1. What this Policy covers
This Policy explains what information we, Medixspace B.V., process to provide our products and services
and services of our partnering organizations.
This Policy covers the following of our products:
Medixspace™ Platform
A safe space for cancer patients from all over the world where they can interact with
each other, easily share information about their condition and find resources best
matching their individual needs. It connects patients with the best oncologists,
provides access to 2nd opinion and further treatment, and delivers trusted educational
content and information about relevant services offered by our partners. It offers tools
for medical providers to review patient cases, host virtual consultations and
multidisciplinary Tumor Board conferences, and helps stay in touch with their patients
no matter where they live and what languages they speak. Medical services are provided
by carefully selected medical organizations renowned for their excellence in cancer care.
We also partner with providers of other related services to empower and engage patients
and make their journey easier.
Medixscan™ app
A mobile application for capturing and digitizing medical documents, maintaining a
library of medical documents for the entire family, and sharing these documents with
other individuals and medical services providers. Medixscan also delivers useful medical
content related to these documents. This content may include educational materials,
news, and relevant information about diagnostics, treatment and other information from
our partners.
In this Policy, we also let you know your rights, so that you know how to control your privacy.
Medixspace B.V. is a 'controller' of your personal data. Personal data is any information we have that
can identify you, such as your name, medical history, or credit card details. Being a 'controller' of
personal data means that we're responsible for how personal data that we have access to is handled and
what it's used for through this company. If you wish to exercise any of your rights, you should reach
this company directly.
Below is the more detailed description of the information we process, by each of our product, and in general:
2. What data we hold, how we get it, and what we use it for
Below we describe what type of personal data we collect through our different products, when we collect
it, and why we collect it, including the legal basis for processing. Where the legal basis for
processing is indicated as “consent”, it means that we receive your explicit consent before collecting
this information from you. You can withdraw the given consent at any time – refer to Section 7 “Your
Rights” for details. In some processing cases we rely on our legitimate interests or the legitimate
interests of a third-party, such as our users, where they are not outweighed by your interests or
fundamental rights and freedoms. You have the right to object to, and seek restriction of, the processing
based on legitimate interest – refer to Section 7 for more information.
Medixscan™ App
Personal details: app users
- Name
- Biological sex
- Date of birth
- Email address
- Mobile phone number
- Photograph (optional)
When you register as a user in our app
We need your personal information to enter a contract with you and deliver services.
We are contracting with you by means of а public offering, to which you agree by
accepting our Terms and Conditions {insert a link}.
We also will be using this information to exercise your rights as a data subject
– for example the right to delete your data (Refer to Section 7). Therefore,
the information you give us must be accurate. If you give us information
about yourself or another person, you're confirming that you're authorized to do so.
Provision of services
Details of users’ conversations with us: patients and medical providers
- Records of your consultations and your conversations with us: emails, calls or live chat conversations.
During your communications with our support team
To improve our services. This is so we have an easy way to access your
consultations to monitor the quality of our service and healthcare.
Our legitimate interests and those of our users
Medical documents processed by our OCR services: app users
- Your personal details (i.e. name, address, date of birth and other non-medical personal information contained in your medical documents)
- General health history
- Your diagnoses/conditions
- Symptoms, treatments, allergies, and medications
- Consultations, such as notes and recordings
- Procedures, such as surgery
- Results of medical tests (including genetic tests), investigations, and medical images
- Molecular profile
- Treatment outcomes
After you start using our text recognition services by activating them via
explicit action in our app. Important!! Before you start using these services
all scanned medical documents are stored on your mobile device or in any
third-party cloud-based repositories explicitly chosen by you, and as such, are
neither collected, nor in any other way processed by us.
Making the use of our app comfortable for you. By using text recognition
feature we make it possible for you to treat scanned images as text – i.e.,
to perform full-text search and copy-paste functions. We further use natural
language processing algorithms to automatically extract key information such
as: date of document creation, title, type of a document, personal data,
medical terms. We use this information to automatically create a document
summary, categorize documents, and mask your personal data, thereby making
it easier for you to manage your documents’ library.
Consent
Offering you additional services and information. We will use your medical
data and contacts to recommend you targeted educational and marketing
content and services of our partners. This may include invitation to
take part in clinical trials. We use automated algorithms to match such
content to your profile. We only use anonymized data for this matching
and never share these data with third parties unless you use features of
our applications allowing to share your information with other individuals
or providers of services. If you do not provide consent, we will still post
generic educational and marketing content, but it may not be relevant to your medical profile.
Consent
Helping health research. We use your data for health research. For
example, to better understand health behavior, disease risk or health
outcomes. We aim to publish our research results in peer-reviewed
journals or by working with academics. We may conduct research with
partner organizations such as universities or other academic institutions.
For this purpose, we may use any medical information contained in your
medical documents.
We remove from this information any details that could identify you.
This includes your name and contact information. Our research follows
the Declaration of Helsinki ethical principles, which were developed
by the World Medical Association.
Consent
3. Other data we collect
Technical information and analytics
When you visit our website or use our app, we may collect the following data, where this is allowed
by your device or browser settings:
- The IP address used to connect your mobile phone or other device to the internet
- Your browser information, such as Google Chrome or Apple Safari
- Login and operating system
- The make and model of your device
- Resettable device identifiers
- Time zone, language, and location settings
- Your mobile network provider and your location (based on your IP address)
- Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited
- Information about the products or services you viewed or used
- App response times and updates
- Information about your interactions, like what notifications you opened
- Any phone number used to call our customer service number.
We work with other companies that provide us with analytics and advertising services. This is to:
- Help us understand how people interact with our services
- Provide the adverts for our services on the internet
- Measure the performance of our services and our adverts.
We will never share neither your personal data, nor your health information with these third parties.
