Privacy Statement Zaurus B.V. – Application
Version November 2021
We have drawn up this privacy statement to make it clear that we take the privacy of all personal data with which we come into contact within Zaurus very seriously. For that reason, the personal data collected by us is carefully processed and secured. We adhere to the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and to the Privacy Regulations stipulated in the General Data Protection Regulation (GDPR).
In this statement we want to inform you about our privacy policies. If you have any questions or would like more information, please contact our Data Protection Officer at email@example.com.
Protection of privacy is very important. After all, you do not want your data to just end up on the street. In the European Union, the General Data Protection Regulation (GDPR) applies to protect your and our personal data. Under this regulation, an organization that works with personal data has certain obligations and the person from whom the data originates has certain rights. The regulation speaks of “processing personal data”. This term includes everything that can be done with personal data: from collection to destruction. In addition to this general privacy legislation, specific rules apply to privacy in healthcare. This privacy statement is intended to inform you about your rights and our obligations that apply under the law.
Your privacy is very important for Zaurus B.V. We therefore comply with the privacy law. This means that your data is safe with us and that we always use it properly. In this privacy statement we explain what we do with information that we learn about you through our application.
Purposes of the data processing
1. Use of the service – Create your Zaurus account
Before you can use the Zaurus communication platform, you are obliged to register as a user. You must provide some personal data and choose a username and password. Next, we are able to create your user account.
Your profile contains your name, job title (optional), telephone number (optional), profile picture (optional), email, and company name (and address). Additional information that we store includes: your User ID (unique ID of the user in the database), your Device ID (devices linked to the UserID for sending, for example, push notifications) and Object ID (everything else that is associated with the User ID which applies to the user’s account). We store this information based on your permission.
Zaurus can only use your contact details to provide, protect and improve our service and to detect and prevent fraud.
Important: Please note that the contact details you provide as part of your Zaurus profile are visible to your Zaurus relationships. If required, you can alter this information by changing your profile settings.
We keep this information until you close the account. There is some delay in removing your information from our servers and backup storage. We will retain your information for a longer period if necessary, to (a) comply with legal requirements; (b) resolve disputes or (c) enforce our agreements.
2. Use of the service – User Generated Content
Zaurus allows users to exchange messages, files or locations with (groups of) contacts. The content of this communication is also called ‘user generated content’. The users of our platform are responsible for this content. We only facilitate the platform on which the exchange of data takes place and the security of this data within the limits of our platform. User generated content may contain medical data.
The data will be kept as long as the accounts are active (and thus the relevant chats are active). In addition, all information is also deleted when the relevant chat is deleted. We process this data under the basis of contractual agreement.
3. Use of the service – Inviting of colleagues and relations
Zaurus works best when multiple people participate in the communication process through Zaurus. You can send an invitation to your colleagues and relations to communicate with you via the Zaurus communication platform. If you choose to share email addresses or other contact details from people that do not yet use the Zaurus communications platform, we will use this information to contact these people on your behalf by inviting them to use the platform.
We process this data under the basis of contractual agreement. The data will be deleted by us after sending the invitation.
4. Sharing location data
We collect and use location data from your device when you have given us permission to do so. We only use the location data at the time you choose to use location-related features in the application. We process this data on the basis of consent. Consent can be withdrawn at any time by turning off location data sharing.
5. Insight into the use of the service – Usage data
Usage information consists of non-personal data such as device information, information about the Operating System used, browser information, statistics, clickstream data and figures related to use of the service. Usage data enables Zaurus to gain insight into the use of the service by the users and to improve the service. Zaurus uses the usage data only to the extent necessary to provide, protect and improve the service and to detect and prevent fraud. We keep this information until the account is deleted. We process this data on the basis of legitimate interest.
6. Billing the service – Sending invoices and making payments
We use the specified billing information to be able to bill the use of the application and so that the service can be purchased online. These billing data are kept for seven years after the termination of the agreement in accordance with national laws and regulations. We process this data under the basis agreement.
7. Service rating – Enquiring your information about our services
Under the motto ‘everyday a little bit better’, Zaurus is working on improving its products and services every day. We may be curious about your experiences with our products and services. We may contact you about this (i.e. quality purposes). We will use your email address or telephone number for this. Information you share with us will be treated confidentially and will not be kept longer than necessary. We do this on the basis of our legitimate interest. If you object to an approach for quality purposes, we will of course respect this.
8. Sending text messages
- Optional: use of two-factor authentication. Your mobile phone number is encrypted and stored by us as long as you keep the number registered and remain an active Zaurus user.
- Optional: for reporting when the care provider enters the consultation room. Your mobile phone number is encrypted by us and stored for 24 hours. After that period you phone number will be deleted.
- Optional: for the purpose of receiving a consultation room access code. Your mobile phone number is encrypted by us and stored during the session. After that period you phone number will be deleted.
Storage, processing and transmission of data
The service is made available from data centers within the European Union (Germany and France) and is exclusively governed by Dutch law.
To enable your communication with international contacts, data may be saved, processed and sent from locations around the world, including locations outside of your own country. This information is shared until you cancel the account.
