Last Updated: January 2021
Privacy statement Corporate Travel Clinic
The Corporate Travel Clinic processes and secures your personal data very carefully in accordance with the requirements of the General Data Protection Regulation (GDPR).
The Corporate Travel Clinic is a ‘controller’ as defined in the GDPR, which means we are responsible for processing your personal data. Our most up to date company information can be found on our website as well as here at the Trade Register (Dutch only).
In this privacy statement we explain what personal data we collect and use, for what purposes, what our legal grounds are for using your data, how we protect your data and what rights you have with regard to your personal data.
Medical Tests and advice
For your function or regular work for your employer or business client, you can be requested to take a medical test or receive medical advice. Tests are conducted and medical advice is given by our certified medical physicians. With your prior explicit consent, our staff collect necessary medical and health data, such as medical test results from blood work, CT scans, exercise tests, etc.
Your medical data and test results can be stored in an electronic health record maintained securely by us in accordance with the requirements set by Dutch and EU statutory requirements for medical (test) data. Your test results and some medical data can be shared with your employer or client if legally allowed and under strict conditions to ascertain if there is a health risk that would limit you from doing the required work.
Medical data are considered sensitive personal data under the GDPR that require special care when processed. The Corporate Travel Clinic relies on the legal grounds of explicit consent or that processing is necessary for preventative or occupational medicinal reasons.
Newsletter and mailings
When you register for our newsletter, we only use your name and email address. No other unnecessary personal data is collected or used. Your personal data is managed by the Corporate Travel Clinic and is never shared with third parties. You can always amend your data or unsubscribe by clicking the button in each newsletter you receive.
When signing up for the newsletter you consent to Corporate Travel Clinic using your personal data, which is the legal ground that we require to validly process personal data.
Cookies & Statistics
The Corporate Travel Clinic collects information about visits to our website. Only authorized employees have access to the data that is collected, and then only as a summary. We use this information to better understand which items on our website are valued by users and where we can improve. Other than these employees no one else has access to this data and we will never sell or provide it to third parties.
The data is collected through Google Analytics, a web analytics service provided by Google. Google Analytics uses “cookies” and “tags”. These are small text files or lines of code linked to a device to help analyse how visitors use websites. We mask the last octet of your IP address, these are the last four digits of such an address, so that the data cannot be traced back to your computer. Data sharing with third parties is disabled. You can read more about privacy and Google here.
When visiting our website, you are asked to consent to Corporate Travel Clinic using cookies, which is the legal ground that we require to validly process personal data.
Security of Personal Data
We use security procedures and methods to prevent unauthorised access to personal data within the website, amongst other things. We also use secure connections (SSL) so that all information exchanged between you and our website is protected when you enter personal data.
Access to data is limited to system administrators and authorised users. The servers are physically and logically protected against unauthorised access, and against damage and malfunctions. There are procedures in place to allow only authorised users to access the servers and to prevent unauthorised access. The servers and the information systems are actively monitored and managed. We also immediately install any solutions for security breaches which are brought out by our suppliers.
Third party suppliers
For our services Travel Clinic is required to sometimes use third–party suppliers that process personal data, for instance medical laboratories but also cloud storage providers that service our e-mail platform or automate the planning and distribution of test results. Where required, Travel Clinic has signed data processor agreements that detail how these third-party suppliers can use that personal data on our behalf.
Third party websites
This statement does not apply to third party websites or platforms (for instance Facebook, LinkedIn or Twitter) that are connected to our website by means of links. We cannot guarantee that these third parties handle your personal data in a reliable and secure manner. We encourage you to read the privacy statement of these third parties before use.
Your rights under the GDPR
The GDPR grants you specific rights with regard to the personal data we process. You can request access or a copy of your data, as well as amend or limit the amount of data that Corporate Travel Clinic processes. In certain cases, you can also object, request deletion or transfer of your personal data. To invoke these rights, please send an e-mail to our data protection officer (DPO) via firstname.lastname@example.org. We will respond to each request within ultimately 4 weeks.
Should you have questions or concerns about the way we handle your personal data, please contact the DPO via the e-mail address above so we can jointly find a solution. Should you feel that Corporate Travel Clinic has failed in finding a proper solution, you can always file a complaint with the Dutch Data Protection Authority via this link (Dutch only).
Changes to the privacy statement
We reserve the right to update this statement periodically. The latest version can always be found on our website. Where possible, we will inform you personally of any update.