Privacy Policy

This Privacy Policy was modified on 22 October 2018. 

We know that the security of your personal data is an important concern, and we take the protection of personal data very seriously. As a result, we would like you to understand how we collect, process and use personal data through your use of this Website, including any data you may provide through this Website when you sign up to our newsletter/ submit an inquiry or comment. We recommend that you read this Privacy Policy so that you understand our approach towards the use of your personal data. Personal data means any information about an individual from which that person can be identified. It does not include data where the identify has been removed (anonymous data).
 

In all cases, the Health-RI initiative complies with the applicable laws and regulations. This means that: 
•    We will process your personal data in accordance with the purpose they were provided for, these purposes and related type of personal data are described in the privacy policy;
•    Processing of your personal data is limited to data minimally needed for the purposes they are processed for;
•    We have taken appropriate technical and organisational measures to safeguard the security of your personal data;
•    We are aware of your rights regarding your personal data, we want to point these out and will respect those. 
•    By submitting your personal data to us, you will be treated as having given your permission – where necessary and appropriate – for disclosures referred to in this Privacy Policy.

Special Notice - if you are under 18 years old

Our website is not aimed at children under 18 years old and we will not collect, use, provide or process in any other form any personal data of children under the age of 18 deliberately. We therefore also ask you, if you are under 18 years old, please do not send us your personal data (for example, your name, address and email address). If you are under 18 years old and you nevertheless wish to ask a question or use this website in any way which requires you to submit your personal data, please get your parent or guardian to do so on your behalf.

Who is responsible for the personal information collected on this site?

Health-RI is made up of different legal entities, details of which can be found here: Governance . This Privacy Policy is issued on behalf of Health-RI so when we mention Health-RI, “we”, “us” or “our” we are referring to the relevant company in the Health-RI responsible for processing your data. Foundation (Stichting) Lygature, a not-for-profit organization registered in Utrecht, The Netherlands with registered number 28111472 whose registered office is at Jaarbeursplein 6, 3521 AL Utrecht, The Netherlands is the owner and responsible for this Website.

The data we collect from you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together below as follows:
-    Publication Data which includes information that you post for publication on our website or through our services.
-    Notification and Communication Data which includes information you provide us for subscribing to our email notifications and/or newsletters, the communication content and metadata associated with the communication. Our website will generate the metadata associated with the communications made using website contact forms. 
-    Technical Data which includes your internet protocol ([IP) address, geographical location, time zone setting, browser plug-in types and versions, operating system and platform. The source of usage data is Google Analytics.

Aggregated Data: In addition, we may automatically collect information about the Website that you came from or are going to, information on the parts of the Website that you visit, the type of browser you use and the time you access the Website. However, this information is aggregated and therefore not used to identify you. If for any reason we combine or connect Aggregated Data with your personal data so it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of Data which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientations, political opinions, trade union membership, information about your health and genetic and biometric data.

How we use your personal data 

One of the purposes of our website is to inform you of who we are and what we do. We have set out below in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified our legitimate interest, where appropriate. Please note that we may process your data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. 
If at any time you wish us to stop using your personal data for any or all of the purposes set out in the table, please contact us (details below). Unless otherwise restricted by any applicable law, we will stop the use of your personal data for such purposes as soon as it is reasonably possible to do so.

Purpose/Activity Type of Data Lawful basis for processing including basis of legitimate interest
To send newsletters and invitations for events Notification and Communication Data Consent
Analysing the use of the website [and services] Usage Data [Consent] / [Our Legitimate Interest, namely monitoring and improving our website and services]
Record-keeping

Notification and Communication Data

[Our Legitimate Interest, namely the proper administration of our website and business]

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 
Please note that in addition to the instances set out above we may need to process your personal data without your knowledge or consent where this is required or permitted by law or in order to protect your vital interests or the vital interests of another person.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

Disclosure of your Personal Data 

As part of the administration of our Website we might need to share your personal data with third parties such as:

