Alterdesk logo

Privacy and Cookie Statement Alterdesk B.V. – Website

9 November 2020

We have drawn up this privacy and cookie statement to make it clear that we take the privacy of all personal data with which we come into contact within Alterdesk very seriously. For that reason, the personal data collected by us is carefully processed and secured. We adhere to the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and to the Privacy Regulations stipulated in the General Data Protection Regulation (GDPR).

In this statement we want to inform you about our privacy and cookie policies. If you have any questions or would like more information, please contact our Data Protection Officer Michelle Spit at michelle@alterdesk.com

Protection of privacy is very important. After all, you do not want your data to just end up on the street. In the European Union, the General Data Protection Regulation (GDPR) applies to protect your and our personal data. Under this regulation, an organization that works with personal data has certain obligations and the person from whom the data originates has certain rights. The regulation speaks of “processing personal data”. This term includes everything that can be done with personal data: from collection to destruction. In addition to this general privacy legislation, specific rules apply to privacy in healthcare. This privacy statement is intended to inform you about your rights and our obligations that apply under the law.

Purposes of data processing

Click behavior and visitor data
When using our website, we obtain general visitor data. This concerns the IP address of your computer, the time of retrieval and data that your browser sends. We use this data for statistical analyzes of visitor and click behavior on the website. We also use this to optimize the functioning of the website.

We use Google Analytics to keep track of how visitors use our website. We have concluded a processor agreement with Google. It contains strict agreements about what they can keep. We let Google anonymize the IP addresses and have all options for sharing data with Google disabled. Alterdesk always uses the “Manual for privacy-friendly setting of Google Analytics” from the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”).

We use this information because of our legitimate interest in monitoring and improving our website. Anonymous data (which no longer contains any personal data) will remain available in Google Analytics and we will keep it for as long as it is relevant to us. Non-anonymised data is stored for a maximum of 26 months and then deleted. Naturally, this information is not provided to third parties.

Cookies
Please see our cookie statement later in this document, in which we explain exactly what these cookies do and why they are there.

When can we share your personal data with third parties?

Alterdesk will only share your data with third parties if this is permitted under current legislation. We may provide your personal data to third parties because:

  • we have engaged them to process certain data;
  • necessary to perform the agreement;
  • you give permission for this;
  • we have a legitimate interest in this;
  • we are legally obliged to do so (for example, if the police require this when a crime is suspected).

The parties that process personal data in our or your assignment are:

  • Cookie suppliers (please see our cookie statement);
  • IT suppliers and service providers;
  • Payment service providers (and collection agency).

In order to provide this service, Alterdesk can provide your personal data to parties located outside the European Economic Area (EEA). Alterdesk only does this if there is an appropriate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data (i.e. a processor agreement).

With the exception of the partners mentioned in this overview, we will under no circumstances give your personal data to other companies or institutions, unless we are legally obliged to do so.

We are aware of the judgment of the Court of Justice of the EU of 16 July 2020 with implications for the transfer of personal data. We are currently investigating how we can best overcome this. Privacy is very important to us and we try to do everything we can to find a suitable solution. If we have a suitable solution, we will inform you about this via this privacy statement. Do you have questions about the processing of your personal data? Please contact us using the contact details in this privacy statement.

Security

The security of personal data is very important to us. To protect your privacy, Alterdesk and our contracted third parties take appropriate organizational and technical measures including:

  • physical access control. Alterdesk uses measures to prevent unauthorized persons from gaining access to data processing systems in which personal data is processed.
  • access to personal data is protected with a username, password and, where necessary, a login token.
  • using secure connections (TLS) that protects all information between you and our websites and apps when submitting personal data and sharing personal messages.
  • using firewalls, intrusion detection systems, intrusion prevention systems and virus scanners to ensure your data is always safe.
  • data backup.

If Alterdesk finds out that a vulnerability has occurred, we will notify you and, if necessary, ask you to take appropriate action.

