POLICY

Privacy Statement

Version 1.0 – Date: November 1, 2024

At BMI Clinic, we place great value on your privacy and the protection of your personal data. We understand that you place your trust in our care and services, and it is important to us to handle your data with care and transparency. In this Privacy Statement, we explain which personal data we collect, how we use and secure it, and what your rights are regarding this data.

We process your data in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy legislation. We encourage you to read this Privacy Statement carefully so that you are fully informed about how we handle your privacy.

If you have any questions about this statement or the processing of your data, you can always contact us. We are happy to assist you.

BMI Clinic B.V., located in the Netherlands (hereinafter: BMI Clinic), provides services to its website visitors, (former) clients, and other (natural) persons who have contacted it. The services of BMI Clinic Products B.V. include, among other things, offering medications for obesity through a platform that connects clients with doctors. In the context of these services (‘Services’), BMI Clinic processes personal data.

BMI Clinic considers the protection of personal data it processes to be of the utmost importance. As of May 25, 2018, BMI Clinic is bound by the General Data Protection Regulation (GDPR) in the processing of personal data in the Netherlands. This privacy policy explains how BMI Clinic protects your privacy and how your personal data is handled.

If you have any questions about this privacy policy, you can find information on how to contact BMI Clinic regarding this in the privacy policy.

This privacy policy pertains to the processing of personal data by BMI Clinic as the data controller. The company is located at Wilhelminasingel 4, 6524 AK Nijmegen, and is registered in the Dutch Chamber of Commerce Trade Register under number 95243666. You can contact us by emailing privacy@bmi-clinic.com.

If you use the BMI Clinic app or website, or any services it offers, you may share personal data with BMI Clinic. BMI Clinic collects and uses personal data that you provide directly to it. BMI Clinic will not use the personal data for purposes other than those described in this statement, unless you have given prior consent.

Personal data is information that relates to you or can be associated with you. Any action taken with your personal data, such as collecting, storing, using, transmitting, or deleting your data, is referred to as the “processing” of personal data. BMI Clinic processes personal data that you have provided to it, for example, by sending an email.

When you use the services of BMI Clinic, it may collect the following data:

  1. Data you provide to us:
    a. Identification data: First and last name, date of birth, age, gender, marital status.
    b. Contact information: Postal address, email address, phone number.
    c. Health information: Medical history, current health condition, prescribed medications, data provided during clinical consultations.
    d. Payment information: Bank account number, credit card details.
    e. Technical data: IP address, browser type, operating system, device ID.
    f. Other information: Marketing preferences, survey responses, feedback, correspondence via email or phone.
  2. Information we collect automatically:
    a. Technical information: IP address, login credentials, browser type and version, time zone setting, browser plugin types and versions, operating system and platform.
    b. Usage data: Information about your visit, such as pages you viewed, the duration of visits to specific pages, page interaction information (such as scrolling, clicking, and mouse-overs), methods used to navigate away from pages, and any phone numbers used to contact our customer service.
  3. Information we receive from other sources:
    a. Third parties: Business partners, technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, healthcare providers (with your consent).

We use your personal data for various purposes:

Services:
a. Creating and managing your account on our websites.
b. Providing access to our websites and services.
c. Processing and delivering orders.
d. Providing medical consultations and prescriptions.
e. Organizing, handling, and verifying the order you have provided.
f. Conducting identity checks where necessary.

Communication:
a. Informing you about your orders and consultations.
b. Sending newsletters and marketing materials (only with your consent).
c. Customer service and support.
d. Informing you about changes in our services or those of the doctors.
e. Contacting you by phone for updates or questions about your order, if you have given consent for this.

Legal obligations and security:
a. Identity verification and fraud prevention.
b. Compliance with legal obligations.
c. Security of our websites and data.
d. Reporting security incidents and data breaches to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if necessary.
e. Protection of your interests or those of others, such as in crime prevention.

Improvement of our services:
a. Analyzing usage statistics.
b. Developing and improving our products and services.
c. Evaluating the performance of our systems, processes, and staff.
d. Personalizing the content of our websites based on your preferences.

We process your personal data based on the following legal grounds as described in the GDPR:

  • Performance of a contract: For processing and delivering your orders and providing access to our services.
  • Legal obligation: For compliance with legal obligations, such as identity verification and tax requirements.
  • Legitimate interest: For improving our services, analyzing usage statistics, and conducting marketing activities (if you have consented to this).
  • Consent: For processing sensitive data, such as health information, and for sending marketing materials.

