Privacy Policy

OpenUp B.V., based in Amsterdam and registered with the Chamber of Commerce under the number 77340159, takes the protection of your personal data very seriously. This privacy policy outlines how OpenUp handles information relating to an identified or identifiable natural person[s], as referred to in the General Data Protection Regulation (GDPR).

Scope of this privacy policy

This privacy policy applies to OpenUp B.V., including its products and services, and relates to the processing of personal data belonging to:

(Potential) patients;
Visitors to the practice;
Visitors to the website;
Participants in practice meetings;
Job applicants;
All other persons who contact OpenUp or whose data OpenUp processes, with the exception of its staff members.

Processing personal data

OpenUp B.V. processes personal data that:
A data subject has provided in person (during a meeting or conference) or has supplied over the phone, such as contact details, specific personal data (for example, information about a medical condition), or other personal data;
A data subject has provided digitally (during an online consultation, or via email or web forms on the website), such as contact details, specific personal data (for example, information about a medical condition), or other personal data;
Are requested from or shared with other healthcare providers or referring physicians with the data subject’s consent;
Are generated during a data subject’s visit to the OpenUp website, such as browsing behavior while on the website (for example, data about their first visit, previous visit, and current visit, the pages viewed, and the manner in which the website is navigated), and on which parts of the website the data subject clicks.

Protecting personal data

OpenUp B.V. has taken appropriate technical and organizational measures to protect your personal data against unlawful processing, for example:
Taking the necessary measures to ensure that personal data are correct and accurate in view of the purposes for which they were collected or will be subsequently processed;
Ensuring that all of our employees who are able to view your personal data are obliged to maintain confidentiality. Our practitioners are all subject to a strict code of professional secrecy;
We operate with user names and passwords on all of our systems, and regularly check the robustness of these systems;
Where possible we anonymize or pseudonymize personal data in order to protect your privacy to the best of our abilities in the event of an emergency.

Purposes of processing personal data

OpenUp B.V. processes personal data for the following purposes:
To execute medical treatment contracts and to submit claims for services rendered;
To maintain contact, by means of offering invitations to meetings and providing information when requested by the data subject;
To improve the website and our services. Part of improving our services involves conducting research on the effectiveness of our treatment approach;
Maintaining user statistics. Website user statistics provide information about the number of visitors, the length of visits, which parts of the website are viewed, and click behavior. These are generic reports that are not traceable to individual visitors.

Grounds for processing personal data

OpenUp B.V. processes your personal data on the basis of one of the following legal grounds:
Consent granted by the data subject. This consent can be revoked at any time, without affecting the lawfulness of processing carried out on the basis of consent before revocation;
Execution of – or with a view to concluding – a medical treatment contract, including invoicing to third parties, such as health insurance companies etc.;
A legal obligation, such as the obligation to keep medical records or to register a BSN;
A legitimate interest, such as the use of contact details to issue invitations to a meeting.

Disclosure of personal data

OpenUp B.V. discloses personal data to the following parties:
The concerned client with whom we have completed a treatment contract or their legal representative;
Employees directly involved in the treatment of the client to the extent that the provision of personal data is necessary for work to be performed by them;
Employees trusted with administrative tasks and to conduct research to improve our treatment approach. Our researchers only have access to anonymized and pseudonymized personal data;
Health insurance companies to the extent necessary to meet any obligations under current or future insurance agreements. Health insurance companies will not be provided access to information concerning the content of treatment.

Additionally, OpenUp B.V. may engage service providers (processers) to process personal data solely according to instructions issued by OpenUp. OpenUp B.V. has a processing agreement (DPA) with these processers that meets the requirements set by the General Data Protection Regulation (GDPR). An overview of our processors can be found below.

OpenUp B.V. only shares personal data with third parties if it is appropriate in the context of a treatment (e.g., a referral) or if it is necessary to meet a statutory obligation. OpenUp does not share personal data with third parties for commercial purposes, unless organizing meetings with another organization. In this case, only the necessary contact information will be shared.

Transferring outside of the EEA

In principle, OpenUp B.V. does not transfer personal data to countries outside of the European Economic Area (EEA). If this should, however, be necessary, OpenUp B.V. shall ensure that transfer only takes place if the European Commission has indicated that the country in question offers an adequate level of protection or if there are suitable safeguards in place according to the General Data Protection Regulation (GDPR).

Retention period for personal data

OpenUp B.V. does not retain personal data for longer than necessary. In principle, OpenUp B.V. applies the following retention periods:
Medical data: At least 15 years following the end of the treatment contract as set out in the Dutch Medical Treatment Contracts Act (WGBO);
Medical data provided during online consultations that are linked to a medical file: At least 15 years following the end of the treatment contract as set out in the Dutch Medical Treatment Contracts Act (WGBO);
Personal and chat data provided during online consultations (cache): Duration of treatment.
(Financial) administrative data: 7 years after the data were recorded;
Data belonging to employees and freelancers, other than (financial) administrative data: 5 years after leaving the company upon conclusion of the contract of employment;
Applicant data: 6 months after the application process has been completed;
Visitors to the website: 5 years after the last visit to the website, unless an objection is made, in which case the data will be destroyed earlier.

Website, cookies and similar technologies

OpenUp B.V. is a healthcare provider. We primarily use our website as a tool to reach perspective clients. For this reason, this website does not utilize technologies aimed at marketing/re-marketing.
In order to make our website easier to use and to ensure its technical operation, we use functional cookies on our website. Additionally, we use analytical cookies to analyze usage on our website. We do this with the help of Google Analytics. When doing so, the final octets of IP addresses are obscured and “data sharing” is switched off.

Right to access, modify and delete personal data

Upon request, your practitioner can show you the information contained in your record. Your practitioner can also provide you with a copy of your record. You may submit a request to access or obtain a copy of your record by emailing us. If you believe that the personal data in your file is incorrect, you may request that your practitioner corrects this information.

If you wish to have your personal data deleted before the expiration of the retention period we have specified, you may submit a request for this via email. This request may not be granted if it concerns data for which it can be reasonably assumed that the preservation is of substantial interest to someone other than yourself.

Amendments to privacy policy

OpenUp B.V. may make amendments to this privacy policy at any time. A current version of the privacy policy is published on the OpenUp website. We recommend that you review this privacy policy regularly so that you are aware of any changes.

Questions and concerns

If you have any questions or concerns about how OpenUp B.V. processes your personal data, please contact us via email at privacy@openup.care or discuss this with your practitioner. We will try to resolve any complaints to your satisfaction.
If you have a complaint about the manner in which we handle your data, you can file this complaint with the Dutch Data Protection Authority.