PRIVACY POLICY Qompium (12 December 2022)

Qompium nv (we), located at Corda Campus, Kempische Steenweg 303/27 in Hasselt (BE-3500) is a digital health company that aims to empower healthcare professionals, patients and individuals with accurate, reliable, and timely diagnosis and prediction information, thereby improving patient outcomes and reducing healthcare costs. 

We are committed to treat every form of information that allows you to (in)directly identify yourself as a natural person, per the definition of personal data in the GDPR, properly. We are convinced that personal data entrusted to us must be handled with utmost care  and in a transparent manner. To reinforce this statement, we appointed a Data Protection Officer (DPO) to ensure compliance with applicable regulations for processing of personal data.

In certain cases, we process personal data for our own purposes for which we take responsibility ourselves. Examples are data obtained from our website, via business development activities, or if you apply for a position within our organisation or are part of our recruitment process. Data collected by using the FibriCheck product is described in the applicable privacy policy of FibriCheck (link).

We may process your personal data for our own purposes. We are then responsible for the processing ourselves. We do this in the following cases:

• You use our website https://fibricheck.com, on which we use cookies.
• You are a business client of ours, such as a customer, supplier or professional partner that purchases or wishes to purchase our services.
• You are contacting us by telephone, email, social media or in any other way, because you have a question, comment or complaint.
• You are interested in our organisation and would like to apply for a job with us or participate in a recruitment event.
• If you are using our FibriCheck application for which you have signed up, a specific policy is applicable (link). 

We process the following types of personal data from you:

• Contact details: name, address, gender, email address, telephone number and other necessary company and contact information.
• Contents of your correspondence.
• Information regarding the services we provide to you, such as quotes, agreements and instructions.
• What information and documents we have sent to you and, if necessary, whether and when the documents have been opened.
• Any data sent in by you while using our FibriCheck application with its applicable privacy policy.

For job applicants and participants in recruitment events, we process the personal data provided before or during the application or participation. This may include contact details (name and address), data included in a CV or motivation letter, diplomas and qualifications, information regarding work experience, references and public profiles on social media, such as LinkedIn, and data provided by you during the procedure. When you participate in a recruitment event, we may record details of your participation and your interests in a report. If you complete an assessment or submit results, we will process these results for your application.

We may send our clients direct marketing emails about our services and relevant developments in the industry. We use common tracking techniques that give insight into the reach and effectiveness of our direct marketing communications. This helps improve our services and focus our information and communication on relevant target groups.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We process this personal data for the following purposes:

• To offer our services and to handle questions and requests.
• To provide you with information, either directly (by telephone or email) or via our website.
• To operate and improve our website.
• To contact you about our services.
• To keep you informed about our organisation and invite you to meetings and events. To monitor and improve the effectiveness of our direct marketing and communication.
• To consider your job application or to invite you to a recruitment event and to assess your eligibility for a position within our team.
• To comply with applicable laws and regulations, and to follow the instructions of other supervisors and authorities.

We process your personal data on the grounds of the following legal principles:

• We will process your personal data, if you are a business client of ours. 
• We have a legitimate interest when showing you information via the website or when we send information at your request. We also have a legitimate interest in maintaining contact with you about our services. Furthermore, we have a legitimate interest in recruiting suitable new colleagues. We always weigh our interest against your privacy concerns and keep in mind that we only use your business (contact) data. You can request to find out more about this balance of interests from us.
• In certain cases, we ask for your permission, for example, (i) when we wish to send you direct marketing messages, although you are not yet a customer of ours, or (ii) when you sign up for any of our demo applications. If you give us your consent, you can withdraw it again at any time.
• In a number of cases, there is a legal obligation placed on us to process personal data, for example, in keeping tax records.

We use cookies on our website. You can find more information about this in our Cookie Policy.

Your personal data can be accessed by authorised Qompium employees, who need your personal data to perform their tasks. We may also share your personal data with third parties. We make use of, for example, cloud and email service providers. We have signed a processing agreement with these parties. We also share your personal data with parties who qualify as data controllers, such as external advisors, independent auditors and relevant authorities.

Some of our service providers are based in a country outside the EEA, including the United States. To comply with EU legislation on data protection in international transfers, we establish transfer agreements based on the standard contractual clauses adopted by the European Commission. Please contact us for more information on the safeguards in place for international transfers.

We retain your personal data no longer than is strictly necessary. If an agreement is in place, we will process your personal data for its duration. Thereafter, we may retain your personal data to the extent necessary for the purposes stated in this Privacy Policy or to the extent determined by legal obligations. After that period, we will delete your personal data.

We will process personal data of job applicants during the application process. We will keep your personal data for 1 year for the purposes of informing you about interesting vacancies.

Retention periods for email communications depend on the nature of the messages. For example, if you make a request or a complaint, we will retain your message for two years after the request or complaint has been dealt with. Depending on the type of cookie, we will retain data collected through cookies for the duration of the session until two years thereafter.

With regards to your use of our applications, your account information and data associated with your account will be retained during the contractual relationship and for the subsequent 2 years, unless the right to be forgotten is exercised. Note that retention time is different when the application is used as part of a medical treatment.

Under privacy legislation, you have a number of rights regarding your data and its processing.

• Right of access. This is the right to ask us whether we have personal data about you and to inspect this data.
• Right of rectification. You can ask us to change incorrect or incomplete personal data.
• Right to be forgotten. In some cases, you have the right to have your personal data deleted by Qompium, for example, when your personal data is no longer needed for the purposes for which we obtained them.
• Right to restriction. This is the right to have less personal data processed or to stop the processing temporarily. You can request this, for example, if you have disputed the accuracy of your personal data.
• Right to data portability. If we process your personal data on the basis of an agreement or consent, you have the right to data portability. This is the right to receive your personal data from us, so you can forward this data to another party.
• Right of objection. You may object to the processing of your personal data. If your personal data is processed for direct marketing purposes or on the basis of the legitimate interests of Qompium, you may always object to the processing of your personal data.
• Withdrawing your consent. If you have given us your consent to the processing of your personal data, you may withdraw your consent at any time. This withdrawal does not affect the processing of your personal data before your consent was withdrawn.

We are not always obliged to grant your request(s). However, we will always respond to your request, at least within one month. Only in special cases may we take longer, but if so, we will always inform you of the progress.

You can contact the Data Protection Officer (dpo@fibricheck.com) with regard to questions related to the processing of their personal data and the exercise of your rights under the GDPR. We will be happy to assist you. 

Please note that you have the right to lodge a complaint with a supervisory body.

This Privacy Policy may be amended from time to time. The most recent version of the Privacy Policy can be found on our website. In the event of changes that may affect you significantly, we will endeavour to inform you immediately.