Privacy & cookie policy
Healthy Information Solutions B.V.
Berlageplan 95
2728ED Zoetermeer
www.healthychronos.com
kvk: 80986463
PRIVACY POLICY
January 2024
- Introduction
In this privacy policy, we explain which personal data we process when you use Healthy Chronos and/or visit our website www.healthychronos.com. We also inform you about why and how long we process your personal data and what your rights are regarding each processing activity. Additionally, we provide information about the parties we collaborate with and our security policy.
We believe it is important for our services to be reliable and transparent. Therefore, we handle your personal data discreetly and carefully, ensuring that every processing activity complies with applicable laws and regulations.
- Data Controller
The data controller is:
Healthy Information Solutions B.V.
Berlageplan 95
2728 ED
Zoetermeer
- Privacy Manager
We have appointed a Privacy Manager. This person ensures that your personal data is processed in accordance with the law. The Privacy Manager's duties include monitoring compliance and handling questions and complaints. The contact details of our Privacy Manager are:
Pieter Beynen
- The personal data that we process
You are not legally or contractually obliged to provide us with your personal data. However, we can only allow you to use Healthy Chronos if we receive certain personal data from you that is necessary for the operation of Healthy Chronos. If you choose to use Healthy Chronos and/or visit our website, we process (some of) the following personal data:
- First and last name;
- Gender;
- Date of birth;
- Email address;
- Phone number;
- Data about your activities on our website;
- Data about your activities on our platform;
- Data about your activities on our app;
- Other provided (personal) data as included in the contact form;
As well as (some) of the following special personal data when you use the Healthy Chronos platform and/or app. Whether and which data are processed depends on how you use Healthy Chronos (e.g., only the app or in combination with a wearable), which data you wish to record yourself, and which data can be recorded by the wearable you are using.
- Data reported by you
- Mood
- Symptoms
- Activities
- Daily schedule
- Notes
- Wearable data
- Heart rate
- Number of steps
- Amount of stairs climbed
- Minutes of active movement
- Saturation
- Stress
- VO2 max
- Calorie consumption
- Weight
- Sleep
- The purpose and legal basis on which we process personal data are as follows
Based on your consent or for the performance of an agreement with you, we process your personal data for the following purposes:
- To record (lifestyle) data from you and a wide selection of wearables for you and, if desired, third parties designated by you, such as lifestyle coaches and healthcare providers, in order to provide insight into your daily life and recovery.
- Creating an account on Healthy Chronos.
- Communicating about (any changes to) our services;
- Maintaining financial records;
- Improving our services;
- Monitoring website, app, and platform visits.
The legal grounds for processing are (unequivocal) consent, the performance of a contract, or a legitimate interest, as referred to in Articles 6 and 9 of the GDPR.
- Wearables
Healthy Chronos offers the option to link wearables from other suppliers to Healthy Chronos. Please note that the supplier and/or manufacturer of your wearable also has its own terms and conditions for the use of the wearable, such as terms of use and privacy policies. It is your responsibility to comply with these terms. Healthy Chronos is not a party to your agreement with the supplier and/or manufacturer of the wearable.
- Automated decision-making
We do not make decisions based on automated processing that could have (significant) consequences for individuals. This refers to decisions made by computer programs or systems, without any human involvement (such as one of our employees).
- How long we retain personal data
In general, we do not retain your data longer than necessary for the purposes for which we collected it. The retention period may vary from case to case. For example, we are required to keep certain documents for a minimum period for tax or administrative purposes. In those cases, we will only retain the data necessary to fulfill our legal obligations. After the legal retention periods, we will delete or anonymize your data.
- Sharing personal data with third parties
In some cases, we share your personal data with third parties, such as cloud providers or hosting services. These parties are located within the EEA, with the exception of those listed in the table below. To the extent that these third parties act as processors, we have entered into a data processing agreement with them, which includes provisions on security, confidentiality, and your rights. We remain responsible for these processing activities. We will not sell your personal data to third parties, such as data brokers.
We engage third parties in the following categories of processing based on the above-mentioned methods and grounds:
- Processing, archiving, and visualizing health and lifestyle data recorded by you or a wearable, which you can, if desired, share with third parties you specify, such as lifestyle coaches and healthcare providers, to provide insight into your daily life and recovery;
- Communicating about (any changes to) our services;
- Supporting our customer service;
- Processing payments
- Monitoring website, app, and platform visits.
