Privacy policy

This privacy policy (hereinafter the "Policy") provides further information regarding the processing of Personal Data by BINGLI.

BINGLI attaches the utmost importance to the privacy of the Patient who provides Personal Data to BINGLI. In addition, BINGLI also attaches importance to the Personal Data of the contact persons and users of the Hospital (doctors, nurses, other healthcare providers, administrative staff) for whom BINGLI processes the Patient's Personal Data and the contact persons of BINGLI's partners and contractors. All persons from whom BINGLI processes Personal Data are collectively referred to in this Policy as the Data Subjects.

BINGLI uses the Personal Data of these data subjects only for the purposes described in this Policy and complies with applicable laws and regulations on the protection of Personal Data, including the European Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation or GDPR).

BINGLI collects personal data only when the data subject provides it specifically and knowingly.

BINGLI processes the following personal data of Patients:

• Last name, first name, health data, email address

BINGLI processes the following personal data of contact persons and users of the Hospital:

• Last name, first name, company address, telephone number, capacity and -for users of BINGLI Services- also the login and account details.

3. Objectives

3.1. PATIENTS

3.1.a) Processing of the Patient's Personal Data on behalf of the Hospital

BINGLI allows the Hospital to collect and process data concerning the Patient. This concerns the Personal Data that the Patient enters himself in the BINGLI application. The Hospital - whether or not together with the hospital physicians - is responsible for processing these Personal Data, but the website itself is operated by BINGLI, which acts as processor on behalf of the Hospital. BINGLI's Services have the purposes listed below, and the Patient and the Hospital use the Service for this reason, subject to the Patient's consent:

1. Management, in particular retrieval, preservation, modification and transfer of the Patient's Personal Data;
2. Improving the usability of the Patient's Personal Data;
3. The facilitation of participation in scientific research, only if the Patient so desires;
4. The evaluation of the healthcare provided to the Patient, with the aim of improving it; and
5. The identification of potential medical risks of the Patient.

3.1.b) Processing on behalf of BINGLI itself

In addition, under its own responsibility, BINGLI will also be able to anonymise, or at least pseudonymise, the Patient's Personal Data in order to allow further processing and transmission to third parties for scientific purposes.

BINGLI, under its own responsibility, will also be able to process the anonymised, or at least pseudonymised, Personal Data of the Patient (along with the feedback received through the Hospital or physician) to improve its own services.

For both these processing operations, the Personal Data are in principle always anonymised. After this anonymisation, the identity of the Patient can no longer be linked in any way to the data originating from this Patient, so the privacy of this Patient cannot be compromised as a result and the GDPR no longer applies. However, if the Personal Data is part of too limited a group of patients (cohort), it may no longer be possible to guarantee that the data is effectively anonymous. In this case, the Personal Data are qualified as pseudonymised. This means that BINGLI staff can no longer see the Patient's name, but it is not theoretically impossible to recover the Patient's identity.

These processing operations under BINGLI's own responsibility will only take place with the consent of the Patient and after anonymisation/at least pseudonymisation of the Patient data so that BINGLI employees can no longer see the Patient's name.

3.2. CONTACTS & USERS

BINGLI will also process under its own responsibility the Personal Data of staff members of the Hospital or of partners and contractors of BINGLI. This includes professional contact data such as name, company address, telephone number, capacity and -for users of BINGLI Services- also login and account data.

BINGLI may process this Personal Data because of its legitimate interest to correctly execute the agreement with the Hospital and with its partners and contractors, to keep its own records, as well as to maintain commercial relations with the Hospital and partners/contractors. This includes the following purposes:

1. Internal contract management and communication with the Hospital or partner/contractor in connection with the conclusion, execution or termination of the contract with BINGLI;
2. Provide a login to the Web site;
3. Billing;
4. Informing users within the Hospital about updates;
5. Maintain commercial relationships through offers, newsletters and the like.

4. Confidential treatment by BINGLI

BINGLI acknowledges that the Personal Data of Data Subjects is strictly confidential.

BINGLI will not disclose Personal Data to a third party except in the following cases:

The list of persons who may have access to the Personal Data in the context of the Service are:

1. BINGLI employees and contractors responsible for collecting, processing, managing and reviewing the Personal Data;
2. BINGLI employees and contractors responsible for quality management and security;
3. BINGLI employees responsible for controlling BINGLI employees and contractors;
4. Any party for whom the Complainant instructs BINGLI to release; and
5. Any other person authorised to inspect by applicable law.

