Privacy statement
Some concepts explained...
For the purposes of this privacy statement, 'personal data' means any information relating to an identified or identifiable natural person ('the data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In other words, it includes all the information on the basis of which a person can be identified. This includes, for example, your surname, first name, date of birth, telephone number and e-mail address, as well as your IP address.
The term 'processing' is very broad and covers, among other things, the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, distribution, combination, archiving and deletion of data.
Responsible party for processing your personal data ("Processing Responsible Party")
The data controller determines the purpose and means of processing your personal data. In some cases, ADD is the controller of your personal data (e.g. if you leave your data on our website or if you contact us to make use of our services as a doctor). In other cases, however, ADD will only act as processor of your personal data, on behalf of another controller. This will be the case when your personal data are communicated to ADD by the doctor and / or medical practice that you have consulted for advice in order to analyze the tests they took from you by us.
When do we collect your personal data?
Among other things, we collect personal data when you; visit our website; fill out one of our contact forms on the website; otherwise place an kit order; enter into an agreement with us; otherwise contact us (e.g. by telephone or e-mail); send us a test for analysis via your doctor and/or medical practice.
We use cookies to permanently optimise our website for users. Cookies are small files of information that are stored on your computer, tablet or mobile device in order, among other things, to optimise your ease of use on our website. You can deactivate or remove all installed cookies from your device at any time via your browser settings. Please note that by changing your cookie settings, it is possible that our website will no longer function properly. For more specific information about the cookies we use, please consult our cookie
policy. For general information about cookies, please visit the following website: www.allaboutcookies.org.
We do not intend to collect personal data from persons under the age of 13. These young people may not transmit personal data to us or issue a statement of consent without the consent of the person who has parental responsibility.
What personal data do we process, why and on what legal basis?
You can read in the table below:
- column 1; which categories of personal data we process
- column 2: why we do this (the 'purposes' each processing of your personal data takes place - after all, for one or more specific purposes);
- column 3: on what legal basis the processing is based (there is always a demonstrable legal basis for each processing).
The applicable legal basis has the following meaning:
- 'Consent': you have consented to the processing of personal data for one or more specific purposes;
- 'Agreement': the processing is necessary for the performance of a contract to which you are a party; 'Legal obligation': the processing is necessary in order to comply with a legal obligation to which we are subject as controller;
- 'Legitimate interest': the processing is necessary in order to protect our legitimate interests or those of a third party, except where your interests or fundamental rights and freedoms requiring the protection of personal data outweigh those interests.
Categories of personal data |
Purposes |
Legal basis |
Identification and contact details of a doctor or medical practice contact person: surname, first name, e-mail address, telephone number, company details, address, type of practice, comments or additional questions, customer number, Data of patients of a doctor or medical practice. |
Provision of ADD services (e.g. execution of an order kit) |
Agreement |
Patient data from doctor or medical practice |
Provision of ADD services (e.g. performance of lab tests) |
Agreement |
Identification and contact details of a doctor or contact person at a medical practice: surname, first name, e-mail address, IP address |
Collecting feedback to improve our projects |
Legitimate interest |
Identification and contact details of a doctor or medical practice contact person: (surname, first name, e-mail address), IP address |
Inform you, as a customer, about (technical) information, whitepapers, news, related to our services and products, invite you for workshops. |
Legitimate interest |
Identification and contact details (name and e-mail address) and your question/message |
Answer your question or message via the contact form on the website |
Legitimate interest |
Identification and contact details (surname, first name, telephone number and e-mail address) |
To inform you, as a potential customer, about (technical) information, whitepapers, news, related to our services and products, invite you for workshops. |
Permission |
Identification and contact details (surname, first name, address) and payment details |
Compliance with legal, regulatory and administrative obligations |
Legal obligation |
Identification and contact details (surname, first name, address), payment details and invoices |
To defend and protect our rights |
Legitimate interest |
Your privacy rights
To give you more control over the processing of your personal data, you have many rights. These rights are, among others, laid down in articles 15-22 of the AVG.
You have the following rights:
The right to inspect the personal data we process about you (art. 15 AVG)
You have the right to find out from us at any time whether or not we are processing your personal data. If we process them, you have the right to view these personal data and to receive additional information about them:
(a) the purposes
of processing (b) the categories of personal data concerned (
c) the recipients or categories of recipients (in particular recipients in third countries) (
d) the period of retention or, if that is not possible, the criteria for determining that period (
e) the existence of your privacy rights
(f) the right to lodge a complaint with the supervisory authority (
g) the source of the personal data if we obtain personal data through a third party (
h) the existence of automated decision making.
If we cannot give you access to your personal data (e.g. due to legal obligations), we will let you know why this is not possible.
