GDPR Statement

GDPR Statement

Updated: 17 March 2022

We are aware that sensitive personal data, including that of a medical nature, is collected in the NiceDay app. The GDPR imposes strict requirements on the processing of such personal data, for example regarding security. NiceDay has taken appropriate measures to protect the personal data and keeps these measures up to date from time to time. On this page we inform you about these measures and other details about how we handle personal data. For our full privacy statement, click here.

Basic Principles GDPR

The General Data Protection Regulation came into effect in 2018. This law regulates at European level how the privacy of data subjects is protected when processing personal data.

Any processing of personal data must in any case comply with the principles of lawfulness, fairness and transparency. The controller is responsible for compliance with the law, together with any processors.

When NiceDay is used in the context of a medical treatment agreement by a healthcare provider, or by an employer in the context of an employment contract, NiceDay is regarded as the processor. The controller is the party who has agreed with us to use the application. After all, that party determines the purpose of the application’s deployment.

For private individuals who wish to use the NiceDay app on their own initiative, NiceDay is the controller.

What does NiceDay do to protect your personal data?

Processing agreements

NiceDay enters into processor agreements, based on a model that is common in the healthcare sector, with the controllers (if applicable) and with the (sub)processors engaged by NiceDay.

You can see the list of our current (sub)processors here sub-processors

Privacy declaration

We try to be as transparent as possible about the use of personal data. We have drawn up a privacy statement for this, which you can read here. Among other things, it deals with how a data subject can exercise his or her rights under the GDPR, such as access or deletion, in the event that NiceDay is the controller.

Security measures

NiceDay takes appropriate technical and organisational measures with regard to the processing of personal data to be carried out, against loss or against any form of unlawful processing (such as unauthorised access, damage, modification or provision of the personal data). This means that NiceDay uses a combination of, among other things, firewalls, encryption and authentication procedures to secure personal data and protect user accounts and systems from unauthorised access.

NiceDay has taken at least the following technical measures.