Luscii healthtech B.V. (Luscii, we, our, us) is a Dutch company. We are located at Spuistraat 114-A in Amsterdam.
We develop technology for home measurement applications. This enables healthcare providers to monitor their patients and clients remotely. We want good care to be readily available to everyone.
We believe it is important to handle the personal data entrusted to us with care. We have appointed a data protection officer to ensure compliance with applicable laws and regulations for the processing of personal data.
In this Privacy Statement, you can read how we handle personal data of patients, healthcare providers, business clients and job applicants..
We process personal data of users of our home measurement application(s) (App(s)). These may be the healthcare providers who view and analyse the measurement results and, of course, the patients and clients who keep track of their measurement results in our Apps. We process the personal data of users on behalf of the healthcare institutions that prescribe the Apps. The healthcare institutions are responsible for the processing and we are the processor. We make agreements with healthcare institutions regarding how we process personal data on their behalf and the security measures that we take.
In certain cases, we process personal data for our own purposes and, for this, we take responsibility ourselves. For example, personal data that we obtain via our website http://www.luscii.com, if you contact us, if you are a business client of ours, if you apply for a job with us, or if you participate in a recruitment event.
3. Home measurement application
Luscii makes the technology for the App. Healthcare institutions purchase our services. Among other things, they determine which Apps they will use, the purposes for which they will do so, the diagnoses for which an App will be implemented, and the threshold values at which action must be taken by either the healthcare provider or the patient. We provide the technology and support, and ensure that the App is easy for you to use.
In our App, we can process the following information from users on behalf of healthcare institutions: Type of user (patient/admin/caregiver), first and last name, gender, postcode, date of birth, email address, telephone number, name of healthcare institution and/or healthcare provider that has prescribed the App, unique username or ID, patient number, account start date, program, messages sent via the App (feedback, support), App settings, measurements and values, and frequencies thereof, logging of use (date and time log in/out), authentication token, IP address, information for push notifications, type of device used (iOS/Android) and version number, browser information, version of the App, diagnoses, information about conditions and medication.
The healthcare institution may only process personal data via the App if there are legal grounds to do so. In most cases, grounds can be found in the execution of the medical treatment agreement that the healthcare institution has with the client or patient. If necessary, the healthcare institution may also request permission. We process the personal data in the App on behalf of the healthcare institution and do not require independent processing grounds in which to do so.
The healthcare institution will determine in advance the purposes for which it will process personal data via the App. We have no control over this.
The personal data that we process from you in the App will always be shared with your healthcare provider of the healthcare institution. We may also share your personal data with third parties from whom we purchase services, i.e. our subcontractors. These sub-contractors are to be regarded as ‘sub-processors’. We agree with the healthcare institution which services of third parties to use. We always enter into a sub-processor agreement to ensure that these third parties, just like us, handle your personal data with care.
We have agreed with the healthcare institution that we will take measures to protect your personal data against unlawful processing. We work in accordance with NEN7510 and have, among other things, taken the following security measures:
- Authorisation policy for employees who have access to the data in the App;
- Periodic privacy awareness training;
- Data in the App is always transferred over HTTPS (SSL/TLS);
- Firewall protected servers (including backups) are used;
- Data stored locally on phones or tablets for long periods is kept to a minimum, and if this happens, the data is encrypted;
- Encryption with AES256, also on the servers of our cloud service provider;
- Data is erased from local data carriers (smartphone or tablet) when logging out;
- All activities are logged. We can monitor activities, if there is reason to do so.
Would you like to know more about the data processing in the Apps? Please contact your healthcare institution. You can also contact your healthcare institution if you wish to invoke your rights with regard to your personal data. This includes the right to access, the right to supplement and correct personal data, and the right to remove personal data.
4. Processing personal data of businesses, job applicants and website visitors
We may process your personal data for our own purposes. We are then responsible for the processing ourselves. We do this in the following cases:
- You are a business client of ours, such as a contact person of a healthcare institution, that purchases or wishes to purchase our services.
- You contact us by telephone, email, social media or in any other way, because you have a question, comment or complaint.
- You are interested in our organisation and would like to apply for a job with us or participate in a recruitment event.
We will not process any of your personal data for our own purposes when you use the App as a patient or healthcare provider.
We process the following types of personal data from you:
- Contact details: name, address, gender, email address, telephone number and other necessary company and contact information.
- Contents of your correspondence.
- Information regarding the services we provide to you, such as quotes, agreements and instructions.
- Information regarding invoices and payments, including bank details (of your organisation) and payment history.
- What information and documents we have sent to you and, if necessary, whether and when the documents have been opened.
For job applicants and participants in recruitment events, we process the personal data provided before or during the application or participation. This may include contact details (name and address), data included in a CV or motivation letter, diplomas and qualifications, information regarding work experience, references and public profiles on social media, such as LinkedIn, and data provided by you during the procedure. When you participate in a recruitment event, we may record details of your participation and your interests in a report. If you complete an assessment or submit results, we will process these results for your application.
