SurgAccord

Products

Pricing

FAQ

Guides

About Us

Contact Us

login

🇺🇸


6 April 2021

Privacy Statement of SurgAccord B.V.


SurgAccord B.V. (“SurgAccord”) operates a digital platform that facilitates doctor-patient communication for medical interventions in a secure, clear and informative manner. To provide our services to patients and healthcare providers, we process personal data. This personal data is provided to us by you, the patient, when you register for our service, contact us, fill in questionnaires etc.


During the processing of personal data SurgAccord works conform to the requirements of applicable data protection legislation, such as the General Data Protection Regulation. This means we:

  • clearly specify our purposes before we process personal data, by using this privacy statement;

  • limit our collection of personal data to only the personal data needed for legitimate purposes;

  • ask your prior explicit permission to process your personal data in cases where your permission is required;

  • take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf;

  • respect your right to access, correct or delete your personal data held by us.


In this privacy statement, we will explain what kind of personal data we collect and for which purposes within our services. We recommend that you read it carefully. If you have any questions regarding the processing of personal data, you can find our contact information at the end of this privacy statement. 


Basis for processing your personal data

Your personal data shall only be processed on one or more of the following lawful bases:

  • You have given consent to the processing of your personal data for one or more specific purposes;

  • Processing of your personal data is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;

  • Processing is necessary for compliance with a legal obligation to which the we are subject;

  • Processing is necessary in order to protect your or another person’s vital interests;

  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (such as preventing fraud), solely to the limited extent in which our legitimate interest overrides your fundamental rights and freedoms.


Purpose of processing your personal data

SurgAccord is a digital platform that enables healthcare providers to communicate with their patients in a secure, clear and informative manner. Your personal data may be processed for one or more of the following purposes:

  • to provide you with clear communication for your medical intervention;

  • to obtain your informed consent for your medical intervention;

  • to gather essential information about your personal health before your medical intervention through patient questionnaires (PROMs);

  • To receive feedback about the provided health care (PREMs);

  • To provide a digital infrastructure for data collection and data management for improvement of quality of care and research purposes;

  • For the realization and performance of a treatment contract between you and the healthcare provider;

  • To offer you our services and information, tailored to your preference;

  • To enable you to interact with our services via our app and/or website;

  • To process your request, feedback or report;

  • To analyze and optimize our site and services;

  • To comply with applicable laws and regulations;

  • To prevent fraud or misuse of our services;

  • To cooperate with law enforcement and government agencies.


Except for the parties necessary to deliver our services, we do not under any circumstance provide your personal data to other companies or organisations than your healthcare provider, unless we are required to do so by law or we have your explicit consent.


Special purposes of processing your personal data

Processing your personal data for improving our services

With your specific consent we process the answers from your questionnaire to improve our healthcare and services. This may include personal data, which we solely process to the extent necessary for this purpose.


Processing your pseudo anonymized and aggregated data for scientific research

With your consent we pseudo anonymize and aggregate data from your questionnaire and make that data available for scientific research. For example, we can create data sets in respect of a certain type of medical intervention, which enables us to inform patients and/or healthcare providers about certain patterns and to compare the health status of a patient against the average revalidation process. We only process data. The patient and/or the healthcare provider remains the exclusive owner of the data. The respective healthcare provider is also allowed to use the data obtained through the platform in a pseudo anonymized way for research purposes and related presentations and to share the such data with other researchers or healthcare providers he or she collaborates with. Furthermore, in the future the respective healthcare provider can consult the patient's electronic patient file to access additional medical data and for research and/or quality purposes. The patient can also be contacted by the respective healthcare provider for possible future additional questionnaires and/or research projects.


Types of personal data we process

Below you will find more information about the types of personal data we process through what part of our services.


Registration & access
To use our services and access our portal you need to register beforehand. You will have to provide some information about yourself and choose a username and password for the account that we will set up for you. For this purpose, we use your name and address details, phone number, email address, gender, birth date, personal identification number at the health institution. We do this on the basis of your consent. We store this information for 15 years after you closed your account. We will retain this data so that you do not have to re-enter it every time you visit our website and in order to contact you in connection with your use of the platform. Within our portal, you can access a management environment where you can set, specify and change settings. We will keep track of your activities for proof.