Cookie statement

Given our vision on privacy, we believe it is important not to use more tracking cookies than necessary. Our website therefore uses only two types of cookies, both related to the use of Google Analytics:

  • Google Tag Manager;
  • Google Analytics.

These cookies are to keep track of how our website is used; to provide us with reports about the website.

To ensure that Google does not collect personal data via our website, we have set the privacy settings in accordance with the “Manual for privacy-friendly setting of Google Analytics” of the Dutch Data Protection Authority. Among other things, the IP address is anonymized before this data is sent to Google. In addition, we have concluded a processing agreement with Google and Google is not permitted to provide this data to third parties or to use it for other Google services. The processing of your personal data via Google Analytics is based on our legitimate interest to obtain general statistics from our website visitors.

Based on these settings, it is not necessary under current Dutch cookie legislation to explicitly request permission from visitors to place the relevant cookies. We did think it was neat to point out to our website visitors that cookies are being placed – so our current cookie notification is only for notification.

For more information, read the privacy policy of Google, as well as the specific privacy policy of Google Analytics. See here for more information about Google’s opt-out scheme.

The responsibilities of Alterdesk B.V.

Alterdesk is legally responsible for the processing of personal data which takes place within Alterdesk. We fulfil the obligations arising from this as follows:

  • Your data is only collected to support the provision of care and is used for the described purposes in this statement;
  • You will be informed of the fact that personal data is processed. This is indicated wherever we request personal data by referring to this privacy statement.
  • All employees of Alterdesk have signed a confidentiality statement;
  • Your personal data is well protected against unauthorized access;
  • Your personal data is not kept longer than is necessary to provide good service and care.

Your rights as a stakeholder

Regarding your personal data you have the following rights:

  • the right to know if your personal data is processed;
  • the right to inspect and ask for a transcript of the data that is processed (insofar as this does not harm the privacy of another);
  • the right to request correction, addition or deletion of your data;
  • the right to block the transfer of your data to third parties (one or more of the aforementioned care providers);
  • the right to request deletion of personal data. This can only be done if the retention of the data is not of significant importance to another and the data does not have to be retained on the basis of (a) statutory regulation(s);
  • the right to oppose the processing of your data.

If you want to exercise your rights, you can contact the Data Protection Officer of Alterdesk who looks after your interests. Your interests can also be represented by a representative appointed by you. Make sure that you always clearly state who you are, so that we can be sure that we do not modify or delete data from the wrong person.

In addition, you can inform us in writing if you do not want to be contacted with information about our products and services. See the contact details of the Data Protection Officer further on in this document

If the Data Protection Officer of Alterdesk refuses to execute your rights, then can you contact the Dutch Data Protection Authority (i.e. Autoriteit Persoonsgegevens). For example, the Dutch Data Protection Authority can engage by mediating in the dispute or provide advice. As a last resort, you can lodge an appeal with the Dutch civil court.

Data Protection Authority

In case of questions or complaints, you can contact the Data Protection Officer of Alterdesk. The Data Protection Officer ensures that personal data is being dealt with in an appropriate manner and data is safe, all the time. The Data Protection Officer guarantees the privacy of users and the service provided.

Alterdesk B.V. (# Dutch Chamber of Commerce : 57959587)
Attn. Data Protection Officer
Comeniusstraat 5
1817 MS ALKMAAR (The Netherlands)
Telephone: +31 72 – 202 9110
E-mail: michelle@alterdesk.com
Website: www.alterdesk.com

If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervising authority. This is called the Dutch Data Protection Authority (i.e. “Autoriteit Persoonsgegevens”).

Data Protection Authority (Autoriteit Persoonsgegevens)
PO Box 93374, 2509 AJ THE HAGUE (The Netherlands)
Tel: +31 900 – 200 12 01, available on workdays from 09:30 AM to 12:30 PM (€ 0.05 per minute) www.autoriteitpersoonsgegevens.nl

Amendments to this privacy statement

When our service changes, we must of course also adjust the privacy statement. So always pay attention to the date at the top of this page and check regularly for new versions. We will do our best to announce changes separately.