Privacy policy

1. Definitions

In this Privacy Statement, the following terms shall have the following meanings:

 

‘MEDBOOK’, ‘We’ and ‘Us’: IMENGINE B.V.B.A., a private limited company, with registered office at Tiensevest 43, B-3010 Leuven, registered under the company number 0871.378.813.

 

‘Web Application’: The Medbook Software as a Service (SaaS) application as developed and provided by MEDBOOK and which can be accessed via the Websites.

 

‘Websites’: The different websites via which the Web Application can be accessed, i.e. www.medbook.be, www.medbook.nl, www.medbook.com;

 

‘Direct User(s)’: concerns any natural or legal person who has obtained a license to the Web Application and is therefore in a direct contractual relationship with MEDBOOK, including, but not limited to: higher education institutions, professional associations, European organizations, health care professionals (e.g. doctors, nurses and surgeons), students who are no longer attached to an educational institution and alumni;

 

‘Indirect User(s)’: refers to any natural person who gains access to the Web Application through a Direct User and in that context discloses personal data to MEDBOOK, including but not limited to: students and trainers attached to an educational institution and personnel of a Direct User.

 

‘User(s)’: the Direct Users and the Indirect Users are jointly referred to as the "User" or "Users".

 

2. Why this Privacy Statement?

Every User discloses a certain amount of personal data. The personal data is information which allows us to identify you as a natural person, regardless of whether we actually do this. You are identifiable as soon as it is possible to create a direct or indirect link between one or more personal data and you as a natural person.

 

Every reference in this Privacy Statement to the ‘GDPR’ is a reference to the Regulation of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation). We only use and process your personal data in accordance with the GDPR and any replacement legislation, or any similar regulation under any applicable law, and any regulatory requirements or codes of practice governing the use, storage or transmission of personal data.

 

Through this Privacy Statement, every User is informed of the processing activities MEDBOOK may carry out with his or her personal data. MEDBOOK reserves the right to modify this Privacy Statement at all times. Every substantial change will be clearly communicated towards the User. We advise you to consult this document regularly.

 

3. Who is responsible for the processing of your personal data?

3.1. Data controller

MEDBOOK is responsible for the processing of the personal data of Direct Users. MEDBOOK decides alone or in cooperation with others which personal data of Direct Users is being collected as well as the purposes and the technical and organisational means with regard to the processing of these personal data. As a consequence, MEDBOOK is a ‘data controller’ within the meaning of the GDPR towards Direct Users.

 

The Direct User acknowledges that he acts in the capacity of data controller with regard to any third-party personal data he uses or submits in or through the Web Application. The Direct User decides alone which personal data of third parties (including, but, not limited to personal data of Indirect Users) is being collected, without interference from or control by MEDBOOK. In this context, the Direct User understands that MEDBOOK acts as a mere data processor.

 

3.2. Data Processor(s)

MEDBOOK is free to rely on data processors. A data processor is a natural or legal person who processes personal data upon request and on behalf of the data controller. The data processor is required to ensure the security and confidentiality of the personal data. The data processor shall always act on the instructions of the data controller.

 

MEDBOOK relies on the following categories of "data processors" for the processing of personal data of Direct Users:

• Companies we have engaged for technical, IT and hosting purposes;
• Companies we have engaged for support purposes.

 

MEDBOOK has carefully selected the abovementioned data processors. The selected processors offer all the adequate guarantees with regard to technical and organizational security measures regarding the processing of the personal data of Direct Users.

 

4. On what legal grounds is your personal data processed?

In accordance with the GDPR we process personal data of Direct Users on the following legal grounds:

• On the basis of the execution of the contract agreed upon with the Direct User or the execution of pre-contractual steps taken at the request of potential customers; or
• On the basis of compliance with legal or regulatory provisions with regard to the management of the contractual relationship, invoicing in particular;
• On the basis of our legitimate interest in sending information to our customers;
• On the basis of your consent.

 

5. Which personal data is being processed?

MEDBOOK commits to only collect and process personal data of Users in a way that is adequate, relevant and limited to what is necessary for the purposes for which they are processed. The following categories of personal data are processed by MEDBOOK

 

Direct Users:

• Personal identification data (name, first name, address, login details);
• Contact details (e-mail address);
• Financial identification data (bank details);
• Electronic identification data (IP address, cookies);
• Personal data (gender, age);
• Professional data (professional jobs and activities, job title);

 

Indirect Users:

• Personal identification data (name, first name, address, login details);
• Electronic identification data (IP address, cookies);
• Content (contact forms, student trainee plan, evaluations, attendances, portfolio, log book, etc.).

 

This personal data is collected at the time of your registration on the Web Application and when you use our services. This personal data is necessary for the provision of MEDBOOK services. The amount of personal data collected depends on your use of the Web Application and the functionalities of the Web Application.

 

We use cookies in order to recognise the User and to offer the User a personalised user experience, to remember technical choices (for example, language choices), and to detect and correct any technical errors which might be present on the Web Application.

 

MEDBOOK also collects anonymous data via the Web Application, i.e. technical data that is used solely for internal purposes to obtain an image of user navigation on the Web Application.

