Privacy Statement

Privacy Statement

QUIN B.V. Privacy Statement

 

We understand how important your privacy is to you. Therefore protecting your privacy and handling the information you entrusted to us with care, is of utmost importance to us. All personal data we process is done in accordance with the General Data Protection Regulation (GDPR). In this Privacy Statement, we explain, what personal data we collect, why we collect it, how we handle it, and which measures we have taken to keep this data safe. This pertains to the personal data you provide us directly and/or that we obtain via our online health platform, our health applications and our other websites. We also explain what rights you have with respect to the personal data that we process.

This privacy statement only pertains to personal data that we process, in some cases personal data may be processed by other parties. In such cases we will notify you hereof and the terms and conditions of these parties will be applicable to the processing of your personal data.

We may amend this Privacy Statement from time to time and therefore recommend that you review it occasionally. This Privacy Statement was most recently amended on the date of publishing of this document December 17, 2021.

 

  1. ABOUT QUIN

Quin, together with its subsidiaries (“Quin, “we” or “us”), is the controller of your personal data within the meaning of the GDPR, insofar as it relates to our online health platform, our health applications or our websites.

Quin is based in the Netherlands, at Stadhouderskade 55, 1072 AB Amsterdam.
Quin has appointed a Data Protection Officer (DPO). Our DPO can be reached by e-mail for any privacy-related questions at privacy@quin.md.

 

  1. SUMMARY OF THE PRIVACY POLICY

At Quin, we not only try to provide healthcare in an easier way, we also find it important that we are transparent about how we process your personal data. Privacy statements are long and sometimes annoying to read. That is why we have made a summary of the most important points. However, we recommend that you also read our full privacy statement,  as it contains all the information about the processing of your personal data.

The main points of our privacy statement

  1. In order to use our services and take full advantage of our online health platform and/or our health applications, we need to process your personal data. This also includes sensitive data about your health. We only process this information after you share it with us. The processing of this takes place on the basis of your explicit consent. You can withdraw this consent at any time.
  2. Some parts of our services related to your health, offer the possibility to exchange health-related information that is entered by you into the health application with your General Practitioner (GP). We will only share this information with your GP if you give us explicit consent to do so. You can withdraw this consent at any time.
  3. Quin B.V. and Quin Dokters practice are separate organisations that do not exchange personal information with each other unless this can be based on the express and explicit consent from the individual to do so.
  4. When making in-app purchases or other services which require payment we may process your personal financial data.
  5. We only store personal data within the European Economic Area (EEA). If in special cases, data is stored outside of the EEA we will inform you of this. In these cases we will make sure that we adhere to the principles as set out in the GDPR related to processing of data outside of the EEA.
  6. We do not share your personal data with third parties for commercial purposes.
  7. We may use and disclose your personal information when we think it is necessary or appropriate:
    a) to comply with applicable laws, which may include laws in force outside your country of residence, to responding to requests from public and governmental authorities, which may be from authorities outside your country of residence, to cooperate with law enforcement authorities or for other legal reasons; 
    b) to enforce our terms and conditions; and
    c) to protect our rights, privacy, safety or property and/or that of our subsidiaries or affiliates, you or others.
  8. Our services are not intended for use by minors (under 18) or by patients who have been declared mentally incapacitated and therefore cannot independently use the type of service we provide.
  9. We use cookies. More information on our use of cookies can be found in our Cookie Statement, which you can find here.
  10. More information on the way Quin Dokters handles personal data can be found in their own  Privacy Statement here.
  11. We have a Data Privacy Officer (DPO) who you can contact directly if you have any questions related to the processing of your personal data by us. You can contact our DPO via privacy@quin.md.

 

  1. PERSONAL DATA WE COLLECT AND USE

This section provides information about the personal data, including data on your health, that we collect and use via our online health platform, our health applications and our websites.

