PRIVACY POLICY

Privacy Policy for Boostology

Last updated: 11 September 2024

At Boostology, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services or visit our website.

Information We Collect

We may collect the following types of information:

a) Personal Information:

• Name, email address, phone number
• Date of birth, gender
• Health information relevant to our services
• Payment information

b) Non-Personal Information:

• Browser type and version
• Operating system
• IP address
• Website usage data

How We Use Your Information

We use your information to:

• To provide personalized nutrition and wellness plans
• To monitor progress and adjust recommendations
• To ensure safe and effective health interventions
• Communicate with you about your account or our services
• Develop personalized nutrition and wellness plans
• Process payments
• Comply with legal obligations

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service providers who assist in our operations
• Legal and regulatory authorities, when required by law
• Business partners, with your consent

Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data
• Restrict the processing of your personal data
• Data portability
• Object to processing of your personal data

Cookies

We use cookies to improve your browsing experience and analyze website traffic. You can control cookies through your browser settings.

Changes to This Policy

We may update this policy from time to time. We will notify you of any changes by posting the new policy on this page.

Data retention periods

According to the GDPR, Boostology will only store personal data for the duration of the coaching.

Financial records: The Dutch tax authorities require businesses to retain financial administration for seven years.

Medical records: Boostology does not ask for medical records.

Marketing data: Boostology will only keep information about an individual if the client remains a customer or has not objected to receiving marketing communications.

Information about international data transfers

Not applicable

Specific details on how you handle sensitive health data

This section should includes:

a) Types of health data collected boostology will collect:

• Dietary information
• Medical conditions relevant to nutrition
• Physical measurements (weight, height, BMI)
• Exercise habits
• Any other health-related information you collect

b) Legal basis for processing:

• Explicit consent from the client
• Necessity for the provision of health care or treatment

c) Data minimization:

• Explanation that you only collect health data that is directly relevant and necessary for your services

d) Access controls:

• Description of who has access to this data within your organization
• Assurance that access is strictly limited to those who need it to provide services

e) Data security measures:

• Encryption of health data at rest and in transit
• Use of secure, GDPR-compliant servers
• Regular security audits and updates

f) Data sharing:

• Boostology will not share medical or nutritional information with other services unless the client provides written consent.
• Assurance that data is never sold or shared for marketing purposes

1. In your practices:

• Before saving your personal information boostology, obtain explicit, written consent before collecting any health data.
• Boostolgogy will use encrypted channels for all communications involving health data.
• Boostology Implement strict access controls and logging for health data.
• Boostology regularly audits your data handling practices.
• Boostology has a clear process for reporting and managing data breaches appointed by a Data Protection Officer (DPO), given the sensitive nature of the data you handle

1. Technical measures:

• Boostology uses end-to-end encryption to store and transmit health data.
• Boostology regularly updates and patches all systems that handle health data.
• Boostology Uses anonymization or pseudonymization techniques where possible.
• Boostology Implement a secure backup system for health data.

1. Legal compliance:

• Boostology: Ensure compliance with GDPR and Dutch healthcare data protection laws.
• Boostology conducts and maintains Data Protection Impact Assessments (DPIAs) records for your health data processing activities.

Contact Us

If you have any questions about this Privacy Policy, please get in touch with us at:

Boostology  Email: fabiomora@boostology.nl Phone: +31641089599