Privacy statement FitzMe Company BV.

English text below

Version 17-12-2024

About this portal

The websites and portals of FitzMe Company BV (hereinafter referred to as FitzMe) are digital environments that offer you insight into your own health and vitality. We do this, on the one hand, by providing health and vitality information. In addition, we offer test programs with which you can test your own situation on a number of aspects (e.g., assertiveness, stress, coping, physical activity, etc.). The programs, developed by FitzMe, can be used for various health goals, but particularly for (awareness regarding) health aspects in your work environment, your lifestyle, and potential lifestyle improvement.

No treatment

Use of the portals cannot be considered a substitute for a consultation or treatment by a doctor or other healthcare provider. If you have questions or doubts about your health, treatment, or medication, we always advise you to contact your general practitioner, specialist, pharmacist, or other healthcare provider.

Processing of personal data

FitzMe processes personal data about you when you use our services and provide this data to us yourself. Because your identity is known or can be determined based on your login details or technical data, personal data is processed within the meaning of European privacy legislation: the General Data Protection Regulation (GDPR).

Responsibility

FitzMe's portals are offered partly on behalf of and under the responsibility of its customers. In that situation, the relevant customer (the party enabling you to use the portal) is formally the Controller for this processing within the meaning of the GDPR.

The portals are also partly offered directly to users by FitzMe. In that situation, FitzMe itself is formally the Controller of this processing within the meaning of the GDPR.

If you have any questions or comments regarding this processing of Personal Data, you can address them to FitzMe at any time. Our contact details are:

Postal address: Orteliuslaan 1, 3528 BA Utrecht
Email address: FG@FitzMe.nl
In the situation where FitzMe itself is the Responsible Party, we will endeavor to respond to your question or comment as soon as possible.

In the event that FitzMe is not the Responsible Party itself, we will forward your question or comment to the Responsible customer (of whom we will also notify you). You can, of course, also address your question or comment directly to this Responsible organization if you have their contact details.

Data Protection Officer (DPO)

FitzMe has appointed a Data Protection Officer (DPO) to ensure that the processing of personal data is carried out securely, in accordance with the requirements and guidelines set by law. If you have questions regarding privacy aspects of the processing of your personal data, you can address them to:

Email address: FG@Fitzme.nl 
What we use your data for

FitzMe processes your personal data for the following purposes:

  • to make the service provision technically possible;
  • to assess whether you are suitable for the service in question and whether the service in question is suitable for you;
  • to provide your login details and otherwise be able to communicate with you personally;
  • to be able to provide tailored information or advice;
  • for administrative purposes relating to the service performed;
  • to improve the functionality and content of the portals and programs.
  • FitzMe will also conduct research into the use and functioning of the service for the purpose of improving and selling its services, but for this purpose, all personal data will be adequately anonymized.

 

What the legal basis for the processing is
FitzMe may only process your personal data if there is a legitimate legal basis for doing so. For these portals, this legal basis is that you consent to us processing your data when using the services. When we process so-called Special Personal Data about you (e.g. medical personal data), you will be asked for explicit prior consent at the start of that processing by checking a box next to a declaration of agreement.

Personal data that we process
Depending on the services you use, FitzMe may process the following personal data from you:

  • Name, address, email address, phone number, username, password
  • BSN, if a claim needs to be submitted to a health insurer in the context of our service
  • Physical data such as: gender, age, height, weight, etc.
  • IP address, browser, device type, etc.
  • Data about your activities within our portals
  • Special and/or sensitive personal data that we process

FitzMe may process the following personal data from you if you explicitly consent to this:

Personal data that you actively provide by answering questions in one of the tests, such as: lifestyle habits, personality aspects, eating habits, exercise patterns, etc.
FitzMe may also process health data when you provide it yourself, for example when asking questions to our consultants or coaches.
Mapping website visits (cookies)

FitzMe uses cookies on some portals to monitor and improve the use and functioning of the portals and programs. A cookie is a small text file that is stored on your computer, tablet, or smartphone upon your first visit to a portal. Due to the combination of various data, the information is in principle traceable to an individual; therefore, we process this information in accordance with all measures and restrictions imposed by the GDPR.

