Legal Information

Privacy Statement - Customers

 

Version 28/09/2024

1.   Clients

Corilus processes personal data of clients (caregivers, employees of caregivers, users of our services).

A caregiver, as recognized by national law, may be a physician, medical professional, caregiver or health care entity that provides or has provided medical care or assistance to the patient and with whom the patient has a therapeutic relationship.

2.   How do we collect your personal data?

We receive this data:

  • Because we receive them directly from you, e.g. when you request a quote, subscribe to a contract, create an account, place an order via the webshop, request information, etc.
  • Because we receive them indirectly, e.g., through interaction with other applications or data sources (for instance, upon authentication)

3.   Which of your personal data do we process?

From clients and users of our services, we may process personal data such as identification data, profession, company number, NIHDI number, data related to the software used, license, IP address, ...

Sometimes, depending on the service, technical data (e.g., device data, last installed Corilus software version, installed .NET versions, operating system, other software data, etc.) may also be processed. For example, if you, as a client, use the Advanced Security Management offering to monitor the health of your hardware and software (Acronis Cyber Protect), then present software is inventoried.

In the overview below, we show what personal data Corilus may process of you.

4.   Why do we process this data?

Corilus processes client personal data for such purposes as client management, account management, organizing training, communicating with you as a client, for handling you (web)order, statistical purposes, implementing and improving our products and services.

In the overview below, we describe the purpose in more detail.

5.   What is the legal basis for this processing?

Corilus always processes personal data lawfully for specified purposes.

Corilus makes every effort to process no more personal data than necessary for this purpose and to keep personal data no longer than necessary.

Corilus processes the data:

  • for performance of an agreement (e.g., purchase of a software package, participation in a training course, etc.)
  • For compliance with legal obligations (e.g., billing and accounting)
  • for the representation of legitimate interests of our organization (e.g. communication)
  • based on consent (e.g., when you subscribed to a newsletter and gave your permission to receive messages)

6.   How long do we keep this data?

Corilus processes your data only for the purposes stated above for the time necessary to fulfill these purposes, taking into account the legal retention periods applicable to Corilus and any statutes of limitation that apply a.o. in the area of accounting etc.

Security logs are retained for audit purposes for up to 5 years, unless other legal provisions require a longer retention period.

In the overview below, we show how long Corilus will process this personal data about you. 

7.   Overview

Process

Personal data

Purpose

Legal basis

Retention period

Client management - Client relationship
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)
  • Personal characteristics (e.g., gender)
  • Profession and employment (e.g. company name, company number, APB number)
  • Financial information (e.g., account number)
  • Creation of client database and management of client relationship.

Agreement

Contractual liability: 10 years

Extra-contractual liability: 5 years after taking note of incident

Client management - Invoicing and accounting obligations
  • Invoicing and fulfilling administrative obligations (such as charging for services rendered to client)
  • Perform legally required accounting

Legal obligation

7 years (up to 10 years for claims)*

10 years for VAT

License, account and access management to systems

 
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)
  • Personal characteristics (e.g., gender)
  • Profession and employment (e.g. company name, company number, APB number)
  • Education and training
  • Financial information (e.g., account number)
  • NIHDI number/e-Health certificate
  • INSZ number
  • Location data (IP address)
  • License and usage data (e.g. e-Fact, usage intensity, settings around e-Health, etc.).
  • Sometimes, depending on the service, technical data (e.g., device data, last installed (Corilus) software versions, installed .NET versions, operating system, other software data, etc.) may also be processed.

 
  • Depending on the solution or service you purchase- provide access to the services and systems you purchase as a client.
  • Management and implementation of the products and services you use.

Agreement

Until the end of the agreement*

Policy supporting actions

 
  • Policy supporting, e.g.: Working out usage models, subscription structure, product development, improving support, etc.

Legitimate interest

Until end of client relationship or objection

Statistics and reporting

 

Processing of (aggregated) data:

  • For gaining insight into product usage, improving business productivity and further improving products or services
  • To provide you as a client with information about the use and benefits of (the used) products, offer additional services such as reporting, alerts and other useful insights for you as a client

 

Agreement

 

Legitimate interest

 

 

Until the end of the agreement

 

Until objection

Webinars and training

 
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)

Corilus processes personal data through a registration form you fill out:

  • To register as a participant in a webinar (or other training course
  • To inform you about future training and commercial offers

 

 

Agreement

Legitimate interest

 

 

Until the end of the agreement or an objection is raised

Processing email notifications about Sub-processors

 
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)
  • Clients for whom Corilus acts as a Processor have, through a provision in the processor agreement, the option to receive an email notification when the list of Sub-processors on our GDPR website is updated.