  1. When using the platform

We will ask you to provide us with certain personal data when you register on our platform, in our health application or on our website, such as your name, address, place of residence, email address, date of birth, sex, bank and payment details, citizen service number, general health and lifestyle data, photograph, login details and identification details. Within our services, you have the possibility to share additional data about your health and lifestyle with us, such as data collected with smart devices, such as a smartwatch. This data can be directly shared with our health application. When you share this data with us, we will also use this in providing our services to you.

When using our services, we can ask you to provide additional lifestyle and health data with us.

  1. Additional healthcare information

If your GP is affiliated with our platform, we can also request additional personal data about your health from the GP information system that your GP uses with your explicit consent. For example, information regarding your previous visits to general practitioners, medications used and your general medical history. We may also process personal data about your health provided by medical specialists in relation to our My Care Pathdiagnostictool, for example, if further examination is needed to make a diagnosis (such as X-rays, scans or blood tests). My care path is only accessible to users whose GP is connected to our platform.

  1. Use of Algorithms

When providing our services, based on the data you provide, we may generate additional data about your health through the use of algorithms, for example by using the available medical and statistical information. We share such additional information with you or your primary care physician as part of our services.

  1. Contact

We will process the data that you share with us when you contact us, for instance, with a question or complaint about our services.

  1. Use of cookies

When you visit one of our websites, we may place cookies, for instance to improve our services to you or to obtain information on the use of our website. Our cookies may collect personal data, such as the IP address from which you access our website, and when and for how long you visit our website. More information on our use of cookies is provided in our Cookie Statement on the Quin website.

 

  1. LEGAL BASIS AND PURPOSE OF PROCESSING

In this section of the privacy statement we explain on the basis of which legal basis we collect and use your personal data. This depends, among other things, on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you communicate with us (e.g. online, offline, by telephone, via the app, etc.). The GDPR stipulates that we may only process your personal data on a limited number of grounds, for example with your consent, because this is necessary to be able to provide our services to you, to comply with a legal obligation, or for a legitimate interest of Quin. In this section you will find information about the grounds on which our data processing is based.

 

  1. Providing our services

    1.1 Our legal basis for processing this information is based on your explicit consent you give us when you start using the services we provide.

    1.2 We use personal data, including health data, to provide our services to you. This includes providing general information and general, situation-specific advice about your health (My Health), triage services and making an appointment with your GP (Symptom Checker), facilitating specialist medical care (Specialist Care) and facilitating video consultations with your Quin Doctors GP.

 

  1. Improving our service

    2.1 Our legal basis for processing this information is based on our legitimate interest to do so and the consent you give us when you start using the services we provide.

    2.2 In order to continuously improve our services, websites and products, make them safer and compile user statistics, we use personal data, including health data, only anonymously.

 

  1. Purchasing of services or goods

    3.1 Our legal basis for processing this information is based on our legal obligation to process this data so we can successfully fulfil your request.

    3.2 We use financial information only if you purchase paid services or subscriptions from us, to process the payments.

 

  1. Contacting or informing you

    4.1 Our legal basis for processing this information is based on the consent you have given us to do so, and in some cases on our legitimate interest to inform or update you whilst using our services.

    4.2 We may use the contact details you provided to send you newsletters, or service updates.

    4.3 We may contact you for marketing purposes if you have given your consent. In addition, we may process your personal data in order to be able to handle a question or suggestion.

    4.4 We use the contact details and details of your enquiries or complaints you have provided us to handle your enquiry or complaint.

    4.5 When we use your contact details for sending newsletters, for marketing purposes or for service updates, we will also do so on the basis of your consent. This is subject to an opt-out (objection) regime, insofar as our communications relate to our own products and services.

 

  1. Legitimate interest

    5.1 Sometimes we process your personal data in the context of the legitimate interest we have to do this. If there is a legitimate interest, we will always weigh up our legitimate interest and your privacy rights before we proceed to the processing. This consideration is always tested by our DPO.

