On this page you can read our Privacy Statement. Our explanation consists of three parts:
- Our privacy statement based on the GDPR
- Our Data Processing Agreement based on the GDPR
What is a cookie?
Using cookies makes Biocoherence Netherlands, among other things for you when visiting our site do not repeatedly receive the same information or to enter. We make browsing our website easier for you. In addition, we can see the contents of your shopping cart for you to remember. Also enables us to see how cookies are used and the website where we can improve it yet. We can not connect to a person the information obtained. The cookie statement explains what cookies Biocoherence Netherlands commitment to enable its online services.
Types of cookies
Cookies which are used by Biocoherence Netherlands can be divided into three types:
Functional and necessary cookies
Social media and external cookies
When you are logged into your social media sites (Facebook, Google, Twitter, etc.) and the Netherlands Biocoherence website has given permission for this category of cookies, you can make use of additional functionalities. Thinking, for example the simple information sharing via Facebook Like, Google+, Twitter, etc. For the cookies that places social media parties and the possible data they collect this, we refer to the explanations that these parties on their own websites about to give. Please note that these statements may change periodically. Biocoherence Netherlands has no influence on the statements of these parties.
The Privacy of your data
A number of terms follows below the legal description and where necessary explanation of that description.
Any information relating to an identified or identifiable natural person. This means that one has personal data as the information about a natural person and that person is identifiable. The latter means that a connection must be established between the relevant data and your identity as a person.
Handling Personal Data
Any operation or set of operations performed upon personal data, including in any case the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, together, associate with each other as co blocking, erasure or destruction of data. In short, it means that the processing of personal data concerning any act or series of acts together.
Any structured set of personal data, whether or not this data is centralized or dispersed on a functional or geographical basis, which is accessible according to specific criteria and relates to different people
The natural person, legal person or any other person either the governing body which alone or jointly with others determines the purposes of the means of the processing of personal data; summarizing thus it is the legal organization Biocoherence Netherlands BV which is responsible for determining the purposes and means of processing of Personal Data.
Person to whom Personal Data relate; this is everyone who provided information to Biocoherence Netherlands for example with the aim to login.
Any, other than the subject, the controller, or any person authorized under the direct authority of the controller or the processor to process personal data
The one to whom the personal data is provided.
Providing Personal Information
The disclosure or provision of Personal Information
Collection of Personal Information
Obtaining Personal Data
These Regulations apply to in Appendix A, attached to this Regulation, mentioned files of Personal Data, in accordance with Article 2 of the Data Protection Act, held by Biocoherence Netherlands BV, based in Zeewolde, obtained via www.biocoherence.eu, via e-mail or via an e-consult.
- Purpose of and conditions for the processing of Personal Data
Biocoherence Netherlands processes data and in particular Personal dat in a proper and careful manner and in accordance with the Law.
Biocoherence Netherlands collects personal data with a specified, explicit and legitimate purpose. You as a person gives unambiguouslyconsent to Biocoherence Netherlands BV for the processing of personal data, otherwise Biocoherence Netherlands BV will not process your Personal Information from you.
Biocoherence Netherlands processes Personal data only with explicit permission. This means that you as a person freely expressed your wishes. You consent to the processing of personal data solely as set out in Appendix A. Your consent is unambiguously demonstrated by ticking a box at the contact page, several life style analysis forms and online questionnaires in which you declare to agree to the terms. This consent may be revoked by sending an e-mail to Biocoherence Netherlands. Biocoherence will then remove the data.
Biocoherence Netherlands BV distinguishes personal data in general and medical data. General Personal data, include name, address, date of birth, etc., in the broadest sense of the word. Personal medical data relate to health.
General information is processed by Biocoherence Netherlands BV with the objective to enable a login procedure so that the visitor can get acces to a personal part of the site. In this section the visitor can handle his own Personal Information; more specifically: capture, edit and consult. In addition, these data are used to invoice the Receiver for the services of Biocoherence Netherlands BV.
Medical Personal data are in some services, such as lifestyle analysis, provided by the individual visitor to the consultant with a view to a receiving good answer to the question of the person concerned. Moreover Biocoherence Netherlands BV, according to the Civil Code, Book 7, Title 7, Section 5 concerning the agreement on medical treatment, is held to maintain and retain for the minimum of ten years. This law applies only to those services Biocoherence Netherlands BV of services that can be regarded as a medical treatment. These services are described in Appendix C.