BINGLI reminds the aforementioned persons of the importance of the confidential treatment of the Personal Data, and, when applicable, has them sign a confidentiality statement attached to the agreement concluded with them.

In certain cases, BINGLI may or must also transfer your Personal Data to its subcontractors ("processors"): these are external business support services that process your Personal Data on behalf of and at the direction of BINGLI. These include the website provider and data storage services. BINGLI has entered into an agreement with each of these processors to ensure that your Personal Data remains secure and is not used for purposes not authorised by BINGLI.

In order to protect your Personal Data in the best possible way, BINGLI takes appropriate technical and organisational measures and applies best practices to prevent the loss, misuse, disclosure, unauthorised access or modification of this Personal Data. Both on a technical and organisational level, the necessary measures are taken to provide an adequate level of security. However, this risk can never be completely eliminated, even with the best measures.

BINGLI cannot be held liable for damages resulting from a lack of adequate security measures by third parties.

6. Data storage
The Data Subject accepts that BINGLI will store the Patient's Personal Data in electronic archives and/or databases set up and managed by BINGLI, in the form in which this Personal Data was received or similar to any other derived form used by BINGLI in the context of the Service. BINGLI may rely on third-party service providers for the storage of the Personal Data, which are in principle located within the European Economic Area. In case Bingli relies on third party service providers established outside the European Economic Area, it shall make the necessary arrangements to achieve an equivalent level of protection for the Personal Data in accordance with Articles 44 to 49 of the General Data Protection Regulation.

BINGLI will not retain Personal Data for longer than necessary for the purposes stated in this Policy. Once the Personal Data is no longer needed or, where appropriate, at the Patient's request, BINGLI will delete the Personal Data, unless the storage of the Personal Data is or becomes required by law.

7. Secure communication
The Data Subject accepts that communication of Personal Data to BINGLI is electronic, and that any form of communication involves a risk of interception, misdelivery or loss. BINGLI shall not be liable for communication errors that are not attributable to it.

The rights of Data Subjects in relation to the processing of their Personal Data by BINGLI are set out below.

The Patient may always exercise the rights listed below with regard to the processing of his Personal Data by BINGLI by contacting the Hospital for whose benefit BINGLI processes the Personal Data. If the Patient only has a request relating to the processing of his Personal Data by BINGLI for BINGLI's own purposes (improvement of BINGLI services or anonymisation for scientific purposes; see article 3.1.b. of this Policy), the Patient should keep in mind that BINGLI usually processes his Personal Data for these purposes in a way that does not involve identification of the Patient concerned. If the Patient wishes to exercise his rights to this Personal Data, BINGLI may therefore ask the Patient to provide additional Personal Data in order to identify the Patient. After identification, the Patient has the following rights vis-à-vis BINGLI.

Other Data Subjects can always exercise their rights by contacting BINGLI directly.

To exercise your rights, please send an e-mail or letter to BINGLI's data protection officer, together with a scan or copy of your ID, bearing your signature. You can send this e-mail or letter to the following contact details:

An Vijverman
Dewallens & partners
Mechelsestraat 107-109
3000 Leuven
Belgium

an.vijverman@dewallens-partners.be

When you contact BINGLI (or BINGLI's data protection officer) to exercise your rights, BINGLI will respond within 30 calendar days. If your request is complex or there are many requests to process, the deadline will be extended by 60 days. BINGLI will notify you in that case. Whether or not you can exercise your rights depends on the nature of the processing and the legal basis.

Always make sure that it is exactly clear which right you want to exercise and in which way (e.g. e-mail, post, oral, etc.) you wish to receive the information.

In principle, the processing of your requests is free of charge. However, if your request is manifestly unfounded or excessive, BINGLI reserves the right to charge a fee for administrative costs before processing your request.

Inspection - each Data Subject has at all times the right to inspect, free of charge, the Personal Data that BINGLI processes about him/her, unless such inspection is excluded by law. The Data Subject also has the right to receive certain information about such processing. Specifically, the Data Subject is entitled to the following information:

• the existence or non-existence of processing operations on his/her Personal Data;
• the Personal Data itself;
• the purposes of processing this Personal Data;
• the categories of Personal Data and their retention period;
• the categories of recipients to whom this Personal Data is disclosed;
• the Data Subject's rights in respect of such Personal Data;
• the source of this Personal Data, if it was not collected from the Data Subject.

