(version 1.1, March 2019)
Attention: this is the privacy statement of the data processor. Any privacy statement by the controller takes priority over this privacy statement. This privacy statement is directed at the users of the Patient Journey App.
Interactive Studios BV, with its registered office at Rosmalen (the Netherlands), hereinafter referred to as “Interactive Studios” or “Processor”, develops and manages websites, online software and mobile apps, including the Patient Journey App, commissioned by healthcare providers, hereinafter referred to as “Client (s)” or “Controller(s”)” or “Data Controller(s). The app is intended for patients, their relatives and/or legal representatives, hereinafter referred to as “Data Subject(s)” or “User” when referring to the “users of the app”.
Terms and conditions privacy statement
By using the Patient Journey App, you accept all terms and conditions as set out in this privacy statement. If you do not agree to the terms and conditions set out in this privacy statement, Interactive Studios would ask you to stop using the Patient Journey App immediately.
In so far as terms with a capital letter are not defined separately in this privacy statement, the definitions as described in the Personal Data Protection Regulation apply. From 25 May 2018, the definitions as described in the Personal Data Protection Regulation will be replaced by the definitions as provided by the General Data Protection Regulation.
Purpose and target group privacy statement
The privacy statement provides Data Subjects/Users and healthcare providers that use the Patient Journey App with an understanding of how Interactive Studios processes and protects Personal Data on instructions from the Controller. Although Interactive Studios cannot be considered the Controller of the processing in the Patient Journey App, it is aware, for reasons of transparency, of the importance to provide information about the processing of Personal Data.
Patient Journey App and purpose of processing
The purpose of processing in the Patient Journey App is to inform Data Subjects of the progress of their treatment. Interactive Studios offers two versions of the Patient Journey App:
The content in the Patient Journey App is maintained in the online Content Management System (CMS). Users for the Patient Journey App Personal are also created in this CMS. Data entered by Users can also be found in the online CMS.
The Patient Journey App is used for storing personal data from 2 groups. The app itself and the CMS, which provides content to the app and ensures that the correct content is supplied to the right person. The app itself also distinguishes between the standard app and the ‘personal’ version. Below follows an overview of the data processed by the app and/or the CMS.
The Standard version of the Patient Journey App stores the following Personal Data:
The personal version also stores the following personal data:
The CMS stores the following data in order to generate statistics and to ensure that users and/or patients are shown the correct information.
Besides these Personal Data, the Patient Journey App Personal can also process questions, images and other interaction and feedback that can be traced to the user. The care provider can use these personal data to send messages about the progress of the treatment.
Personal Data may only be processed if the Controller(s) of the data concerned has a legitimate basis as referred to in the Personal Data Protection Regulation or the General Data Protection Regulation and has also instructed Interactive Studios to do so. Interactive Studios concludes (processing) contracts with its clients in order to make specific agreements about this.
The Personal Data of Users is destroyed at the end of the agreed contract with the Controller, or earlier at the instruction of the Data Controller if the statutory retention period is shorter than the term of the agreement. As a processor, Interactive Studios will not remove data on its own initiative unless Interactive Studios are in breach of the legislation and regulations by failing to do so. The removal of data will always be in consultation with the Data Controller.
Transfer to third parties
To ensure that the Patient Journey App works properly, third parties may be engaged, for example, for sending emails or SMSs for 2Factor Authentication and data storage. An overview is shown below. A processing contract has been concluded with these parties, which includes the rules for the storage and use of your data.
Denver, Colorado, USA
Data storage, servers running the system
Rotterdam, the Netherlands
Sending SMS messages
Amsterdam, the Netherlands
Logging The Patient Journey App keeps user statistics to enable the healthcare provider to optimise the content of the App. This may include the following statistics:
Duty to report data breaches
Any data breaches must be reported by the Data Controller(s) to the designated authority. Where necessary and possible, Interactive Studios is obliged to cooperate with this.
Interactive Studios takes appropriate technical and organisational security measures to protect Personal Data against loss or any kind of unlawful processing. As an organisation, Interactive Studios is certified to both ISO 27001 (information security) and to ISO 9001 (quality management). Interactive Studios is also certified to NEN7510 (storage of medical data). Twice a year, the security of the Patient Journey App is tested by an external party.
The security measures taken with regard to the Patient Journey App include, amongst others:
Interactive Studios cannot be held liable if unauthorised persons gain access to the Personal Data through actions outside the control of Interactive Studios.
1.The right to be informed
2.The right of access
3.The right to rectification
4.The right to erasure
5.The right to restrict processing
6.The right to data portability
7.The right to object
8.The right to lodge a complaint with a supervisory authority
Interactive Studios supports the Controller(s) in its efforts to comply with the statutory provisions relating to the rights of the Data Subject(s). This may include the right to inspection by the Data Subject. If you, as a Data Subject, wish to use any of the aforementioned rights, you may contact the Controller.
Interactive Studios has taken the utmost care and attention to ensure that the information contained in this privacy statement is correct. However, errors and omissions may occur. Interactive Studios accepts no liability whatsoever for any losses sustained due to errors or irregularities, nor for any damage caused by the use or dissemination of this privacy statement.
Changes to privacy statement
Interactive Studios reserves the right to change the privacy statement from time to time if necessary due to changes in legislation or other developments. These changes are communicated by push notification to Users of the Patient Journey App. You can also find an update of the latest version of the privacy statement in the app. Interactive Studios is not responsible if the push notifications function on the User’s device has not been activated. If you have any questions about this privacy statement, you can send an email to firstname.lastname@example.org or call telephone number +31 73 644 6069 on working days during office hours.