- The way Personal Data are processed
The information processed Biocoherence Netherlands BV are not excessive, quite adequate and relevant for the target (described in Appendix A).
Biocoherence Netherlands BV is as Responsble within the meaning of the Act responsible for the proper functioning of the files and the processing of personal data. The activities of Biocoherence Netherlands BV with respect to the Personal Information is limited by these regulations. If Biocoherence Netherlands BV as Responsible permits another Third party, the processing of personal, the name of that party will be described in Appendix B.
Biocoherence Netherlands BV is responsible for the proper functioning of the facilities under his management. To this end the necessary measures have been taken with regard to security of hardware and software in the broadest sense, with which the processing of personal data is performed. The relevant measures are in Biocoherence Netherlands as responsible to be view. This concerns the provisions of a technical and organizational nature, tto protect the security of the files from loss or degradation of personal data and against unauthorized disclosure, modification or securing the provision of such data.
- Informing People Involved
As a visitor of the website of Biocoherence Netherlands should be able to ascertain what happens with the information you have provided. This information described in Appendix A. This Regulation sets out the legally required information concerning the responsblie party and the purpose of the data processing.
Under the GDPR, you as a data subject have the right to inspect the files of your data and a description of the purpose of the data and what types of data are processed. The latter information can be found in Appendix A.
Through the hyperlink “Privacy Information ” on all pages of the website of Biocoherence Biocoherence Netherlands BV Netherlands communicates with the visitor how the processing of personal data by Biocoherence Netherlands BV occurs. The relevant Privacy Statment can be viewed by means of a reference to the site and can be printed if desired. Any additional relevant information can be obtained by e-mail requests.
- Destruction of Personal Information
The visitor has as involved person, the right to destroy his personal data. He can make this clear to Biocoherence Netherlands by e-mail. Biocoherence Netherlands is then responsible for destruction in accordance with the Medical Treatment Contract Act, Civil Code, Book 7, Title 7, Section 5. This law states that medical records, according to Article 455 within three months of the request must be destroyed.
If a visitor as Person Involved is of the opinion that the provisions of these Regulations, the Data Protection Act or the Act are not complied with by the Medical Treatment Agreement, he must inform Biocoherence Netherlands BV as responsible within the meaning of the Act. If this does not lead to an acceptable result, the Person Invloved has the following options:
- Submit a complaint to the Data Protection Authority. This Board may, after examination by an administrative order and even a penalty, dedicate Biocoherence Netherlands BV to undo the offense;
- It is also possible to submit a petition to the Court to undo the erroneous decisions of Biocoherence Netherlands.
- Duration of the processing of Personal Data
Without prejudice to any legal provisions, these Regulations are in force as long as there is personal data processing by Biocoherence Netherlands BV. For medical data, the time is, according to the Law on Medical Treatment Contract at least ten years.
- Amendments to the Regulations
Amendments to the Statement made by the Responsible ie Biocoherence Netherlands BV. These changes will be in effect four weeks after they have been announced.
- Entry, inspection and copies
These Regulations came into force on April 25, 2018 at the offices of Biocoherence Netherlands BV and can be viewed on the site of www.biocoherence.eu. Via this website a print can also be obtained.
Scope: This Appendix according to Article 4 of Privacy Statement of Biocoherence Netherlands BV, based in Zeewolde, is an integral port of that Statement.
Purpose of the Processing of Personal Data
General Personal Data
The General Personal data are processed by Biocoherence Netherlands BV with the objective to enable a login procedure so that the visitor can handle his own Personal Information; more specifically: capture, edit and consult. These are the details: username and password (both by the visitor establish itself) and the email address of the visitor.
Secondly, General Personal data are processed by Biocoherence Netherlands BV under the performance of a contract. These include data required to enable payment. These data are: name, surname, address including zip code, telephone number, or bank account or postal account number or credit card type and number (choice depends on the method of payment).
Thirdly, Peneral Personal data are processed by Biocoherence Netherlands BV with the objective to carry out statistical research focused on improving the service. See below for additional information about this investigation. These data are: age, gender, zip code area, place of residence, name.