You can opt out of cookies by configuring your internet browser to no longer store cookies, but this may compromise your user experience. Additionally, you can also delete all previously stored information via your browser settings.

Sharing data with others
FitzMe may engage other organizations to process your personal data. When this is the case, we enter into a Data Processing Agreement with this party to ensure that the same level of security and confidentiality of your data remains guaranteed. FitzMe remains responsible and liable for these processing activities.

FitzMe ensures that your data remains within the EU at all times and is therefore processed in accordance with the requirements and guidelines of European privacy legislation.

FitzMe never sells your data to third parties and will only provide it to others if necessary to comply with a legal obligation.

Data may be shared with researchers to investigate the use or functioning of the program. In that case, your explicit permission will always be requested in advance, unless only anonymized data is used that can no longer be traced back to you.

Data regarding the use of the services may also be shared with the direct providers of the service (e.g., health insurers or employers), but this data is at all times used exclusively in an anonymized form, ensuring that this never violates any (medical) duty of confidentiality or applicable privacy legislation.

How long we retain data

FitzMe will not retain your personal data for longer than is strictly necessary to achieve the purposes for which your data is collected. Consequently, the retention period is equal to the duration of the service, i.e., as long as the health or lifestyle program is running. After the service has ended, it may take several months before all data is deleted or adequately anonymized.

We can retain the results of performed PMOs (Preventive Medical Examinations) for up to several years after the PMO has been performed, with the aim of comparing them with the results of the previous examination during a follow-up PMO.

This retention period applies unless laws and regulations require a different minimum or maximum period under specific circumstances.

A Data Controller customer of FitzMe may choose not to actually delete the data after the retention period has expired, but to adequately anonymize it. In that case, the data continues to exist for the purpose of statistics and the like, but the data can no longer be traced back to individual persons.

Confidentiality
All FitzMe employees who could have access to your data have been screened using a Certificate of Conduct (VOG) and have signed a confidentiality agreement.

Security
FitzMe takes the protection of your data extremely seriously and has taken appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. FitzMe organizes its information security through an Information Security Management System (ISMS) and is ISO27001 and NEN7510 certified.

If you have the impression that your data is not properly secured or there are indications of misuse, please contact us via:

Email address: FG@FitzMe.nl
Your rights regarding your data and processing

The applicable privacy legislation stipulates that, as a data subject, you have a number of rights regarding the processing of your personal data. You have the right to access your personal data, to have it amended, deleted, or transferred. You also have the right to restrict or stop the processing. Even if you have previously given explicit consent to specific processing, you may withdraw this consent at any time. You can address a request regarding these rights to:

Postal address: Orteliuslaan 1, 3528 BA Utrecht
Email address: FG@FitzMe.nl
In the situation where FitzMe is itself the Responsible Party, we will within the applicable legal period of 1 month op respond to your request.

In the event that FitzMe is not the Responsible Party itself, we will forward your request to the Responsible customer (of which we will also notify you). You can, of course, also address your request directly to this Responsible organization if you have their contact details.

To ensure that the request was made by you, we may contact you and ask for confirmation. Depending on the situation and the type of data, we may ask you to show proof of identity to verify that the data in question is indeed yours.

Complaints and Disputes
FitzMe has established a Complaints Protocol and published it on our website. The mandatory, generic complaints and disputes procedure is handled with the assistance of an external party: the Disputes Committee. If you have a general complaint about us or our services, you can address it to their Healthcare Complaints Desk, mentioning 'FitzMe Company', via:

Website: degeschilcommissiezorg.nl/ complaintsloket-zorg
Email: info@ complaintsloket-zorg.nl
If you have a complaint specifically regarding the processing of your personal data, you can address it to the Data Protection Officer of FitzMe:

Email address: FG@FitzMe.nl
If your complaint regarding the processing by FitzMe is not handled to your satisfaction, you can address your complaint to the Dutch Data Protection Authority, via:

Website:autoriteitpersoonsgegevens.nl

CONTACT
FitzMe
Orteliuslaan 1
3528 BA Utrecht

T. 088 – 00 88 688
E. vitaliteit@fitzme.nl

Disclaimer & Privacy policy

 

NEN 7510 and ISO 27001 certified

 

 

About this portal

The websites and portals of FitzMe Company BV (hereinafter referred to as: FitzMe) are digital environments that provide you with insight into your own health and vitality. We do this, on the one hand, by providing health and vitality information. In addition, we offer test programs with which you can test your own situation on a number of aspects (eg assertiveness, stress, coping, exercise, etc.). The programs, which are developed by FitzMe, can be used for various health purposes, but particularly for (awareness of) health aspects in your work environment, your lifestyle, and any lifestyle improvements.

