PRIVACY POLICY APPOINTMENT PORTAL TESTING FOR JOURNEY

1. GENERAL

2. OUR IDENTITY AND ROLE

3. WHAT PERSONAL DATA DO WE COLLECT, HOW DO WE COLLECT THIS PERSONAL DATA AND WHY?

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

5. WHERE DO WE STORE YOUR PERSONAL DATA?

6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

7. HOW DO WE PROTECT YOUR PERSONAL DATA?

8. YOUR RIGHTS

9. CONTACT US

1. GENERAL


Covid Consult is part of MAS Medisch Consult and Marlisa B.V. Marlisa B.V. handles your personal data with care. In the general privacy statement, Marlisa B.V. an explanation thereon. The Marlisa B.V. privacy statement can be found here.

In this privacy policy for Testenvoorjereis.nl we explain how we handle the personal data that we process when you use the Testenvoorjereis appointment portal. Changes to this privacy policy will be announced on the appointment portal website. This privacy policy was last updated on July 1, 2021.

2. OUR IDENTITY AND ROLE

You can make an appointment with a connected test provider via the appointment portal. We are not responsible for the processing of your data by test providers. This privacy policy does not apply to the data processing by the test providers. Information about how test providers handle your personal data can be found in the privacy statement of your test provider.

3. WHAT PERSONAL DATA DO WE COLLECT, HOW DO WE COLLECT THIS PERSONAL DATA AND WHY?

We process your personal data to enable you to make an appointment with an affiliated test provider and to answer any questions you may have about the appointment made or to resolve any errors.

The data that we process from you are:

• first and last name and prefixes
• date of birth
• e-mail address
• telephone number
• appointment details, such as when the test will be administered and the test location and type of test

The test provider will ask you to fill in the following information after taking the test (your test location, your test type (PCR or Antigen), your phone number, and the date and time the test was performed). This data is used to check whether the test provider complies with the (financial) agreements made with the Ministry of Health, Welfare and Sport about the compensation that the test provider receives from VWS.

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In order to enable you to make an appointment with an affiliated test provider, we share the appointment data with a test provider. We may also use external ICT service providers, who process personal data on our behalf and under our responsibility.

5. WHERE DO WE STORE YOUR PERSONAL DATA?

We store your personal data in the Netherlands or another country within the European Economic Area (“EEA”).

6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We store the data you provide in the appointment portal for a maximum of 48 hours. However, we can keep your personal data for longer if this is necessary in the context of an ongoing procedure or (impending) disputes.

7. HOW DO WE PROTECT YOUR PERSONAL DATA?

We have taken measures for a reliable, proper and careful handling of your personal data.

Personal data is treated confidentially. This means that we ensure that only persons with the correct powers and a duty of confidentiality can process your data.

Personal data is appropriately secured. In doing so, we at least follow the regulations and standards of the central government for information security.

Marlisa B.V. has made agreements about security measures with external parties such as software suppliers and data centers and Marlisa B.V. checks whether external parties comply with these agreements.

8. YOUR RIGHTS

These are the laws that apply when you request a test to receive a certificate as part of Testenvoorjereis:

• the General Data Protection Regulation (EU) 2016/679 (GDPR), including Article 6 and Article 9
• the Public Health Act
• Regulation (EU) 2021/953 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable COVID19 vaccination, testing and recovery certificates (EU-COVID digital certificate) in order to to facilitate free movement during the COVID-19 pandemic, OJEU 2021 L211/1, of 15.6.2021.
• the Temporary emergency scheme DCC

You have the right to request us to view your personal data or to correct or supplement it. Sometimes you can also request us to delete your personal data, to restrict its processing or to exercise the right to data portability. Sometimes you can also object to the processing for reasons related to your specific situation.

A more detailed description of the other rights can be found below and can be found in Chapter III of the GDPR:

1 Right of access
You can request us to access your personal data and certain other information.

2 Right to rectification
You have the right to have your personal data corrected if they are incorrect or incomplete.

3 Right to erasure
You can request us to delete or remove your personal data under certain circumstances.

4 Right to restriction of processing
In certain circumstances you have the right to block the further use of your personal data. Where there are restrictions on the processing, we may still store your personal data, but not further use it.

5 Right to data portability
In certain circumstances you have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable form.

These rights under the GDPR are not absolute. Circumstances may arise in which we will not (fully) comply with your request because an exceptional ground from the GDPR or from the Implementation Act of the General Data Protection Regulation applies. This could include a situation in which a limitation of your right is necessary to properly protect the rights and freedoms of others.

A request to exercise your rights can be sent to info@covidconsult.nl. We may then ask you for additional proof of your identity to ensure that the request was made by you.

You always have the right to lodge a complaint with the data protection supervisor if you believe that we are not processing your personal data in accordance with the GDPR. In the Netherlands, the data protection authority is the Dutch Data Protection Authority.

9. CONTACT US

If you have any questions or complaints about the processing of your personal data, please contact us via info@covidconsult.nl