GDPR Compliance

Our Commitment to GDPR

Corsano Health B.V. is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). As a company headquartered in the Netherlands, we fully comply with GDPR requirements.

Data Controller Information

Corsano Health B.V. acts as the Data Controller for personal data collected through the Corsano Coach platform. Our contact details are:

• Company: Corsano Health B.V.
• Address: Amsterdam, Netherlands
• Email: privacy@corsano.com
• Data Protection Officer: dpo@corsano.com

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contractual necessity: To provide our services to you
• Consent: Where you have given explicit consent
• Legitimate interests: To improve our services and ensure security
• Legal obligation: To comply with applicable laws

Special Category Data

Health data is considered "special category data" under GDPR. We process this data based on explicit consent provided by data subjects and for the provision of health care services. All health data is encrypted and access is strictly controlled.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

Right to Restriction (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms, particularly when processing health data at scale.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in risk to individuals. We will also notify affected individuals when required.

International Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with an adequacy decision.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer at dpo@corsano.com. We will respond to your request within one month.

Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.