Fourth, Biocoherence Netherlands BV processes General Personal data for sending the e-mail newsletter. This is: the name and email address of the visitor who wishes to receive the newsletter.
Medical Personal Data
Medical Personal data are provided to Biocoherence Netherlands by the person involved to allow proper analysis. At Biocoherence Netherlands BV this refers to the online questionnaires, lifestyle analysis and the e-consult.
The General Medical and Personal Information may be used after anonymizing for research to improve the services of Biocoherence Netherlands. These include the following types of research:
Personal anonymous groups of people in which the individual visitor is not recognizable or traceable, can be used to analyze the visit of the site with the aim to better serve the visitor.
General and medical anonymous Personal groups can be used for scientific research, the quality and efficiency of care, such as the efficacy of intervention. Furthermore, the results of such research can be used in education to the layman and training of professionals.
Collection of General Medical and Personal make it possible to provide targeted information to individual visitors who have requested to receive such information. These additional information relating to the complaint and the clinical picture of the relevant visitor or recommended him medical treatment including medication and other products.
Scope: This Appendix according to Article 5 of the Privacy Statement of Biocoherence Netherlands BV, based in Zeewolde, is an integral port of that Statement.
Description of Processor
Biocoherence Netherlands BV is responsible for collecting the Personal Data. Biocoherence Nederland uses the following Third Parties: Mollie, Paypal, Sendcloud, Mailchimp, NFFA, Firstbeat, WHL, ARL.
Scope: This Appendix according to Article 4 of the Privacy Statement of Biocoherence Netherlands BV, based in Zeewolde, is an integral port of that Statement.
The services of Biocoherence Netherlands BV that can be regarded as a medical treatment, are the following services:
- the e-consult.
- email to firstname.lastname@example.org. Strictly spoken is answering all of them no medical treatment. Biocoherence Netherlands, however, has decided to adopt in dealing with the legal obligations that apply to the processing of personal data.
Zeewolde, April 25, 2018
(1) Customer, the natural or legal person, the joint ventures without legal personality, as well as his representative and authorized representative, who have entered into or wish to conclude an Agreement with Biocoherence Nederland, hereinafter referred to as “Customer” or “Processing Manager“; and
(2) Biocoherence Nederland, trading under the name BIOCOHERENCE registered with the Chamber of Commerce under number 32117431, hereinafter referred to as: “Biocoherence Nederland” or “Processor“; and hereinafter referred to collectively as: “Parties”
taking into account that:
- Parties have entered into an ‘agreement’ for the use and purchase of services of Biocoherence Nederland;
- The execution of the services may lead to Biocoherence Nederland having access to Personal Data and these Personal Data will be processed without being directly subject to the Client’s authority;
- The Client determines the purpose and the means of the processing of personal data and is therefore qualified as the Processing Manager within the framework of this Agreement;
- Biocoherence Nederland processes personal data for the benefit of the Processing Manager under the agreement, on the basis of which Biocoherence Nederland is qualified as a Processor;
- The Parties have laid down the conditions as well as the reciprocal rights and obligations regarding the processing of the Personal Data by the Parties by means of this Data Processing Agreement;
- The provisions of this Data Processing Agreement apply to all processing of Personal Data in the execution of and during the term of the Data Processing Agreement.
declare the following to be agreed:
- The person concerned is a natural person to whom a Personal Information relates.
- Special Personal Data are Personal Data as referred to in Article 9 paragraph 1 GDPR.
- Data breach is a breach of security that results in the destruction, loss, modification or unauthorized disclosure of or unauthorized access to Personal Data.
- Service is the service to be provided by the Processor under the agreement.
- Agreement is the acceptance of the delivery conditions of Biocoherence Nederland by the controller.
- Parties are the undersigned of this Data Processing Agreement.
- Personal data is any information concerning an identified or identifiable natural person that is or will be processed by Data Processer in any way whatsoever within the framework of the agreement.
- Sub Processor is a party that processes Personal Data on the instructions of Processor.
- Processer is the party that processes personal data for the benefit of the Processing Manager.
- Data Processing Agreement is the present agreement.
- Processing manager is the party that determines the purpose and means of a Processing.