 

  1. Legal obligations

    6.1 In certain cases, it may be necessary to process the information obtained from you in order to comply with the legal obligations that rest on us. You should think of, for example, tax or medical legislation.

    6.2 In certain cases, we need to process the personal data obtained from you in order to comply with applicable laws and regulations, including requests from supervisory authorities, and /or in the context of fraud prevention.

 

  1. Scientific research

    7.1 The legal basis for processing information for scientific research is based on our legitimate interest in doing so and the consent you gave us when you started using our service.

    7.2 For scientific or other research, we only use anonymised or pseudonymized data.

 

  1. Job applications

    8.1 Our legal basis for processing the information you share or obtain from public sources, including personal information, in the context of your application is based on the consent you gave us when you applied for a job with us. When processing your personal data for this purpose, we use an external processor.

    8.2 We keep the information you provide us about your application for a maximum of four weeks after which your data will be deleted. In certain cases, if you give us explicit permission for this, we may retain your request data for a maximum period of twelve months.

 

  1. ADDITIONAL INFORMATION ON OUR LEGAL GROUNDS FOR PROCESSING

In this section of the privacy statement we inform you about withdrawing your consent and the consequences thereof. And about the use of your personal data without your permission.

 You can withdraw your consent at any time. However, this will have consequences for your further use of our services. For example, if you have withdrawn your consent,  you will no longer be able to use our online health platform or any features offered by it. Withdrawing consent will not affect our use of the data in the period prior to this withdrawal, but only our future use of your data.

When we do not base our use of personal data on consent, we use certain personal data to comply with legal obligations, including tax obligations. We may also use your personal information if reasonably required to do so for business reasons, and these requirements outweigh your privacy interests. 

Examples include (i) our interest in improving our services, (ii) conducting research, and/or (iii) conducting post-market surveillance activities. To determine this, we will always carry out a Data Privacy Impact Assessment (DPIA) in consultation with our DPO.

 

  1. THIRD PARTIES WITH WHOM WE SHARE PERSONAL DATA

This section of the privacy statement elaborates on the parties with whom we can share your personal data.

 When providing our services, we may share your personal data, including health data, with your general practitioner or healthcare providers and medical specialists who are involved in your treatment within our My Care Path service. We will only do this with your explicit consent, which you can withdraw at any time.

Sometimes we engage other parties ("processors") to process personal data on our behalf in the context of our services, such as a software supplier. We conclude a written processing agreement with these processors in line with the GDPR to ensure the careful processing of personal data.

In exceptional cases, we are legally obliged or a judge forces us to provide personal data to a third party, for example the supervisory authority, the tax authorities, or the police. In those cases, we will not provide more personal data than necessary to comply with such an obligation or judgment.

 

  1. Use of the Symptom Assessment

In this section of the privacy statement we explain how we handle your personal data when you use the symptom assessment.

When you use the symptom assessment within the Quin app, you will receive additional information about how and by whom your personal data is processed. Before you start using the symptom assessment, we ask for your explicit permission to use this service through our app. Quin will never share existing data that you have entered into the Quin app with any third parties involved in the symptom assessment without your explicit consent. In addition, any third parties involved will only receive the personal data that you provide to them yourself when carrying out a symptom assessment.

 

  1. Minors Or Incapacitated Persons

In this section of the privacy statement we explain that our services may not be used by minors and incapacitated persons.

The collection and use of your personal data in the provision of our services is largely based on your explicit consent. Our services are not intended for persons under the age of 18. In addition, our services are not intended for the use of people who have been declared legally incapacitated.

 

  1. Transfer OF Personal Data To Countries Outside the EEA

In this section of the privacy statement we explain where we store your personal data and to whom we send it.

