Privacy policy
We attach great importance to the security and confidentiality of your personal data. This privacy policy informs you about the processing of your personal data and was last updated on the 14th of May 2021.
We also use cookies on our platform. For more information, we kindly refer you to our cookie policy
1. Scope
1.1. We process your personal data when you:
- use our services (our platform or our mobile app);
- enter into an agreement with us or communicate with us in that context; and
- communicate with us by email, phone or any other digital communication channel.
1.2. You can use our services via the platform (www.medbook.be, www.medbook.nl, or www.medbook.com) or via the mobile app (Medbook).
1.3. This privacy policy may be amended as set forth in article 8.
2. Who are we?
2.1. “We” in this privacy policy refers to IMENGINE bvba:
Name: Imengine bv
Address: Tiensevest 43, 3010 Leuven - Belgium
Company number: 0871.378.813
E-mail: privacy@medbook.com
Telephone: +32 16 96 11 60
2.2. We are responsible for the collection and use of your personal data in the manner explained in this privacy policy. If you have any questions about this, please contact us by e-mail (privacy@medbook.com).
2.3. In certain circumstances, third parties (e.g. your employer or school) may (also) be responsible for the processing of your personal data. For example, if you click on a link and leave our platform. Third parties could be your professional organization or other partners Medbook collaborates with. In that case, we recommend that you consult the privacy policies of these third parties.
3. Which personal data do we process and why?
We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.
3.1. When you use our services
3.1.1. When you use our services, we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
|---|---|---|
| Technical information (e.g. server log files) about your visit and the device you use. We cannot identify you on the basis of this information, but third parties may be able to identify you (e.g. you internet service provider). | In order to ensure the most fault-free operation of our platform and to detect and prevent malware, illegal content and conduct and other forms of potential abuse. | Our legitimate interest in keeping our online presence safe. |
| Identity and contact information provided by you to us upon your registration and thereafter, such as your account information and information about your medical experience and your professional career. | To create and manage your account so you can make use of our services, such as creating your digital portfolio. | Our agreement with you by your acceptance of the applicable terms and conditions. |
| Information about your mobile device (e.g. type of device, browser version, operating system, etc.). | To improve the content and overall experience of our services. | Our legitimate interest in making sure our app and our services work properly and to provide our users with the most trouble-free experience possible. |
| Information about your use of our services. In addition, we also receive aggregate demographic data from Apple and Google for our total user base. | To improve the content and overall user experience of our services. | Our legitimate interest in providing our users with an interesting experience. |
| Your account information or any other information about which we inform you. | To anonymize or pseudonymize your personal data in order to conduct scientific research. | Your informed consent. |
3.2. When you contract with us
3.2.1. When you enter into an agreement with us we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
|---|---|---|
| Identity and contact details provided by you in the context of the agreement (e.g. name, e-mail address and professional function). | To fulfil our contractual obligations, and if you are a customer or user, to provide our services to you. | If you are our customer, user or supplier as an individual, we rely on the necessity of processing your personal data for the performance of the contract we have with you. However, when you act on behalf of a company or other legal entity, we rely on our legitimate interest in being able to contract with customers and suppliers. |
| Identity and contact details provided by you us within the framework of the contract and, if applicable, your company and invoicing details. | To carry out our normal business administration (e.g. invoicing and relationship management). | Our legitimate interest in managing our business activities in a responsible and professional manner. |
3.3. When you communicate with us
3.3.1. When you communicate with us via telephone, email or any other digital communication channel, we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
|---|---|---|
| Identity and contact details provided by you to us, the content of the communication, the technical details of the communication itself (e.g. date and time) and, if applicable, the device you used. | To enable communication between you and us (e.g., when you use our contact form or contact us via telephone or email). | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
| Identity and contact details provided by you to us and the reason for your contact with our Medbook helpdesk (e.g. your problem with or feedback about our services). | To solve your problems or your process feedback and communicate in you this regard. | Our legitimate interest in striving for high customer satisfaction. |
3.4. In all of the above cases
3.4.1. For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your personal data in the following cases.
| What personal data? | Why? | Legal basis? |
|---|---|---|
| Above-mentioned personal data. | To prevent, detect and combat fraud or other illegal or unauthorized activities. | Our legal obligation. |
| Above-mentioned personal data. | To defend us in legal proceedings. | Our legitimate interest in using your personal data in these proceedings. |
| Above-mentioned personal data. | To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU. | Our legitimate interest in entering into business transactions. |
4. With whom do we share your personal data?
4.1. In principle, we do not share your personal data with anyone other than the persons who work for us, as well as with the suppliers who help us process your personal data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following categories of recipients will receive your personal data:
- You;
- Your employer or business partners, but only when this is necessary for the purposes mentioned above (e.g. when your employer is our supplier or customer);
- Our employees and suppliers;
- The competent accreditation committee if you have not objected to this;
- Our partners for scientific research after having obtained your consent; and
- Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g. tax authorities, police or judicial authorities).
4.2. We do not transfer your personal data outside the European Economic Area (EEA) (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). We will only transfer your personal data outside the EEA if you or your employer, as a customer or supplier, have offices outside the EEA with which we need to communicate. If a transfer were to take place, we will take sufficient safeguards to protect your personal data during the transfer (e.g. by entering into an agreement based on standard data protection clauses approved by the European Commission).