- Processing is any action or whole of actions relating to Personal Data.
- Data processing (purposes)
2.1. The Processor agrees to process Personal Data on behalf of the Processing Manager under the conditions of this Data Processing Agreement. The Processor will process the Personal Data in a proper and careful manner and in accordance with the GDPR and other applicable laws and regulations concerning the processing of personal data. Biocoherence Nederland distinguishes the Personal Data in General and Medical data.
General Personal Data are name and address details, such as name, address, date of birth and the like, in the broadest sense of the word. The medical data are Personal Data concerning health.
General Personal Data are processed by Biocoherence Nederland with the aim of processing the General Personal Data in order to enable financial compensation of the services of Biocoherence Nederland.
Medical Personal Data are provided by the individual visitor to the care provider for certain services, for example the e-consultation, also known as the online consultation, in order to answer the question of the person concerned. Moreover, according to the Dutch Civil Code, book 7, title 7, section 5 concerning the agreement on medical treatment, Biocoherence Nederland is obliged to keep this information for at least ten years. This law applies exclusively to those services of Biocoherence Nederland that can be considered as medical treatment.
2.2. The Processing Manager guarantees that, with regard to the Personal Data that it provides to the Processor, he has complied with all applicable laws and regulations in the area of protection of personal data and that this legislation and regulation allows the Personal Data to be provided to the Processor and that the Personal data are processed by Processor.
2.3. If and to the extent that the Processing Manager becomes the processor at any time and as a result the Processor takes the role of sub-processor, then the Processing Manager guarantees that the agreements with Processer in the role of sub-processor contain at least the same rights for the sub-processor as agreed in this Data Processing Agreement for the Processor.
2.4. Processer processes the Personal Data in a proper and careful manner and only to the extent necessary to deliver the Service from the agreement to the Processing Manager. The Personal Data provided to the Processor and which may be processed for the execution of the Service are described in Appendix 1.
2.5. Processer will only process the Personal Data in commission and according to the instructions of the Processing Manager. The Processer will not process the Personal Data for his own or other purposes and / or provide it to third parties, except for obligations imposed by the Processor. If the Processor processes the Personal Data on the basis of an imperative legal obligation, the Processor informs the Processing Manager of the legal requirement prior to the processing, unless that legislation prohibits this notification for important reasons of general interest.
2.6. Processer shall not store Personal Data made available to it in the context of the agreement for longer than agreed (i) for the execution of the agreement and this Data Processing Agreement; or (ii) to comply with a legal obligation on him. If the Processor processes the Personal Data on the basis of an imperative legal obligation, the Processor informs the Processing Manager of the legal requirement prior to the processing, unless that legislation prohibits this notification for important reasons of general interest.
2.7. The Processor stores and processes anonymized personal data for statistical purposes.
2.8. In the processing of the Personal Data, the Processor will observe all applicable laws and regulations and the applicable codes of conduct regarding the protection of Personal Data.
- Security and duty to report data breach
3.1. The Processor declares that it has taken, maintained and, if necessary, to take appropriate technical and organizational measures to protect the Personal Data against loss, falsification, unauthorized distribution or access, or any other form of unlawful processing. Storage of Personal Data takes place on secure servers within the EEA.
3.2. The Processor ensures that his (own or hired) employees who are involved in the processing of the Personal Data, know the obligations of the Processor included in this Processing Agreement and are obliged to comply with them.
3.3. In the case of a presumed (e) or actual (e) (i) Data breach; (ii) violation of security measures; (iii) breach of the confidentiality obligation or (iv) loss of confidential data, the Processing Manger will inform the Processing Manager as soon as possible, but no later than within 48 hours after the first discovery of the incident, via the contact details of the Processing Manager known to Processor. The processor will in any case provide information about (i) the nature of the incident or data breach, (ii) the (possibly) affected (personal) data, (iii) the determined and expected consequences of the incident or data breach on the (personal) data, and (iv) the measures that the Implementer has taken and will take.
3.4. Processer shall take all reasonably necessary measures to prevent or limit (further) unauthorized access to, alteration, provision or otherwise unlawful processing and to terminate a breach of security measures, violation of the confidentiality obligation or further loss of confidential data and in the future to prevent, without prejudice to any right of Processing Manager to compensation or other measures. This provision applies to incidents at the Processer and any Sub-processors.
