28 april 2020
- Partner Hospitals include UMC Utrecht, the Wilhelmina Hospital Foundation Assen, the Nijmegen Interconfessional Hospital Foundation Canisius-Wilhelmina, the Maasstad Hospital Foundation, the Jeroen Bosch Hospital Foundation and the Spaarne Gasthuis Foundation. On the website www.decoronacheck.nl you will find an overview of the postal code region of each Partner Hospital. By using The Corona Check, you enter into an agreement with OLVG and the Partner Hospitals.
- The Corona Check is intended as an extra communication tool on account of the Corona Virus outbreak. The App is a CE certified medical device. The Corona Check is not a replacement for emergency care or regular care. Everyone can (continue to) use regular care. Under no circumstances are you obliged to use The Corona Check.
- The Corona Check medical team review the answers you provide in the App. If there is a medical reason for contacting you based on this information, we will do so within 24 hours (by telephone or via a message in the App). If there is no medical need for contact, then you will receive a message from us within 48 hours. You are responsible for estimating whether you can wait for this or whether you need emergency care. Do you require urgent care, even when using the App? Then take independent action and contact your doctor or call 112 in the case of an emergency.
- The Corona Check is a crisis measure. Accordingly, we cannot currently estimate exactly what is going to happen. For this reason, OLVG reserves the right to adjust and/or extend response times. OLVG may also decide at any time to refuse new registrations for The Corona Check and/or cease existing participation.
- The Corona Check is intended for your own personal use. You can use The Corona Check if you are 18 years or older. You must also be in possession of a properly functioning thermometer. In addition, you will need an email address where you can receive emails and a suitable tablet or smartphone for installing the App. You will need an Android operating system of version 7 or higher OR an Apple system of version iOS12 or higher. You may only use the App for the purpose for which it is intended.
- Use of The Corona Check is free of charge. To be clear, this applies to both your use of the App and to the guidance received by the medical team of OLVG and The Corona Check Partner Hospitals.
- The data you enter in the App will be reviewed by the OLVG medical team and The Corona Check Partner Hospitals. This team has been specifically established for care provision in relation to The Corona Check and consists of care providers supported by medical specialists. You may receive an auto-generated message if your risk level is low, based on your responses. If telephone contact is necessary, you will be approached by employees of the medical team from the Partner Hospital in your region.
- Advice given via The Corona Check is provided based on the information you submit. The medical experts of The Corona Check medical team do not have access to your regular patient file. They base their guidance entirely on the data you enter in the App. You are therefore responsible for entering correct and complete information in the App and submitting it to your healthcare provider.
- Employees of the medical team of The Corona Check can (together with you) decide to close access to the App. For example, if you personally wish to cease use or in the case of incapacitation. They will then initiate the procedure to delete your account. You can also unsubscribe via the unsubscribe button in the App and delete the App yourself.
- When using The Corona Check, OLVG and the Partner Hospitals process your personal data, which includes medical data. OLVG and the Partner Hospitals have taken measures to guarantee your privacy and the security and reliability of the data processing. You can read more about this in the privacy statement.
- You are solely responsible for providing a device on which the App can be installed, a properly functioning thermometer and an Internet connection, for which you bear the costs yourself. OLVG and the Partner Hospitals are not responsible nor liable for disruptions in the availability of the Internet, nor for the use of a faulty thermometer or a faulty device on which the App is installed.
- OLVG and the Partner Hospitals make every effort to ensure optimum availability and accessibility of The Corona Check. OLVG and the Partner Hospitals cannot guarantee that you will have unrestricted access to the App at all times, and cannot guarantee continual use of the App without any disruptions. OLVG and the Partner Hospitals do not guarantee that the App or parts thereof will work without interruption, errors or defects, or that all errors or defects will be corrected.
- OLVG and the Partner Hospitals make every effort to ensure that the App is adequately secured. You must ensure that you protect your device and restrict unauthorised third parties from gaining access to the information in the App. For example, you can protect your device with a strong password or PIN number that is kept confidential.
