Privacy Policy Fitsurance
INTRODUCTION
This privacy regulation aims to inform you how Fitsurance B.V. deals with personal data of persons who make use of our services and/or advice. Fitsurance offers services that give you insight into your physical fitness and health. Fitsurance respects your privacy and ensures that personal data is treated confidentially, carefully and in accordance with applicable (privacy) laws.
Fitsurance does not process more personal data than necessary, for the performance of its services or other purposes as described in these regulations. Fitsurance makes every effort to ensure the accuracy, completeness and relevance of personal data processed and to be processed. Personal data is only accessible to employees of Fitsurance, or parties with which Fitsurance cooperates, if you have given your consent.
For further information and questions about privacy protection, please contact Fitsurance’s Data Protection Officer (DPO from the Dutch Abbreviation of “Functionaris voor de Gegevensbescherming”).
These regulations were adopted in March 2020
DEFINITIONS
Personal Data
Any information relating to an identified or identifiable natural person (“data subject”); identifiable is considered to be a natural person who can be identified, directly or indirectly, in particular by means of data such as a name, an identification number, location data, an online identifier or of one or more elements characterizing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Processing
A processing operation or set of operations involving personal data or a set of personal data, whether or not carried out by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of data.
File
Any structured set of personal data that is accessible according to certain criteria, regardless of whether this set is centralized, decentralized or distributed on functional or geographical grounds.
Data Subject
The person to whom personal data relates: the person who purchases services and/or advice from Fitsurance.
Processor Controller
Fitsurance is the one who determines the purpose of and the means for processing personal data; which makes it the processor responsible for processing your personal data.
Processor
A natural or legal person, a government agency, a service or another body that processes personal data on behalf of the processing controller.
Third party
A natural or legal person, other than the data subject, neither the controller nor the processor, nor the persons authorized under the direct authority of the controller or the processor to process the personal data.
Recipient
A natural or legal person, public authority, department or other body, whether a third party or not, to whom/which the personal data are disclosed.
Consent of the data subject
Any free, specific, informed and unambiguous expression of will by which the data subject (client) accepts, by means of a statement or an unambiguous active act, the processing of personal data concerning him/her.
Supervisory authority
In the Netherlands, the Personal Data Authority (AP).
ARTICLE 1 APPLICABILITY
- The privacy regulations apply to the processing of personal data by Fitsurance B.V. It concerns the fully or partially automated processing of personal data, as well as the non-automated processing of personal data contained in a file or intended to be contained therein.
- Fitsurance has an overview of the processing of personal data. Periodically this overview is updated.
ARTICLE 2 PERSONAL DATA COLLECTED
- When we provide you with services we process the following data:
- Name and address details;
- Date of birth;
- Telephone number (mobile/fixed);
- E-mail address;
- Gender;
- Data about your health that we measure (process) including:
- Cholesterol (total lipid profile).
- Blood glucose
- Hemoglobin and Hematocrit
- Oxygen saturation level
- Anthropometry (measuring the body; height, weight, circumference)
- Blood pressure
- Grip strength
- Well-being questionnaire (appetite, stress, sleep, vitality, happiness)
- Daily physical activity
- Endurance
- Lung function data;
- Data on medications and devices;
- Data about your function;
- Information you provide to us yourself, for example in the contact form.
- The data we collect is added to your summary, it includes data obtained by:
- Measurements taken by Fitsurance employees;
- Data provided by the individual to Fitsurance employees.
ARTICLE 3 PURPOSES OF PROCESSING
Your personal data are processed by Fitsurance for the following purposes:
- The performance of the agreement(s) concluded with you for the provision of our services;
- Keeping the administration, as well as other activities of internal management;
- To calculate, record and collect amounts due, including placing claims in the hands of third parties;
- To be able to contact you and respond to your questions;
- To inform you about Fitsurance services;
- To process your request for information;
- To improve Fitsurance’s website and services;
- To comply with legal obligations, such as our record keeping and retention obligations;
- To handle disputes and conduct audits;
ARTICLE 4 BASES FOR PROCESSING
The legal basis for the processing carried out by us lies in :
- The performance of the contract (provision of services/advice);
- The consent given by you;
- The fulfillment of legal obligations;
- The pursuit of legitimate interests of Fitsurance or a third party (including website security and ICT services).
