Privacy Statement

Effective 18 september 2023

 

1. Who is responsible for the processing of personal data?

This is the Privacy Policy of NIPED Prevention B.V. (hereinafter: &niped). &niped offers the Personal Health Check.

The Personal Health Check is a user-friendly, preventive (medical) exam consisting of an online questionnaire and additional tests that are carried out at home. After the check has been carried out, participants receive a personal health report containing a risk profile, health-related recommendations and tools for getting started. Participation in the Personal Health Check is voluntary.

&niped attaches great importance to the privacy and protection of your personal data. This Privacy Policy describes how we deal with personal data and your rights as a participant.

All personal data is collected, processed and stored in accordance with the General Data Protection Regulation (GDPR). &niped is the data controller for the data processing activities stated below.

2. How can you contact us?

For questions or comments about the processing of your personal data by &niped, contact our Data Protection Officer at fg@niped.nl.

&niped
Naritaweg 70
1043 BZ  Amsterdam
Netherlands

Email address: info@niped.nl
Phone: +31 (0)20 – 261 0444
Chamber of Commerce reg. no.: 57918597

3. Whose personal data do we process?

We process the personal data of participants in the Personal Health Check.

4. What kind of personal data do we process?

Below is an overview of the categories of personal data that we process:

Categories of personal data	Data
Identifying data and contact details	First and last name Address Gender Date of birth Email address Phone number (two-step verification) Employer details (only if you are participating in the Personal Health Check through your employer) Insurance company details (only if you are participating in the Personal Health Check through your healthcare or income insurer) BSN (only if you participate in the Personal Health Check through your general practioner)
Account information	Username Password
Study data, including information on your health and health risks (unique personal data)	Depending on the package/chosen modules: The questionnaire you have completed Information on your cholesterol values Information on your blood glucose values Information on your renal function Information on your lung function Height, weight and abdominal girth Blood pressure values Information on your lifestyle Information on your family and/or your family’s health Information on your mental well-being/emotional state Information on your hearing Information on your vision Information on your vitamin D level Information on your antibodies Information on your baker’s allergy Information on your employee satisfaction Information on your work ability
Correspondence	Email and other correspondence Messages you send to us using the contact form on the website
Payment information if the participant is paying personally	Bank account number Payment method
Information related to the use of our website and online user environment	Activities on our website and in the online user environment Information collected through cookies (see also our Cookie Policy) Information that you actively provide or enter into forms on the website Information on the device you use to access our website or the online user environment
Company reports	If you are participating through your employer, municipality, membership association or healthcare or income insurer, we compile health information for this party on the group level, which means that it cannot be traced back to an individual participant. A prerequisite for the macro reports is a minimum of 30 completed participations. If there are fewer than 30 completed participations, but at least ten, the macro report will be provided in condensed form (without percentages, only significant deviations from the benchmark)

5. How do we obtain your personal data?

Most of the information we receive has been provided to us by you as part of the Personal Health Check, such as when you create an account, complete the questionnaire and send us the results of the home test(s).

We also place cookies that are used to collect information about your website visit. More information can be found in our Cookie Policy.

6. For what purposes is your personal data processed and on what basis?

Purpose & basis
To register you as a participant in the Personal Health Check Basis: Necessary for the performance of the agreement	Create an account To process and register the information you provide through our online user environment
To enable you to take part in the Personal Health Check and carry it out Basis: Necessary for the performance of the agreement Legal exception for the ban on the processing of health data: explicit consent	Tailoring the questionnaire to your situation (age/gender) and modules chosen Sending the materials for the physical home test(s) Processing the lab results and preparing your personal health report, including motivational advice Saving and making your personal health report available in your account Payment/invoice processing Answering your questions and requests (whether or not the service desk is used) Unless you have indicated that you do not wish to receive these emails from us, we keep you informed about your participation by email
To verify that you are 16 years of age or older Basis: Meeting our legal obligations	Determining whether you are old enough to take part in the Personal Health Check (participation under the age of 16 years is not possible and only limited participation is possible between the ages of 16 and 18 years)
To provide relevant information to the company doctor/healthcare or other professional Basis: Consent Legal exception for the ban on the processing of health data: explicit consent	Sharing your personal data and reports through the Professional Portal with a BIG-registered healthcare professional or lifestyle coach, such as a company doctor, if you actively consent to this through your account If you consent to this, this may mean that the healthcare professional or lifestyle coach will contact you regarding your results in order to discuss these with you. We may only provide your information if the healthcare professional’s information is known to us and he or she uses the Professional Portal as part of the Personal Health Check Processing the BSN to ensure that the personal data to be processed as part of the provision of care relates to that client, if you participate at the invitation of your general practitioner. Sharing your personal health results with your general practitioner via Zorgmail, if you participate at the invitation of your general practitioner.
Reimbursement through your health insurer Basis: Consent	Providing information on the modules completed to your health insurer at your request for reimbursement purposes, provided your insurance company’s information is known to us Important: we will not provide your insurance company with any health data
To prepare anonymized company reports for employers, municipalities, membership associations or insurers Basis: Legitimate interest in receiving company reports Legal exception for the ban on the processing of health data: explicit consent	Preparing anonymized health data on the group level. This information cannot be traced back to you as an individual The company report is prepared with a minimum of 30 completed participations. If there are fewer than 30 completed participations, but at least ten, only significant deviations from the benchmark will be provided
Scientific research Basis: Legitimate scientific interest Legal exception for the ban on the processing of health data: explicit consent	Preparing and making anonymized and aggregated information available on health, family, lifestyle, measurement values, gender and date and year of birth to contracted knowledge partners for scientific research purposes
To develop and improve the Personal Health Check Basis: Legitimate company interest	Evaluating the Personal Health Check to improve its quality and effectiveness Inviting participation in a voluntary satisfaction and effectiveness survey within nine months of your participation in the Personal Health Check
Technical improvements Basis: Legitimate company interest	Establishing incorrect use and/or inaccuracies in the Personal Health Check in technical log files for purposes of safety analyses. These log files do not contain any health data
Newsletter Basis: Consent	Unless you have indicated that you do not wish to receive our newsletter (opt-out), a newsletter with product information and new developments will be sent periodically. This newsletter is intended to keep participants up to date on our product and services