·        A client can sign up for this without obligation using a form.

Consent

This information is kept until the person unsubscribes via the same form or via the opt-out link in the email or until end of the client relationship

Processing personal data on contact

 
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)
  • Possibly Profession
  • Other info (e.g., related to your question)
  • Sound and image recordings

 
  • The personal data we collect when you contact us (e.g., via e-mail, telephone, ticketing system (my.corilus.be) or the contact form on the website) is used to respond appropriately and accurately to your inquiries.
  • This information is recorded in our client system so that we can offer you even better service in the future.
  • Conversation recordings may be processed for training purposes, upon the client's consent.

Consent

Until withdrawal of consent or the end of the client relationship

If it is a complaint, the complaint will be retained for 1 year after settlement.

Conversation recordings for training purposes are kept for 30 days to 2 years, or until consent is withdrawn.

Communication with you as a client (e.g. newsletter, invitation, etc.) and direct marketing.

 
  • Identification data (name, first name, address, place of residence, e-mail address, phone number, cell phone number, customer number)
  • NIHDI number
  • Corilus processes personal data to keep you informed of updates and important information regarding the services or products used.
  • We will also contact you to keep you informed about relevant offers/promotions and innovation and novelties that you may find interesting.

Legitimate interest

 

Until unsubscribing from the newsletter/until an objection is raised

We believe it is important to have a good relationship and communication with all of our clients. If you no longer wish to receive these communications you may indicate this at any time.

*The retention period may be extended in accordance with any warranty and after-sales service provisions of the contract.

 

8.   Will this data be shared with others?

Corilus will neither disclose nor pass on your personal data except in the following cases:

  • To competent authorities as part of an investigation or legal proceeding
  • If it is required by law
  • To the responsible entity or entities in mergers or acquisitions
  • For internal sharing of administrative data within the Affiliated Companies of Corilus Group.
  • Subcontractors or contracting parties to perform the services, activities and products offered by Corilus (e.g., order fulfillment, license management, etc.)
  • Subcontractors or contractors for use of (integrated) tools/applications/services (e.g. web applications, patient support apps (e.g. exercise apps)
  • To processors we work with who support us with hosting, support, backup and cyber security, mailing, surveys and marketing initiatives, among other things. They process your personal data only on the basis of our written instructions and according to an agreed processor agreement.

The list of Sub-processors can be found on our GDPR website.

Corilus makes the necessary arrangements with these (contract) parties and processors to ensure the security of your personal data.

Under no circumstances will Corilus sell your personal data to third parties.

9.   What are your privacy rights?

9.1.Right of inspection and a copy

You have the right to know what personal data we process about you, exactly what we do with it and why we do it. You also have the right to get a copy of this information.

9.2.Right to correction of data

If you believe that certain personal information about you is inaccurate or incomplete you have the right to notify us. You may also request that your personal data be temporarily withheld until it is accurate or complete. If it effectively concerns incorrect or incomplete personal data, we will amend it and, in principle, we will also ensure that other parties with whom your data is shared are notified.

9.3.Right to restriction of processing

If you dispute the accuracy of the personal data, you have the right to request that the processing of your personal data be stopped temporarily for the period of time Corilus needs to verify the accuracy of the personal data. If it turns out that the personal data is indeed incorrect, it will be updated and we will notify you.

9.4.Right to object

You have the right to object to processing of your personal data that is based on the legitimate interest of Corilus such as processing in the context of newsletters, marketing, or other processing that is not necessary in the context of our professional relationship.

9.5.Withdrawing your consent

For processing carried out (solely) pursuant to consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing prior to the withdrawal.

9.6.Right to expiry

You have the right to request that your personal data be deleted if it is no longer needed for the purposes of this privacy statement or if you withdraw your consent to processing.

However, Corilus may not delete personal data if we must or may retain it because of a legal obligation or if it is necessary for the performance of the agreement between Corilus and you as a client.

9.7.Transferability of your personal data

You have the right to receive your personal data in a universally readable format, such as a text file or other digital file, when the processing is based on consent, a contract or is carried out through automated processes.

9.8. Complaint to competent authorities

You also have the right to lodge a complaint with the Data Protection Authority, the supervisory authority in the field of privacy protection in Belgium(www.gegevensbeschermingsautoriteit.be), Drukpersstraat 35, 1000 Brussels, contact@apd-gba.be, if you believe that the processing of your personal data is in violation of applicable privacy laws.

10.       How can you exercise your rights?

Would you like further explanation or to exercise your rights as a data subject? If so, please contact us at qc@corilus.be

When requesting an exercise of rights, we may ask for information to verify the identity of the requester/data subject before answering a question. This is to determine whether you are actually the data subject whose personal data is being processed.