ARTICLE 5 PROVISION OF PERSONAL DATA TO THIRD PARTIES
- Fitsurance may provide personal data to a third party only with your written consent, unless the provision of personal data from you to a third party is necessary to implement a statutory requirement.
- Fitsurance will always sign a Data Processing Agreement with a third party if data is shared.
ARTICLE 6 TRANSFER OUTSIDE EUROPE
Your personal data will not be processed in countries outside the EEA (EER in Dutch)
ARTICLE 7 REGISTER OF PROCESSING OPERATIONS
For each separate processing, a register will indicate, among other things:
- From which categories of persons the personal data are processed;
- What types of personal data are processed;
- What the legal grounds for processing and the processing purposes are.
ARTICLE 8 ACCESS TO PERSONAL DATA
- Employees only have access to that data which is necessary for his or her task within the framework of our services.
- Employees and/or trainees are obliged to maintain confidentiality regarding the personal data of which they have knowledge, except if a legal requirement obliges them to make a disclosure or if the necessity to make a disclosure arises from their duties. This confidentiality applies both during the period of employment at Fitsurance and after termination of employment.
- Employees charged with carrying out technical work are obliged to maintain the confidentiality of all personal data of which they become aware. An exception to this is if a statutory regulation obliges these persons to make a disclosure or if the need to make a disclosure arises from their duties.
ARTICLE 9 RETENTION PERIODS
- Fitsurance will not retain your personal data for longer than is necessary for the fulfillment of the purposes described above, unless such data is necessary to fulfill a statutory retention obligation.
- This retention period is:
- For health data two years;
- For financial transactions seven years;
- If the retention period of the medical data has expired, the relevant data will be destroyed within a period of 3 months.
- Destruction of medical data will not occur if it is reasonably plausible that the retention is necessary in the context of good service to you, or a legal obligation to do so.
ARTICLE 10 SECURITY OF PERSONAL DATA
- Fitsurance takes appropriate technical and organizational measures to secure your personal data against loss or any form of unlawful processing. For example, we ensure that only the necessary persons have access to the data, that access to the data is protected and that our security measures are checked regularly. Persons who have access to your data on behalf of Fitsurance are required to maintain confidentiality.
- Appendix 1 contains the principles that Fitsurance applies with regard to information security.
Article 11 YOUR RIGHTS
- Right of inspection
As a data subject you have the right to inspect and copy your data, unless this data contains information about another data subject and the data subject objects to the provision of inspection or copy.
- Right of correction and deletion
You have the right to have data changed or even deleted if the data is not (no longer) correct, or if the processing is not (no longer) justified. In addition, you have the right to request destruction/deletion of your data at Fitsurance.
Data cannot be deleted in those cases where destruction is contrary to a legal requirement or if by destroying it a substantial interest of someone other than the data subject is harmed.
- Right of objection
You have the right to object to certain processing of personal data. You have this right in the case of all processing that is not based on (1) your consent, (2) the taking of pre-contractual measures at your request and/or the performance of the contract concluded with you, (3) the fulfillment of legal obligations or (4) the protection of vital interests of yourself or others.
If you object to other forms of processing your personal data, Fitsurance will assess whether we can accommodate your objection. In that case, it is up to Fitsurance to demonstrate that, despite your objection, we have a legitimate interest in continuing to process the personal data. If that balancing of interests turns out in your favor, Fitsurance will cease processing personal data.
You can make your objection known by completing the online form on our website.
- Right to restriction
Under circumstances, you also have the right to restrict the processing of your personal data. In brief, this means that Fitsurance temporarily “freezes” the processing of the data. You can submit a request to this effect in writing to Fitsurance’s DPO. This can be done in the following three situations:
- Pending the assessment of a correction request;
- If Fitsurance no longer needs the data while you still need the data to prepare for litigation; and
- Pending assessment of an objection.
