Privacy Statement - General

1.   Why this privacy statement and for whom is it intended?

Corilus is a leading medical software provider whose mission is to develop efficient healthcare systems that connect healthcare providers, patients and stakeholders.

In that context, Corilus comes into contact with personal data of customers, website visitors, suppliers and job applicants.

Corilus is committed to protecting your personal data. We therefore make every effort to ensure this data protection and always act in accordance with the General Data Protection Regulation ("GDPR") and applicable regulations when we process your personal data.

This privacy statement applies to Corilus NV and all its affiliated companies, hereinafter ‘Corilus’. With this privacy statement we inform you about the processing of your personal data, what your rights are and how you can exercise them.

Personal data is any information about an identified natural person or data that can directly or indirectly lead to the identification of you as a person.

For each group of data subjects, we specifically explain the processing of personal data in a separate section.

• Customers
• Website Visitors
• Applicants
• Suppliers
• Users of mobile apps

Corilus' privacy statements do not apply to patients of our customers (healthcare providers).

If you are a patient and have medical questions, questions about your health or medical records, you can contact your caregiver for this. The caregiver is responsible for processing your health information and medical record.

If you are a patient and use Helena or AssurMed, you will find the applicable privacy statement on that platform.

2.   Who is responsible?

Corilus NV and/or one of its Affiliated Companies, hereinafter ‘Corilus’, located at Ghent Zuiderpoort, Atrium (Gaston Crommenlaan 4/26, 9050 Ghent) with company number 0428.555.896, acts as a controller for these processing operations.

In certain cases, Corilus NV and/or one of its Affiliated Companies may act as a joint processing controller with another party, depending on the data flows and purposes of the processing activities. In that case, the capacity of the party or parties shall be stated in the separate section for the respective group of data subjects or in a separate privacy statement.

3.   How do we secure your personal data?

Corilus makes every effort to ensure your privacy. Corilus takes the necessary technical and organizational measures to ensure the secure processing of your data.

When third parties process your personal data on behalf of Corilus, we require that they respect the GDPR at all times and take the necessary measures in accordance with the GDPR.

Access to your personal data is restricted to prevent unauthorized access, modification or misuse and is permitted only to employees authorized to do so in order to carry out their job activities. Those employees are required to keep the data confidential and comply with all technical regulations so that the data is processed securely.

Find out more about information security at Corilus Group here.

4.   Cookies

On our websites, we use cookies. Cookies are small information files that are stored on your computer's hard drive.

More information on the use of cookies can be found in the cookie statement on our websites.

5.   Camera surveillance

To ensure security in the buildings and parking lot and to monitor the safety of visitors and employees, Corilus has installed security cameras in certain locations in and around the buildings.

The cameras capture images of certain places or entrances of Corilus where it is possible that you as a visitor to Corilus may be filmed.

Corilus collects this data based on Corilus' legitimate interest in providing for the safety of everyone in our organization.

Corilus retains the image recordings for 30 days and does not share the data with others except with the court and police departments if necessary in case of risk, crime or a hazard.

You have the right to inspect the images Corilus has recorded of you, provided that this does not violate the privacy of other persons, as other data may be processed on the images.

Any request for access must be reasoned; Corilus will assess per request to what extent we can act on it.

6.   Is there any transfer of personal data to third countries or international organizations?

Corilus will make every effort to process your personal data where possible within the European Economic Area (+Switzerland).

In the exceptional event that your personal data is transferred to a third country or international organization, this will only occur in the event of an adequacy decision by the European Commission concerning that third country or on the basis of one of the following appropriate safeguards:

• An agreement in accordance with the European Commission's Model Contract Clauses; and/or,
• Binding corporate regulations; and/or,
• Certification under a certification mechanism (in accordance with Art. 42 AVG)

7.   Data protection officer

Corilus has appointed a data protection officer (DPO). The DPO advises on personal data protection and monitors the application of legal data protection obligations.

Contact: dpo@corilus.be

8.   Want to report something or get in contact?

If you have a question about the processing of your personal data, an impression or indication of abuse, please inform us of your concerns directly at qc@colilus.be or via the contact form.

You have the right to file a complaint with the Data Protection Authority, the supervisory authority on privacy protection in Belgium(https://www.gegevensbeschermingsautoriteit.be/burger), Drukpersstraat 35, 1000 Brussels, contact@apd-gba.be.

9.   Update of privacy statements

Corilus reserves the right to modify its privacy statement(s). You will always find the latest version at https://www.corilus.be/privacy

For important content changes, Corilus will inform you through its website or other communication channels.

The date of the last update is displayed at the top of the web page.