with your access to and use of our applications, websites and all features, software and services provided through the applications and website (the 'Service').

2. General

We reserve the right to change the provisions of this privacy statement. If we make any changes to the privacy statement, we will notify you. We encourage you to periodically review the latest version of the privacy statement.

3. What personal data do we collect, for what purposes and for how long?

Personal data may be collected in a number of ways when you use the Service. An overview of the information that all companies affiliated to the FocusCura group may collect is set out in the Annex. It is indicated for each different Service which personal data are or may be processed. A distinction is also made between the data we process from clients and data from healthcare professionals using the Service. The overview shows which personal data are processed, for what purpose, on which legal basis the processing is based and how long the personal data are stored.

If you do not provide your personal data to FocusCura or otherwise object to FocusCura's use of your personal data, this may cause you to be impeded in using the Service. The consequences of not providing or objecting to processing personal data are set out below for each processing basis. Which personal data fall under which processing basis can be found for each Service in the Appendix.

Processing pursuant to a legal obligation of FocusCura:

  • We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data set out in this section is required to comply with our legal obligations.

Processing necessary for the performance of the contract:

  • You may be prevented from using the Service, the Service may not function properly. We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data set out in this section is required for the Service to function or operate properly.

Processing necessary for the legitimate interests of FocusCura:

  • We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data set out in this section is required to satisfy FocusCura's legitimate interests and to prevent misuse of the Service and security incidents.

 

Processing operations requiring your explicit consent:

  • In principle, you will not be prevented from using the Service. Refusing or withdrawing consent will not negatively affect your use of the Service.

Processing operations requiring your consent:

  • You will not be prevented from using the Service. Refusing or withdrawing consent will not adversely affect your use of the Service.

 

Annex 1: processing operations for cAlarm.

Annex 2: processing operations for cKey.

Annex 3: other processing (including when a Service is not purchased).

4. Sharing of personal data

Unless otherwise stated in this privacy statement, we do not describe, sell or trade personal information about our visitors and users to third parties.

4.1 Sharing with processors

We may engage third parties, such as hosting providers, to assist us in providing the Service. Such third parties may, as part of their role in providing the Service, process your personal data. In this regard, such third parties are referred to hereinafter as 'Processors'. We enter into processor agreements with these Processors.

We use the following types of Processors:

  • analytical software (cookies) to improve our services (including privacy-friendly Google Analytics and Hotjar);
  • analytical software (cookies) to provide you with targeted offers from FocusCura (in the sense of marketing);
  • cloud services;
  • hosting provider(s);
  • email service providers;
  • providers of services to collect health data;
  • providers of customer and user information management services;
  • providers for video calls;
  • push notification providers.

In some cases, the Processor may collect your personal data on our behalf. We inform Processors that they may not use personal data they obtain from us except for the purpose of providing the Service. We are not responsible for any additional information you provide directly to Processors. You should inform yourself about the Processor and its business before disclosing personal data to such Processors.

Some of the Processors engaged by FocusCura for the purposes of marketing, FocusCura's email services and managing customer and user information store personal data outside the European Union. We only engage Processors that comply with the requirements of the General Data Protection Regulation and have the necessary certificates, business rules or model clauses from the European Commission.

4.2 Sharing with your consent

From time to time, we may also share personal data with third parties when you give us permission to do so. For example, we may work with other parties to offer specific services or offers directly to you. If you sign up for these third-party services or marketing offers, we may share the personal data you provide for this purpose, such as name or other contact details we reasonably deem necessary, with these third parties so that our business partner can provide the services or offers or contact you.

4.3 Our legal responsibility

We may share personal data if we are confident that this is permitted by law or if we are required to do so by law. We may also share personal data with third parties if reasonably necessary or appropriate to comply with the law, if necessary to comply with legal requests from authorities, to respond to any claims or to protect the rights, property or safety of us, our users, our employees or the public and, without limitation, to protect ourselves or our users from fraudulent, abusive, inappropriate or unlawful use of the Service. We will promptly notify you of any requests we receive from any executive, administrative or other governmental authority that relate to your personal data, unless prohibited by applicable law.

4.4 Anonymised information

Please note that nothing herein restricts the sharing of anonymised information, which may be shared with third parties without your consent.

5. Protection of personal data

We will ensure that we take appropriate technical and organisational security measures for processing personal data. We follow generally accepted standards to protect personal data, both during its transmission and once we have received the personal data. We have taken at least the following measures:

  • Access to servers is only possible from a dedicated network or via VPN.
  • Access to our database is only possible through personal accounts protected by a username and password. Only persons who need access to the database for their job are given such an account.
  • We have a password policy to ensure strong passwords. Passwords should be reset periodically.
  • We use separate environments (testing, acceptance and production) to mitigate risks.
  • Data stored on systems are encrypted. This encryption follows best practices appropriate to the system on which it is stored.
  • We use TSL (Transport Layer Security) technology to encrypt transmission data to and from us. In principle, we use the latest known secure version of this technology. Insecure versions are not allowed
  • The maximum number of incorrect login attempts has been limited where possible.
  • All the equipment we use is managed centrally.
  • All the software we use is managed centrally and is part of the update policy.
  • Where applicable, we back up the database daily. Users who have access to the database do not have access to the backups to prevent unwanted deletion of databases.
  • Cookies do not contain complete authentication information such as passwords.
  • Information in cookies is deleted where applicable when you log out.
  • Important information in cookies is encrypted.
  • The duration of login sessions is time-limited where necessary.
  • There is a policy on the use of data carriers (such as laptops and USB sticks).
  • Access to the property is restricted and the premises are secured.

