Website Privacy Statement

Date: 11 May 2021; version: 2.0

Our view

CarePay has the mission to give everyone the power to care by enabling mobile access to healthcare services. On our website, www.carepay.com, you can find information on the CarePay platform and other aspects of our business. We process personal data of visitors of our website as well as users of our platform. Processing personal data comes with responsibilities on privacy, confidentiality, access and consent, which we take seriously.

CarePay endorses and seeks to comply with applicable data protection laws. In the Netherlands, this is the Implementation Act of the General Data Protection Regulation (Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG)), which implements the European General Data Protection Regulation (GDPR). We observe the principles of the GDPR throughout the CarePay group while also observing local data protection laws. We design our services to be compliant with the GDPR and ensure we process personal data with a legal basis and in accordance with the processing purpose, while respecting your right to privacy.

Privacy Statement

Introduction
CarePay endeavours to process your personal data carefully, securely and confidentially. It is important to us that you have confidence in our organisation regarding the processing of personal data. This privacy statement is intended for visitors of the carepay.com website and provides information about the processing of personal data through this website. Information on how we process personal data of users of the CarePay platform and the services and products delivered via our platform is provided by another means, for example our country-specific platform privacy statement and platform terms of service.

What is personal data?
Personal data are all data which can be traced back to a person. Examples include your name, address, telephone number and account number. Where we can, we pseudonymise your personal information so that it is no longer directly traceable to you as a person.

Which personal data do we process and why?
We process your personal data to enable and enhance your use of our website. To know whether our website can be visited properly, which pages are visited and which errors occur, we monitor website traffic and process your actions on the website (using cookies), IP address, location information and details of your device, in each case in pseudonymised form. This way we can provide website visitors a seamless experience, update the website where necessary and expedite solving technical errors, while limiting the impact on your privacy.

Which parties process personal data for us?
CarePay engages the following third-party processors for the processing of personal data through on the website:

  • Webflow is the hosting party of our website, meaning Webflow processes the website data, including personal data.
  • Google Analytics processes your actions on the website in pseudonymised form to provide insights on how you use our website and enable us to improve the website and your user experience.

What is the legal basis for processing?
The legal basis we use to process your personal data on the website is the legitimate interest of CarePay to run and improve its website. We take the following measures to mitigate the impact on the privacy of the website visitor:

  • Where it is not important for us to know exactly who the website visitor is, we process visitor data in pseudonymised form.
  • We offer you the opportunity upon visiting the website to opt out of the processing of your personal data by Google Analytics.
  • We use processors who have privacy/security policies and offer a data processing agreement with standard contractual clauses safeguarding data privacy.
  • The processors may only process your personal data to support us in running our website.

Who is the data controller for the processing of personal data?
CarePay is the data controller for the processing of personal data through the website:

CarePay International B.V.
Paasheuvelweg 25
1105BP Amsterdam
The Netherlands


Do we share your data with other parties?
Your personal data will be treated confidentially and will only be processed for the purpose of running and improving our website. Where necessary for this purpose, we share the data with our third-party processors as described in this statement and with other CarePay group entities. All CarePay group entities apply appropriate safeguards using commercially reasonable efforts and are a party to a data sharing agreement with clauses safeguarding data privacy. CarePay is sometimes obliged to provide personal data pursuant to legal obligations, such as public investigations.

How do we protect your data?
We collect your data in the pseudonymized form as much as possible. We further use commercially reasonable efforts in applying various technical and organisational measures to prevent the personal data from being misused. These measures include for example the encryption of data and training our employees on data privacy.

Where is personal data processed and for how long?
The host of our website, Webflow, is based and processes data in the United States. Google Analytics processes data on their own servers in various locations.

Third-party websites and the internet
Our website may contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these websites or policies. The transmission of information over the internet is not completely secure. If you provide us with information over the internet, any transmission is at your own risk. However, once we receive your information, we use commercially reasonable efforts to prevent unauthorized access to your personal data.

YouTube
Our website may contain YouTube videos. Google (who owns YouTube) collects personal data from visitors on pages that contain these videos. That is why we only show these videos to visitors who have given consent to the processing of their personal data.

What rights do you have?
CarePay considers it important that website visitors can properly exercise their rights under data protection laws. In summary, you have the following rights:

  • The right of access: you have the right to see which of your personal data we process.
  • The right of rectification: if your personal data we process are not correct, you have the right to have them adjusted.
  • The right of erasure: if we no longer need your personal data for the purpose for which they were collected, you have the right to ask us to delete them. There are several exceptions to this, such as our obligation to retain certain data, for example for statutory legal or tax requirements.
  • The right to object: it is possible to object to the processing of your personal data, after which a balancing of interests will follow.
  • The right of restriction: during the period that we are in the process of determining whether your data should be rectified, determining the unlawfulness of data processing, determining whether data should be deleted or whether you have rightfully objected to the processing, you have the right to request a restriction of the processing.

How can you contact us and where can you file a complaint?
CarePay finds it important to have satisfied website visitors and platform users. If you have any questions on the way we process your data or your rights in this respect, or have a complaint or other remark related to your data, you can contact us via privacy@carepay.com. This will put you in contact with our Data Protection Officer who is appointed to safeguard compliance with the GDPR. When it comes to the protection of your personal data it is also possible to file a complaint with the supervisory authority, being the Data Protection Authority (Autoriteit Persoonsgegevens) (https://autoriteitpersoonsgegevens.nl/en). We would appreciate you contacting us first to give us the opportunity to address and solve your complaint.

Modifications to website and statement
CarePay may make changes to the website and its features and reserves the right to update this privacy statement accordingly. If the changes impact the processing of your personal data, we will inform you of such update upon your next visit to the website.