Privacy Policy

This English version of the privacy policy is a translation; in case of ambiguities or contradictions, the Dutch text prevails.

Protecting the privacy of visitors and users of the websites and services is of great importance to OSAsense B.V.. Personal data is therefore treated and secured with the utmost care. This privacy statement has been prepared in compliance with current laws and regulations in the Netherlands (and therefore also the European Union). This relates primarily to the General Data Protection Regulation (AVG). In addition, OSAsense B.V. has ISO27001 and NEN7510 certifications within which data security and privacy is an essential component. OSAsense B.V. distinguishes between different categories of persons for processing your data.

Patients

OSAsense B.V. only processes patient data on behalf of a healthcare provider. Patients are signed up for the OSAsense service by their healthcare provider. As a patient, you have a treatment agreement with your healthcare provider. Before healthcare providers can enter patient data into OSAsense B.V. they are required to sign a Data Processing Agreement. OSAsense B.V. is designated in this agreement as the healthcare provider's processor in connection with the OSAsense service. Where necessary, the following patient data may be processed:

  • Name
  • Date of Birth
  • Citizen service number
  • E-mail address
  • Phone number
  • Insured number
  • Zip Code
  • House number
  • Completed questionnaires
  • OSAsense results
  • Completed sleep diary


The above data is processed only for patients of healthcare providers for whom OSAsense B.V. handles the claims process. In this case, your data may be shared with your health insurer and parties (intermediaries) that technically facilitate the claims process. This is usually the case for GP practices, but not for a hospital (department), for example. If OSAsense B.V. does not take care of the declaration process, only the data necessary to give you as a patient access to the questionnaire will be processed. This concerns the e-mail address and telephone number.

Healthcare providers

Healthcare providers refers to all individuals who have an account to log in to app.osasense.com/login as a healthcare provider. Before healthcare providers can enter patient data at OSAsense B.V., they are required to sign a Data Processing Agreement. OSAsense B.V. is designated in this agreement as the healthcare provider's processor under the OSAsense service. In order to identify healthcare providers as users and to ensure that healthcare providers can only access patient data of "own" patients, the following personal data are recorded:

  • Name
  • Practice name / Name of institution and Department
  • Address (practice/institution)
  • E-mail address
  • Phone number
  • AGB code (practice and/or personal)
  • Role (physician, general practitioner, assistant, POH, etc)
  • Care group (if applicable)


The processing of this data is necessary for the execution of the Data Processing Agreement concluded with the healthcare providers.

Job applicants

If you apply to us, for example in response to a vacancy posted by us, but also if you make an open application, you may send us (for example by sending us an email with your CV) your personal data. OSAsense B.V. is the controller of this data. We process this data if you provide it to us voluntarily. We will store and use this data only for the purpose of the application process. Once the application process is complete, we will delete your data from our systems. If you send an open application to us, this in no way obliges us to provide you with a response.

Website Visitors

If you visit our website as an anonymous website visitor, you may leave the following information with us:

  • Your language preferences as specified by you when using the language selection on the website.
  • Your Name, E-mail address, Telephone number and Message if you use our contact form. OSAsense B.V. is the data controller of this data, and processes this data based on your consent to the processing.
  • Your Name, Email Address, Phone Number, Practice Name, Zip Code and House Number and Message if you use our healthcare provider registration form. OSAsense B.V. is the processor of this data. OSAsense B.V. processes this data in order to take the necessary steps to prepare, at your request, the conclusion of a joint agreement.

General

OSAsense B.V. acts as Data Controller (as defined in the Data Protection Legislation) with respect to the described "Personal Data".

Our Services are available to Users 16 years of age and older. Our Terms of Use prohibit access to the Service by Users under the age of 16. We do not offer our Services to persons under the age of 16.

No automated decisions are made based on the personal data you share with us.

