Privacy statement Sananet Care B.V.
This privacy statement covers all personal data which Sananet Care B.V. (further Sananet) uses. Sananet is located at Stationsplein 5d, 6131 AT in Sittard. The data protection officer (DPO) will monitor the use of this data. You can contact the DPO via the general telephone number 046 - 458 80 01 or via email email@example.com.
Sananet develops and delivers eHealth solutions for online self-care for people with one or more chronic conditions. These solutions are called eCoaches and are offered through our internet platform SananetOnline.
The hospital, general practitioner or home care organization where you are being treated chooses to use this eCoach as part of your treatment.
The goal of these eCoaches is to optimally guide and monitor you with the focus on:
- Monitoring complaints and symptoms
- Transfer and testing of disease related knowledge
- Affecting behaviour in a positive way
This is done with the use of online dialogue sessions between you and your eCoach. In fact, the eCoach is a sort of online Buddy which supports you in dealing with your illness. The eCoach is also the virtual colleague of your practitioner. For more information about Sananet and our eCoaches go to www.sananet.nl.
Our promises to you:
- We handle the data with care, keep it secret and secure.
- We do not use more data than necessary.
- We do not use the data for other purposes
This privacy statement explains how we collect, protect, use and share your (medical) information. We also describe your rights. Sananet may change this privacy statement from time to time. The current privacy statement can be found on our website www.sananet.nl.
Sananet uses personal data in accordance with the General Data Protection Regulation (GDPR) and other laws and regulations on personal data.
1. Use of data within Sananet
Sananet uses (medical) data from you. This happens:
- When data is shared with your physician and/or specialized nurse.
Why data exchange?
The eCoaches offer personalized care. By means of smart algorithms the eCoach indicates that you are not doing well. Then the practitioner immediately receives a notification and you are advised to contact the nurse or doctor which is treating you. In order to make this possible, online exchange of relevant personal data is necessary. The exchange of this data with the eCoach is conform the requirements of the General Data Protection Regulation.
We, the Sananet team, consider the proper protection of personal data to be of the utmost importance. Our principles are:
- Personal information always remains yours. You can always ask your healthcare provider to see, change or delete your data
- Before using any of our products, we always ask you to read our privacy statement
- We do not sell personal information
- We only use your data to make our eCoaches work properly
2. How does Sananet protect your data
The Sananet team is very aware of the privacy sensitivity of all data processed within their organization. We use your information securely and in accordance with our policies and the laws and regulations in the Netherlands. We have taken various technical and organizational security measures. This protects your data against loss, misuse, alteration, distribution, destruction, theft and against access or use by people who do not have permission to do so.
In our organization we pay attention to the importance of data protection and information security:
- We train (new) employees in this area.
- All Sananet employees have signed a declaration of confidentiality.
- Sananet ensures clear agreements on reporting information security events.
Technical measures we have taken are, for example:
- Data encryption. Data encryption ensures that data which is stored or sent is encrypted first. People who want to do harm can't do anything with this encrypted data. They don't have the 'key' that gives access;
- Login by two-factor authentication. A user does not open the digital lock with one key, but with two keys. This means that in addition to entering a username and password, a second factor is required. This is a code which is sent by e-mail;
- Data is always transferred over secure HTTPS (SSL);
- Strong passwords are required;
- Firewall protected servers (including backups) are used.
- SananetOnline data is stored in the Netherlands on certified servers;
- Sananet has an implemented security policy which is periodically updated;
- Sananet has an implemented code of conduct;
- Sananet has installed intruder alarms;
- Sananet uses secure ways of storing data files;
- A check is carried out on the access rights;
- Access to the system is logged and controlled;
- Recovery procedures are followed;
- A designated limited number of persons are in charge of carrying out the Processing of Personal Data. They are authorised to grant themselves access to the Personal Data with the consent of the customer/client;
- Sananet has concluded processing agreements with its suppliers and clients. The parties associated with Sananet comply with the necessary certifications and/or work at least according to Sananet's standards.
Quality and quality marks
SananetOnline is ISO 27001 / NEN 7510 certified to ensure the security of all information. This means that we comply with high standards of information security. SananetOnline is also CE marked.
In addition to our own applications, we use software from other companies to assure the best services. With these companies we have established an agreement which meets the strict requirements of the European Union in the field of data protection.? And we ensure that they use personal data in line with the Dutch legislation.
Servers used by Sananet for the storage of personal data are located in data centres in the Netherlands. These are always certified on information security.
The infrastructure of our products and services are monitored and there is an active back-up system. If something goes wrong, there is always a second system which is able to take over.
3. Who can view your data?
Sananet employees do not have standard access to personal data. Only helpdesk staff have access and they will only access this personal data when necessary. They are kept under confidentiality.
4. How long do we keep your data?
In order to ensure your data is not kept longer than necessary, all applicable laws and regulations are respected. The data will then be digitally removed from the systems in a secure manner.
5. Detailed information on the use of the data
Below you can read more about the use of the data. We answer the following questions:
- For what purpose do we collect the data?
- What data do we collect?
- Where does the data come from?
- To whom do we provide the data?
5.1 For what purpose do we collect the data?
Your data will only be used to make the eCoach work properly. This means, for example, that a measurement with the eCoach is sent to a doctor or nurse, or that we are able to detect a fault and resolve it immediately.
Your hospital chooses to use this eCoach as part of your treatment. This means that we have an agreement with the hospital where you are being treated. In order to carry out this agreement it is necessary that data about you is processed.
5.2 What data do we collect?
By the use of the SananetOnline platform your (medical) data will be exchanged for the purpose of treatment. This data includes: name, date of birth, gender, telephone number, e-mail address, patient number (when linked to the EPD (Electronic Patients Record)), condition, and medical data required for the operation of the coach.
If you do not wish to provide the necessary data, it is not possible to use the eCoach.
5.3 Where does the data come from?
When starting to use the eCoach, various data about you will be entered into the coach. These may originate directly from the hospital's EPD or may have been filled in by yourself or the healthcare provider. To ensure optimal use of the eCoach and for the benefit of your treatment, medical details are also kept in the coach. An example of this is the possible use of medication.
5.4 To whom do we provide the data?
Your data may be viewed by the doctors and nurses involved in your treatment and which have access to this data.
Your personal data will never be passed on to third parties such as healthcare insurance companies.
6. Your rights
- You have the right to view, modify or delete your data.
- You have the right to withdraw your consent to the use of your data.
- You have the right to object to the use of your data.
- You also have the right to transfer data. This means that you can ask for your personal data to be sent to you or another healthcare organisation.
For more information about your rights or the procedure for submitting a request, you can contact (the Data Protection Officer of) the hospital, GP or home care organisation where you are being treated.
If you have your data amended or deleted or if you withdraw your consent to its use, this will only have consequences for the future.
If you are not satisfied with the way Sananet handles your personal data? Or do you have questions? Please contact our Data Protection Officer. This can be done via the general telephone number 046 - 458 80 01 or email firstname.lastname@example.org.
For questions or complaints you can also contact the Personal Data Authority, telephone number 0900-2001201.