We may send our (business) clients direct marketing emails about our services and relevant developments in the industry. We use common tracking techniques that give insight into the reach and effectiveness of our direct marketing communications. This helps improve our services and focus our information and communication on relevant target groups.
We process this personal data for the following purposes:
- To offer our services and to handle questions and requests.
- To provide you with information, either directly (by telephone or email) or via our website.
- To operate and improve our website.
- To process payments and maintain thorough administration.
- To contact you about our services.
- To keep you informed about our organisation and invite you to meetings and events. To monitor and improve the effectiveness of our direct marketing and communication.
- To consider your job application or to invite you to a recruitment event and to assess your eligibility for a position within the Luscii team.
- To comply with applicable laws and regulations, and to follow the instructions of other supervisors and authorities (such as the Tax and Customs Administration, the Social Affairs and Employment Inspectorate, and the Dutch Data Protection Authority).
We process your personal data on the grounds of the following legal principles:
- We will process your personal data, if you are a contact person at a healthcare institution that purchases or wishes to purchase services from us, as this is necessary for the execution of the agreement we have, or will enter into, with the healthcare institution.
- We have a legitimate interest when showing you information via the website or when we send information at your request. We also have a legitimate interest in maintaining contact with you about our services. Furthermore, we have a legitimate interest in recruiting suitable new colleagues. We always weigh our interest against your privacy concerns and keep in mind that we only use your business (contact) data. You can request to find out more about this balance of interests from us.
- In certain cases, we may ask for your permission, for example, when we wish to send you direct marketing messages, although you are not yet a customer of ours. If you give us your consent, you can withdraw it again at any time.
- In a number of cases, there is a legal obligation placed on us to process personal data, for example, in keeping tax records..
Access to personal data
Your personal data can be accessed by authorised Luscii employees, who need your personal data to perform their tasks. We may also share your personal data with third parties. We make use of, for example, cloud and email service providers. We have signed a processing agreement with these parties. We also share your personal data with parties who qualify as data controllers, such as external advisors, independent auditors and relevant authorities.
Transfers outside the European Economic Area (EEA)
Some of our service providers are based in a country outside the EEA, including the United States. To comply with EU legislation on data protection in international transfers, we establish transfer agreements based on the standard contractual clauses adopted by the European Commission. Please contact us for more information on the safeguards in place for international transfers.
We retain your personal data no longer than is strictly necessary. If an agreement is in place, we will process your personal data for its duration. Thereafter, we may retain your personal data to the extent necessary for the purposes stated in this Privacy Statement or to the extent determined by legal obligations. For example, we are obliged to retain certain tax records for seven years. After that period, we will delete your personal data.
We will process personal data of job applicants up until 4 weeks after the end of the application process or recruitment campaign, unless you have indicated that we may keep your personal data in our file. In that case, we will keep your personal data for another year for the purposes of informing you about interesting vacancies or new recruitment events.
Retention periods for email communications depend on the nature of the messages. For example, if you make a request or a complaint, we will retain your message for two years after the request or complaint has been dealt with. Depending on the type of cookie, we will retain data collected through cookies for the duration of the session until two years thereafter..
5 Your rights
Under privacy legislation, you have a number of rights regarding your data and its processing.
- Right of access. This is the right to ask us whether we have personal data about you and to inspect this data.
- Right of rectification. You can ask us to change incorrect or incomplete personal data.
- Right to be forgotten. In some cases, you have the right to have your personal data deleted by Luscii, for example, when your personal data is no longer needed for the purposes for which we obtained them.
- Right to restriction. This is the right to have less personal data processed or to stop the processing temporarily. You can request this, for example, if you have disputed the accuracy of your personal data.
- Right to data portability. If we process your personal data on the basis of an agreement or consent, you have the right to data portability. This is the right to receive your personal data from us, so you can forward this data to another party.
- Right of objection. You may object to the processing of your personal data. If your personal data is processed for direct marketing purposes or on the basis of the legitimate interests of Luscii, you may always object to the processing of your personal data.
- Withdrawing your consent. If you have given us your consent to the processing of your personal data, you may withdraw your consent at any time. This withdrawal does not affect the processing of your personal data before your consent was withdrawn.
We are not always obliged to grant your request(s). However, we will always respond to your request, at least within one month. Only in special cases may we take longer, but if so, we will always inform you of the progress..
6 Contact and complaints
If you have any questions or complaints regarding this Privacy Statement, or if you wish to exercise your rights, please contact us by email at service@Luscii.nl.
If you suspect that Luscii is in breach of privacy and data protection legislation (GDPR), please feel free to contact us. We will be happy to assist you. Please note, for the sake of clarity, that you have the right to lodge a complaint with a supervisory body. In the Netherlands, this is the Dutch Data Protection Authority.
7 Updates and alterations
This Privacy Statement may be amended from time to time. The most recent version of the Privacy Statement can be found on our website. In the event of changes that may affect you significantly, we will endeavour to inform you immediately. The most recent version of this privacy statement dates from 24th of November 2020.