Personal information is therefore treated and secured with the greatest care. DiagnOSAS BV operates in compliance with the regulatory demands set forth in the DGPR. The responsible parties handling patient data in the OSAsense context are the treating physician and DiagnOSAS BV.
Only the patient and their treating physician have access to patient-data. DiagnOSAS BV does not process any personal data before explicit patient consent has been received. DiagnOSAS BV operates in the context of contracts between DiagnOSAS BV and physicians and/or healthcare institutes that govern the parties obligations. These obligations also comprise handling and storing personal data safely and securely.
DiagnOSAS BV processes, where necessary, the following personal data: name and address, Social security number (Burgerservicenummer/BSN), sex, date of birth, phone number, e-mail address, and measurement data regarding, blood-oxygenation, hart frequency, and any patient-filled questionaires. By combining these data, physicians can identify their patients and utilize the OSAsense service.
The BSN is linked to measurement data in order to comply to Dutch laws regarding the use of BSN-codes. Additionally, the other data is required in order to facilitate the factual OSAsense service, its logistics, administrative and financial settlement processes. The mobile phone number in particular is used to ensure the highest safety in user-access by supplying a one-time access code, it's also used in helpdesk tasks. DiagnOSAS BV also processes personal data of healthcare professionals, their name, specialism, address , e-mail address and AGB-code. Permission to process this data is governed is governed by agreement between DiagnOSAS BV and healthcare professional/institution.
The OSAsense service is hosted on the GDPR-compliant cloud platform from Amazon (AWS). This cloud infrastucture is compliant with a.o. ISO 27001 for technical measures, ISO 27017 for cloud security and ISO 27018 for cloud privacy. DiagnOSAS BV has taken every reasonable measure to ensure that your data is securely transmitted, processed and stored. Only DiagnOSAS BV has access to these servers and the data stored on these servers. Physically, all data and servers are located within the EU in Ireland.
You have the right to review the data that DiagnOSAS BV retains regarding yourself. Furthermore, you can have your data removed if you so desire. For more information please contact DiagnOSAS BV.