When using this app, personal data are processed by Open HealthHub.
Open HealthHub processes your personal data in accordance with the applicable laws and regulations regarding the protection of personal data (including the AVG and the specific rules for health information systems).
Below you can read, among other things, information about which personal data are processed, why this happens, how long the data are kept and how they are secured.
Which personal details are processed and why?
Various types of processing take place within the app:
- Your name, e-mail address, possibly the patient and the name of your healthcare professional are processed in order to grant access to the app and to be able to store the level of use of the service by your healthcare professional.
- Open HealthHub stores technical information such as the type of mobile device you use, the operating system (iOS or Android), statistics regarding the use of the app and the IP address you use. This information is processed and used by Open HealthHub to measure the interest in its services, and to improve and/or promote its services.
- The treatment information and questionnaires made available to you are stored, in order to show them to you via the app, so that you can read the information and fill in the questionnaires.
- The answers you give to the questionnaires are initially stored exclusively on your mobile device. These answers are only processed and made available to your healthcare professional in encrypted form via Open HealthHub’s servers after you give the order via the app. End-to-end encryption is used. This means that the data is encrypted from its sending until it is received by your healthcare professional, so that only the healthcare professional can read the data. Open HealthHub and its hosting provider do not have the key and cannot access this data.
The processing as referred to in 1, 3 and 4 takes place at the request of your healthcare professional. Open HealthHub is in those cases a so-called processor. Your healthcare professional and Open HealthHub have concluded a processing agreement on the basis of which Open HealthHub has entered into various obligations. This includes, for example, the obligation to secure your personal data and the prohibition to use your personal data for purposes other than those agreed upon between your healthcare professional and Open HealthHub.
The processing as meant under 2 takes place in the framework of a legitimate interest of Open HealthHub. Open HealthHub is in this case responsible for the processing. Through the analysis of the data mentioned under 2, Open HealthHub can gather knowledge that enables it to measure the interest in its services, to improve and to promote the use of its services.
Are my personal data shared with third parties?
Your personal information will not be shared with other parties, with the exception of the hosting party contracted by Open HealthHub where your encrypted personal information is stored, and with your healthcare professional (provided that you have given an instruction to that effect, in the situation described under 4). Your email address, name and subject of the email is shared with an external provider who is only responsible for sending emails on our behalf.
The hosting and e-mail provider hired by Open HealthHub must meet strict security requirements and has committed itself to Open HealthHub not to use the data for any other purpose. Your medical information is stored on a server in the Netherlands.
How long will my personal data be kept?
Your personal data will be stored for a maximum of 5 years, after which it will be removed or anonymised for statistical purposes. This does not apply to the data resulting from the questionnaires you filled in. These are only stored in encrypted form and are therefore not accessible to us (not even for anonymisation purposes).
Is my personal data properly secured?
The security of your personal data complies with the requirements laid down in the applicable legislation and regulations and also complies with the standards for healthcare information systems laid down in the ISO27001 and NEN 7510, 7512 and 7513.
What are my rights?
You can object to the processing referred to under 2. insofar as this relates to your specific situation. We will assess your objection in accordance with the requirements set out in the GDPR. You can submit a possible objection to Open HealthHub using the contact details below.
You have the right to inspect and correct your personal data. You also have the right, in certain cases, to request Open HealthHub to remove or limit the processing of your personal data. You can submit any requests to Open HealthHub using the contact details below.
Who can I contact about the processing of my personal data?
In case of questions, complaints or if you want to invoke one of your above mentioned rights, please contact:
Open HealthHub B.V.
JIM (7th floor, Beatrix Theater)
3521 AL Utrecht
Kvk number: 64377679
Phone number: +31 85 333 0007