Privacy & Security
When you install and/or use the app and/or the website (www.superbrains.nl) of Super Brains B.V. (hereinafter: Platform Superbrains) you will be asked to provide a number of data. This privacy statement applies to these data. Super Brains B.V. is committed to protecting your privacy. We therefore strive to carefully handle your personal data and to do this in accordance with the applicable privacy rules. In this privacy statement you will find important information about the processing of your personal data when using Platform Superbrains. We recommend that you read this document carefully before installing and using Platform Superbrains.
Super Brains B.V. reserves the right to make changes to the processing objectives and the privacy statement based thereon. Therefore, please check the privacy statement regularly for a possible update.
Our privacy statement comes down to how we use your personal data:
- use them only for purposes agreed upon with you;
- will not share it with others (subject to your treatment agreement);
- we only collect personal data we actually need for our specified purposes;
- manage and secure it carefully.
This privacy statement applies to the use of Platform Superbrains.
- What types of personal data are collected?
Super Brains B.V. only collects and processes that data because you yourself use our services and/or you yourself have provided through Platform Super Brains for the performance of a regular business activity and the exercise of the agreement, unless otherwise indicated in this privacy statement. Below you will find an overview of the personal data we process:
- Name and address information;
- Date of birth, place of birth;
- Phone number;
- E-mail address;
- Data requested by the data controller in the context of a treatment agreement;
- (Profile) photo;
- Internet browser and device type;
- Health data.
- Purposes and legal grounds
The data collected by Super Brains B.V. will only be used for the purpose of facilitating the use of Platform Superbrains. Data collected by the app will not be shared or processed for any other reason than outlined in the policy. Your personal data will in no case, without your express consent, be provided to third parties for commercial purposes.
Super Brains B.V. processes your personal data for the following purposes:
- Executing the treatment agreement;
- Handling your payment;
- Sending a newsletter;
- To be able to e-mail you if this is necessary in order to carry out our services;
- To inform you about changes in our services and products;
- To offer you the possibility to create an account;
- To deliver goods and services to you;
- Super Brains B.V. analyzes your behavior on Platform Superbrains in order to improve Platform Superbrains and to tailor the range of products and services to your preferences;
- Super Brains B.V. also processes personal data if we are legally obliged to do so, for example data that we need for our tax return.
We will not intentionally collect any personal information from children under the age of 16 through our platform without receiving parental consent. If you think that we have collected such personal information from a child under the age of 16 through our platform, please contact us immediately at email@example.com.
- Data storage
Information you provide to us is stored in encrypted form on secure servers located in Europe, which are owned and operated by Amazon Web Services (AWS). AWS are industry leaders in the provision of hosting services and take security very seriously – you can find out more about their security policies and processes in their Security Whitepapers: https://aws.amazon.com/security/security-resources/.
- Retention period
Super Brains B.V. will retain your personal data for no longer than is strictly necessary to achieve the purposes for which your data is collected. For data relating to your account: such data will be permanently and irrevocably deleted in the event that your account is: (i) inactive for a period of two (2) years; and (2) not subscribed to “Superbrains Premium.” Moreover, we will permanently and irrevocably delete your account data within thirty (30) days of your written request to do so via email to firstname.lastname@example.org.
For transactional data relating to your purchases: such data is kept for the entire period of the contractual relationship, then in accordance with legal obligations and applicable statute of limitation periods. Please note that this data does not include Payment Card information, which is processed by our third-party payment processors, and not Superbrains.
For data collected based on your consent to receive our marketing communications: we will use such data until you withdraw consent or applicable law requires that such data is no longer used.
When your data are collected in the context of requests/queries: such data are kept for the period necessary to process and reply to such requests or queries.
The personal data that Super Brains B.V. has to keep for a longer period, such as data for the tax authorities, are excluded from this.
- Your rights
You have the right to inspect your personal data and to correct, supplement, delete or block them if they are incorrect, incomplete, not (or no longer) relevant or if they are used in violation of a legal regulation. In addition, you have the right to withdraw your consent for the data processing or to object to the processing of your personal data by Super Brains B.V. and you have the right to data portability. This means that you can request us to send the personal data we have about you in a computer file to you or another organization named by you. At the bottom of this page you can find the contact details to send us your request. To make sure that the request is made by you, we ask you to send a copy of your identity document with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Citizen Service Number legal black in this copy. This is to protect your privacy. We will respond to your request as quickly as possible, but within four weeks.