Not a treatment

The use of the portals cannot be considered a substitute for a consultation or treatment by a doctor or other healthcare provider. If you have questions or doubts about your health, treatment, or medications, we advise you to always contact your general practitioner, specialist, pharmacist, or other healthcare provider.

Processing of personal data

FitzMe processes personal data about you when you use our services and provide this data to us yourself. Because it is possible to identify or determine who you are on the basis of your login credentials or by means of technical data, personal data is being processed in the sense of European privacy legislation: the General Data Protection Regulation (GDPR).

Responsibility

The FitzMe portals are partly provided on behalf of and under the responsibility of its customers. In that situation, the relevant customer (the party that gives you the opportunity to use the portal) is formally the Data Controller for this processing in the sense of the GDPR.

The portals are also partly provided directly by FitzMe to users. In that situation, FitzMe itself is formally the Data Controller for this processing in the sense of the GDPR.

If you have any questions or comments regarding this processing of Personal Data, you can always direct these to FitzMe. Our contact details are:

Postal address: Orteliuslaan 1, 3528 BA Utrecht

Email address: FG@FitzMe.nl

In the situation that FitzMe itself is the Data Controller, we will make every effort to respond to your question or comment as quickly as possible.

In the situation that FitzMe is not the Data Controller itself, we will forward your question or comment to the responsible customer (of which we will also keep you informed). You can of course also direct your question or comment directly to this Data Controller organization if you have their contact details.

Data Protection Officer

FitzMe has appointed a Data Protection Officer (DPO) to ensure that the processing of personal data is carried out in a safe manner, in accordance with the requirements and guidelines that the law imposes on this. If you have questions about the privacy aspects of processing your personal data, you can direct these to:

Email address: FG@FitzMe.nl

What we use your data for

FitzMe processes your personal data for the following purposes:

To make the service provision technically possible;

To assess whether you are suitable for the relevant service and whether the relevant service is suitable for you;

To provide you with login credentials and otherwise communicate with you personally;

To be able to provide customized information or advice;

For administrative purposes relating to the service provided;

To improve the operation and content of the portals and programs.

FitzMe will also conduct research into the use and operation of the service for the purpose of improving and selling its services, but for this purpose all personal data will be adequately anonymized.

What the legal basis for processing is

FitzMe may only process your personal data if there is a legitimate legal basis for doing so. The legal basis for these portals is that you consent to the processing of your data when using the services. When we process special personal data from you (eg medical personal data), you will be asked for explicit prior consent at the start of that processing by placing a checkmark next to a consent declaration.

What personal data we process

Depending on the services you use, FitzMe may process the following personal data from you:

Name, address, email address, phone number, username, password

Citizen Service Number (BSN), if we need to submit a claim to a health insurance company as part of our service

Physical data such as: gender, age, height, weight, etc.

IP address, browser, device type, etc.

Data about your activities within our portals

Special and/or sensitive personal data we process

FitzMe may process the following personal data from you if you explicitly agree to this:

Personal data that you actively provide by answering questions in one of the tests, such as: living habits, personality aspects, eating patterns, exercise patterns, etc.

FitzMe may also process health data when you provide this yourself, for example when asking questions to our consultants or coaches.

Tracking website visits (cookies)

FitzMe uses cookies on some portals to monitor and improve the use and operation of the portals and programs. A cookie is a small text file that is stored on your computer, tablet, or smartphone when you first visit a portal. The information, through the combination of various data, is in principle traceable to a person, which is why we process this information with all the measures and restrictions that the GDPR imposes on it.