Our mobile app can be downloaded from the Apple store or from Google Play. We have no control over what these companies do with your personal information. We highly recommend you read their privacy statements to learn more.
When can we share your personal data with third parties?
Zaurus will only share your data with third parties if this is permitted under current legislation. We may provide your personal data to third parties because:
- we have engaged them to process certain data;
- necessary to perform the agreement;
- you give permission for this;
- we have a legitimate interest in this;
- we are legally obliged to do so (for example, if the police require this when a crime is suspected).
The parties that process personal data in our or your assignment are:
- Cookie suppliers (please see our cookie statement);
- IT suppliers and service providers;
- Payment service providers (and collection agency).
In order to provide this service, Zaurus can provide your personal data to parties located outside the European Economic Area (EEA). Zaurus only does this if there is an appropriate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data (i.e. a processor agreement).
With the exception of the partners mentioned in this overview, we will under no circumstances give your personal data to other companies or institutions, unless we are legally obliged to do so.
The security of personal data is very important to us. To protect your privacy, Zaurus and our contracted third parties take appropriate organizational and technical measures including:
- physical access control. Zaurus uses measures to prevent unauthorized persons from gaining access to data processing systems in which personal data is processed.
- access to personal data is protected with a username, password and, where necessary, a login token.
- using secure connections (TLS) that protects all information between you and our websites and apps when submitting personal data and sharing personal messages.
- using firewalls, intrusion detection systems, intrusion prevention systems and virus scanners to ensure your data is always safe.
- data backup.
- standard data encryption on the Zaurus communication platform: in addition to the TLS connection, we apply standard AES256 encryption to all data in transit as well as user information, messages and attachments at rest.
- paperless office: we work digitally as much as possible. Paper is avoided as much as possible and destroyed via the shredder if it no longer serves any purpose. The digital documents are secured and are backed up.
- purpose-based access restrictions and data storage within the European Union.
Zaurus discourages the use of unsecured Wi-Fi networks or other unprotected networks while using the service.
If Zaurus finds out that a high-risk security breach has occurred, we will notify you and, if necessary, ask you to take appropriate action.
The responsibilities of Zaurus B.V.
Zaurus B.V. is legally responsible for the processing of personal data which takes place within Zaurus B.V. We fulfil the obligations arising from this as follows:
- Your data is only collected to support the provision of care and is used for the described purposes in this statement;
- You will be informed of the fact that personal data is processed. This is indicated wherever we request personal data by referring to this privacy statement.
- All employees of Zaurus B.V. have signed a confidentiality statement;
- Your personal data is well protected against unauthorized access;
- Your personal data is not kept longer than is necessary to provide good service and care.
Your rights as a stakeholder
Regarding your personal data you have the following rights:
- the right to know if your personal data is processed;
- the right to inspect and ask for a transcript of the data that is processed (insofar as this does not harm the privacy of another);
- the right to request correction, addition or deletion of your data;
- the right to block the transfer of your data to third parties (one or more of the aforementioned care providers);
- the right to request deletion of personal data. This can only be done if the retention of the data is not of significant importance to another and the data does not have to be retained on the basis of (a) statutory regulation(s);
- the right to oppose the processing of your data.
If you want to exercise your rights, you can contact the Data Protection Officer of Zaurus B.V. who looks after your interests. Your interests can also be represented by a representative appointed by you. Make sure that you always clearly state who you are, so that we can be sure that we do not modify or delete data from the wrong person.
In principle, we will comply with your request within one month. However, this period can be extended by two months for reasons related to the specific privacy rights or the complexity of the request. If we extend this term, we will notify you within the first month.
In addition, you can inform us in writing if you do not want to be contacted with information about our products and services. See the contact details of the Data Protection Officer further on in this document.
To file a complaint
If you have any questions or wish to submit a complaint about the use of your personal data, you can contact us using the contact details at the bottom of this privacy statement. We handle every question and complaint internally and communicate this further with you. However, if you think that we are not helping you in the right way, you can contact the Dutch Data Protection Authority to file a complaint.
For example, the Dutch Data Protection Authority can engage you to mediate in the dispute or to request advice. As a last option, you can lodge an appeal with the civil court.
Amendments to this privacy statement
When our service changes, we must of course also adjust the privacy statement. So always pay attention to the date at the top of this page and check regularly for new versions. We will do our best to announce changes separately.
Data Protection Authority
For questions and complaints, you can contact the data protection officer of Zaurus B.V. This employee ensures that personal data is carefully used and secured and that privacy is guaranteed.
Zaurus B.V. (# Dutch Chamber of Commerce : 72991941)
Attn. Data Protection Officer
1817 MS ALKMAAR (The Netherlands)
Telephone: +31 72 – 202 9123
If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervising authority. This is called the Dutch Data Protection Authority (i.e. “Autoriteit Persoonsgegevens”).
Data Protection Authority (Autoriteit Persoonsgegevens)
PO Box 93374, 2509 AJ THE HAGUE (The Netherlands)
Tel: +31 900 – 200 12 01, available on workdays from 09:30 AM to 12:30 PM (€ 0.05 per minute) www.autoriteitpersoonsgegevens.nl