 

We do not, under any circumstances, collect sensitive personal information, such as information about your race, political opinions, health, religious or other beliefs, sexual orientation, etc.

 

The Users provide the personal data to MEDBOOK themselves and therefore retain a certain degree of control. When certain data is incomplete or apparently incorrect, MEDBOOK has the right to postpone some expected actions temporarily or permanently. The User’s personal data on his/her user account is in a limited extent, visible to other Users, depending on the individual settings of the User.

 

6. For which purposes is my personal data being used?

MEDBOOK collects your personal data for the sole purpose of offering every User a safe, optimised and personal user experience of our Web Application and the offered services. The collection of personal data becomes more extensive as the User makes more intensive use of our Web Application and our online services. MEDBOOK reserves the right to suspend or cancel certain operations if certain personal data is missing, incorrect or incomplete.

 

MEDBOOK commits to solely process your personal data for the following internal purposes:

• Ensuring the proper functioning of the Web Application and the provision of the related services;
• User management: user administration, invoicing, support and complaint monitoring;
• Sending relevant information about the Web Application to Users (e.g. with regard to updates and new features); Dispute management;
• Detection of and protection against fraud, errors and criminal behavior.

 

The User provides the personal data to MEDBOOK himself and therefore retains a certain degree of control. When certain personal data is incomplete or apparently incorrect, MEDBOOK has the right to postpone some expected actions temporarily or permanently.

 

7. Who receives your personal data?

Your personal data is processed for internal use within MEDBOOK only. Your personal data will not be sold, passed on or communicated to any third parties, except in case you have given us your explicit prior consent, or to the extent that this is necessary for the performance of our agreement with you or because we are legally obliged to do so.

 

As a resident of the European Economic Area, a transfer of your personal data outside the European Economic Area (EEA) can only take place to countries that the Data Protection Authority in Belgium has found to provide the same adequate level of protection or, if this is not the case, to the extent that MEDBOOK has made the necessary contractual arrangements, taking into account the standard provisions as imposed by the Data Protection Authority in Belgium, to ensure that your personal information receives an adequate level of protection.

 

In certain cases, a User may export data that he has uploaded to the Web Application. Any transfer of this exported data to a third party will always take place under the sole responsibility of the User.

 

8. How long do we store your personal data?

Your personal data is stored as long as necessary to achieve the purposes pursued. We keep a record of your personal data, as long as your account is active or when your personal data is necessary to offer you a service. Your personal data will be erased from our database as soon as they are no longer necessary for the purposes pursued or if you validly exercise your right to erasure.

 

9. What are my rights?

9.1. Guarantee of a legitimate and secure process of your personal data

Your personal data is always processed for the legitimate purposes explained in section 6. They are collected and processed in an appropriate, relevant and non-excessive manner, and are not kept longer than necessary to achieve the intended purposes.

 

MEDBOOK has reduced the risks of accidental or unauthorized destruction or accidental loss, alteration of, access to your personal data and any other unauthorized processing of your personal data to a minimum. This does not mean that all risks are excluded. MEDBOOK will immediately take all possible measures to limit damage or theft to a minimum in case of a security breach.

 

9.2. Right to access

If you can prove your identity, you have the right to obtain information about the processing of your personal data. Thus, you have the right to know the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data is transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your personal data.

 

9.3. Right to rectification of your personal data

Inaccurate or incomplete personal data may be corrected. It is primarily the responsibility of the User to make the necessary changes in his "user area" himself, but you can also request us in writing.

 

9.4. Right to erasure (or “right to be forgotten”)

You also have the right to obtain the erasure of your personal data under the following assumptions:

• Your personal data is no longer necessary for the intended purposes;
• You withdraw your consent to the processing and there is no other legal ground for processing;
• You have validly exercised your right of opposition;
• Your personal data has been illegally processed;
• Your personal data must be deleted to comply with a legal obligation.

 

The deletion of personal data is mainly related to visibility; it is possible that the deleted data is still temporarily stored.

 

9.5. Right to limitation of processing

In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the personal data, if the personal data is necessary in the context of legal proceedings or the time required to MEDBOOK to verify that you can validly exercise your right to erasure.

 

9.6. Right to object

You have the right to object at any time to the processing of your personal data. MEDBOOK will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.

 

9.7. Right to data portability

You have the right to obtain any personal data which you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.

 

9.8. Right to withdraw your consent

You may withdraw your consent to the processing of your personal data at any time.

 

10. How to exercise your rights?

If you wish to exercise your rights, you must send a written request and proof of identity by registered mail to MEDBOOK, Tiensevest 43, B-3010 Leuven, Belgium or by email to helpdesk@medbook.com. We will respond as soon as possible, and no later than one (1) month after receipt of the request.

 

11. Complaints

If you have any comments or complaints about the way in which we handle your personal data, we ask you to report them to us first. In this way, we can reach an amicable solution by mutual agreement.

 

If, after this notification, you are still not satisfied with the processing of your personal data by MEDBOOK, you have the right to lodge a complaint with the competent Data Protection Authority (for Belgium: https://www.dataprotectionauthority.be/).