  • Service Providers located in The Netherlands acting as processors who provide IT and system administration services. In particular, Lygature employs the services of Elonisas to act as the Hosting Provider. The Hosting Provider hosts all data received through the Website on their secured server. Lygature employs Tamara de Haas as the Site Developer. The Site Developer maintains and develops the Website. Lygature will, at all times, control and be responsible for the use of your information and ensure that the Hosting Provider and Site Developer processes your personal data in accordance with all applicable data protection laws.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the purposes that we have agreed with you and in accordance with our instructions. We request those third parties to implement adequate levels of protection in order to safeguard your personal data.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or contacting us at any time.
Except as set out in this Privacy Policy, we will not disclose any personally identifiable data without your permission unless we are legally entitled or required to do so (for example, if required to do so by legal process or for the purposes of prevention of fraud or other crime) or if we believe that such action is necessary to protect and/or defend our rights, property or personal safety and those of our users/customers or other individuals.

International Transfers

Some of the third parties identified in the section above are located outside of the European Economic Area (EEA) so the processing of your data will involve a transfer of data outside of the EEA. Whenever we transfer your data out of the EEA we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
-    We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; 
-    Where we use certain service providers we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
-    Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
We respect your personal data and therefore, we will take steps to ensure that your privacy rights continue to be protected if we transfer your personal data outside of the EEA in this way. In addition, if you use our services while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with those services.

Keeping our records accurate

We aim to keep your personal data as accurate as possible. If you would like to review, change or delete the details you have supplied us with, please contact us as set out below.

Security of your personal data

We have implemented appropriate security measures and policies with the objective of protecting your personal data from unauthorized access and improper use and will update these measures as new technology becomes available, as appropriate. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.

Data retention

We only retain personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, regulatory or reporting requirements. We may retain your personal data for a longer period in the event of complaint or if we reasonably believe there is a prospect of litigation. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data and the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.

Use of your personal data submitted to other websites

On our website, we may have links to other websites, or you may be referred to our website through a link from another website. Please note that we cannot be responsible for the privacy policies and practices of other websites. Such content is subject to their terms of use and any additional guidelines and privacy information provided in relation to that use on their website.

Cookies policy

Cookies are small data files that your browser places on your computer or device, designed to help your browser navigate a website. Cookies themselves cannot collect any data stored on your computer or your files. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you. We use cookies to learn more about the way you interact with our website content and help us to improve your experience when visiting our website. For details of how cookies are used, see our Cookies policy .

Changes to our Privacy Policy

From time to time we may make changes to this Privacy Policy. Please check our Privacy Policy on a regular basis. This Privacy Policy was last updated on the date presented at the top of this page. Historic versions of our Privacy Policy are available on request.

Your Rights

Under certain circumstances you have rights under data protection laws in relation to your personal data. Some of the rights are complex and not all of the details have been included in the summary below. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:

  • The right to access:  this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • The right to rectification: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide us.
  • The right to erasure: this enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of the request.
  • The right to object to processing: this enables you to object to our processing of your data if you feel it impacts your fundamental rights or freedoms. You also have the right to object to processing where we are using data for direct marketing purposes. Note, however, that in some cases we may demonstrate we have a compelling legitimate ground to process your information that overrides your fundamental rights or freedoms
  • The right to restrict processing: this enables you to ask us to suspend the processing of your data if you want us to establish the data’s accuracy, where processing us unlawful but you oppose erasure, we no longer need the personal data for processing but you require us to hold it for the establishment, exercise or defence of legal claims ad you have objected to the grounds of processing but we need to verify if we have overriding legitimate grounds to use it
  • The right to data portability: this enables you to ask us to transfer the personal data to you or a third party chosen by you. Note this right only applies to automated information you initially provided consent for is to use or where we use this information to perform a contract with you data 
  • The right to complain to a supervisory authority
  • The right to withdraw consent: this applies when you have provided your consent to our processing but does not affect the lawfulness of processing carried out before your withdraw your consent. 

If you wish to exercise any of the rights set out above, please contact us (details below). We may need to request specific information from you in order to help us confirm your identify and ensure your rights to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

How you can contact us

If you would like to contact us about this Privacy Policy or our privacy practices, please contact Lygature (info@lygature.org).