You should note that our Processors are responsible for processing, managing or storing all or part of the personal data we receive. Processors are not authorised to use this data to advertise to you. These Processors are contractually obliged, through a processor agreement, to secure the personal data they have received from us.

However, there is no method of transmission over the internet or method of electronic storage that is 100% secure. Therefore, we cannot guarantee absolute security.

6. Links to third-party sites

Our Services and/or the website may contain links to other websites, as well as third-party advertisements. Third-party websites may track information about you. We have no control over such sites or their activities. Any personal data you provide on third-party pages will be provided directly to that third party and will be subject to that third party's privacy policy. We are not responsible for the content, privacy and security practices and policies of websites to which we link or which advertise on our Services and/or websites. Links from our website to third parties or to other sites are provided solely for your benefit. We encourage you to review their privacy and security practices and policies before providing personal data to them.

7. What choices do you have regarding the use of your personal data?

Before we share your personal data with third parties in ways not covered by this privacy statement, including use for direct marketing purposes, you will be notified and asked to consent at the time such information is collected.

We may send you marketing and promotional materials about our products and services. If you do not (or no longer) want the information to be used for direct marketing, you can contact us at the e-mail address listed under 'Contact'.

You can also unsubscribe yourself by following the unsubscribe instructions included with each promotional e-mail. This does not affect our right and ability to send you Service- and account-related emails or use personal data as described in this privacy statement.

We will comply with your requests as soon as possible after receiving the request.

8. Your rights

Privacy laws give you certain rights regarding your own personal data. The rights we describe below are not absolute rights. We will always weigh up whether we can reasonably comply with your request. If we cannot, or if it would, for example, compromise the privacy of others, we may refuse your request. If we refuse a request, we will give reasons for our refusal.

8.1 Right of inspection

You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing purposes, categories of personal data concerned, the (categories of) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision-making.

You may also ask for a copy of your personal data processed by us. Do you want additional copies? If so, we may charge a reasonable fee for these.

8.2 Right of rectification

If the personal data processed by us about you is incorrect or incomplete, you may request us to amend or supplement the personal data. If we comply with your request, we will, as far as reasonably possible, inform the parties to whom we provide data.

8.3 Right to erasure of data

Do you no longer want us to process certain personal data about you? If so, you can ask us to delete some (or all) personal data about you. Whether we will delete data depends on the processing purpose. Data that we process pursuant to a legal duty or for the performance of the agreement, we will only delete if the personal data are no longer necessary. If we process data on the grounds of legitimate interest, we will only delete data if your interest outweighs ours. We will make this consideration. If we process data based on consent, we will only delete the data if you withdraw your consent. Have we accidentally processed data unlawfully or does a specific law require us to delete data? Then we will delete the data. If the data are necessary for the settlement of legal proceedings or a (legal) dispute, we will only delete the personal data after the proceedings or dispute have ended.

If we comply with your request, we will, as far as reasonably possible, inform the parties to whom we provide data.

8.4 Limitation of processing

If you dispute the accuracy of personal data processed by us, if you believe that we have processed your personal data unlawfully, if we no longer need the data or if you have objected to the processing, you may also ask us to restrict the processing of those personal data. For example, during the time we need to assess your dispute or objection, or if it is already clear that no lawful basis (no longer) exists for further processing of those personal data, but you still have an interest in us not deleting the personal data yet. If we restrict the processing of your personal data at your request, we may still use that data for the settlement of legal proceedings or a (legal) dispute.

8.5 Right of transferability

At your request, we may transfer to you or another party to be designated by you the data that we process for the performance of the agreement or pursuant to your consent and that is processed automatically. You may make such a request at reasonable intervals.

8.6 Automated individual decision-making

We do not make decisions based solely on automated processing.

8.7 Right to object and withdrawal of consent

If we process data based on a legitimate interest, you may object to the processing. If we process data based on your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.

8.8 Exercising your rights

You can send a request to access, correct, delete, transfer your personal data or request the revocation of your consent or objection to the processing of your personal data to [email protected]

To prevent abuse, when you make a written request for inspection, modification or deletion, we ask you to identify yourself adequately. You can do so by enclosing a copy of a valid identity document. Do not forget to mask your BSN and passport photo on the copy.

We aim to process your request, complaint or objection within one month. If it is not possible to issue a decision within one month, we will inform you of the reasons for the delay and when the decision is expected to be issued (no longer than 3 months from receipt).