The OSAsense service is hosted on Amazon's (AWS) cloud environment. AWS is certified to ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, among others. Within this cloud infrastructure, OSAsense B.V. has taken measures to ensure that your data is transmitted, processed and stored securely (encrypted). OSAsense B.V. has sole access to these servers and the data stored on them. Physically, all data is processed and stored on servers located within the EU, in Ireland.

Functional cookies

Our website uses only functional cookies. Cookies are small pieces of information that your Internet browser stores on your computer. We use cookies, for example, to make logging in to our website easier. OSAsense B.V. only uses cookies that are necessary for the operation of the website. We do not use cookies for marketing purposes, or to enable functionality of other websites (such as sharing via social media etc.). This does not require you to accept or reject cookies.

Data security

OSAsense B.V. has taken precautions to secure your Personal Data against loss, theft and misuse and unauthorized access, disclosure, alteration and destruction through the use of appropriate administrative, physical and technical security measures.
Our information security management system is ISO27001 and NEN7510 certified. As part of our obligations under these information security certifications, our Service is periodically scanned for security breaches and known vulnerabilities to make your visit to our site as secure as possible. Your Personal Information resides behind secure networks and is only accessible by a limited number of individuals who have special access rights to such systems, and are required to keep the information confidential.

Data retention

OSAsense B.V. has established a data retention policy with respect to your Personal Data.
Information you provide as a healthcare provider as part of your user profile will be stored for as long as your profile exists. In part, certain information may be kept longer due to legal requirements (e.g. due to legislation regarding the use of medical devices, or legislation regarding the keeping of business records).

  • Information you provide as part of claims and billing (e.g., payment, tax or business information) we must keep by law for 10 years.
  • Information we receive from you through online forms on our website: 5 years.
  • Information collected by the Service in the context of a Data Processing Agreement is retained as set out in the relevant Data Processing Agreement.

Sharing your data

We may need to share (a subset of) your Personal Data with third parties:

  • To respond to or comply with any law, regulation, subpoena, court order or other legal obligation;
  • To enforce and protect our rights and property;
  • To detect, investigate and help prevent security threats, fraud or other malicious activity;
  • To protect the rights, property or safety of our users, employees or others;

Your rights

You have the right to be informed about the Personal Data processed by the Service, the right to obtain a copy, the right to rectification/correction, deletion and restriction of processing. Upon request, you have the right to receive a structured, plain and machine-readable summary of the Personal Data you have provided to us. We may need to ask you for specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that you are the data subject entitled to receive such Personal Data.

Access to your Personal Data will be provided free of charge. However, we may charge a reasonable fee (in advance) if your request is clearly unfounded, repetitive or excessive. We may refuse to comply with your request in these circumstances at our sole discretion.

For your information: For patients whose data is processed through our systems, they can only request access through their healthcare provider and not directly at OSAsense B.V..

As a registered user, you may view your account information and make corrections or updates at any time. The accuracy of such information is solely your responsibility.

Where you have given consent, you may withdraw it at any time, without affecting the lawfulness of the processing that took place before you withdrew your consent. Each time you withdraw your consent, you acknowledge and accept that this may adversely affect the scope and quality of the Service. We will endeavor to comply with your request within 30 days, but some Personal Data may remain in backup copies for a period of time and may be retained to the extent necessary for legitimate business purposes or to comply with our legal obligations. You agree that OSAsense B.V. shall not be liable for any loss of and/or damage to your Personal Data if you choose to withdraw your consent.

To exercise any of the rights mentioned in this privacy policy and/or in case of questions or comments regarding the use of your Personal Data, please contact OSAsense B.V. at: privacy@osasense.com

You have the right to file a possible complaint with the Personal Data Authority. However, we would greatly appreciate it if you file your complaint with us before going to the Personal Data Authority.

Contact

If you have any questions, comments or requests regarding our privacy policy or our processing of your personal data, please contact us:

OSAsense B.V.
Attn: Privacy Officer
Irenesingel 19
7481 GJ
Haaksbergen
privacy@osasense.com

Last modified: April 17, 2023