3.5. At the request of the Processing Manager, the Processor will cooperate in informing the competent authorities and the Person (s) concerned. The processor and his sub-processors are not authorized to independently inform the competent authorities, and / or the person concerned.
3.6. The Processor has agreements with Sub Processors about reporting incidents to the Processor, which enable the Processor and Processing Manager to comply with obligations in the event of an incident as described in Article 3, paragraph 3. These agreements must in any case include the obligation that the Sub-processors will inform the Processer immediately, but no later than 24 hours after the first discovery, about an incident as described in Article 3, paragraph 3, and at the request of the Processing Manager will cooperate to inform the competent authorities and the person(s) concerned.
4.1. The processor is obliged, unless otherwise required by law and / or a court order, to keep the Personal Data confidential and not to make them available directly or indirectly to third parties.
4.2. The processor shall ensure that his employees and any third parties who necessarily need to be aware of the Personal Data are bound by and comply with the confidentiality obligation included in this article.
4.3. Processer will immediately inform the Processing Manager of any request for access, provision or other form of retrieval and communication of the Personal Data.
- Use of Sub Processors
5.1. The Sub Processor gives permission to Processor to use Sub Processors for the processing of the Personal Data. This is the case for analysis of samples at specialized companies. If it is intended to engage new Sub Processors or if changes can occur, then the Processor will inform the Processing Manager about this so that it can object to this intention.
5.2. The processor ensures that the relevant sub-processor performs his duties in a proper and careful manner and in accordance with the GDPR and other applicable laws and regulations concerning the processing of personal data.
5.3. In the relationship between parties, the Processor always remains the point of contact for the Processing Manager. The permission given by the Processing Manager does not affect the responsibility and liability of the Processor for the fulfillment of the Data Processing Agreement. If the Sub-processor fails to fulfill his obligations, the Processor will remain fully liable towards the Processing Manager for the fulfillment of the obligations of that Sub-processor.
6.1. The party responsible for processing has the right to check compliance with the provisions of this Data Processing Agreement once every calendar year, after prior written notice, with an explanation of the scope and the control process, and with due observance of a term of thirty working days.
6.2. The processor will cooperate and provide all information relevant to the inspection in a timely manner.
6.3. The processor may, after consultation with the Processing Manager, choose to replace the inspection with a Third-Party Declaration.
6.4. The persons carrying out an inspection at the Processing Company must conform to the security procedures as they apply to the Processor. An inspection may not unnecessarily disrupt the operations of the Processor.
6.5. The Processing Manager bears the costs of the inspection, including the costs of the employees of the Processor who supervise the inspection. If the inspection shows that the Contractor has seriously and materially failed to comply with this Data Processing Agreement, the costs of the inspection will be charged to the Processor.
6.6. The Processor is aware of the independent control powers of the Dutch Data Protection Authority and any other supervisors under whose supervision the Controller is responsible and will give these supervisors access and cooperate in an investigation with regard to the Personal Data processed on the basis of the agreement.
- Rights of data subjects
7.1. The Processor assures the Processing Manager, taking into account the nature of the processing and, to the extent possible, assistance to comply with the obligations under the GDPR or other applicable regulations, in particular the rights of data subjects, such as a request for inspecting, improving, supplementing, removing, foreclosing or transferring personal data and for performing a registered objection.
7.2. If a data subject wishes to exercise one or more rights in such a way that the Service that the Processor delivers to the Processing Manager, the Processing Manager may request the Processor to assist in this. Such requests must be clearly stated. Biocoherence Nederland applies a maximum response time of 15 working days for such requests. The costs to be incurred by Processor for such requests are invoiced to the Processing Manager at the usual hourly rate from Processor.
7.3. If a person concerned reports directly to Biocoherence Nederland to exercise one or more rights, Biocoherence Nederland immediately refers this person to the Processing Manager.