Credit and debit card information
If you make a payment on the app or site, your credit and debit card details are processed by a
third-party payment provider. We don't store any of your credit or debit card information and we
only keep details of the transactions on our secure servers.
Cookies
We also use 'cookies'. Cookies are files saved on your phone, tablet, or computer when you visit a
website. They collect information about how you use the website and the pages you visit. We do not
use cookies on your medical or health information. You can find out more about how we use cookies
in our cookie policy {insert a link}.
Information from third-party services
You may connect your social media accounts, or your wearable device (like a smartwatch) with our
services. If you choose to do this, we'll receive the following information about you from the third party:
- Name
- Email address
- Username or ID
- Health and lifestyle habits and information
If you use login details from third parties, they will also process your login data, and they are solely responsible for handling this.
Improving Medixspace’s functionality and usability
We use your health and medical information to improve our services, including our artificial
intelligence algorithms. This helps us deliver better services to you and other Medixspace users.
We remove details that could identify you from this information, such as your name,
address and contact details. These are called 'personal identifiers'.
If you have questions about the way your data has been handled, please contact
[email protected].
4. How we store your data
Personal health and medical information
Your personal health and medical information are stored on secure servers.
If you've chosen a password or authentication method to access your user profile, you're responsible
for keeping this password and/or authentication method confidential. Please don't share it with anyone.
We encrypt data transmitted to and from the website. Once we have your information, we use strict
procedures and security features to prevent unauthorized access. We will take all precautions to make
sure that your data is treated securely.
As mentioned before, we de-identify your medical data and store them separately from your personal
data – to minimize the risks of exposure to personal health data theft. If you share with us digital
copies of your medical documents, these documents may contain your personal information. We offer
masking and other de-identification functionalities for processing your scanned documents. However,
de-identification of such documents may not be possible if you choose to use another scanning apps
which do not offer such feature. Also, medical providers may require that your medical documents are
identifiable. To minimize the risks of personal data leakage we will always use encryption while
transferring medical documents over Internet.
Credit and debit card information
We don't store any of your credit or debit card information. Payments are processed through a
third-party payment provider that follows strict industry data security standards. These are known
as Level 1 Payment Card Industry (PCI) data security standards.
Any payments you make are encrypted using SSL technology (which converts the information into code
to stop fraud).
Where we store and process your data
Your data will be processed and stored inside the country or a region (i.e., European Union) where
you are located. We enter into the contracts with our storage space providers, such as Amazon Web
Services, in each country where we attract the clients and where we enter in the contract agreement
with the clinics. These companies can only use your data based on our instructions and they cannot
use the data for their own purposes. This storage will always be in line with applicable data
protection lawful mechanisms (such as appropriate contractual terms) and subject to local privacy laws.
5. How and why we share your data
To be able to deliver our services to you as a patient we share your personal data with different
organizations, i.e., medical providers, that you have chosen for your patient case review.
Medical services providers
Medical services providers that you have chosen for reviewing your case have access to your medical
information via our platform during tumor board conferences.
These providers may be located in the countries different from the country where you are located,
and in this case sharing your data with them falls under cross-border data transfer definition.
This sharing will always be in line with applicable data protection lawful mechanisms (such as
appropriate contractual terms) and subject to strict safeguards.
Patients
Personal data of medical professionals participating on behalf of medical providers in tumor board
conferences are shared with the patients as described in Section 2.
Third-party services providers
If a third-party software is used for performing our services (for example, external data storage
services or teleconferencing), the provider of that service may request some of your personal data,
for example email address. We will pass this information to such provider. If you or medical provider
wish the virtual tumor board conference to be recorded, the provider of the videoconferencing
service will store this recording according to the Terms and Conditions of that provider’s services.
For further information on how we protect your data if we perform cross-country transfers, contact
us by email at: [email protected].
Aggregated data
We may show on our website or share with our commercial partners data that do not personally
identify you, but which show general trends. These are 'aggregated' data and not personal data.
Such data might include, for example, the number of users of our service or trends in a
particular location.
6. How long we keep your data
We will delete your personal data as per your request within 30 days after receiving such a request,
provided that we are not legally obliged to keep it longer for various legal purposes. Refer to
Section 7 to understand your rights regarding control over your personal information.
The deletion logs should be kept for a certain period of time because deletions may have to be proven
in some cases. These could include, for example, data subjects or supervisory authorities requesting
proof of the deletion of the relevant data. This period of time depends on the privacy laws of the
country where our users reside.
If you want to see any of this information while we have it (in its 'retention period'), you can
ask for it by emailing us at: [email protected].
7. Your rights
You're in control of your personal information. Under data protection law, you have the right to:
- Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by going to your account, selecting 'Your account' and then 'Privacy Preferences'.
- Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal obligations. Refer to Section 6 above to see on how long we keep your data.
- Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes.
- Ask us to restrict any automated (computer-made) decisions made with your data.
- Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
To do any of these things, please complete our online webform.
Alternatively, please contact us at: [email protected] or:
Data Protection Officer
Medixspace B.V.
Maria Dermoutlaan, 5
Amstelveen
1187 VL The Netherlands
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
8. National Regulator
We're regulated by the Dutch Data Protection Authority: Autoriteit Persoonsgegevens (AP).
If you're not happy with any aspect of our data handling, you can complain to the ICO directly.
You can contact them at:
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
PO Box 93374
2509 AJ DEN HAAG
Telephone number: (+31) - (0)70 - 888 85 00
Fax: (+31) - (0)70 - 888 85 01
9. Changes to this policy
We might update this policy from time to time. If we make any important changes,
we'll let you know, and give you the chance to review them.
If you agree to the changes, you don't need to do anything. Just keep using our services with the
updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.