You can opt out of cookies by setting your Internet browser so that it no longer stores cookies, but this may affect your user experience. Additionally, you can also delete all information previously stored through your browser settings.

Sharing data with others

FitzMe may engage other organizations to process your personal data. When this is the case, we conclude a Data Processing Agreement with this party to ensure that the same level of security and confidentiality of your data is maintained. FitzMe remains responsible and accountable for these processing activities.

FitzMe ensures that your data always remains within the EU and is thus processed under the requirements and guidelines of European privacy legislation.

FitzMe never sells your data to third parties and will only provide it to others if necessary to comply with a legal obligation.

Data may be shared with researchers to investigate the use or operation of the program. In that case, your explicit prior consent will always be requested first, unless only anonymized data is used that can no longer be traced back to you.

Data about the use of the services may also be shared with the direct providers of the service (eg health insurance companies or employers), but this data is always used exclusively in anonymized form, which means this never conflicts with any (medical) confidentiality obligation or with applicable privacy legislation.

How long do we retain data

FitzMe will not retain your personal data any longer than strictly necessary to achieve the purposes for which your data is collected. This means the retention period is equal to the duration of the service provision, or in other words as long as the health or lifestyle program runs. After the end of the service provision, it may take a few months before all data is deleted or adequately anonymized.

The results of periodic medical examinations (PMOs) performed can be retained for some years after the PMO was carried out, with the aim of being able to compare them later with the results of a follow-up PMO.

This retention period applies unless legislation requires a different minimum or maximum period under specific circumstances.

A Data Controller customer of FitzMe may choose not to actually delete the data after the retention period expires, but to adequately anonymize it. In that case, it continues to exist for the purposes of statistics, etc., but the data can no longer be traced back to individual people.

Confidentiality

All FitzMe employees who could have access to your data have been screened using a Certificate of Good Conduct (VOG) and have signed a confidentiality agreement.

Security

FitzMe takes the protection of your data very seriously and has implemented appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. FitzMe organizes its information security through an Information Security Management System (ISMS) and is ISO 27001 and NEN 7510 certified.

If you have the impression that your data is not properly protected or there are indications of misuse, please contact us at:

Email address: FG@FitzMe.nl

Your rights regarding data and processing

Current privacy legislation provides that you, as a data subject, have a number of rights regarding the processing of your personal data. You have the right to view your personal data, have it corrected, deleted, or transferred. You also have the right to restrict or stop processing. Even if you have previously explicitly agreed to a specific processing, you can withdraw this agreement at any time. You can direct a request regarding these rights to:

Postal address: Orteliuslaan 1, 3528 BA Utrecht

Email address: FG@FitzMe.nl

In the situation that FitzMe itself is the Data Controller, we will respond to your request within the applicable legal period of one month.

In the situation that FitzMe is not the Data Controller itself, we will forward your request to the responsible customer (of which we will also keep you informed). You can of course also direct your request directly to this Data Controller organization if you have their contact details.

To ensure that the request is made by you, we may contact you and ask for confirmation. Depending on the situation and the type of data, we may ask you to provide proof of identity to verify that we are indeed dealing with your data.

Complaints and Disputes

FitzMe has established and published a Complaints Procedure on our website. The mandatory, generic complaints and disputes procedure is implemented using an external party: The Disputes Commission. When you have a general complaint about us or our service provision, you can direct it to their Complaints Desk for Healthcare, mentioning 'FitzMe Company', via:

Website: degeschilcommissiezorg.nl/ complaintsloket-zorg

Email: info@ complaintsloket-zorg.nl

If you have a complaint specifically regarding the processing of your personal data, you can direct it to the DPO of FitzMe:

Email address: FG@FitzMe.nl

If your complaint about the processing by FitzMe is not handled to your satisfaction, you can direct your complaint to the Data Protection Authority, via:

Website:autoriteitpersoonsgegevens.nl

CONTACT

FitzMe

Orteliuslaan 1

3528 BA Utrecht

Tel: 088 00 88 688

Email: vitaliteit@fitzme.nl

Disclaimer & Privacy policy

NEN 7510 and ISO 27001 certified