- Do you have a complaint regarding The Corona Check? You can send this by email to email@example.com. If your complaint or query specifically concerns the telephone contact from a Partner Hospital, it will be forwarded to the complaints department of the relevant Partner Hospital. In other cases, your complaint will be handled by OLVG. We will process your complaint as soon as there is sufficient availability to do so. We hope that you understand that, in view of the Corona Virus outbreak, keeping emergency care open is currently our first priority.
Data controllers and processor
- OLVG and the Partner Hospitals are the joint controllers for the data processed in the App. Partner Hospitals include UMC Utrecht, the Wilhelmina Hospital Foundation Assen, the Nijmegen Interconfessional Hospital Foundation Canisius-Wilhelmina, the Maasstad Hospital Foundation, the Jeroen Bosch Hospital Foundation and the Spaarne Gasthuis Foundation. On the website http://www.decoronacheck.nl you will find an overview of the postal code region of each Partner Hospital.
- OLVG and each Partner Hospital have set up their own control centre, each serving users in their own postal area. The postal areas do not overlap. On the website http://www.decoronacheck.nl you will find an overview of the current postal region that is served by each Partner Hospital.
- All data processed via The Corona Check will be first delivered to one central database, managed by OLVG. Users of The Corona Check will receive automatic (email) messages wherever possible. OLVG manages this on the basis of a medical protocol created in collaboration with the Partner Hospitals.
- If it is necessary to contact you, your details will be forwarded to the Partner Hospital of your own postal region. Your details will then be consulted by the care directors of the respective Partner Hospital. Subsequently, you may need further treatment and guidance from that particular Partner Hospital. It could also be the case that your risk level is considered low. If so, your data will be transferred back to the central database, until a reason arises for further personal contact.
- OLVG and the Partner Hospitals use technology from Luscii Healthcare B.V. (Luscii) for the App. Luscii processes your personal data on behalf of OLVG and the Partner Hospitals, as a processor under the applicable laws relevant to the processing of personal data. OLVG and the Partner Hospitals have concluded a processing agreement with Luscii and have established agreements concerning the reliability and security of data processing operations.
Health data and retention periods
- If you wish to use The Corona Check, it is necessary for OLVG and the Partner Hospitals to process certain personal data, including your email address, telephone number, date of birth and health information. The use of The Corona Check is not possible without processing your personal data. A complete overview of the data processed by OLVG and the Partner Hospitals, and the purposes and retention periods, can be found in the summary at the end of this privacy statement.
- OLVG and the Partner Hospitals process data about your health. OLVG and the Partner Hospitals may process this data as healthcare institutions, as a necessity for the provision of healthcare and for reasons of interest in the field of public health. The care directors of each control centre, who have access to your health data, have a legal duty of confidentiality.
- The data you enter in the App is not automatically transferred to your electronic patient file. In the unlikely event that you are admitted as a patient, the data you have entered in the App can, if necessary, be transferred to your medical file. Your data will, however, be retained for another 20 years after use of The Corona Check, in accordance with the law of the medical treatment agreement. An extended retention period is possible, if necessary, on the basis of good care provision. You can also request an electronic copy of your data, if you wish to have it included in the patient file of your own healthcare provider. You can submit a request for this via firstname.lastname@example.org.
Purpose and basis of processing
- OLVG and the Partner Hospitals process your data for the following purposes:
- Providing The Corona Check and the functionalities and services included therein, as well as new versions and updates.
- Improving the ease of use of The Corona Check.
- Logging and security, detecting irregularities and weaknesses.
- Anonymisation of personal data for research purposes in relation to the Corona Virus and related viruses.
- Support for the operation of The Corona Check.
- Dealing with questions, complaints and procedures.
- OLVG and the Partner Hospitals process the data on the basis of the execution of the agreement, with general and vital interest due to the Corona Virus outbreak and the legitimate interest of OLVG and the Partner Hospitals.
- OLVG and the Partner Hospitals will also anonymise your data to be used for scientific research, in collaboration with third parties. The aim of the research, among others, is to gain insight into the spread of the Corona Virus. Your data will only be used for scientific research once it has been made anonymous.
Security of personal data
- Article 32 of the GDPR obliges OLVG and the Partner Hospitals to take (or have taken) appropriate technical and organisational measures to prevent the loss of personal data or unlawful processing.