8.9 Personal Data Authority

Do you have a complaint about our processing of your personal data? If so, please contact us. We will of course be happy to help you. If, despite this, you still cannot work things out with us, you also have the right under privacy legislation to submit a complaint to the privacy regulator, the Authority for Personal Data. To do so, you can contact the Personal Data Authority at https://autoriteitpersoonsgegevens.nl/.

9. Contact

If you have any questions, concerns or comments about this privacy statement, please contact us by e-mail at [email protected] or by calling us on +31 (0)30 692 70 50.

 

Annex 1: processing operations for cAlarm

Processing of you as a client of FocusCura:

Necessary for the purpose of our legal obligation to keep tax records, processing period up to 10 years after the end of the agreement

  • Name

 

Necessary for the performance of the agreement (providing the Service), processing period up to 2 years after termination of the agreement

  • Name
  • Address
  • IBAN number
  • Customer number
  • Date of birth
  • Email address
  • Phone number
  • Contact person (the healthcare professional associated with you)
  • Property type
  • Username
  • Password
  • Link code (code to put you in touch with your contact)
  • Language you set
  • Time zone you use

 

Necessary for the protection of FocusCura's legitimate interests, processing period up to 2 years after termination of the agreement

  • Processing for securing the Service:
    • IP address
    • Device account number
    • Service type

 

Processing with your explicit consent, processing duration up to 15 years after the end of the medical treatment agreement for the benefit of which you entered into an agreement with FocusCura, or up to 2 years after the end of the agreement insofar as the medical data do not need to be included in the medical file

  • Medical data
    • GP contact details
    • Details regarding your health

 

Processing with your consent (implied by filling in optional fields), processing period up to 2 years after the end of the agreement

  • Gender
  • Installation notes

 

Processing of you as a healthcare professional using the Service:

Necessary for the purpose of our legal obligation to keep tax records, processing period up to 10 years after the end of the agreement

  • Name
  • Invoice data

 

Necessary for the performance of the agreement (providing the Service), processing period up to 2 years after termination of the agreement

  • Name
  • Address
  • Email address
  • Who your client is
  • Relationship with client
  • Language you set
  • Time zone you use

 

Necessary for the protection of FocusCura's legitimate interests, processing duration up to 2 years after termination of the agreement

  • Processing for securing the Service:
    • IP address
    • Device account number
    • Service type

 

Processing with your consent (implied by filling in optional fields), processing period up to 2 years after the end of the agreement

  • Phone number

 

Annex 2: processing operations for cKey

Processing of you as a client of FocusCura:

Necessary for the purpose of our legal obligation to keep tax records, processing period up to 10 years after the end of the agreement

  • Name

 

Necessary for the performance of the agreement (providing the Service), processing period up to 2 years after the end of the agreement

  • Name
  • Address
  • IBAN numbers
  • Customer number
  • Date of birth
  • Phone number
  • Property type
  • Username
  • Password

 

Necessary for the protection of FocusCura's legitimate interests, processing duration up to 2 years after termination of the agreement

  • Processing for securing the Service:
    • IP address

 

Processing with your consent (implied by filling in optional fields), processing period up to 2 years after the end of the agreement

  • Gender
  • Email address
  • Care organisation you are affiliated with
  • Housing corporation
  • Details of your contact person (the healthcare professional associated with you)

 

Processing of you as a healthcare professional using the Service:

Necessary for the purpose of our legal obligation to keep tax records, processing period up to 10 years after the end of the agreement

  • Name
  • Other billing details

 

Necessary for the performance of the agreement (providing the Service), processing period up to 2 years after the end of the agreement

  • Name
  • Address
  • Email
  • Relationship with client
  • Phone number

 

Necessary for the protection of FocusCura's legitimate interests, processing duration up to 2 years after termination of the agreement

  • Processing for securing the Service:
    • IP address

 

Processing with your consent (implied by filling in optional fields), processing period up to 2 years after the end of the contract

  • Healthcare organisation you work for

 

Annex 3: other processing (including when a Service is not purchased)

When using the website:

Necessary for the protection of FocusCura's legitimate interests, processing period up to 6 months after the last use of the website unless technically not reasonably possible

  • Processing for securing the Service
    • IP address
  • Functional cookies to improve your user experience
    • Completed form fields
  • Analytics cookies to improve FocusCura's Services
    • IP address
    • Via which website you found us
    • Which pages you visited
    • How long your visit lasted
    • How to navigate the website

 

When leaving your details

Necessary for the protection of FocusCura's legitimate interests, processing period up to 6 months after FocusCura was last contacted

  • To be able to answer your questions and provide you with information
    • Name
    • Email address
    • Phone number
    • Care organisation name
    • Other personal data entered in the contact field

 

Processing with your consent (implied by filling in optional fields), personal data for this purpose will be deleted as soon as you unsubscribe

  • To send you marketing material at your request
    • Name
    • Email address

 

 

Version: 15.12.2022