Privacy statement Zaurus B.V.
Version June 2020
As required by the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and by the Privacy Regulations stipulated in the General Data Protection Regulation (GDPR).
Zaurus considers the protection of privacy very important. Both the Health Insurance Portability and Accountability Act (HIPAA – USA) and the General Data Protection Regulation (GDPR – EU) take care of the protection of your and our personal data. Under these regulations, an organization that works with personal data has certain obligations and the person from whom the data originates from has certain rights. These regulations speak of ‘processing personal data’. This concept encompasses everything that can be done with personal data: from collection to destruction. In the Netherlands, in addition to this general privacy legislation, specific rules apply to privacy in healthcare. These rules are stipulated in the Dutch “Medical Treatment Agreement Act” (WGBO). This privacy statement is set up to inform you about your and our rights and obligations.
Your privacy is very important to Zaurus B.V., therefore we comply with both HIPAA and the GDPR. This means that your personal data is safe with us and that we take special care when processing your personal data. This privacy statement explains how we deal with any personal data that we attain through our websites, our contact forms and the Zaurus communication platform.
When processing your personal data, we comply with the requirements of both HIPAA and the GDPR. This means that we:
- state our purposes before we process personal data, by means of this privacy statement;
- limit our collection of personal data to the personal information needed for legitimate purposes;
- first ask for your (explicit) permission to process your personal data in cases where your consent is required;
- take appropriate security measures to protect your personal information and we demand the same from parties we work with who process your personal data on our behalf;
- respect your wishes with regard to the access, correction or removal of your personal data as stored by us.
THE RESPONSIBILITIES OF ZAURUS B.V.
Zaurus B.V. is legally responsible for the processing of personal data which takes place within Zaurus B.V. We fulfil the obligations arising from this as follows:
- Your data is only collected to support the provision of care and is used for the following purposes:
- so you can use the Zaurus communication platform;
- so you send messages using the Zaurus communication platform and by e-mail, to the extent that is necessary for the functioning and performance of the service;
- to inform you about important updates, information security and other technical matters;
- to provide you with feedback about the service.
- You will be informed of the fact that personal data is processed. This is indicated wherever we request personal data by referring to this privacy statement.
- All employees of Zaurus B.V. have signed a confidentiality statement;
- Your personal data is well protected against unauthorized access;
- Your personal data is not kept longer than is necessary to provide good service and care.
YOUR RIGHTS AS A STAKEHOLDER
Regarding your personal data you have the following rights:
- the right to know if your personal data is processed;
- the right to inspect and ask for a transcript of the data that is processed (insofar as this does not harm the privacy of another);
- the right to request correction, addition or deletion of your data;
- the right to block the transfer of your data to third parties (one or more of the aforementioned care providers);
- the right to request deletion of personal data. This can only be done if the retention of the data is not of significant importance to another and the data does not have to be retained on the basis of (a) statutory regulation(s);
- the right to oppose the processing of your data.
If you want to exercise one or more of your rights, you can contact the Chief Information Security Officer of Zaurus B.V., who represents your interests. Your rights can also be represented by an appointed representative.
If the Chief Information Security Officer of Zaurus B.V. refuses to execute your rights, then can you contact the Dutch Data Protection Authority (i.e. Autoriteit Persoonsgegevens). For example, the Dutch Data Protection Authority can engage by mediating in the dispute or provide advice. As a last resort, you can lodge an appeal with the Dutch civil court.
DISCLOSURE OF YOUR DATA TO THIRD PARTIES
Certain trusted third parties have been engaged by Zaurus to perform functions and provide services, such as hosting. Zaurus has a signed processor agreement with its service providers that reflect the protective measures described in this privacy statement and checks it regularly to ensure that users’ privacy is maintained.
Under no circumstances (except if we are forced by law) do we share your personal data with any companies or institutions, other than the trusted third parties mentioned in this list.
By means of our contact forms you can, for example:
- ask us questions;
- report bugs/malfunctions/incidents;
- request a demo, quotation or additional information about products;
- request a new desired functionality;
- submit a complaint/feedback;
- make a callback request;
- place an order;
- register for a webinar.
To respond to your request, we use your name, title, company name, email address and telephone number as submitted by you through the form. We ask for your explicit permission to use your information when submitting a form. We keep this data in our customer relationship management system (CRM) until we are sure that you are satisfied with our response.
You can subscribe to our newsletter. The newsletter contains news, tips and information about our products and services. You can cancel this subscription at any time. Every newsletter contains an unsubscribe link.
Your e-mail address will only be added to the list of subscribers with your consent. This data is kept until you unsubscribe yourself from the newsletter.
2. Social Media buttons
The Zaurus website includes buttons that link to social networks such as Facebook, Twitter, LinkedIn and YouTube. You will only be connected to these social networks if you click on the social media button. We refer you to the privacy policies of Facebook, Twitter, YouTube and LinkedIn to learn more about how they process your personal data when you visit these networks.
