OSAsense B.V. only processes patient data on behalf of a healthcare provider. Patients are signed up for the OSAsense service by their healthcare provider. As a patient, you have a treatment agreement with your healthcare provider. Before healthcare providers can enter patient data into OSAsense B.V. they are required to sign a Data Processing Agreement. OSAsense B.V. is designated in this agreement as the healthcare provider's processor in connection with the OSAsense service. Where necessary, the following patient data may be processed:
The above data is processed only for patients of healthcare providers for whom OSAsense B.V. handles the claims process. In this case, your data may be shared with your health insurer and parties (intermediaries) that technically facilitate the claims process. This is usually the case for GP practices, but not for a hospital (department), for example. If OSAsense B.V. does not take care of the declaration process, only the data necessary to give you as a patient access to the questionnaire will be processed. This concerns the e-mail address and telephone number.
Healthcare providers refers to all individuals who have an account to log in to app.osasense.com/login as a healthcare provider. Before healthcare providers can enter patient data at OSAsense B.V., they are required to sign a Data Processing Agreement. OSAsense B.V. is designated in this agreement as the healthcare provider's processor under the OSAsense service. In order to identify healthcare providers as users and to ensure that healthcare providers can only access patient data of "own" patients, the following personal data are recorded:
The processing of this data is necessary for the execution of the Data Processing Agreement concluded with the healthcare providers.
If you apply to us, for example in response to a vacancy posted by us, but also if you make an open application, you may send us (for example by sending us an email with your CV) your personal data. OSAsense B.V. is the controller of this data. We process this data if you provide it to us voluntarily. We will store and use this data only for the purpose of the application process. Once the application process is complete, we will delete your data from our systems. If you send an open application to us, this in no way obliges us to provide you with a response.
If you visit our website as an anonymous website visitor, you may leave the following information with us:
OSAsense B.V. acts as Data Controller (as defined in the Data Protection Legislation) with respect to the described "Personal Data".
Our Services are available to Users 16 years of age and older. Our Terms of Use prohibit access to the Service by Users under the age of 16. We do not offer our Services to persons under the age of 16.
No automated decisions are made based on the personal data you share with us.
The OSAsense service is hosted on Amazon's (AWS) cloud environment. AWS is certified to ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, among others. Within this cloud infrastructure, OSAsense B.V. has taken measures to ensure that your data is transmitted, processed and stored securely (encrypted). OSAsense B.V. has sole access to these servers and the data stored on them. Physically, all data is processed and stored on servers located within the EU, in Ireland.
Our website uses only functional cookies. Cookies are small pieces of information that your Internet browser stores on your computer. We use cookies, for example, to make logging in to our website easier. OSAsense B.V. only uses cookies that are necessary for the operation of the website. We do not use cookies for marketing purposes, or to enable functionality of other websites (such as sharing via social media etc.). This does not require you to accept or reject cookies.
OSAsense B.V. has taken precautions to secure your Personal Data against loss, theft and misuse and unauthorized access, disclosure, alteration and destruction through the use of appropriate administrative, physical and technical security measures.
Our information security management system is ISO27001 and NEN7510 certified. As part of our obligations under these information security certifications, our Service is periodically scanned for security breaches and known vulnerabilities to make your visit to our site as secure as possible. Your Personal Information resides behind secure networks and is only accessible by a limited number of individuals who have special access rights to such systems, and are required to keep the information confidential.
OSAsense B.V. has established a data retention policy with respect to your Personal Data.
Information you provide as a healthcare provider as part of your user profile will be stored for as long as your profile exists. In part, certain information may be kept longer due to legal requirements (e.g. due to legislation regarding the use of medical devices, or legislation regarding the keeping of business records).
We may need to share (a subset of) your Personal Data with third parties:
You have the right to be informed about the Personal Data processed by the Service, the right to obtain a copy, the right to rectification/correction, deletion and restriction of processing. Upon request, you have the right to receive a structured, plain and machine-readable summary of the Personal Data you have provided to us. We may need to ask you for specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that you are the data subject entitled to receive such Personal Data.
Access to your Personal Data will be provided free of charge. However, we may charge a reasonable fee (in advance) if your request is clearly unfounded, repetitive or excessive. We may refuse to comply with your request in these circumstances at our sole discretion.
For your information: For patients whose data is processed through our systems, they can only request access through their healthcare provider and not directly at OSAsense B.V..
As a registered user, you may view your account information and make corrections or updates at any time. The accuracy of such information is solely your responsibility.
Where you have given consent, you may withdraw it at any time, without affecting the lawfulness of the processing that took place before you withdrew your consent. Each time you withdraw your consent, you acknowledge and accept that this may adversely affect the scope and quality of the Service. We will endeavor to comply with your request within 30 days, but some Personal Data may remain in backup copies for a period of time and may be retained to the extent necessary for legitimate business purposes or to comply with our legal obligations. You agree that OSAsense B.V. shall not be liable for any loss of and/or damage to your Personal Data if you choose to withdraw your consent.
To exercise any of the rights mentioned in this privacy policy and/or in case of questions or comments regarding the use of your Personal Data, please contact OSAsense B.V. at: privacy@osasense.com
You have the right to file a possible complaint with the Personal Data Authority. However, we would greatly appreciate it if you file your complaint with us before going to the Personal Data Authority.
If you have any questions, comments or requests regarding our privacy policy or our processing of your personal data, please contact us:
OSAsense B.V.
Attn: Privacy Officer
Irenesingel 19
7481 GJ
Haaksbergen
privacy@osasense.com
Last modified: April 17, 2023