Privacybeleid
Medetone B.V.
Last updated: 12 January 2026
This Privacy Policy explains how Medetone B.V. collects, uses, shares, and protects personal data when you visit or use medetone.com, create an account, complete an online health assessment, communicate with us, or purchase services or products through our platform.
We process personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Dutch data protection and healthcare record-keeping requirements.
If you do not agree with this Privacy Policy, do not use our services.
1. Who we are
Data controller - Medetone B.V. is the data controller for the personal data described in this policy.
Company: Medetone B.V.
Website: www.medetone.com
Address: W.G. Plein, Amsterdam, 1054 SC, The Netherlands
Email: info@medetone.com
Data Protection Officer (DPO): Abdullah Sabyah
Address: W.G. Plein, Amsterdam, 1054 SC, The Netherlands
2. Scope and key terms
Personal data means any information relating to an identified or identifiable individual.
Health data and other special category data include information about health, genetics, and biometrics, which receive enhanced protection under the GDPR.
Where this policy refers to “services”, it includes online clinical assessment, prescribing-related services, customer support, delivery coordination, and related platform functions.
3. Personal data we collect
We collect personal data directly from you, automatically through your use of the website, and from certain third parties where permitted and necessary.
3.1 Information you provide to us
- Identity and contact details: name, date of birth, address, email address, phone number.
- Verification information: identity documents and related data where required to confirm identity or ensure safe supply.
- Account information: login and account preferences.
- Order information: items purchased, delivery information, order history.
- Customer support communications: messages, emails, chat, or calls with our support team.
3.2 Health and clinical information
Health questionnaires and consultation data: symptoms, medical history, medication history, allergies, treatment history, and other information you choose to provide.
Clinical suitability information: information required to assess appropriateness and safety, including sex and relevant medical factors.
Laboratory or biomarker information: where you provide it or where it is clinically relevant to the service.
3.3 Payment and billing information
Billing details and payment-related information necessary to process transactions. Payments are processed by payment providers. We do not store full payment card details.
3.4 Website, device, and usage information
Technical identifiers: IP address, device type, browser type, operating system, and log data.
Usage data: pages visited, actions taken, referral sources, and general location derived from IP address.
Cookies and similar technologies: as described in our Cookie Policy.
4. Why we process personal data and our legal bases
We process personal data only where we have a lawful basis under the GDPR. Depending on the context, we rely on one or more of the following:
4.1 Performance of a contract
To create and manage your account, provide services you request, process orders, provide customer support, and deliver products.
4.2 Compliance with legal obligations
To meet pharmacy, healthcare, tax, accounting, and regulatory requirements, including record retention and responding to lawful requests by authorities.
4.3 Provision of healthcare and patient safety
To assess clinical suitability, support prescribing decisions, ensure safe supply, and provide healthcare-related services. We apply appropriate safeguards and restrict access to authorised personnel.
4.4 Legitimate interests
To secure and improve our platform, prevent fraud and misuse, manage service quality, develop analytics and reporting, and maintain business continuity. Where we rely on legitimate interests, we consider and balance any potential impact on your rights.
4.5 Consent
For certain cookies and for marketing communications where consent is required. You can withdraw consent at any time.
5. Special category data, confidentiality, and safeguards
Health, genetic, and biometric information is treated as special category data under the GDPR.
We process special category data only where permitted by law and where necessary for healthcare purposes, including clinical assessment and safe supply. Safeguards include:
- Restricted access on a need-to-know basis
- Role-based permissions
- Confidentiality obligations for staff and clinical partners
- Secure systems and controlled processing environments
6. Cookies and similar technologies
We use cookies and similar technologies to:
- Operate core website functions
- Maintain security and prevent abuse
- Measure and improve performance
- Understand how users interact with the website
- Support marketing where permitted
You can manage cookies through the cookie banner and your browser settings. For details, see our Cookie Policy.
7. Marketing communications
If permitted, we may send you updates, offers, and information about our services.
You can opt out at any time by:
- Clicking the unsubscribe link in our emails
- Updating preferences in your account, where available
- Contacting us at info@medetone.com
We may still send non-marketing service communications that are necessary, such as order confirmations, account notices, or safety-related messages.
8. Who we share personal data with
We share personal data only where necessary for the purposes described in this policy and with appropriate safeguards. Categories of recipients may include:
8.1 Service providers
Technology, hosting, infrastructure, analytics, customer support, communication, payment processing, and delivery providers.
8.2 Clinical partners and authorised professionals
Clinicians and clinical partners involved in providing the services, where applicable.
8.3 Legal and regulatory recipients
Regulators, supervisory authorities, law enforcement, courts, or other public bodies where required or permitted by law.
8.4 Professional advisers
Auditors, insurers, banks, and professional advisers where necessary for compliance and business operations.
Our service providers are contractually required to protect personal data and to process it only on our instructions.
9. International transfers
Some service providers may process personal data outside the European Economic Area.
Where this occurs, we use GDPR-compliant safeguards, including Standard Contractual Clauses approved by the European Commission, and additional measures where required.
10. Data retention
We retain personal data only as long as necessary for the purposes described in this policy, including to meet legal, regulatory, and professional obligations.
10.1 Account and transactional data
Retained while your account is active and for a period afterwards for support, audit, and compliance.
10.2 Medical and clinical records
Retained in line with applicable Dutch healthcare record retention requirements and professional standards.
10.3 Customer support and communications
Retained as necessary to handle queries, disputes, and complaints and to demonstrate compliance.
After applicable retention periods, we delete or anonymise data.
11. Data security
We implement appropriate technical and organisational security measures, including:
- Encryption in transit (SSL/TLS)
- Access controls and authentication mechanisms
- Role-based access for sensitive data
- Security monitoring and incident response procedures
- Ongoing review and improvement of security controls
No security measure is perfect, but we take reasonable and proportionate steps to protect personal data.
12. Your rights
Subject to legal conditions and exceptions, you have the following rights under the GDPR:
- Access to your personal data
- Rectification of inaccurate or incomplete data
- Erasure in certain circumstances
- Restriction of processing
- Data portability
- Objection to processing, including direct marketing
- Rights relating to automated decision-making, where applicable
To exercise your rights, contact info@medetone.com. We may request proof of identity to protect your data and prevent unauthorised access. We will respond within the timeframes required by law.
13. Complaints
If you have concerns about our use of your personal data, contact us first and we will work to resolve the issue.
You also have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. Where required, we will provide additional notice.
15. Contact
Medetone B.V.
W.G. Plein, Amsterdam, 1054 SC, The Netherlands
Email: info@medetone.com
Data Protection Officer: Abdullah Sabyah