BMI Clinic ensures that all your data is stored and protected with the utmost care. It retains your data no longer than necessary for the purpose for which it was processed. BMI Clinic will keep your personal data only as long as necessary to provide its service to you, or for other legitimate business purposes such as resolving disputes, security reasons, or complying with our legal obligations. The duration of retention of your personal data depends on various factors, such as:

  • The purpose of data processing (for example, whether the data needs to be retained in order to provide the Services);
  • The quantity, nature, and sensitivity of the data;
  • The potential risk of harm from unauthorized use or disclosure of the data;
  • All legal requirements to which BMI Clinic is subject.

We share your personal data with:

  1. Internal parties:
    a. Employees involved in processing your orders and requests.
  2. External parties:
    a. Healthcare providers and pharmacies for the provision of medical services.
    b. Payment processors for handling payments.
    c. Delivery services for the fulfillment of your orders.
  3. Legal and regulatory authorities:
    a. When required by law or to comply with legal processes.
BMI Clinic’s operations are designed in such a way that it shares the minimum amount of information with third parties. Information is only shared when necessary to provide its service and solely with parties that can guarantee an appropriate level of protection and security. For example, users can link to other third-party websites through the BMI Clinic website that provide useful information. This privacy policy only applies to personal data processed by BMI Clinic in the context of its Services. It does not apply to third-party websites or applications. BMI Clinic cannot guarantee that these third parties handle your personal data in a secure and reliable manner. Always read the privacy policy of these third parties.

Although we strive to avoid data transfers outside the EU, it may be necessary in some cases. When we transfer personal data outside the European Economic Area (EEA), we will take appropriate measures to ensure that your data is adequately protected, such as entering into standard contractual clauses or using approved certification mechanisms.

BMI Clinic does not make decisions based on automated processing that may have significant consequences for individuals. These are decisions made by computer programs or systems without human intervention (such as a BMI Clinic employee).

BMI Clinic uses functional, analytical, and tracking cookies. A cookie is a small text file stored in the browser of your computer, tablet, or smartphone when you first visit this website. BMI Clinic uses cookies with purely technical functionality. These ensure that the website works properly and that, for example, your preference settings are remembered. These cookies are also used to ensure the website functions correctly and can be optimized. In addition, BMI Clinic places cookies that track your browsing behavior so that BMI Clinic can offer personalized content and advertisements. Upon your first visit to the BMI Clinic website, you were informed about these cookies, and your consent was requested for their placement. You can opt out of cookies by setting your internet browser to stop storing cookies. Additionally, you can delete any previously stored information via your browser settings.

Third parties also place cookies on this website. These may include advertisers and/or social media companies, such as Google Analytics, Meta, and Adwords.

We take appropriate security measures to protect your personal data against misuse and unauthorized access. These measures include, among others:

  • Access to personal data is restricted to authorized personnel only.
  • The use of encryption technologies (such as SSL) for data transmission.
  • Regular review of our security measures and practices.
  • Physical security of systems in which personal data is stored.
  • Compliance with NEN 7501 & ISO 9001 standards and other relevant security standards.

You have the following rights regarding your personal data:

  • Right of access: You can request an overview of your data.
  • Right to rectification: You can have inaccurate or incomplete data corrected.
  • Right to erasure: You can request the deletion of your data.
  • Right to restriction of processing: You can request the restriction of the processing of your data.
  • Right to data portability: You can receive your data in a structured, commonly used, and machine-readable format.
  • Right to object: You can object to the processing of your data.
  • Right to withdraw consent: You can withdraw your consent for data processing.

You can exercise your rights by contacting us at privacy@bmi-clinic.com. We will respond to your request as soon as possible, but no later than within one month. In exceptional cases, this period may be extended by an additional two months, in which case we will notify you in a timely manner.

We reserve the right to make changes to this privacy policy. We recommend reviewing this statement regularly to stay informed of any changes.

For questions or requests regarding your privacy, you can contact our Data Protection Officer at privacy@bmi-clinic.com.

Privacy regulations are subject to frequent changes. Therefore, BMI Clinic’s privacy policy is never fully finalized, but we make every effort to keep it up to date. BMI Clinic may update this privacy policy from time to time. If these changes are relevant to you, you will be notified, or the changes will be prominently communicated to you. The most current version of this privacy policy can always be found on our website. This privacy policy was last updated on October 25, 2024.

If something goes wrong with the protection of your personal data, or if there is a suspicion of such an issue, we will report it to the Dutch Data Protection Authority and inform you as soon as possible.