Questionnaires
As part of our services we enable your healthcare provider to make questionnaires available to gather more (personal) information about you. The main purpose of these questionnaires is to obtain essential information regarding your medical intervention. The information you provide in these questionnaires might contain personal information, such as name, social security number, age, weight, length, race, health conditions, medical history, health status, medications and other personal or health related information.


Contact form
You can use our contact form to ask questions or make any request. For this purpose, we use your email address and each patient is assigned a unique user number for communication purposes with the healthcare provider. We store this information until we are sure that you are satisfied with our response and for 15 years thereafter. This way we can easily access the information in case you have any following questions and train our customer service to improve even more.


Data retention

We only retain your personal data for as long as necessary for the purposes mentioned in this privacy statement. We do not process more personal data than necessary and strive to delete personal data as soon as the purpose for its original collection has expired.


Cookies
Our online service makes use of cookies. Cookies are small files in which we can store information, so that you do not have to fill in that information again. We can also use them to see whether you are visiting us again. The first time you visit our online service, we will show you a notification explaining our cookies and ask for your permission for the use of these cookies. You can disable the use of cookies through your browser settings, but some parts of our website may not work properly as a result of that.


Google Analytics
We may use Google Analytics to track visitors on our website and to get reports about how visitors use the website. We accepted the data processing agreement from Google. We do not allow Google to use information obtained by Analytics for other Google services, and we anonymize the IP-adresses.


Security
We take security measures to reduce misuse of and unauthorized access to personal data. We take the following measures in particular:

  • Access to personal data requires 2 factor authentication consisting of username/password login and OTP (one time password) token.

  • Data is being stored on a password protected database with limited access which resides on an encrypted disk.

  • We have selected a cloud provider (Google Cloud) that takes measures to protect access to the systems in which the personal data is stored.

  • We make use of secure connections (Secure Sockets Layer or SSL) to encrypt all information between you and our website when entering your personal data.

  • We keep logs of all requests for personal data (we have a security audit log system in place that logs all actions in the platform).

  • We are ISO 27001/NEN 7510 certified.


Data protection officer
We have appointed a so-called data protection officer. This person is responsible for privacy matters within our organisation. Our data protection officer is available by email ([email protected]) for all your questions and requests.


Changes to this privacy statement
We reserve the right to modify this privacy statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.


Your rights regarding your data
You can always contact us if you have any questions regarding our privacy policy or wish to review, modify or delete your personal data or execute any other rights under applicable data protection legislation. You have the following rights, among others:

  • Right of access: you have the right to see what kind of personal data we process about you;

  • Right of rectification: you have the right to rectify any personal data we have processed about you, if this information is (partially) wrong;

  • Right to complain: you have the right to file a complaint against the processing of your personal data by us;

  • Right to be forgotten: you can file a request with us to remove any personal data we have processed about you;

  • Right to data portability: if technically possible, you have the right to ask us to transfer your processed personal data to a third party;

  • Right to restriction of processing: you can file a request with us to (temporarily) restrict the processing of your personal data.

If you exercise any of the rights mentioned above, we might ask to identify yourself to confirm it is your personal data. We will usually respond to your request within one month. This term can be extended if the request is proven to be complex or tied to a specific right. You will be notified about a possible extension of this term.


Privacy complaints
If you want to file a complaint about our use of personal data, please send an email with the details of your complaint to [email protected]. We will look into and respond to any complaint we receive. Please do not send any questions or complaints regarding your medical intervention to this email address! You need to contact your healthcare provider directly for these kind of matters.


If you think that we are not helping you in the right way, you have the right to file a complaint at the authority. For The Netherlands, this is the Autoriteit Persoonsgegevens.


Contact information
SurgAccord B.V.
Concertgebouwplein 21

1071 GD Amsterdam

[email protected]


Should you have any questions or complaints regarding your medical intervention, the information requested in the questionnaires and/or the required permission (informed consent) for your medical intervention, please contact your healthcare provider directly.