Privacy policy

Home Privacy policy

Privacy policy

Version 1.0 dated 01/01/2023

 

1. Introduction

This website is owned and operated by Ontex BV, a company incorporated and existing under the laws of Belgium with registered office at Genthof 5, 9255 Buggenhout, Belgium, and registered in the legal entities register under number 0419.457.296, together with its affiliates hereafter called “Ontex”, “we”, “our”.

2. How you can contact us

Any questions, complaints or comments about this privacy statement or the way we handle your personal data can be sent by post to the address mentioned above or (preferably) by e-mail to [email protected].

3. General information about this privacy statement

  • Scope – This privacy statement applies to all personal data processing activities executed by or for Ontex, including the processing of personal data for our clients, in the framework of the use of the Orizon Smart continence management system (“Orizon”). To learn more about the Orizon solution please visit the website www.ontex.com and www.orizon-solutions.com.
  • Content – This privacy statement basically informs you about why and how we collect and process your personal data, who will have access to it, and which rights you have.
  • Law – We at Ontex understand that your privacy and the protection of your personal data is very important. Therefore, when we act as a so-called “controller” or “processor”, we will respect the applicable data protection law, including the European General Data Protection Regulation of 27 April 2016 (“GDPR”) and the Belgian Act of 30 July 2018 on the processing of personal data.
  • Updates – We may update this privacy statement from time to time on our website, and it is the latest version that will always apply. We therefore recommend that you check the privacy statement regularly.

4. The role of Ontex when processing personal data

When processing personal data, Ontex could have a different role depending on which processing activity it undertakes. Ontex could act as a processor on behalf of our clients (care providers) or as a (joint)controller on its own behalf. These roles will be explained in the sections below.

a) When do we act as a processor?

To ensure the proper performance of Orizon, Ontex acts as a processor of personal information of residents and staff of the care providers. The care provider will be acting as controller of the personal data and Ontex works as their processor under their instructions. Ontex may in turn engage third parties to act as its sub-processors to help with or perform certain data processing activities.

This means that the care provider will be the main responsible for e.g. the lawful and transparent processing of personal data (incl. obtaining informed consent if legally required), whereas Ontex and it sub-processors will support the care provider on the secure processing of the data in accordance with the instructions from the care provider. When you exercise your rights against us/our subprocessors or when we register a data breach, we will report this to the care provider and align with their instructions, or refer you directly to our client.

b) When do we act as a (joint) controller?

In some cases, Ontex may act as a joint controller with another organization in the collection, use, and protection of personal data. A joint controller is defined as two or more controllers who determine the purposes and means of processing personal data together.

For example, Ontex and the care provider act as joint controllers in connection to the processing of personal data collected through or uploaded for the delivery of the Orizon services and Ontex’ own purpose.

When acting as joint controllers both Ontex and the care provider will each be responsible to comply with data protection law for their part in the personal data processing. When Ontex acts as a joint controller, we will make sure to inform individuals of the other joint controller(s) and the purposes for which their personal data will be used. We will also establish clear responsibilities and obligations for the protection of personal data in our agreements with the other joint controller(s).

c) When do we act as a sole controller?

Ontex shall act as sole controller in connection to the processing of the so called derived data. This derived data will be used to create anonymized research results, which means that these results can no longer be linked to you individually.

5. The personal data we process and how we are allowed to do this

a)  I am a public website user

If you visit the Ontex website, we will typically process personal data after you gave us your consent (with the exception of necessary cookies). General privacy Statement

b) I am a resident at a care provider using the Orizon solution

If you are a resident of a care provider using the Orizon solution, then we will process the following personal data:

  • Unique ID number;
  • Name and first name;
  • Gender;
  • Location and room number;
  • Avatar (optional picture); and
  • Product data (such as continence protocol, continence history, diaper saturation, body posture, diaper change)

This personal data will be collected via the Orizon cloud service provider for:

  • The provision of care services by the care services provider (lawful basis as provided by the care provider, such as art. 6 (1)(b) and art. 9(2)(h) GDPR);
  • Data analysis and research by Ontex for product development and for general research purposes (art. 6(1)(f) and art. 9(2)(j) GDPR);
  • Legal requirements, audits and interacting with and complying with government or competent authority requirements (art. 6 (1)(c) and art. 9 (2)(i) GDPR);

c)       I am a staff member at a care provider using the Orizon Solution

If you are a staff member of a care provider using the Orizon solution, then we will process the following personal data:

  • Unique id number
  • Name and first name
  • gender
  • Email address / phone number
  • Language
  • Avatar (optional picture)

This personal data will be collected via the Orizon cloud service provider for:

  • The provision of care services by the care services provider (lawful basis as provided by the care provider, such as art. 6 (1)(b) and art. 9(2)(h) GDPR);
  • Legal requirements, audits and interacting with and complying with government or competent authority requirements (art. 6 (1)(c) and art. 9 (2)(i) GDPR).

