PRIVACY STATEMENT presurgeo | Uplanner B.V.
Located at De Corridor 5, Unit D, 3621 ZA Breukelen, Netherlands
Registered with the Chamber of Commerce under number 80882331
Last modified on: 14 July 2023
presurgeo | Uplanner B.V. (hereafter referred to as “us”, “we”, or “our”) provides SaaS services via a web application focused on orthopedic surgical planning (hereafter referred to as “Services”). Individuals (“Users”) can use our Services via our web application. Additionally, people (“Visitors”) can visit our websites (www.presurgeo.com, www.presurgeo.nl, www.u-planner.nl, www.skeletonplanner.nl, and www.skeletonplanner.com) and contact us for information about presurgeo | Uplanner’s offerings and Services. In all these instances, personal data is processed by us.
This privacy statement contains information about our policy regarding the processing (collection, storage, use, sharing, and disclosure) of Personal Data by presurgeo | Uplanner when you use our Services, or, for example, when you visit our websites or fill in a (contact) form on our websites, and the choices you have in relation to presurgeo | Uplanner’s processing of that Personal Data.
We use the Personal Data to communicate with you, execute the agreement we have with you, and to deliver and improve our Services. When you use our Services or visit our websites, you agree to the processing of your Personal Data in accordance with this Privacy Statement.
1. DEFINITIONS
In this Privacy Statement, the following terms are capitalized and used with the following meaning:
- Personal Data: All information about an identified or identifiable natural person. This means information is either directly about someone or can be traced back to this person.
- Usage Data: Automatically collected data generated by using our websites, for example, the duration of a visit to a page on our websites.
- Data Controller: The natural or legal person who determines (alone, jointly, or in common with others) the purposes and means of processing Personal Data. In the context of this Privacy Statement, we are the Data Controller of your Personal Data.
- Data Processor: The natural or legal person processing the Personal Data on behalf of presurgeo | Uplanner. We may use various Data Processors to process your data.
- Data Subject: The Data Subject is every living person who uses our Services and is the subject of the Personal Data processed by us.
2. DATA COLLECTION AND USE
We collect different types of data for various purposes to execute agreements and to deliver and improve our Services.
We collect various types of Personal Data from both Users and Visitors of our Services and websites. This data is typically obtained through interactions with our Services or the websites, automated means, or directly from you, other users, our customers, or other third parties (including Data Processors and “cookies”, as defined below).
When you use our Services, contact us, or visit our websites, you can provide us with Personal Data, including your name, address, billing information, login details for your account (email address, which is immediately hashed) and passwords, images, related websites, and any other data you choose to provide during interaction with our Services or via our websites.
In addition, when using our Services, you can provide additional data and documentation about yourself and your team members, such as your role and job title, and other information that you or your organization choose to provide to better utilize our Services. You can also give us additional information about your employer or company, such as billing information, business needs, and preferences. Any information not related to a human entity that is provided to us is not considered “Personal Data”, and this Privacy Statement does not apply to it.
Our Users may also provide us with Personal Data of patients so that they can be identified within our Services, and our recommendations for orthopedic surgical planning can be tailored to a specific patient. This includes the names and contact details of the patient. However, we only process these Personal Data on behalf of our customers. In these cases, our customer is considered the Data Controller, and presurgeo | Uplanner acts only as a Data Processor, processing the data according to the reasonable instructions of the customer, and our Service providers only act as sub-processors. Our customer is responsible for complying with all legal requirements applicable to presurgeo | Uplanner’s processing of patient personal data.
Personal Data When you use our offer or our websites, we may ask you to provide us with certain personally identifiable information that can be used to execute the agreement, to contact you, or to identify you. This personally identifiable information may include, but is not limited to:
| Type of Person | Personal Data | Purposes for Processing |
|---|---|---|
| Website Visitor/User | IP address | The IP address is stored via a cookie for recognizing Visitors and Users and providing support to (potential) customers. |
| Website Visitor | First and Last name Phone number | Processing the contact form on the websites and communication with the website’s Visitor. |
| Website Visitor | Location data | Tailoring our offering based on the visitor’s location. |
| User | First and Last name Address Phone Gender Date of birth Location data | Identifying and locating the User within the Services, executing the agreement, communication purposes, billing. |
| User | Bank account number (IBAN) Account holder (IBAN) | Billing and collection. |
3. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the European Economic Area (EEA), the legal basis for the collection and use of personal data as described in this Privacy Statement depends on the personal data we collect and the specific context in which we collect it.
We may use your personal data because: • You are using our websites or our services. • You have given us permission to do so. • The processing is in our legitimate interest and is not overridden by your rights. • In compliance with the law.
4. STORAGE AND RETENTION OF DATA
We will take all reasonable steps to ensure that your personal data is processed in accordance with this Privacy Statement and that your personal data is not transferred to an organization or a country outside the European Union.
We will retain your personal data only as long as necessary for the purposes set out in this Privacy Statement. We will retain and use your personal data to the extent necessary to comply with our legal obligations (e.g., if we need to retain your data in compliance with applicable law), to resolve disputes, and to enforce our legal agreements or policies.
