Privacy Policy

1. Controller

Premedi B.V., registered at the Chamber of Commerce under number 87654321, is the controller within the meaning of the General Data Protection Regulation (GDPR/AVG) for the processing of your personal data.

Address: Keizersgracht 123, 1015 CJ Amsterdam Email: privacy@premedi.nl Phone: +31 (0)20 123 4567

2. What data we process

We process the following categories of personal data:

Personal details: name, date of birth, gender, address Contact details: email address, telephone number Health data (special category): blood test results, physical measurement results, medical history relevant to the examination Account data: login credentials, portal usage data Payment data: transaction details (processed securely via our payment provider) Technical data: IP address, browser type, session data

3. Purposes and legal basis

We process your personal data for the following purposes:

(a) Providing our services — Legal basis: performance of an agreement Performing health examinations, preparing medical reports and making these available in your portal.

(b) Medical file obligation — Legal basis: legal obligation We are required by the Medical Treatment Contracts Act (WGBO) to keep a medical file for 20 years.

(c) Improvement of our services — Legal basis: legitimate interest Anonymous analysis of usage patterns to improve our service quality.

(d) Communication — Legal basis: consent or legitimate interest Sending results, reminders and informational newsletters (only with your permission).

4. Health data

Your health data is special personal data. We process this data with the greatest care and only for the following purposes:

Performing the requested health examination Making the medical report available to you Consultation between healthcare providers involved in your care Legal obligation (WGBO file obligation)

We do not share your health data with third parties for commercial purposes. Your data is never sold.

5. Sharing with third parties

We share your personal data only in the following situations:

Service providers: our ICT providers, laboratory partners and payment processors. These parties are contractually obligated to handle your data confidentially (processor agreements).

Legal obligations: if we are legally required to share data, for example at the request of a government authority.

With your consent: if you give explicit permission for a specific sharing, for example when requesting a second opinion.

We do not share data with advertisers or data brokers.

6. Storage period

We store your data for the following periods:

Medical file (WGBO): 20 years after the last treatment Account data: 2 years after the last login Payment data: 7 years (legal obligation) Marketing emails: until you unsubscribe

After the storage period, data is anonymised or securely deleted.

7. Security

We implement appropriate technical and organisational measures to protect your data:

Encryption in transit (TLS 1.3) and at rest (AES-256) Two-factor authentication for the portal Storage in ISO 27001 certified Dutch data centres Regular security audits and penetration tests Access limited to authorised staff on a need-to-know basis

8. Your rights

Under the GDPR you have the following rights:

Right of access: you can request an overview of your personal data Right of rectification: incorrect data can be corrected Right of erasure: you can request deletion of your data, unless a legal obligation prevents this Right to data portability: you can receive your data in a machine-readable format Right to restriction: you can request that processing be restricted Right to object: you can object to processing based on legitimate interest

To exercise your rights, send an email to privacy@premedi.nl. We will respond within 30 days. You also have the right to file a complaint with the Dutch Data Protection Authority (AP): www.autoriteitpersoonsgegevens.nl

9. Changes to this privacy policy

We may update this privacy policy from time to time. We will notify you of material changes via email or a notification in the portal. The current version is always available on this page.

Last updated: January 2025

Contact our privacy officer at privacy@premedi.nl or view our other legal documents: Terms and conditions · Cookie policy