- Data sharing Healthcare provider
Super Brains B.V. is obliged to share all your user data with the Care Provider if you, as a user, purchase the Blended Care or Digital coach care services in accordance with a treatment agreement with a Care Provider. This obligation of Super Brains B.V. results from the legal obligation of the Healthcare Provider to keep a file during the term of a treatment agreement. The Healthcare Provider will archive this file during the legal retention period. If the user does not allow Super Brains B.V. to share the data with the Healthcare Provider the treatment according to the treatment agreement will not be possible.
In addition Super Brains B.V. receives data (name, surname, e-mail address and patient number) from Care Providers regarding the execution of the treatment agreements.
- Processor Agreement
Super Brains B.V. processes all your data if you, as a user, purchase the Blended Care or Digital Coach services in accordance with a treatment agreement with a Healthcare Provider.
For this processing Super Brains B.V. has concluded a processing agreement with your Healthcare Provider.
- Changes in this policy
- Withdrawal of consent
You have the right to withdraw your given consent to the processing thereof at any time. You can determine in the settings which data you share with practitioners. You can change this at any time.
- Consequences of not providing personal data
You are obliged to provide personal data in order to execute a treatment agreement and purchase agreement (purchases in the webshop). Otherwise the agreement cannot be fulfilled.
- Automated decision-making
Super Brains B.V. does not make decisions about matters that can have (significant) consequences for people, based on automated processing. These are decisions taken by computer programs or systems, without a human being (for example an employee of Super Brains B.V.) being involved.
- Sharing data with third parties
Super Brains B.V. shares data with third parties in consultation with you. This includes, among others, health insurers and SBGGZ. In Super Brains B.V. you will be asked to give permission for this in a dialogue box. The dialog box will specify for which purposes this data will be shared. If this permission is not given, the sharing of data will not take place.
- Third party websites
Super Brains B.V. has taken appropriate technical and organizational measures to protect the personal data you provide, against abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification.
The overall assessment of the residual risks that Superbrains may have are low in levels, the application doesn’t break the rules about acceptable risks and is protected by multiple layers of security. Every 6 months we will do an PEN(penetration)-test to check the security of our platform. Every year we do an Risk Analysis for our CE-certification.
- Data protection
All passwords and sensitive data is stored in encrypted form and all sensitive traffic is transmitted securely from your mobile device to our servers via SSL by default.
We maintain administrative, technical, and physical safeguards designed to protect the Information that you provide on our platform. These safeguards vary based on the sensitivity of the Information that is being collected, used and stored. However, no security system is impenetrable and we cannot guarantee the security of our platform, nor can we guarantee the security of the Information you transmit to us over the Internet, including your use of e-mail. We are not liable for the illegal acts of third parties such as criminal hackers.
It is your responsibility to safeguard the devices you use to access our platform (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal Information using those devices. If you log into our platform using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on our platform for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended.
If you have the impression that your data is not properly secured or there are indications of abuse, please contact us using the contact details at the bottom of this page.
- Processing outside the EEA
The EEA is the European Economic Area, consisting of the countries of the European Union, Liechtenstein, Norway and Iceland. Your personal data may be processed outside the EEA. If your personal data is processed outside the EEA, appropriate safeguards have been put in place based on “European Union Standard Contractual Clauses (SCC)”. We will provide an adequate level of protection and will comply with European privacy regulations.
- Filing a complaint with the Authority for the Protection of Personal Data
You have the right to file a complaint to the national supervisory authority, the Personal Data Authority. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons.
- Questions about privacy and access to your data
If you have any questions that have not been answered in this privacy statement, if you have any suggestions or comments on its content, or if you have any complaints about the way we handle your personal data, please contact:
SUPER BRAINS B.V.
De Vriesstraat 40
3261 PC Oud-Beijerland
Data Protection Officer:
De Vriesstraat 40
3261 PC Oud-Beijerland
Clinical Safety Officer
Our Clinical Safety Officer checks our clinical information and makes sure that it is accurate, evidence-based and clinically safe. The Super Brains B.V. dedicated Clinical Safety Officer can be reached at:
Prof. Dr. Sandra Kooij
De Vriesstraat 40
3261 PC Oud-Beijerland