In principle, we only process personal data within the EEA. When we engage processors, we require that they also store the personal data on servers within the EEA. Should in isolated cases the processing of data within the EEA not be possible, we will take all appropriate and required measures to ensure that an adequate level of protection is ensured with regard to the processed data. The measures will always be in line with the legal obligations to do so.

 

  1. Security of Personal Data

In this section of the privacy statement we explain which technical and organizational measures we have taken to prevent the loss of personal data or unlawful processing thereof.

We process personal data with the necessary care and have taken various measures to protect the personal data entrusted to us. Quin is both ISO/IEC 27001:2013 and NEN7510 certified.

 

  1. Retention of Personal Data

In this section of the privacy statement we explain how long we keep your personal data.

We do not retain the personal data you have provided for longer than necessary to achieve the purposes for which we collected it. In certain cases, we have a legal obligation to retain personal data for a certain period of time. This may mean that we have to keep your personal data longer, even if you no longer use our services. In addition, after we have informed you about this, we can pseudonymize or anonymize the personal data processed by us. As a result, this data is no longer covered by the GDPR and we can keep it longer.

If we find that you have not used our services for more than twelve months (via our online health platform or our health app), we will archive your personal data encrypted in a separate file, which only you can access. We keep this file for a maximum of 6 months.

 

  1. Processors

In this section of the privacy statement we explain which processors we use when providing our services.

  • Amazon (AWS)
  • Google analytics
  • Microsoft 365

We have concluded a processing agreement with all parties that process personal data forus.

 

  1. RIGHTS RELATING TO PERSONAL DATA

In this section of the privacy statement we explain which rights you have with regard to the personal data processed by us.

 If we process your personal data, you have the right under certain circumstances to view it, have it corrected or deleted, or to restrict the processing in accordance with the GDPR. Sometimes you can object or request the transfer of your personal data.

Your rights are described below:

  1. Inspection: if you want to know whether we process your personal data, you can ask for this.
  2. Correction: if you want to change the personal data, for example because you have moved, you can ask us to adjust this personal data.
  3. Deletion: if you want us to delete the personal data, you can ask us to do so.
  4. Restrict: you can contact us with a request to restrict the processing of your personal data, (i) if you believe that the personal data we process about you is inaccurate, or its processing is unlawful, (ii) if you need it to fulfil a legal claim, or (iii) if you have objected to its processing.
  5. Data transfer: you can ask us to transfer your personal data to you or a third party.
  6. Objection: If we process your personal data on the basis of a legitimate interest, you may object to further use of your personal data by us. If we process personal data on the basis of consent, you may withdraw that consent at any time.
  7. Objection to newsletters, direct marketing: if you no longer wish to receive messages from us via e-mail or a text message, you can unsubscribe by clicking on the unsubscribe link in the received e-mail or text messages. You can also unsubscribe by contacting us.

If you have a request regarding your personal data, you can contact our DPO. The latter will assess your request and respond to it within the legally stipulated period. Before responding to a request, we may ask you to identify yourself. This is to prevent us from sharing the requested information with unauthorized third parties.

 

  1. QUESTIONS OR COMPLAINTS?

If you have any questions, comments or suggestions regarding the way in which we handle your personal data, you can let us know via privacy@quin. md.

We are happy to help you,  but in some cases we need additional information from  you  to answer your  question or resolve your  complaint. We will then inform you  of this.

If you have a complaint that we cannot resolve for you, you can always file a complaint with our supervisory authority: the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

 

Disclaimer

Please note the primary language of this website is Dutch, our translations are prepared by third party translators. While reasonable efforts are made to provide accurate translations, portions may be incorrect. No liability is assumed by QUIN B.V. for any errors, omissions, or ambiguities in the translations provided on this website. Any person or entity that relies on translated content does so at their own risk. QUIN B.V. shall not be liable for any losses caused by reliance on the accuracy or reliability of translated information. If you would like to report a translation error or inaccuracy, we encourage you to please contact us via privacy@quin.md.

Copyright © Quin B.V. 2022