In this Privacy Statement, the following terms shall have the following meanings:
‘MEDBOOK’, ‘We’ and ‘Us’: IMENGINE B.V.B.A., a private limited company, with registered office at Tiensevest 43, B-3010 Leuven, registered under the company number 0871.378.813.
‘Web Application’: The Medbook Software as a Service (SaaS) application as developed and provided by MEDBOOK and which can be accessed via the Websites.
‘Direct User(s)’: concerns any natural or legal person who has obtained a license to the Web Application and is therefore in a direct contractual relationship with MEDBOOK, including, but not limited to: higher education institutions, professional associations, European organizations, health care professionals (e.g. doctors, nurses and surgeons), students who are no longer attached to an educational institution and alumni;
‘Indirect User(s)’: refers to any natural person who gains access to the Web Application through a Direct User and in that context discloses personal data to MEDBOOK, including but not limited to: students and trainers attached to an educational institution and personnel of a Direct User.
‘User(s)’: the Direct Users and the Indirect Users are jointly referred to as the "User" or "Users".
Every User discloses a certain amount of personal data. The personal data is information which allows us to identify you as a natural person, regardless of whether we actually do this. You are identifiable as soon as it is possible to create a direct or indirect link between one or more personal data and you as a natural person.
Every reference in this Privacy Statement to the ‘GDPR’ is a reference to the Regulation of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation). We only use and process your personal data in accordance with the GDPR and any replacement legislation, or any similar regulation under any applicable law, and any regulatory requirements or codes of practice governing the use, storage or transmission of personal data.
Through this Privacy Statement, every User is informed of the processing activities MEDBOOK may carry out with his or her personal data. MEDBOOK reserves the right to modify this Privacy Statement at all times. Every substantial change will be clearly communicated towards the User. We advise you to consult this document regularly.
MEDBOOK is responsible for the processing of the personal data of Direct Users. MEDBOOK decides alone or in cooperation with others which personal data of Direct Users is being collected as well as the purposes and the technical and organisational means with regard to the processing of these personal data. As a consequence, MEDBOOK is a ‘data controller’ within the meaning of the GDPR towards Direct Users.
The Direct User acknowledges that he acts in the capacity of data controller with regard to any third-party personal data he uses or submits in or through the Web Application. The Direct User decides alone which personal data of third parties (including, but, not limited to personal data of Indirect Users) is being collected, without interference from or control by MEDBOOK. In this context, the Direct User understands that MEDBOOK acts as a mere data processor.
MEDBOOK is free to rely on data processors. A data processor is a natural or legal person who processes personal data upon request and on behalf of the data controller. The data processor is required to ensure the security and confidentiality of the personal data. The data processor shall always act on the instructions of the data controller.
MEDBOOK relies on the following categories of "data processors" for the processing of personal data of Direct Users:
MEDBOOK has carefully selected the abovementioned data processors. The selected processors offer all the adequate guarantees with regard to technical and organizational security measures regarding the processing of the personal data of Direct Users.
In accordance with the GDPR we process personal data of Direct Users on the following legal grounds:
MEDBOOK commits to only collect and process personal data of Users in a way that is adequate, relevant and limited to what is necessary for the purposes for which they are processed. The following categories of personal data are processed by MEDBOOK
This personal data is collected at the time of your registration on the Web Application and when you use our services. This personal data is necessary for the provision of MEDBOOK services. The amount of personal data collected depends on your use of the Web Application and the functionalities of the Web Application.
MEDBOOK also collects anonymous data via the Web Application, i.e. technical data that is used solely for internal purposes to obtain an image of user navigation on the Web Application.
We do not, under any circumstances, collect sensitive personal information, such as information about your race, political opinions, health, religious or other beliefs, sexual orientation, etc.
The Users provide the personal data to MEDBOOK themselves and therefore retain a certain degree of control. When certain data is incomplete or apparently incorrect, MEDBOOK has the right to postpone some expected actions temporarily or permanently. The User’s personal data on his/her user account is in a limited extent, visible to other Users, depending on the individual settings of the User.
MEDBOOK collects your personal data for the sole purpose of offering every User a safe, optimised and personal user experience of our Web Application and the offered services. The collection of personal data becomes more extensive as the User makes more intensive use of our Web Application and our online services. MEDBOOK reserves the right to suspend or cancel certain operations if certain personal data is missing, incorrect or incomplete.
MEDBOOK commits to solely process your personal data for the following internal purposes:
The User provides the personal data to MEDBOOK himself and therefore retains a certain degree of control. When certain personal data is incomplete or apparently incorrect, MEDBOOK has the right to postpone some expected actions temporarily or permanently.
Your personal data is processed for internal use within MEDBOOK only. Your personal data will not be sold, passed on or communicated to any third parties, except in case you have given us your explicit prior consent, or to the extent that this is necessary for the performance of our agreement with you or because we are legally obliged to do so.
As a resident of the European Economic Area, a transfer of your personal data outside the European Economic Area (EEA) can only take place to countries that the Data Protection Authority in Belgium has found to provide the same adequate level of protection or, if this is not the case, to the extent that MEDBOOK has made the necessary contractual arrangements, taking into account the standard provisions as imposed by the Data Protection Authority in Belgium, to ensure that your personal information receives an adequate level of protection.
In certain cases, a User may export data that he has uploaded to the Web Application. Any transfer of this exported data to a third party will always take place under the sole responsibility of the User.
Your personal data is stored as long as necessary to achieve the purposes pursued. We keep a record of your personal data, as long as your account is active or when your personal data is necessary to offer you a service. Your personal data will be erased from our database as soon as they are no longer necessary for the purposes pursued or if you validly exercise your right to erasure.
Your personal data is always processed for the legitimate purposes explained in section 6. They are collected and processed in an appropriate, relevant and non-excessive manner, and are not kept longer than necessary to achieve the intended purposes.
MEDBOOK has reduced the risks of accidental or unauthorized destruction or accidental loss, alteration of, access to your personal data and any other unauthorized processing of your personal data to a minimum. This does not mean that all risks are excluded. MEDBOOK will immediately take all possible measures to limit damage or theft to a minimum in case of a security breach.
If you can prove your identity, you have the right to obtain information about the processing of your personal data. Thus, you have the right to know the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data is transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your personal data.
Inaccurate or incomplete personal data may be corrected. It is primarily the responsibility of the User to make the necessary changes in his "user area" himself, but you can also request us in writing.
You also have the right to obtain the erasure of your personal data under the following assumptions:
The deletion of personal data is mainly related to visibility; it is possible that the deleted data is still temporarily stored.
In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the personal data, if the personal data is necessary in the context of legal proceedings or the time required to MEDBOOK to verify that you can validly exercise your right to erasure.
You have the right to object at any time to the processing of your personal data. MEDBOOK will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.
You have the right to obtain any personal data which you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.
You may withdraw your consent to the processing of your personal data at any time.
If you wish to exercise your rights, you must send a written request and proof of identity by registered mail to MEDBOOK, Tiensevest 43, B-3010 Leuven, Belgium or by email to firstname.lastname@example.org. We will respond as soon as possible, and no later than one (1) month after receipt of the request.
If you have any comments or complaints about the way in which we handle your personal data, we ask you to report them to us first. In this way, we can reach an amicable solution by mutual agreement.
If, after this notification, you are still not satisfied with the processing of your personal data by MEDBOOK, you have the right to lodge a complaint with the competent Data Protection Authority (for Belgium: https://www.dataprotectionauthority.be/).