We also retain your usage data for internal analytical purposes. Usage data is anonymized as much as reasonably possible, unless we are legally obligated not to store this data anonymously.
All personal data will be deleted by us once they are no longer necessary for the purposes for which we process the personal data, unless we are legally obligated to retain (a portion of) your personal data for a longer period. Personal data is manually deleted by us.
5. DISCLOSURE OF DATA
Business Transaction
If presurgeo | Uplanner is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will inform you before your personal data is transferred and becomes subject to a different privacy statement.
Disclosure for Law Enforcement Purposes
In certain circumstances, we may be required to disclose your personal data if legally mandated or upon request from government entities (e.g., a court or government agency).
Legal Requirements
We may disclose your personal data if we genuinely believe such action is necessary to:
• Comply with a legal obligation.
• Protect and defend the rights and property of presurgeo | Uplanner.
• Prevent or investigate possible wrongdoing related to the use of our websites and provision of services.
• Ensure the personal safety of visitors to the websites, our customers, or the public.
• Protect against legal liability.
6. DATA SECURITY
The security of your personal data is important to us. However, we would like to point out that no method of transmission over the internet or electronic storage method is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
7. DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable measures to allow you to correct, amend, delete, or limit the use of your personal data.
If you want to know which personal data we process about you and if you want certain personal data to be removed from our systems, you can contact us. Additionally, users can (have someone) delete their personal data by using the delete functionality within the Web application.
At the very least, you have the following legal rights regarding data protection: • The right to access, update, or delete the personal data we process about you. Whenever possible, you have access to your personal data and can update or request deletion directly in your account settings. If you cannot perform these actions yourself, you can contact us for assistance. • The right to rectification. You have the right to have your information corrected if that information is inaccurate or incomplete. • The right to object. You have the right to object to the processing of your personal data. • The right to restriction. You have the right to request that we restrict the processing of your personal data. • The right to data portability. You have the right to receive a copy of the information that we process about you in a structured, machine-readable, and commonly used format. • The right to withdraw consent. You also have the right to withdraw your consent at any time where we process your personal data based on your consent.
Keep in mind that we may ask you to verify your identity before responding to such requests.
You have the right to lodge a complaint with the Data Protection Authority regarding our collection and use of your personal data. For more information, please contact the Data Protection Authority.
8. SHARING OF PERSONAL DATA
In the course of our business activities, we share your personal data with external companies to deliver our Services, to be able to carry out activities in connection with the agreement we have concluded with you, to process your personal data, or to assist us in analyzing how our Services and websites are used or can be improved.
We have entered into data processor agreements with all external parties we engage with and with whom your personal data is shared. presurgeo | Uplanner remains the data controller with respect to the personal data that these Data Processors process on behalf of presurgeo | Uplanner. These Data Processors only have access to your personal data to carry out these tasks on our behalf, and they are not allowed to disclose them to others or use them for other purposes.
| Data Processor | Purpose |
|---|---|
| Microsoft | Microsoft Azure Platform is a cloud computing platform from Microsoft that offers various internet services either via the internet or within a company’s own environment. Our web application uses Microsoft Azure. |
| Webhost | For hosting our websites and handling email traffic. |
| Accountant / Administrative Office / Accountancy Firm | For processing our financial administration and invoicing customers/clients. |
| Other Service Providers | We may engage third-party companies and individuals to provide additional services related to our own Services, including hosting and server co-location, CDNs, data security, billing and payment processing, fraud detection and prevention, web analytics, email distribution, marketing, monitoring, recording, remote access, performance measurement, data optimization and enrichment, social and advertising networks, content providers, customer relationship management, and legal, compliance and financial advisors (collectively “Service Providers”). These Service Providers may have access to your Personal Data, depending on their specific roles and purposes in facilitating and enhancing our Service, and can only use it for the limited purposes specified in our agreements with them. When presurgeo | Uplanner assumes the role of ‘Data Controller’, our Service Providers are considered as ‘Data Processors’, whereas when presurgeo | Uplanner acts as the Data Processor for our customers/clients, our Service Providers are considered our ‘Sub-processors’. |
Cookies and Tracking Technologies
We use various technologies, including cookies, anonymous identifiers, and container tags, to ensure the proper operation and analysis of our Services and websites. These technologies allow us to personalize your experience and recall previously provided Personal Data, such as your IP address. We do not adjust our practices based on a “Do Not Track” signal, but with most browsers, you can manage cookies, including blocking or receiving notifications about them. To see a list of cookies and pixels that our Services and websites use, please refer to the Cookie section in your browser when using our Services or visiting our websites.
We do not sell your Personal Data to other parties.
9. LINKS TO OTHER SITES
On our websites, you may find hyperlinks to third-party websites. We are not responsible for the way these third parties handle your data. Please read the privacy statement, if available, of the websites you visit.
10. CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Statement at any time. We will notify you of any changes by publishing the new Privacy Statement on our websites.
11. CONTACT US
If you have questions about this Privacy Statement or wish to exercise your rights, you can contact us in writing by mail or through our websites (contact form), by phone or by email: info@presurgeo.com