6. Disclosure to third parties and international data transfers

Within Ontex, policies and contractual arrangements are in place to make sure that (i) access to personal data is limited to those persons who, due to their function, need to have access to it, and (ii) such persons respect the confidential nature of that personal data.
Ontex does not allow the transfer of personal data to third parties except as provided below:

  1. Ontex will share personal data we process for care institutions or for our own business activities with third parties that support us as our (sub)processors (like online platform partners, IT and website providers, support services providers) insofar they need the personal data for their activities. We have contractual arrangements in place with those third parties to make sure they all respect the applicable data protection law.
  2. Ontex will share personal data with competent authorities who are authorised to request such information or to whom we have to disclose information, as required by law or as a result of legal proceedings or court proceedings.
  3. Ontex may share your personal data with third parties like legal advisors, debt collection agencies and competent courts if we determine that such disclosure is reasonably necessary to enforce our terms and conditions or to legally protect our other legitimate business interests.
  4. Ontex may transfer your personal data to you or any other party you appoint, at your request (see ‘Your rights’ below) or with your consent.

All personal data is stored within the European Economic Area (EEA). Ontex does currently not have the intention to transfer or give access to personal data to third parties located in countries outside the EEA. However, if this should change, Ontex will update its privacy statement and ensure that the transfer complies with the applicable data protection laws and that appropriate safeguards are put in place.

7. Security of your personal data

Ontex implements technical and organizational measures to protect the confidentiality, integrity and availability of your personal data, and to prevent unwanted loss, misuse, alteration or destruction of said data, according to the nature of the processing, the risk and the available security means. Although we take this very seriously, please be aware that it is impossible, even with all the security means in existence today, to completely eliminate every conceivable security risk.

8. Data retention period

In general, Ontex does not process your personal data any longer than is necessary for the purposes outlined in this privacy statement.

For personal data that we process as a processor on behalf of a care institution, the care institution will decide how long the personal data is processed, which will typically be no longer than the term of our service contract with the care institution, except if different statutory retention periods have been set, if you consent to this or if there is a strong legitimate interest (like filing a legal claim or defending against legal claims).

For the retention periods of data collected via cookies and other tracking technology on our general website, please see our Cookies policy.

9. Your data protection rights

The care institution will be responsible and act as your contact point if you wish to exercise one of the rights listed below:

  • to obtain confirmation as to whether or not your personal data is being processed and, where that is the case, you shall have the right to obtain further information about such processing as well as the right to obtain a copy of your personal data (or in some cases have your personal data transferred to another controller);
  • to obtain the rectification of inaccurate personal data and to have incomplete personal data completed;
  • to object to the processing of your personal data (especially any processing for direct marketing purposes) if the processing was based on legitimate interests;
  • to withdraw your consent if the processing was based on your consent (please note this will not affect the lawfulness of the processing that occurred before the withdrawal of consent).
  • to obtain the erasure of personal data that is not/no longer lawfully processed; and
  • to put the processing of personal data on hold (‘restriction’) in certain cases (e.g. while we are assessing whether we should indeed rectify or stop processing your personal data);
  • to object or get more information on our use of your personal data for automated individual decision-making that applies to you. We currently do not undertake any automated individual decision-making.

Ontex will assist the care institution in collecting any relevant personal data, whether relating to a staff member or a resident, in a timely manner.
Due to the use of anonymized personal data, Ontex will not be able to directly identify a data subject (Art. 11 GDPR) and thus will not be able to respond directly to a data subject request. For (derived) data, which has not yet been anonymized, you shall have the right to contact Ontex directly for exercising the rights listed above on the following email address [email protected].

What are you looking for?
Contact us