Copy - The Data Subject also has the right to obtain a copy of his/her Personal Data free of charge, to the extent that the Data Subject is entitled to view it in accordance with the GDPR. If the Data Subject requests multiple copies of the same information, BINGLI reserves the right to charge a fee for administrative costs for this purpose.

The Data Subject also has the right to have all incorrectly or incompletely processed Personal Data corrected or completed free of charge.

The Data Subject may also hereby request that his/her Personal Data temporarily cease to be processed (except in some legally defined cases) until the accuracy or completeness of his/her Personal Data has been checked and any inaccuracies/incompleteness rectified (except in some legally defined cases). Please see the section "right to restricted processing" in this regard.

With regard to Personal Data processed in an automated manner (by computer), the Data Subject further has the right to request that BINGLI transfers a copy of his/her Personal Data in a machine-readable format (e.g. XML) to him/her and/or directly to another institution or person of his/her choice. However, this right applies only to Personal Data that the Data Subject has provided himself/herself and only when the processing by BINGLI is based on the Data Subject's consent.

Where BINGLI processes Personal Data of the Data Subject on the basis of the Data Subject's consent, the Data Subject always has the right to withdraw this consent and request that his/her Personal Data be deleted. Please refer to the "right of removal" section in this regard. The withdrawal of consent by the Data Subject does not, in itself, affect the lawfulness of the processing prior to the withdrawal of consent.

If the Data Subject withdraws his/her consent or if the Data Subject otherwise believes that his/her Personal Data should no longer be processed (e.g. because it is no longer necessary or because it is unlawfully processed), the Data Subject may request that his/her Personal Data be permanently deleted from BINGLI's files.

Instead of deletion, the Data Subject may alternatively request that his/her Personal Data remain stored, but no longer be processed (except in certain legally defined cases). See the "right to restricted processing" section in this regard.

However, BINGLI is not obliged to delete the Personal Data if it may or must still be lawfully processed in accordance with the GDPR (e.g. in the context of legal proceedings).

If the Personal Data of the Data Subject is processed without his/her consent but on the basis of BINGLI's legitimate interest within the meaning of Article 6(1)(f) AVG (e.g. for the purpose of maintaining customer relations), the Data Subject may in certain cases object to such processing of his/her Personal Data by BINGLI.

However, to the extent that the processing does not involve a form of direct marketing, BINGLI may still continue to process Personal Data when necessary for compelling legitimate reasons. Pending the assessment of these reasons, the Data Subject may, however, request BINGLI to temporarily stop processing the Personal Data concerned (except in some legally defined cases). Please refer to the section "right to restricted processing" in this regard.

In certain cases, the Data Subject has the right to request that his/her Personal Data be retained by BINGLI, but temporarily no longer processed. Apart from the cases mentioned under the rights to rectification, objection and removal in this Policy, the Data Subject also has this right if BINGLI no longer needs his/her Personal Data, but he/she himself/herself still needs it in the context of a legal action.

However, in some legally defined cases, the limited processing does not apply and BINGLI may still continue to process the Personal Data. These cases are as follows:

• if the Data Subject himself/herself has given his/her specific consent to a particular processing operation;
• if BINGLI itself needs the Personal Data in the context of legal proceedings;
• if the Personal Data is to be processed for the protection of the rights of another natural or legal person; or
• for important reasons of public interest.

9. Questions and complaints
Questions - For requests to exercise the Data Subject's rights or for any other questions regarding the processing of Personal Data by BINGLI, the Data Subject can always contact Tom Van De putte (tvdp@mybingli.com) or our data protection officer An Vijverman, Dewallens & partnes (an.vijverman@dewallens-partners.be) free of charge.

Complaints - If the Data Subject believes that the provisions of this privacy statement or of the GDPR are not being complied with, the Data Subject may always lodge a complaint with the Data Protection Authority. However, if the Data Subject has complaints, BINGLI nevertheless kindly requests the Data Subject to first submit them to BINGLI so that BINGLI can seek a solution to the problem.

Contact details Data Protection Authority:

Printing Press Street 35
1000 Brussels
contact@apd-gba.be

https://www.gegevensbeschermingsautoriteit.be

BINGLI's liability is limited to direct damage, excluding all indirect damage, such as, but not limited to, loss of personal data, financial or commercial damage, loss of profits, increase in overheads, disruption of planning. BINGLI's liability is limited to the amount for which BINGLI is insured.

BINGLI reserves the right to modify this privacy statement at any time. If you have any questions regarding the processing of your Personal Data, it is therefore recommended that you always consult the most recent version of the privacy statement, available on this website.

Last modified: 22 December 2022