GDPR – General Data Protection Regulation
You probably noticed that recently your mailbox may have been flooded with mails referring to the new European regulations concerning dataprotection, the GDPR.
GDPR is an acronym and stands for: General Data Protection Regulations.
These new regulations concern all organisations – including the government, police department and the department of justice – who deal with and keep personal data, and become obligatory as from May 25th, 2018.
So that is why you are receiving so many mails informing you about this and about the actions taken to adapt to the new law.
Data privacy at Esperity
Esperity is no exception. It is our duty at Esperity to inform you about all the actions we are undertaking so that you as a user of our platform know exactly, in a totally transparent way, what happens with data you are sharing with Esperity.
Concisely this means that we have made some slight changes in order to comply fully with the new GDPR.
Below we explain in 7 points how Esperity complies to GDPR.
1. Description, in easy to understand language, of the data asked and used
- The following personal data are asked during registration: Pseudonym: giving a pseudonym that cannot be linked to your real identity is strongly recommended. Picture: uploading a ‘fantasy’ picture that cannot be linked to your real identity is strongly recommended if you don’t want to have anyone identifying you. E-mail address in order to confirm your profile. The following data can be completed, but not compulsory, after registration. This data will allow one to search patients with similar characteristics and to follow one-self to manage their health. Medical profile data that can be entered: Personal characteristics: in particular, age, sex and date of birth. Physical and ethnic characteristics: in particular, height, weight and ethnicity. Lifestyle habits: in particular, tobacco & alcohol consumption, and physical activity. Health: in particular, type of cancer, first diagnosis, past & current treatments, secondary effects, depression, mood, and other characteristics associated with your quality of life or day-to-day surroundings, temperature, etc. Biological data: in particular, tumor markers, blood test results, etc. Location: in particular, your geographic zone of residence.
2. Securing data
- Esperity uses a secured connection to connect to the Esperity servers. Your registration data is always stored in a secured way. Esperity also uses secured data servers within Europe in order to keep data as safe as possible .
3. Explanation about who is having access to your data
- Only the data protection officer and the CTO of Esperity have access to your personal data, which are stored in an encrypted database. It is only upon your personal request as a user that these data will be used: your personal data will never be shared with third parties.
4. Reference to the purpose and legal basis for the use of personal data
- The legal basis for the use of personal data is based upon an ‘opt-in’ permission of the terms and conditions of use and terms of privacy. Esperity already applied this in the past by allowing registration only upon acceptation by the user of these terms and conditions. So this will remain unchanged in the future: however reference will now be made to the GDPR.
- An email will be sent to all our users with the new user and privacy terms and conditions.
5. Transparency regarding the personal data you share, the length of time data will be kept and your right of insight and request for removal of your data
- GDPR ‘s main focus is on transparency: as a user you always have the right to request insight in your personal data, the ability to change your data and the possibility to remove your data if you wish to do so. You have the right to withdraw the use of your personal data at any moment in time, and upon such a request your data has to be removed within 30 days.
- If you no longer use our platform, your data will automatically be removed after a period of 5 years.
- However, you can always remove your data yourself by removing your account under ‘my profile’.
6. Transparency regarding the use of your personal data
- Your data is used by Esperity in order to be able to match users to a certain profile. This happens in an automated way: personal data is never shared with third parties.
- If Esperity receives a request from a user for more information, the data is only used to contact the user and so provide more information and answers to the questions asked.
- For statistical purposes aggregated data is used in order to obtain an image of the type of users. Aggregated data means using mean totals of numbers and /or characteristics. This kind of aggregated data does not use personal data and is only used internally so as to get a picture of the type of user on Esperity with the sole purpose of bettered future services. Once again: personal data nor aggregated data are never shared with third parties.
- It may happen occasionally, that a possibility is offered to partake in a survey. If this is the case, your permission is explicitly requested and whether or not you take part in such surveys is entirely up to your decision.
7. If you have any complaints, you have the right to inform the mandatory commission
- GDPR obliges all organisations and companies using personal data to clearly state whom to turn to in case of complaints. For Esperity this is the Commission for protection of personal lifestyle, also known as the Privacy Commission.