Privacy Statement

Introduction

In this privacy statement, we tell you how we handle your personal data, why we need them and what your rights are in this respect. In doing so, we are fulfilling one of the requirements imposed on us by the General Data Protection Regulation ("GDPR").

Who we are

As a data controller (Medendo, 'we' or 'us') is responsible for processing your data in a compliant manner. We take it upon us to be transparent about the personal data we collect from you, the way we handle and protect your personal data and how you can exercise your rights.

You can ask us at any time to stop processing or delete the data we have processed from you. For more information, please find your right below.

Processing of personal data

Personal data is any information relating to an identified or identifiable living person. In this specific case, we process the following (categories of) personal data from you:

  • Contact details (such as name and email address)

We only process these data when you choose to send us an e-mail, give us a call or become a client. We process your contact details to stay in touch and for our internal client administration.

Because processing these (personal) data has no or minimal impact on your privacy, we process this data based on the legal basis of the legitimate interest of responding to a request you have submitted to us or for our internal client administration in order for us to stay connected to you.

  • Data that provides information about the usage of our website

We utilize Squarespace’s functional and analytical cookies to analyze the usage of our website, such as which pages are being visited. These are configured in a privacy-friendly manner to ensure that we and Squarespace do not process the complete IP address and that no further data is shared with Squarespace.

Because processing these (personal) data has no or minimal impact on your privacy, we process this data based on the legal basis of the legitimate interest of improving the user experience of our website.

Sharing of personal data

The personal data we process based on a legitimate interest are not shared with third parties inside or outside the European Economic Area (EEA).

Organizational and technical measures

We have taken appropriate measures to protect the processing of your personal data based on the available technology and processing purposes. Medendo is currently in the process of being ISO 27001 and NEN 7510 certified. We establish access to personal data in accordance with these standards, and every Medendo employee signs a confidentiality agreement.

Your rights regarding personal data processing

Following the GDPR, you have the following rights regarding your personal data:

  • right to access

  • right to correction

  • right to be forgotten

  • right to restrict the processing

  • right to object to the processing

  • right to data portability

We take every request concerning your rights seriously. However, your rights are not absolute. This means that we will not satisfy a request to exercise the rights in all cases.

We will inform you within one month after we have received a request. We will indicate whether and how we will comply with your request and if not, the reason for that. If necessary, Medendo can extend the reaction time, but in this case, we will let you know within one month, within which period you can expect a reaction.

Right to lodge a complaint

It may be that, despite Medendo’s careful approach, you have complained about how we handle your personal data and/or rights. You can submit a complaint to the Dutch Data Protection Authority via the website [http://www.autoriteitpersoonsgegevens.nl](http://www.autoriteitpersoonsgegevens.nl/). We appreciate it when you first notify us of your complaint, but you are not obliged to do so.

Please feel free to file a complaint or question with our Data Protection Officer (e-mail). This person is independent and their role is to oversee our GDPR compliance, so we encourage you to contact the Data Protection Officer if you have any doubts about this.

No processing of children’s data

Children deserve special protection when it concerns the processing of their personal data in a digital environment. The Medendo website is specifically not designed or aimed at children of 16 years of age and younger. It is not within our policy to intentionally process their personal data.

If a child submits their personal data to us by, for example, sending us an e-mail, we will delete the personal data immediately upon notice.

About this privacy statement

The privacy statement as expressed in this document was last reviewed on 10-11-2024 and may be subject to change. Substantive changes will be announced in a timely manner via www.medendo.com. Textual changes will not be announced actively, but you can always find this statement on www.medendo.com.