The right to cancel or to ask us to delete your personal data (art. 17 AVG):
In certain cases, you may ask us to delete your personal data. In this case, however, you should bear in mind that we will no longer be able to provide you with a service if you so wish. Please also note that your right of forgetfulness is not absolute. We have the right to retain your personal data if this is necessary for, among other things, the performance of the contract, the observance of a legal obligation or the instituting, exercising or substantiating a legal action. We will inform you of this in more detail in our response to your request.
The right of rectification and supplementation (art. 16 AVG):
If your personal information is incorrect, outdated or incomplete, you can ask us to correct these inaccuracies or incompleteness.
The right to data portability or transferability of personal data (art. 20 AVG)
You also have the right, under certain conditions, to have the personal data that you have provided to us for the execution of the agreement or for which you have given your permission, transferred by us to another controller. In so far as it is technically possible, we will forward your personal data directly to the new controller.
The right to restrict processing (art. 18 AVG):
If any of the following applies, you may ask us to limit the processing of your personal data:
a)you dispute the accuracy of those personal data (in this case, their use will be limited for a period of time which allows us to verify the accuracy of the personal data)
b)the processing of your personal data is unlawful
c)we no longer need your personal data for the original processing purposes, but you need them for the institution, exercise or substantiation of a legal
action d)as long as no decision has been taken on the exercise of your right to object to the processing, you may request that the use of your personal data be limited.
The right of objection (art. 21 AVG):
Based on your particular situation, you may object to the processing of your personal data if such processing is in our legitimate interest or in the performance of a task in the public interest. In that case, we will cease processing your personal data, unless we can demonstrate compelling and legitimate grounds for processing that outweigh yours, or if the processing of the personal data is related to the initiation, exercise or substantiation of a legal action.
The right to withdraw your consent (art.7 AVG):
If your personal data are processed on the basis of your consent, you may revoke this consent at any time upon simple request.
Exercising your rights
You can exercise these rights by contacting us by e-mail (info@addinternational.nl). In order to verify your identity, we ask you to send us a copy of the front of your identity card.
You can exercise all these rights free of charge, unless your request is manifestly unfounded or excessive (e.g. because of its repetitive nature). In that case, we are entitled to charge you a reasonable fee or refuse to comply with your request.
Passing on to third parties
We will only pass on your personal data to third parties in accordance with the legal provisions, if you have given your consent or if this is necessary for our services (based on our legitimate interest). For example, we pass on personal data to our suppliers (e.g. of our online application). Furthermore, we do not transfer personal data to third parties, unless we are obliged to do so on the basis of mandatory legal provisions (e.g. transmission to external bodies, such as supervisory or law enforcement authorities).
Categories of recipients
Within our company, we ensure that your personal data is only accessible to persons who need it in order to comply with contractual and legal obligations.
In certain cases, our employees are supported in the performance of their tasks by external service providers. With regard to data protection, an agreement has been concluded with all these service providers to ensure that they manage your personal data securely, respectfully and with due care.
Exercising your rights
You can exercise all of these rights free of charge, unless your request is manifestly unfounded or disproportionate (e.g. because of its repetitive nature). In that case, we have the right to charge you a reasonable fee or refuse to grant your request.
You can exercise all of these rights free of charge, unless your request is manifestly unfounded or disproportionate (e.g. because of its repetitive nature). In that case, we have the right to charge you a reasonable fee or refuse to grant your request.
Transfers to third countries
We will only transfer your personal data to processors or data controllers in third countries to the extent we are legally entitled to do so. To the extent such transfers are necessary, we will take the necessary measures to ensure that your personal data is protected to a high degree and that all transfers of personal data outside the EEA are lawful. If a transfer takes place to a country outside the EEA for which the European Commission has not determined that the country provides an adequate level of protection, the transfer will always be subject to an agreement which meets all the requirements for transfers to third countries, such as the approved standard data protection provisions adopted by the European Commission.
Security of your personal data
We have taken all reasonable and appropriate technical and organizational security measures to protect your personal data as much as possible against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. For example, we always keep your personal data in a secure place so that third parties cannot access your personal data.
Retention of your personal data
We will retain your personal data for as long as it is necessary to achieve the intended purpose. Please bear in mind that numerous (legal) retention periods result in personal data being (or having to be) stored. Insofar as there is no obligation to retain data, the data is routinely deleted after the purpose for which it was collected has been achieved.
In addition, we may retain personal data if you have given us permission to do so or if we may need this data in the context of legal proceedings. In the latter case, we must use certain personal data as evidence. To this end, we retain certain personal data in accordance with the statutory limitation period, which can be up to thirty years; however, the usual limitation period in connection with personal legal actions is ten years.
Any complaints?
We do our utmost to protect your personal data. If you have a complaint about the way in which we process your personal data, you can report it to us via our contact details, so that we can respond to it as quickly as possible.
You can also lodge a complaint with the data protection supervisory authority. The authority that supervises our organisation is the Data
Protection Authority:
https://autoriteitpersoonsgegevens.nl/.