Privacy policy

Personal data is information that identifies you or says something about you directly or can be traced back to you. There are many types of personal data. This includes your name, address or email address, as well as your computer's IP address. Personal data refers to all information that can be associated with you. Special information, such as someone's race, religion or medical history, is considered ‘sensitive personal data’.

Information about somebody's health is particularly sensitive. For this reason, Medeco’s privacy policy specifies that all patient data must be regarded as sensitive personal data. This sensitive personal data is granted additional protection by the legislator, and we are only permitted to process this sensitive personal data if we comply with special conditions. This does not only apply to medical data collected and recorded by doctors, but to any information about a person's physical or mental health.

Medeco stores your personal data to the extent necessary to provide services to you and to the extent necessary or permitted by law. Personal data that is no longer needed is deleted as quickly as possible. Medeco uses secure and legally approved systems to protect your personal data against loss or any form of unlawful processing.

We need your personal data to provide you with the best possible advice about our products and services, and to ensure that the selling and purchasing process runs as smoothly as possible for these products and services. From a legal perspective, processing data is a broad concept. Processing comprises all actions that can be performed with personal data. For example, Medeco processes personal data by collecting, storing, modifying, accessing, destroying and disclosing personal data by forwarding said data. The legislator sets out several requirements for the processing of personal information.

These include the following:

• A lawful purpose that is communicated to the data subject in a clear and timely manner.
• A legal basis for the processing of personal data, for example an agreement, the consent of the data subject, an essential obligation or a legitimate interest that overrides the privacy interests of the data subject.
• Data minimisation — no more data may be collected and processed than is necessary for the purpose.
• Subsidiarity — if there are other means of achieving this purpose which are less burdensome for the data subject, these should be used.
• Appropriate organisational and technical measures to protect the personal data being processed.

Medeco takes great care when processing your personal data. In principle, your personal data is only available to Medeco. However, it is sometimes necessary for us to share your personal data with other partners, for example our business unit in your country of residence.

We also use your personal data to perform analyses to improve the services we provide to you or to contact you if we have important information for you.

Furthermore, Medeco uses your personal data - insofar as permitted by law - to inform you about products and/or services provided by companies affiliated with Medeco and which may be of interest to you.

We can also provide general information about Medeco and the various areas in which we operate and which we think may be relevant to you. In principle, you will only receive this information if you have given your prior consent for this.

You may declare at any time that you do not (or no longer) wish to receive commercial information. To do this, please email us. We will then stop sending you information. Note that it may take some time to process your request.

Please note: if you withdraw your consent to the processing of your personal data, we will no longer be able to provide you with the services as before, because we are no longer allowed to use your personal data.

A data processing agreement (DPA) is the agreement between the controller and the processor which determines how the processor handles personal data. Medeco (the controller) and an IT service provider (the processor), for example, will always conclude a written agreement with an external partner before any personal data can be distributed. Medeco is responsible for ensuring that this is done. In short, every external party with which we do business and with which personal data is processed has a separate agreement with Medeco which meets the legal requirements.

You can contact us at any time to request to view your personal data and/or to modify, supplement, delete or restrict your personal data if it is factually incorrect, incomplete or irrelevant. You may also object to the processing of your personal data. To have your personal data modified or deleted, email us.

The EU’s General Data Protection Regulation (GDPR) has also introduced new rights: the right to be forgotten and the right to data portability. You may also benefit from these new rights. We will do our utmost to fulfil your request within a reasonable time.

We use Google Analytics to analyse how we can serve our website visitors as effectively as possible. Information we receive from Google Analytics is stored by Google on servers in the United States. This concerns solely anonymised data and not personal data. The latter also means that the exact location from which you have accessed the websites is unknown.

Medeco uses this information to keep track of how its websites are used, to create reports about these websites and to offer its advertisers information about the effectiveness of their campaigns.

We have not allowed Google to use the information obtained for other Google services.

Personal data is essential for Medeco to provide its services. The use of personal data sometimes encroaches on an individual's privacy. It is important to minimise this encroachment: we always try to restrict the use of your personal data to the minimum necessary and we always handle your personal data with care.

Our employees who work with medical information are bound by a duty of confidentiality. This means that, as a matter of course, no patient data may be shared with others. Treatment providers with whom we are in contact and employees of healthcare institutions are bound by a duty of confidentiality based on their professional code of conduct. Consequently, only the people directly involved in organising your care may view your personal data, and they will handle this personal data in a confidential manner.