- Transfer and destruction of data
8.1. Upon termination, dissolution or cancellation of this Data Processing Agreement, on any grounds or method, the Processor will voluntarily:
- to make all personal data available to the Processing Manager in the manner and in the format that the Controller in all reasonableness wishes,
- immediately stop processing of the Personal Data,
- make all documents in which the Personal Data are recorded available to the Processing Manager, and
- permanently delete all Personal Data stored electronically according to the choice of Processing Manager from all data carriers, or insofar as permanent removal of the data carrier is not possible, destroy the data carriers, unless storage of (certain of) the personal data is EU law or Member State law is obliged.
8.2. At the request of the Processing Manager, the Processor will confirm to the Processing Manager in writing that the Processor has fulfilled all obligations under this Article.
8.3. Processer is at all times obliged to, at the request of the Processing Manager, destroy all copies and copies of the information generated by the Processing Manager and / or made within the framework of the agreement with respect to the Processing Manager within the reasonable term determined by the Processing Manager.
8.4. Processors may deviate from the provisions in the previous paragraphs, insofar as a legal (storage) term applies to the Personal Data or insofar as this is necessary in order to be able to prove compliance with its obligations towards the Processing Manager.
8.5. The costs incurred by the Processor as a result of the destruction and / or transfer of (personal) data are for the account of the Processor.
- Duration, termination and change
9.1. This Data Processing Agreement is an addition to the Terms of Delivery of Biocoherence Nederland and has the same term as the agreement and ends as soon as the agreement ends.
9.2. The provisions of this Data Processing Agreement shall continue to apply to the extent necessary for the settlement of the rights and obligations under this Data Processing Agreement.
9.3. Amendments to this Data Processing Agreement are only valid if agreed between the Parties in writing.
- Final provisions
10.1. If the provision in the Delivery Terms and Conditions conflicts with the provisions of the Data Processing Agreement, the provisions of the Data Processing Agreement shall prevail.
10.2. Unless stipulated otherwise in the agreement, Dutch law applies to this Processing Agreement.
10.3. All disputes arising from or related to this Data Processing Agreement will only be submitted to the competent court in Utrecht.
Appendix 1. Categories of Personal Data
The categories of Personal Data that are provided to the Processor and that may be processed for the execution of the Service are described below.
Performing lifestyle and health analysis, advising health professionals and selling food supplements:
- Sale of these services via the webshop.
- the online consultation.
- an e-mail message to Biocoherence Nederland. Strictly speaking, the answer to this is not a medical treatment and can not be regarded as processing personal data. Biocoherence Nederland has, however, decided to apply the legal obligations that apply to the processing of personal data.
General Personal Data
The general Personal Data are processed by Biocoherence Nederland as execution of an agreement. This concerns data that are required to make payments possible. It concerns the data: first name, last name, address including postcode, telephone number, bank account or bank account number, or credit card type and number (choice depends on the method of payment).
Second, general Personal Data are processed by Biocoherence Nederland with the aim of conducting statistical research aimed at improving the service. See also below the additional information about that research. It concerns the data: age, gender, postal code area, profession, and possibly health care insurer and type of insurance.
Third, Biocoherence Nederland processes general Personal Data for the purpose of sending the e-mail newsletter. It concerns the name and e-mail address of the visitor who wishes to receive the newsletter. Storage period: 10 years.
Medical Personal Data
Medical Personal Data are provided to the Processor in the context of a medical treatment by the Processing Manager to enable proper analysis. At Biocoherence Nederland this concerns online questionnaires, data for executing lifestyle and health analysis, and the on-line consultation. Storage period: 10 years.
The General and Medical Personal Data can be used after an anonymisation for research to improve the services of Biocoherence Nederland. This includes the following types of research:
- Anonymous Personal Data of groups of people where the individual visitor is not recognizable or traceable, can be used to analyze the visit of the site with the aim of better service to the visitor. Storage period: 26 months.
- General and medical anonymised personal data of groups of people can be used for scientific research, the quality and efficiency of the provided care, for example the specific supplements, effectiveness of the intervention and the like. Furthermore, the results of such research can be used in informing the layman and further training of professional care providers. Storage period: 10 years.
The collection of General and Medical Personal Data makes it possible to provide specific information to the individual visitor who has indicated that he wishes to receive such information. This concerns additional information relating to the complaint and the clinical picture of the visitor concerned or the medical treatment recommended to him, including medication and other products. Storage period: 10 years.
Zeewolde, April 25, 2018