- Right to data portability.
You have the right to receive (back) the personal data you have provided to Fitsurance in a common file format. This right applies only to the personal data that Fitsurance processes pursuant to your (presumed) consent or an agreement entered into with you. Moreover, the right only applies to the data that Fitsurance already processes in digital form (i.e. not for analogue processing). You are free to subsequently transfer that data to another party. If there is a link between the systems of Fitsurance and the systems of the third party to which you wish to pass on the data (or have it passed on), Fitsurance can arrange for that passing on your behalf.
- Automated individual decision-making
Fitsurance does not use automated decision making and/or profiling.
ARTICLE 12 WITHDRAWAL OF CONSENT
- For the purposes described above, Fitsurance processes your data on the basis of your consent. You have the right at all times to withdraw consent once given. Fitsurance will then immediately stop the processing. You can make this request to our DPO. You will find the contact details of the DPO at the bottom of this Privacy Policy.
- The withdrawal of consent has no retroactive effect. All processing that has already taken place will therefore remain valid.
ARTICLE 13 ANSWER REQUEST EXERCISE OF RIGHTS
- Exercising rights is free of charge.
- You exercise the rights by filling out our form online with your request, or by contacting our data protection officer. You will find the contact details of the DPO at the bottom of this Privacy Policy.
- In principle, Fitsurance will respond to your questions/requests within 30 days. It is possible that, due to the complexity of the requests and/or the number of requests, the response time totals up to three months. You will be informed of this in a timely manner.
- Fitsurance may ask for further proof of your identity for all questions/requests.
- The rights described above are not absolute rights. Fitsurance assesses every request, if Fitsurance cannot comply with a certain request, Fitsurance will communicate this to you with reasons. If you disagree, you can go to the Personal Data Authority.
ARTICLE 14 COMPLAINTS
- If you are of the opinion that the provisions of these regulations and/or laws and regulations are not complied with, you may contact the Data Protection Officer of Fitsurance.
- You are also free to file a complaint with the supervisor. The supervisor of the processing of personal data (AVG) and your privacy in this regard is the Personal Data Authority. You can find the contact details of the Personal Data Authority via the website autoriteitpersoonsgegevens.nl.
ARTICLE 15 AMENDMENTS
- Fitsurance has the right to make changes to this Privacy Policy. These changes will be announced on Fitsurance’s website.
- Fitsurance may process your personal data for new purposes not yet mentioned in these Privacy Regulations. In that case, we will contact you before using your data for these new purposes, to inform you of the changes to our Personal Data Protection Regulations and to give you the opportunity to refuse your participation.
CONTACT INFORMATION FITSURANCE
If you have any questions about these Privacy Regulations or wish to invoke any of your legal rights, please contact us using the details below:
Through our online form or by mail
- Complete the online form (https://www.fitsurance.nl/contact/).
- The Data Protection Officer via email address: info@fitsurance.nl.
By mail at
Fitsurance B.V, De Boelelaan 1085, room WN F230, 1081 HV Amsterdam.
ANNEX 1 SECURITY OF PERSONAL DATA
Fitsurance is responsible for processing personal data. Because of this it is bound to certain requirements around security, these are also mandatory under other laws and regulations. Fitsurance applies the following requirements in the implementation and application of its information security.
- Fitsurance has an active policy around security awareness of management and employees.
- Fitsurance has rules of conduct for the use of (general) information facilities. Compliance with these rules of conduct is monitored.
- When information security regulations and/or relevant legal provisions are violated, the Management Board may impose a sanction within the possibilities of the law and (labor) agreements.
- Measures have been taken for the physical security of people and resources, including confidential information and equipment on which this information is stored.
- Measures have been taken for the security and management of operational information and communication facilities. Measures against all kinds of malicious software (computer viruses, spam, spyware, etc.) are an important part of this.
- Laptops and hard (external) drives are provided with passwords and data of participants are stored encrypted. In addition, a secure cloud environment is used for storage of all data.