Health.be BV (hereinafter “Health.be”, “we” or “us”), having its registered office at A. Servaesdreef 1, 9830 Sint-Martens-Latem, and registered with the Crossroads Bank for Enterprises under number [1019.972.222], attaches great importance to the protection of personal data.

This Privacy Policy describes how personal data are processed when using the digital platform Health.be (the “Platform”), in accordance with:

• the General Data Protection Regulation (EU) 2016/679 (“GDPR”);
• the applicable Belgian data protection legislation.

a. Healthcare professional as data controller

The healthcare professional who provides guidance via the Platform acts as the data controller within the meaning of the GDPR. The healthcare professional determines the purposes and means of the processing of users’ personal data.

b. Health.be as data processor

Health.be acts exclusively as a data processor and processes personal data solely on behalf of and in accordance with the instructions of the healthcare professional.

The processing by Health.be is governed by a separate Data Processing Agreement (DPA) concluded with each healthcare professional.

Depending on the use of the Platform, the following categories of personal data may be processed:

• identification data (such as name, date of birth and contact details);
• account and user data;
• lifestyle and wellbeing data;
• data originating from wearables or sensors;
• technical and log data related to the use of the Platform.

Health.be does not process personal data outside the scope and instructions of the healthcare professional.

Personal data are processed exclusively for the following purposes:

• technically enabling the connection between user and healthcare professional;
• providing and supporting digital dashboards and tools;
• processing and visualising data in the context of lifestyle guidance and coaching;
• ensuring the security and proper functioning of the Platform;
• complying with legal obligations.

The Platform is not intended for medical diagnosis, treatment or medical decision-making.

Personal data are processed on the basis of one or more of the following legal grounds:

• the performance of an agreement between the user and the healthcare professional;
• the explicit consent of the user, where legally required;
• compliance with legal obligations;
• legitimate interests, where applicable and legally permitted.

Personal data are not retained longer than necessary for the purposes for which they are processed, unless a longer retention period is required by law.

The specific retention periods are determined by the healthcare professional acting as data controller.

Personal data are not sold or rented.

Data may only be shared:

• with the relevant healthcare professional;
• with sub-processors of Health.be (such as IT or hosting partners), subject to strict contractual safeguards;
• where legally required.

Health.be may engage sub-processors for the technical execution of its services (such as hosting, security and maintenance).

Each sub-processor is contractually bound by confidentiality, security and data protection obligations at least equivalent to those applicable to Health.be.

Health.be implements appropriate technical and organisational measures to protect personal data against loss, unauthorised access or unlawful processing.

While Health.be strives to secure personal data as effectively as possible, absolute security cannot be guaranteed.

Users have the rights provided for under the GDPR, including:

• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restriction of processing;
• the right to data portability;
• the right to object.

Requests to exercise these rights should in the first instance be addressed to the relevant healthcare professional.

If a user believes that his or her rights are not being respected, a complaint may be lodged with:

Belgian Data Protection Authority
Rue de la Presse 35, 1000 Brussels, Belgium
www.dataprotectionauthority.be

Health.be reserves the right to amend or update this Privacy Policy.

Changes will be communicated via the Platform or by email and will enter into force as of the indicated date.

For questions regarding this Privacy Policy, please contact:
privacy@health.be