- OLVG and the Partner Hospitals have taken the following measures, among others:
- OLVG and the Partner Hospitals work in accordance with NEN7510;
- Authorisation policy for employees who have access to the data in The Corona Check;
- Periodic privacy awareness training;
- Data in the App is always transferred over HTTPS (SSL/TLS);
- Firewall protected servers (including backups) are in use;
- As little data as possible is stored locally on phones or tablets for extended periods and, if this does occur, the data is encrypted;
- Encryption is with AES256, also on the servers of our cloud service provider;
- Data is erased from local data carriers (smartphone or tablet) when logging out;
- All activities are logged. If necessary, activities can be monitored.
Your privacy rights
- You have the right to access your personal data (Article 15 of the GDPR) and the right to request correction or deletion of your personal data (Articles 16 and 17 of the GDPR).
- If you would like to know which personal data the OLVG and the Partner Hospitals process, you can submit a written request for inspection as detailed below. OLVG and the Partner Hospitals will handle your request within a reasonable amount of time.
- Do you believe your data to be incorrect, incomplete or irrelevant? If so, you can make an additional request to have your data changed or supplemented (Article 16 GDPR).
- In some cases, you can request the deletion of your data (Article 17 GDPR). There are exceptions to the right to delete your data: if the data must be retained under legal obligation, or if the data is of interest to third parties, your request will not be granted. OLVG and the Partner Hospitals must comply with a request to delete data within three months.
- If you wish to receive the (digital) personal data that OLVG and the Partner Hospitals process, you can invoke your right to data portability (Article 20 GDPR). In doing so, you will receive your data in a format that can be easily passed on to another organisation, if desired.
- You can also request to limit the processing of your data or object to it (Articles 18 and 21 GDPR).
How can you exercise your rights?
- If you wish to invoke one of the rights mentioned above, you can request this at email@example.com. Your email will be forwarded to the hospital of your postal region, which may be OLVG or one of the Partner Hospitals.
- We will inform you as to the outcome of your request within a month. If your request is very complicated, this period can be extended by another two months. If OLVG wishes to extend the term, we will let you know within one month of receiving your request.
Recipients of personal data
- OLVG and the Partner Hospitals will not transfer your data to third parties, except for the purpose of scientific research and only once your data has been anonymised.
- Your personal data can be processed by the processor appointed by OLVG and the Partner Hospitals, Luscii healthtech B.V. (Luscii). Luscii has access to your personal data in accordance with the agreements that OLVG and the Partner Hospitals have made with Luscii in the processing agreement.
Transfer of your personal data outside the European Economic Area (EEA)
- When processing your personal data, such information may be shared with third parties, including our processor Luscii. These parties may be located outside the EEA or employ subcontractors located outside the EEA. Where applicable, we have taken appropriate measures when transferring personal data. Luscii checks that its subcontractors based in the United States are affiliated with the EU-US Privacy Shield and, if not, enters into transfer agreements under standard data transfer contractual clauses.
- If you believe that the data processing by OLVG or the Partner Hospitals is not in accordance with the law and regulations, you can report this to firstname.lastname@example.org. Your report will be processed by the Data Protection Officer (DPO) of OLVG, unless the complaint concerns telephone contact with a Partner Hospital. In which case, your report will be processed by the Data Protection Officer (DPO) of the relevant Partner Hospital.
- The Dutch Data Protection Authority is the independent supervisor for compliance with privacy legislation. You have the right to file a complaint with them. On the website of the Dutch Data Protection Authority, you will find plenty of information, including information about privacy regulations and data processing in healthcare.
|Overview of users’ personal data to be processed|
|First and last name, gender, post code, date of birth, email address, telephone number, name of healthcare organisation, unique username or ID, patient number, account start date, program, group (user/admin/care provider), messages sent via the app (feedback, support), app settings, measurements and values, and their frequencies, usage logging (date and time of login/logout), authentication token, IP address, information for push notifications, type of device used (iOS/Android) and version number, browser information, version of the app, whether user is a patient with healthcare provider, diagnoses, relevant medication, if user has been tested for the Corona Virus.|