Processing activity outside the EEA | Processing Location | Purpose | Data Subjects | Type of (Personal) Data | Recipients |
Consulting the user manual | United States | Customer support | Users of the Healthy Chronos platform | IP address | Notion |
Hosting landing pages | United States | Hosting | Visitors of landing pages | IP address | Carrd |
Formsmanagement | United States | Customer support and improving product and service delivery | Website visitors | Name, email address, phone number | Typeform |
Chatting | United States | Customer support | Users of Healthy Chronos | Name, phone number | Whatsapp for Business (Meta) |
- Cookies, or similar technologies, that we use
We use cookies on our website. These are small text files that are stored in your browser on your computer, tablet, or smartphone when you first visit the website.
We use the following cookies:
- Cookies with purely technical functionality. These ensure that the website works properly and, for example, that your preference settings are remembered. These cookies are also used to ensure the website functions well and can be optimized.
- (Analytical) cookies that track your browsing behavior so that we can offer tailored content and advertisements. We have already asked for your consent to place these cookies when you visited our website.
- (Tracking) cookies placed by third parties. These include advertisers and/or social media companies. We have already asked for your consent to place these cookies when you visited our website.
These (tracking) cookies process, depending on the consent you have given, some of the following types of personal data:
- Visited websites;
- IP address;
- Cookie content;
- Referrer URL;
- Browsing behavior;
- Type of internet browser and device type.
We process these personal data for the following purposes:
- Re-engaging (website) visitors for conversion;
- Measuring the effectiveness of an advertisement;
- Collecting (website) statistics;
- Conducting market analyses, target audience analyses, and/or
improving (the navigation of) the website.
We provide these personal data to the following (categories of) companies or process these personal data through the services of the following (categories of) companies:
- Analytics companies, including Google Analytics;
- Customer support, including SendinBlue.
We do not retain the personal data resulting from these (tracking) cookies longer than necessary for the purpose for which we collected them. This may vary for each (tracking) cookie. Below is an overview of the different retention periods:
Cookie Name | Expiry Term |
Notion (manual) | 12 months |
SendInBlue (chat) | 1 week |
WordPress stats | 12 months |
Google Analytics | 13 months |
Healthy Chronos platform session (login, account) | Healthy Chronos platform session (login, account) |
You can opt out of cookies by adjusting your internet browser settings so that it no longer stores cookies. Additionally, you can delete any information previously stored via your browser settings.
- Your rights (access, correction, deletion, etc.)
The following explains your rights regarding the processing of your data:
- Right to access
You have the right to access your own data. This includes information about the purposes of the processing, which parties the data is shared with, and the retention periods.
- Right to rectification
You can request us to directly rectify your data. You also have the right to complete incomplete data, for example, by sending us an email.
- Right to be forgotten
You have the "right to be forgotten." Upon request, we will delete your data without undue delay. However, we may not always be able to delete all your data. For instance, processing may still be required to fulfill legal obligations or to establish, exercise, or defend claims. It may also occur that when we delete your data from our operational system, it may still be retained in our backups for a short period.
- Right to restriction of processing
You generally have the right to restrict the processing of your data, for example, if you believe your data is inaccurate or unnecessary.
- Notification of rectification, deletion, or restriction
Unless it is impossible or would require disproportionate effort, we will notify the recipients of your data of any rectification, deletion, or restriction of processing.
- Right to data portability
You have the right to data portability. This means you can request your data to be provided to you, and you can store it for personal reuse. You only have this right with regard to data that you have provided to us, and when the processing is based on consent or a contract to which you are a party.
- Withdrawal of consent
If data processing is based on consent, you have the right to withdraw that consent at any time. However, the processing of your data prior to the withdrawal remains lawful.
- Right to object
You generally have the right to object to the processing of your data. After your objection, we will stop processing your data in principle.
- Complaint to the Dutch Data Protection Authority (AP) or the courts
If you believe that the processing of your data violates the law, you can contact our Privacy Manager. You also have the right to file a complaint with the Dutch Data Protection Authority (AP) or take legal action.
- Limitations of your rights
Sometimes we may limit your rights, for example, in the context of preventing, investigating, detecting, and prosecuting criminal offenses, such as fraud.
To ensure that the access request is made by you, we will send you a set of verification questions upon receiving your request, which you must answer before we can process the request. This is for the protection of your privacy. We will respond as quickly as possible, but no later than within four weeks, to your request.
- How we secure personal data (ISO 27001 and NEN 7510 certified)
We take the protection of your personal data seriously and implement appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized alteration. We aim for the highest standards in information security. Healthy Information Solutions, the company behind Healthy Chronos, is certified in both ISO 27001 and NEN 7510. These certifications pertain to information security in general and specifically for organizations handling health information within the healthcare sector.
- Changes
We may update this statement if developments necessitate changes, such as in the case of new forms of processing. The most up-to-date privacy statement can be found on our website. We recommend regularly reviewing this privacy and cookie statement to stay informed about any changes.