Qompium nv (we), located at Corda Campus, Kempische Steenweg 303/27 in Hasselt (BE-3500) is a digital health company that aims to empower healthcare professionals, patients and individuals with accurate, reliable, and timely diagnosis and prediction information, thereby improving patient outcomes and reducing healthcare costs.
We are committed to treat every form of information that allows you to (in)directly identify yourself as a natural person, per the definition of personal data in the GDPR, properly. We are convinced that personal data entrusted to us must be handled with utmost care and in a transparent manner. To reinforce this statement, we appointed a Data Protection Officer (DPO) to ensure compliance with applicable regulations for processing of personal data.
2. Processing personal data of businesses, job applicants and website visitors
We may process your personal data for our own purposes. We are then responsible for the processing ourselves. We do this in the following cases:
- You are a business client of ours, such as a customer, supplier or professional partner that purchases or wishes to purchase our services.
- You are contacting us by telephone, email, social media or in any other way, because you have a question, comment or complaint.
- You are interested in our organisation and would like to apply for a job with us or participate in a recruitment event.
- If you are using our FibriCheck application for which you have signed up, a specific policy is applicable (link).
We process the following types of personal data from you:
- Contact details: name, address, gender, email address, telephone number and other necessary company and contact information.
- Contents of your correspondence.
- Information regarding the services we provide to you, such as quotes, agreements and instructions.
- What information and documents we have sent to you and, if necessary, whether and when the documents have been opened.
For job applicants and participants in recruitment events, we process the personal data provided before or during the application or participation. This may include contact details (name and address), data included in a CV or motivation letter, diplomas and qualifications, information regarding work experience, references and public profiles on social media, such as LinkedIn, and data provided by you during the procedure. When you participate in a recruitment event, we may record details of your participation and your interests in a report. If you complete an assessment or submit results, we will process these results for your application.
We may send our clients direct marketing emails about our services and relevant developments in the industry. We use common tracking techniques that give insight into the reach and effectiveness of our direct marketing communications. This helps improve our services and focus our information and communication on relevant target groups.
We process this personal data for the following purposes:
- To offer our services and to handle questions and requests.
- To provide you with information, either directly (by telephone or email) or via our website.
- To operate and improve our website.
- To contact you about our services.
- To keep you informed about our organisation and invite you to meetings and events. To monitor and improve the effectiveness of our direct marketing and communication.
- To consider your job application or to invite you to a recruitment event and to assess your eligibility for a position within our team.
- To comply with applicable laws and regulations, and to follow the instructions of other supervisors and authorities.
We process your personal data on the grounds of the following legal principles:
- We will process your personal data, if you are a business client of ours.
- We have a legitimate interest when showing you information via the website or when we send information at your request. We also have a legitimate interest in maintaining contact with you about our services. Furthermore, we have a legitimate interest in recruiting suitable new colleagues. We always weigh our interest against your privacy concerns and keep in mind that we only use your business (contact) data. You can request to find out more about this balance of interests from us.
- In certain cases, we ask for your permission, for example, (i) when we wish to send you direct marketing messages, although you are not yet a customer of ours, or (ii) when you sign up for any of our demo applications. If you give us your consent, you can withdraw it again at any time.
- In a number of cases, there is a legal obligation placed on us to process personal data, for example, in keeping tax records.
Access to personal data
Your personal data can be accessed by authorised Qompium employees, who need your personal data to perform their tasks. We may also share your personal data with third parties. We make use of, for example, cloud and email service providers. We have signed a processing agreement with these parties. We also share your personal data with parties who qualify as data controllers, such as external advisors, independent auditors and relevant authorities.
Transfers outside the European Economic Area (EEA)
Some of our service providers are based in a country outside the EEA, including the United States. To comply with EU legislation on data protection in international transfers, we establish transfer agreements based on the standard contractual clauses adopted by the European Commission. Please contact us for more information on the safeguards in place for international transfers.
We will process personal data of job applicants during the application process. We will keep your personal data for 1 year for the purposes of informing you about interesting vacancies.
Retention periods for email communications depend on the nature of the messages. For example, if you make a request or a complaint, we will retain your message for two years after the request or complaint has been dealt with. Depending on the type of cookie, we will retain data collected through cookies for the duration of the session until two years thereafter.
With regards to your use of our applications, your account information and data associated with your account will be retained during the contractual relationship and for the subsequent 2 years, unless the right to be forgotten is exercised. Note that retention time is different when the application is used as part of a medical treatment.
3. Your rights
Under privacy legislation, you have a number of rights regarding your data and its processing.
- Right of access. This is the right to ask us whether we have personal data about you and to inspect this data.
- Right of rectification. You can ask us to change incorrect or incomplete personal data.
- Right to be forgotten. In some cases, you have the right to have your personal data deleted by Qompium, for example, when your personal data is no longer needed for the purposes for which we obtained them.
- Right to restriction. This is the right to have less personal data processed or to stop the processing temporarily. You can request this, for example, if you have disputed the accuracy of your personal data.
- Right to data portability. If we process your personal data on the basis of an agreement or consent, you have the right to data portability. This is the right to receive your personal data from us, so you can forward this data to another party.
- Right of objection. You may object to the processing of your personal data. If your personal data is processed for direct marketing purposes or on the basis of the legitimate interests of Qompium, you may always object to the processing of your personal data.
- Withdrawing your consent. If you have given us your consent to the processing of your personal data, you may withdraw your consent at any time. This withdrawal does not affect the processing of your personal data before your consent was withdrawn.
We are not always obliged to grant your request(s). However, we will always respond to your request, at least within one month. Only in special cases may we take longer, but if so, we will always inform you of the progress.
4. Contact and complaints
You can contact the Data Protection Officer (firstname.lastname@example.org) with regard to questions related to the processing of their personal data and the exercise of your rights under the GDPR. We will be happy to assist you.
Please note that you have the right to lodge a complaint with a supervisory body.
5. Updates and alterations