Zásady ochrany osobních údajů

Medetone B.V.

Last updated: 12 January 2026

This Privacy Policy explains how Medetone B.V. collects, uses, shares, and protects personal data when you visit or use medetone.com, create an account, complete an online health assessment, communicate with us, or purchase services or products through our platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Dutch data protection and healthcare record-keeping requirements.

If you do not agree with this Privacy Policy, do not use our services.

 

1. Who we are

Data controller - Medetone B.V. is the data controller for the personal data described in this policy.

Company: Medetone B.V.

Website: www.medetone.com

Address: W.G. Plein, Amsterdam, 1054 SC, The Netherlands

Email: info@medetone.com

Data Protection Officer (DPO): Abdullah Sabyah

Address: W.G. Plein, Amsterdam, 1054 SC, The Netherlands

2. Scope and key terms

Personal data means any information relating to an identified or identifiable individual.

Health data and other special category data include information about health, genetics, and biometrics, which receive enhanced protection under the GDPR.

Where this policy refers to “services”, it includes online clinical assessment, prescribing-related services, customer support, delivery coordination, and related platform functions.

3. Personal data we collect

We collect personal data directly from you, automatically through your use of the website, and from certain third parties where permitted and necessary.

3.1 Information you provide to us

  • Identity and contact details: name, date of birth, address, email address, phone number.
  • Verification information: identity documents and related data where required to confirm identity or ensure safe supply.
  • Account information: login and account preferences.
  • Order information: items purchased, delivery information, order history.
  • Customer support communications: messages, emails, chat, or calls with our support team.

3.2 Health and clinical information

Health questionnaires and consultation data: symptoms, medical history, medication history, allergies, treatment history, and other information you choose to provide.

Clinical suitability information: information required to assess appropriateness and safety, including sex and relevant medical factors.

Laboratory or biomarker information: where you provide it or where it is clinically relevant to the service.

3.3 Payment and billing information

Billing details and payment-related information necessary to process transactions. Payments are processed by payment providers. We do not store full payment card details.

3.4 Website, device, and usage information

Technical identifiers: IP address, device type, browser type, operating system, and log data.

Usage data: pages visited, actions taken, referral sources, and general location derived from IP address.

Cookies and similar technologies: as described in our Cookie Policy.

4. Why we process personal data and our legal bases

We process personal data only where we have a lawful basis under the GDPR. Depending on the context, we rely on one or more of the following:

4.1 Performance of a contract

To create and manage your account, provide services you request, process orders, provide customer support, and deliver products.

4.2 Compliance with legal obligations

To meet pharmacy, healthcare, tax, accounting, and regulatory requirements, including record retention and responding to lawful requests by authorities.

4.3 Provision of healthcare and patient safety

To assess clinical suitability, support prescribing decisions, ensure safe supply, and provide healthcare-related services. We apply appropriate safeguards and restrict access to authorised personnel.

4.4 Legitimate interests

To secure and improve our platform, prevent fraud and misuse, manage service quality, develop analytics and reporting, and maintain business continuity. Where we rely on legitimate interests, we consider and balance any potential impact on your rights.

4.5 Consent

For certain cookies and for marketing communications where consent is required. You can withdraw consent at any time.

5. Special category data, confidentiality, and safeguards

Health, genetic, and biometric information is treated as special category data under the GDPR.

We process special category data only where permitted by law and where necessary for healthcare purposes, including clinical assessment and safe supply. Safeguards include:

  • Restricted access on a need-to-know basis
  • Role-based permissions
  • Confidentiality obligations for staff and clinical partners
  • Secure systems and controlled processing environments

6. Cookies and similar technologies

We use cookies and similar technologies to:

  • Operate core website functions
  • Maintain security and prevent abuse
  • Measure and improve performance
  • Understand how users interact with the website
  • Support marketing where permitted

You can manage cookies through the cookie banner and your browser settings. For details, see our Cookie Policy.

7. Marketing communications

If permitted, we may send you updates, offers, and information about our services.

You can opt out at any time by:

  1. Clicking the unsubscribe link in our emails
  2. Updating preferences in your account, where available
  3. Contacting us at info@medetone.com

We may still send non-marketing service communications that are necessary, such as order confirmations, account notices, or safety-related messages.

8. Who we share personal data with

We share personal data only where necessary for the purposes described in this policy and with appropriate safeguards. Categories of recipients may include:

8.1 Service providers

Technology, hosting, infrastructure, analytics, customer support, communication, payment processing, and delivery providers.

8.2 Clinical partners and authorised professionals

Clinicians and clinical partners involved in providing the services, where applicable.

8.3 Legal and regulatory recipients

Regulators, supervisory authorities, law enforcement, courts, or other public bodies where required or permitted by law.

8.4 Professional advisers

Auditors, insurers, banks, and professional advisers where necessary for compliance and business operations.

Our service providers are contractually required to protect personal data and to process it only on our instructions.

9. International transfers

Some service providers may process personal data outside the European Economic Area.

Where this occurs, we use GDPR-compliant safeguards, including Standard Contractual Clauses approved by the European Commission, and additional measures where required.

10. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, including to meet legal, regulatory, and professional obligations.

10.1 Account and transactional data

Retained while your account is active and for a period afterwards for support, audit, and compliance.

10.2 Medical and clinical records

Retained in line with applicable Dutch healthcare record retention requirements and professional standards.

10.3 Customer support and communications

Retained as necessary to handle queries, disputes, and complaints and to demonstrate compliance.

After applicable retention periods, we delete or anonymise data.

11. Data security

We implement appropriate technical and organisational security measures, including:

  • Encryption in transit (SSL/TLS)
  • Access controls and authentication mechanisms
  • Role-based access for sensitive data
  • Security monitoring and incident response procedures
  • Ongoing review and improvement of security controls

No security measure is perfect, but we take reasonable and proportionate steps to protect personal data.

12. Your rights

Subject to legal conditions and exceptions, you have the following rights under the GDPR:

  • Access to your personal data
  • Rectification of inaccurate or incomplete data
  • Erasure in certain circumstances
  • Restriction of processing
  • Data portability
  • Objection to processing, including direct marketing
  • Rights relating to automated decision-making, where applicable

To exercise your rights, contact info@medetone.com. We may request proof of identity to protect your data and prevent unauthorised access. We will respond within the timeframes required by law.

13. Complaints

If you have concerns about our use of your personal data, contact us first and we will work to resolve the issue.

You also have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. Where required, we will provide additional notice.

15. Contact

Medetone B.V.

W.G. Plein, Amsterdam, 1054 SC, The Netherlands

Email: info@medetone.com

Data Protection Officer: Abdullah Sabyah