7. To whom do we provide personal data?

&niped may use third-party services to process your data in accordance with this Privacy Policy. These parties act as a processor for &niped and &niped ensures that these parties provide sufficient data protection by means of technical and organizational security measures. Third parties that act as a processor for &niped have signed a data processing agreement that includes a guarantee that they only process data on behalf of &niped.

Your data will only be provided to parties other than &niped if we are legally required to do so, such as to supervisory authorities, because we must fulfil an agreement with you or if necessary to meet our obligations to you.

If you use the additional modules of the Personal Health Check, we also provide your full name and address once only to a contracted distribution centre and delivery service in order to send you the materials to carry out the home test(s).

8. Do we provide your personal data to other countries?

Insofar as &niped collaborates with third parties (processors) as part of the Personal Health Check, all of them are established in the European Economic Area (EEA), with the exception of Zendesk. Zendesk is used to process service desk requests and email correspondence and is based in the United States.

9. How long do we store your data?

Your data will not be stored longer than absolutely necessary for the purposes for which it was collected or processed, unless a longer storage time is necessary to, for example, fulfil a legal obligation. &niped has different storage times, depending on the purpose and data category.

• In principle, we store your account and other information for as long as your account is active. If you do not use your account for 2 1/2 years, we will ask you whether you wish to keep your account. If, after receiving a reminder, you still do not indicate that you wish to keep your account, we will delete it.
• Your personal health report will be available through your account for three years.
• Technical log files are stored for three to six months.
• Questions/requests to our service desk are stored for nine months.

If we no longer need the information for the purposes described above, we may save the data for archiving, legal procedures or research purposes.

10. What happens in the event that the company is taken over?

In the future, it is possible that one or more divisions or assets of &niped is transferred to or &niped merges with a third party. In that case, your personal data will be transferred to this third party and &niped will inform you of this beforehand.

11. What are your rights?

You have a number of rights related to the processing of your personal data (see below). If you would like more information on your rights or wish to exercise one of them, send an email to info@niped.nl.

• Right to withdraw your consent if we have requested your consent for a specific type of processing of your personal data;
• Right of access;
• Right to rectification if personal data is incorrect or incomplete;
• Right to data erasure if personal data is not relevant for the purpose for which it was collected, if consent has been withdrawn, if you object to the processing of your personal data based on a legitimate reason or if the processing of your personal data is unlawful;
• Right to limited processing if you dispute the accuracy of the personal data processed by &niped or you have submitted an objection to the processing of your personal data by &niped;
• Right to data portability;
• Right of objection to data processing or direct marketing. You have the right to object to the processing of your data in the context of our legitimate interest. We will then reconsider whether your data should no longer be used. You can also object specifically to the use of your data for direct marketing;
• Right to submit a complaint. This can be done by contacting the Data Protection Officer at &niped at fg@niped.nl or the Dutch Data Protection Authority.

12. How do we protect your personal data?

We take appropriate measures to combat the misuse, loss, unauthorized access, undesired disclosure or unauthorized changes to personal data. We are NEN-7510 and ISO 27001-certified. NEN-7510 is the recommended standard for information security for the healthcare sector in the Netherlands.

A few examples of security measures that we have implemented:

• Access to the customer portal is protected by a username and password.
• Access to the personal portal is protected by a username and password, as well as an optional additional login code (two-step verification).
• After being received, the information is stored in a separate, protected system.
• We take such physical measures as locks and safes for purposes of access protection of the systems in which personal data is stored.
• We use secure connections (minimum of TLS 1.2) to protect all information transmitted between you and our website when entering your personal information.
• We keep information processing logs.

13. Changes

We may make changes to our Privacy Policy from time to time. This may be due to a new type of data processing approach or in connection with changes to regulations or technological developments. If substantial changes are made to this Privacy Policy, we will inform you. If necessary, we will request your consent for changed or new processing activities.