5. How long do we keep your personal data?
5.1. Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent. In this article we provide you with the information you need to evaluate how long we will keep your personal data identifiable.
5.2. As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this article 5, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
5.3. We will retain your account information as long as you do not request us to delete your account. If you want to delete your account and the related information, please send an e-mail to privacy@medbook.com.
5.4. We retain all personal data collected through our services for as long as necessary to protect the legitimate interests stated in article 3.1. We retain technical information such as our server log files until 12 months after your visit to our platform, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure.
5.5. For all personal data that we collect as provided in article 3.2 in the context of a contractual relationship with you or the organization that you represent, the general rule is that we collect such data for the duration of the contractual relationship and at least until 10 years thereafter.
5.6. All personal data we collect through our interactions with you through telephone, email or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.
6. How do we keep your personal data secure?
6.1. The security and confidentiality of the personal data we process is very important to us. That is why we have taken measures to ensure that all personal data processed is kept secure. These measures include technical and organizational measures to protect our infrastructure, systems, applications and processes. We've also taken other measures, such as taking internal policy measures, limiting the processing to the personal data necessary for the fulfillment of the purposes, minimizing the processing of personal data, the pseudonymisation of personal data as soon as possible, transparency with regard to the functions and processing of personal data, enabling the data subject to exercise control over the processing of information, restricting access to personal data based on roles, taking backups of personal data and periodically evaluating our security measures.
7. Your rights regarding your personal data
7.1. When we collect and use your personal data, you will enjoy a number of rights that you can exercise in the manner described below. Please note that when you wish to exercise a right, we will ask you for proof of identity. We do this to prevent a personal data breach (e.g. because an unauthorized person is impersonating you and is exercising a right in your name).
7.2. You have the right to access your personal data, which means that you may ask us to provide you with information about the personal data we hold about you. You may also request a copy of your personal data. Please note, however, that you must indicate for which processing activities you wish to have access to your personal data.
7.3. You have the right to request that we correct your personal data if you can demonstrate that the personal data we process about you is inaccurate, incomplete, or out of date. Please indicate the context in which we use your personal information (e.g., to respond to a request), so that we can review your request quickly and accurately.
7.4. If we ask your consent to collect and use your personal data, you have the right to withdraw this previously given consent.
7.5. You may ask us to erase your personal data if these personal data are no longer necessary for the purposes for which we collected them, if their collection was unlawful or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. When either of these circumstances applies, we will erase your personal data immediately, unless legal obligations or administrative or judicial orders prohibit us from deleting your personal data.
7.6. You may ask us to restrict the processing of your personal data:
- during the time we review your request for correction of your personal data;
- during the time we review your objection to the processing of your personal data;
- when such processing was unlawful, but you prefer a restriction to erasure; and
- when we no longer need your personal data, but you need them for the establishment, exercise, or defence of any legal action.
7.7. When we process your personal data on the basis of our own legitimate interests, i.e. you have not given us consent and we do not need them for the performance of a contract, nor to comply with legal obligations, you have the right to object to our processing of your personal data. If our interest relates to direct marketing, we will grant your request immediately. For other interests, for example our security interests, we ask you to describe your specific circumstances that give rise to a request. Then we must balance your circumstances against our interests. If this balancing test results in your circumstances outweighing our interests, we will cease processing your personal data.
7.8. If we have collected your personal data on the basis of your consent or because they were necessary for the performance of a contract with you, you have the right to obtain a copy from us in a structured, widely used and machine-readable format. However, this right only applies to personal data that you have provided to us.
7.9. If you wish to exercise any of these rights, we ask you to send an email to our privacy manager. You can reach our privacy manager on privacy@medbook.com. The above rights may be subject to certain legal conditions. A request must clearly indicate and specify which right you wish to exercise. Always indicate the context in which we have obtained your personal data so that we can handle your request quickly and carefully. Your request must also be dated and signed and accompanied by a copy of the front of your valid identity card proving your identity. You can rest assured that we will not interpret an e-mail from you, indicating that you wish to exercise a right, as your consent to the processing of your personal data that goes beyond what is necessary for the processing of your request. We will immediately inform you of the receipt of this request. If the request turns out to be well-founded, we will inform you of this as soon as possible and no later than 30 days after receipt of the request.
7.10. If you make the same request repeatedly and clearly cause inconvenience, we may refuse these successive requests or charge you an administrative fee to cover the costs. We may also deny you the right of access to your personal data or grant your request only partly, if such access could cause disproportionate harm to the rights and freedoms of others, including ours.
7.11. If you have a complaint about the processing of your personal data by us, you can always contact us at the e-mail address mentioned in article 7.9. If you are not satisfied with our response, you may lodge a complaint with the competent data protection authority, i.e. the Belgian Gegevensbeschermingsautoriteit (www.gegevensbeschermingsautoriteit.be).
8. Changes to this privacy policy
8.1. We reserve the right to change this privacy policy on our own initiative. If material changes to this privacy policy may affect the processing of your personal data, we will communicate these changes to you in a way that we normally communicate with you (e.g. via e-mail or via a message on our platform).
8.2. We invite you to view the latest version of this privacy policy online. Our online the privacy policy lists the date on which our the privacy policy was last amended.
9. How can you contact us?
9.1. Should you have any further questions about the processing of your personal data , please do not hesitate to contact our privacy manager. You can contact our privacy manager by e-mail: privacy@medbook.com.