Privacy Statement

Last Updated: March 2024

Privacy statement Corporate Travel Clinic

The Corporate Travel Clinic processes and secures your personal data carefully in accordance with the requirements of the General Data Protection Regulation (GDPR).

The Corporate Travel Clinic is a ‘controller’ as defined in the GDPR, which means we are responsible for processing your personal data. Our most up to date company information can be found here at the Trade Register (Dutch only).

In this privacy statement we explain what personal data we collect and use, for what purposes, what our legal grounds are for using your data, how we protect your data and what rights you have with regard to your personal data.

Medical tests and advice

For your function or regular work for your employer or business client, you can be requested to take a medical test or receive medical advice. Tests are conducted and medical advice is given by our certified medical physicians. We ask your prior explicit consent, so our staff can collect necessary medical and health data, such as medical test results from blood work, CT scans, exercise tests, etc.

Your medical data and test results can be stored in an electronic health record maintained securely by us in accordance with the requirements set by Dutch and EU statutory requirements for medical (test) data. Your test results and some medical data can be shared with your employer or client if legally allowed and under strict conditions to ascertain if there is a health risk that would limit you from doing the required work.

Medical data are considered sensitive personal data under the GDPR that require special care when processed. The Corporate Travel Clinic relies on the legal grounds of explicit consent or that processing is necessary for preventative or occupational medicinal reasons.

Contract information

To agree and execute a contractual relationship with our business clients, Corporate Travel Clinic needs to process a limited amount of personal data related to contact and employee data of our clients, such as name, e-mail, phone number, function.

Newsletter and mailings

When you register for our newsletter, we only use your name and email address. No other personal data is collected or used. Your personal data is managed by the Corporate Travel Clinic and is never shared with third parties. You can always amend your data or unsubscribe by clicking the button in each newsletter you receive.

When signing up for the newsletter you consent to Corporate Travel Clinic using your personal data, which is the legal ground that we require to validly process personal data.

Cookies & statistics

The Corporate Travel Clinic collects information about visits to our website. Only authorized employees have access to the data which is collected, and then only as a summary. We use this information to better understand which items on our website are valued by users and where we can improve. Other than these employees no one else has access to this data and we will never sell or provide it to third parties.

The data is collected through Google Analytics, a web analytics service provided by Google. Google Analytics uses “cookies” and “tags”. These are small text files or lines of code linked to a device to help analyze how visitors use websites. We mask the last octet of your IP address, these are the last four digits of such an address, so that the data cannot be traced back to your computer. Data sharing with third parties is disabled.

We can from time to time also use LinkedIn videos on our website. LinkedIn is a Microsoft subsidiary and it can track your use for advertisement purposes when viewing these videos. You can read more about LinkedIn’s privacy and advertising practices here.

You can restrict the use of cookies or also disable cookies altogether by choosing the appropriate settings in your browser. Browsers such as Firefox, Edge,Chrome and others also offer options for surfing without cookies. For more information about how you can improve the privacy settings of your web browsers please visit: .

When you visit our website, you are asked to consent to Corporate Travel Clinic using cookies, which is the legal ground that we require to validly process personal data.

Security of Personal Data

We use security procedures and methods to prevent unauthorized access to personal data within the website, amongst other things. We also use secure connections (SSL) so that all information exchanged between you and our website is protected when you enter personal data.

Access to data is limited to system administrators and authorized users. The servers are physically and logically protected against unauthorized access, and against damage and malfunctions. There are procedures in place to allow only authorized users to access the servers and to prevent unauthorized access. The servers and the information systems are actively monitored and managed. We also immediately install any solutions for security breaches which are brought out by our suppliers.

Third party suppliers

For our services Travel Clinic is required to sometimes use third-party suppliers that process personal data, for instance medical laboratories but also cloud storage providers that service our e-mail platform or automate the planning and distribution of test results. Where required, Travel Clinic has signed data processor agreements that detail how these third-party suppliers can use that personal data on our behalf.

Third party websites

This statement does not apply to third party websites or platforms (for instance Facebook, LinkedIn, X(Twitter) or the Travel Clinic Webshop) that are connected to our website by means of links. We cannot verify that these third parties handle your personal data in the same reliable and secure manner as we do. We therefore encourage you to read the privacy statement of these third parties before use.

 Your rights under the GDPR

The GDPR grants you specific rights with regard to the personal data we process. You can request access or a copy of your data, as well as amend or limit the amount of data that Corporate Travel Clinic processes. In certain cases, you can also object, request deletion or transfer of your personal data. To invoke these rights, please send an e-mail to our data protection officer (DPO) via We will respond to each request within ultimately 4 weeks.

Should you have questions or concerns about the way we handle your personal data, please contact the DPO via the e-mail address above so we can jointly find a solution. Should you feel that Corporate Travel Clinic has failed in finding a proper solution, you can always file a complaint with the Dutch Data Protection Authority via this link (Dutch only).

Changes to the privacy statement

We reserve the right to update this statement periodically. The latest version can always be found on our website. Where possible, we will inform you personally of any update.