In addition, the social media buttons on our site only refer directly to the Zaurus pages on these networks – no additional code from the social networks is loaded on our website and no additional cookies are collected. Sometimes the Zaurus website shows embedded YouTube videos – we place these using a custom embed code so that YouTube cannot collect cookies from our website.
3. Google Analytics
We use Google Analytics to keep track of how visitors use our website. We have a processing agreement with Google. It contains strict agreements about what data they are allowed to collect. We let Google anonymize IP addresses and have turned off all options for sharing data with Google. Zaurus adheres to the “Manual – Privacy-friendly set-up of Google Analytics” provided by the Dutch Data Protection Authority (i.e. Autoriteit Persoonsgegevens).
ZAURUS COMMUNICATION PLATFORM
1. Your Zaurus account
Before you can use the Zaurus communication platform, you are obliged to register as a user. You must provide some personal data and choose a username and password. Next, we are able to create your user account.
Your profile contains your name, job title (optional), telephone number (optional), profile picture (optional), email, and company name (and address). Additional information that we store includes: your User ID (unique ID of the user in the database), your Device ID (devices linked to the UserID for sending, for example, push notifications) and Object ID (everything else that is associated with the User ID which applies to the user’s account). We store this information based on your permission.
Zaurus can only use your contact details to provide, protect and improve our service and to detect and prevent fraud.
Please note that the contact details you provide as part of your Zaurus profile are visible to your Zaurus relationships. If required, you can alter this information by changing your profile settings. We keep this information until you close the account. There is some delay in removing your information from our servers and backup storage. We will retain your information for a longer period if necessary, to (a) comply with legal requirements; (b) resolve disputes or (c) enforce our agreements.
2. User Generated Content
Zaurus allows users to exchange messages, files or locations with (groups of) contacts. The content of this communication is also called ‘user generated content’. The users of our platform are responsible for this content. We only facilitate the platform on which the exchange of data takes place and the security of this data within the limits of our platform. User generated content may contain medical data.
3. Contact details of colleagues and relations
Zaurus works best when multiple people participate in the communication process through Zaurus. You can send an invitation to your colleagues and relations to communicate with you via the Zaurus communication platform. If you choose to share email addresses or other contact details from people that do not yet use the Zaurus communications platform, we will use this information to contact these people on your behalf by inviting them to use the platform.
4. Usage data
Usage data consists of non-personal data such as device information, information about your operating system, browser information, statistics, clickstream data and figures related to your use of the service. Usage data allows Zaurus to understand the usage of the service by its users and to improve its service.
Zaurus uses the usage data only to the extent necessary to provide, protect and improve the service and to detect and prevent fraud.
We keep this information until you close the account.
5. Storage, processing and transmission of data
The service is made available from data centers within the European Union (Ireland and Germany) and is exclusively governed by Dutch law.
To enable your communication with international contacts, data may be saved, processed and sent from locations around the world, including locations outside of your own country.
6. App store
Our mobile app can be downloaded from the Apple store or from Google Play. We have no control over what these companies do with your personal information. We highly recommend you read their privacy statements to learn more.
The security of personal data is very important to us. To protect your privacy, Zaurus and our contracted third parties take appropriate organizational and technical measures including:
- physical access control. Zaurus uses measures to prevent unauthorized persons from gaining access to data processing systems in which personal data is processed.
- access to personal data is protected with a username, password and, where necessary, a login token.
- using secure connections (TLS) that protects all information between you and our websites and apps when submitting personal data and sharing personal messages.
- using firewalls, intrusion detection systems, intrusion prevention systems and virus scanners to ensure your data is always safe.
- data back-up.
- standard data encryption on the Zaurus communication platform: in addition to the TLS connection, we also apply standard AES256 encryption to all data in transit as well as user information, messages and attachments at rest.
Zaurus discourages the use of unsecured WiFi-networks or other unprotected networks while using the service.
If Zaurus finds out that a vulnerability has occurred, we will notify you and, if necessary, ask you to take appropriate action.
DATA PROTECTION AUTHORITY
In case of questions or complaints, you can contact the Chief Information Security Officer of Zaurus B.V. The CISO ensures that personal data is being dealt with in an appropriate manner and data is safe, all the time. The CISO guarantees the privacy of users and the service provided.
Zaurus B.V. (# Dutch Chamber of Commerce: 72991941)
Attn. Chief Information Security Officer
1817 MS, ALKMAAR (The Netherlands)
Telephone:+3172 – 202 9123
If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervising authority. This is called the Dutch Data Protection Authority (i.e. “Autoriteit Persoonsgegevens”).
Data Protection Authority (Autoriteit Persoonsgegevens)
Postbus 93374, 2509 AJ The Hague (The Netherlands)
Tel: +31900 – 200 12 01, available on workdays between 09:30 AM and 12:30 PM (€ 0.05 per minute)
AMENDMENTS TO THIS PRIVACY STATEMENT
When our service changes, we must of course also adjust the privacy statement. So always pay attention to the date at the top of this page and check regularly for new versions. We will do our best to announce changes separately.