Privacy Policy
Date: 23 September 2024
Version: v2.0
Who we are
The androiddev.tools service is owned by World Data Exchange B.V., Kvk No 88297772, Zuid-Hollandlaan 72596 AL Den Hagg (we, our, us).
We can be contacted in several ways:
By email to: privacy@worlddataexchange.com
In writing to:
Privacy Manager
World Data Exchange B.V.
C/- Spaces Rode Olifant
Zuid Hollandlaan 7
2596 AL Den Haag
Netherlands
Or contact us at www.androiddev.tools
What is the androiddev.tools service? Overview, background and context
The androiddev.tools App, web site and associated technology platforms (together referred to as the androiddev.tools service) are designed to operate within and support the MedMij digital health framework.
MedMij is the standard for the secure exchange of health data between healthcare providers and healthcare users in the Netherlands. The androiddev.tools service has been purpose-built to constitute a personal health environment (PGO) that operates within the MedMij framework.
The MedMij framework consists of technical, regulatory and standards-based requirements and safeguards to achieve MedMij’s objective of enabling individuals to securely and reliably exchange health data. Compliance with these, together with the sophisticated functionalities of the androiddev.tools service, enables that exchange of data. It also enables participating PGOs to use the MedMij label referred to later in this section.
As a PGO within the MedMij framework, the androiddev.tools service enables you to securely and privately connect to, access and obtain your personal health data from the health service providers who participate in the MedMij framework and to download your personal and health data to your individual encrypted cloud-based data vault.
Another of the androiddev.tools service’s functionalities is that it enables your connected personal health data from all of your participating health service providers to be viewed and managed in the one location, in near or real time, on your own personal computer or device.
All organisations that are accredited to provide technologies and services that comply with MedMij’s high standards are permitted to use the MedMij label, thus providing healthcare providers and users with the assurance that the service is reliable, safe and secure. Having passed all relevant MedMij functional accreditation, ISO and NEN 7510 security certification requirements, the androiddev.tools service has the right to use the MedMij label:
The MedMij framework operates against a legal and regulatory background that includes the General Data Protection Regulation (GDPR) which requires organisations to provide individuals with information about the control, processing, collection, use, disclosure and other handling of their personal data. This Privacy Policy is designed to comply with these requirements.
Our approach to data protection
Our approach to data protection is consistent with the requirements of Article 25 of the GDPR which requires that organisations that control and process personal data adopt a ‘data protection by design and by default’ approach. This includes technical and organisational measures that support this methodology.
These requirements are supplemented by the specific rules and norms established by MedMij under the MedMij Framework. These can be located at medmij.nl.
What personal data do we collect?
Essentially, the personal data collected by the androiddev.tools service falls into two broad categories:
• personal data we collect through or as part of the sign-up process; and
• the personal data (including sensitive health data) that you choose to download to the androiddev.tools service from the MedMij system
Creating an account and signing in
The first step in using the androiddev.tools service is to establish an account and to sign in to the service.
The androiddev.tools service can be accessed via two separate pathways – either through a personal computer-based web browser or through the androiddev.tools App downloaded onto your personal device such as a smart phone or tablet.
When you visit app.androiddev.tools directly or select ‘Launch app’ on the androiddev.tools web site you will be asked to establish an account or, if you already have an account, to login.
The personal data needed to establish your account and that we process is:
• your email address; and
• a mobile or other phone number capable of receiving an SMS message which is used to provide you with the one time, duration-limited, verification code required to complete the account creation and log in process.
It is optional for you to provide your name as part of the sign-up process.
Following this, you will be able to select a health service provider. Once selected, you will be automatically directed to MedMij. MedMij will then request you to authenticate yourself by providing your DigiD. When the authentication process is complete, MedMij will direct you back to your selected health service provider and you will be asked to consent to the androiddev.tools service accessing your personal and health data from that health service provider. The authentication process is operated and managed by MedMij and the DigiD service.
How the androiddev.tools service collects personal and sensitive data
The personal and health data that is collected in the androiddev.tools service is governed by:
• the rules and functionalities established for the MedMij framework by the MedMij foundation; and
• the functionalities established by the androiddev.tools service.
These rules and functionalities enable you to select the sources of your health data that you wish to access and to download these through the androiddev.tools service to a unique and encrypted data vault to which you hold the master access 256 bit encryption key that is linked to your account sign-in ID.
The decision about what types of personal and heath data is collected by the androiddev.tools service is determined by you. Personal and health data that is accessed, downloaded and stored in your own encrypted data vault is actioned at your direction and with your informed consent following verification of your account by the Netherlands DigID service.
We port and translate your personal and health data for you as part of the automated process of establishing your account.
Although the androiddev.tools service collects your personal and health data, as determined by you, we do not access it. Your data is encrypted in transit and at rest.
Processing: use and disclosure of personal data
The androiddev.tools service uses your log in details to establish, maintain and service your androiddev.tools account.
The androiddev.tools service does not disclose or access any of the personal and health data you choose to download to your encrypted data vault using the androiddev.tools service.
If a competent, legally authorised agency, such as a law enforcement or regulatory agency requires us to provide access to your androiddev.tools service account we will comply with that requirement as required by law. To the extent that we are permitted to do so we will take reasonable steps to notify you of any such requirement to enable you to contest or otherwise dispute such a requirement.
Your personal data vault is provided by a third-party cloud service provider, Microsoft Azure cloud services, under a service arrangement with us. Your personal and health data is encrypted in transit to it, within it and when accessed by you using your individual encryption/decryption key.
How does the androiddev.tools service store your personal and sensitive data?
As part of our privacy by design approach, we have adopted security by design to safeguard the security and integrity of your personal and health data. We, and our service providers, take all reasonable steps to protect your personal and health data from misuse, unauthorised access or disclosure. As required under the MedMij framework, the androiddev.tools service has been certified to comply with the NEN 7510-1:2017 security standard.
When you choose to download your health data it is automatically encrypted in transit. The data that you download or upload to the androiddev.tools service is encrypted using SSL (Secure Socket Layer) technology and in your personal digital data vault.
Other security measures that we employ include access controls, regular security audits and ongoing staff security training.
Data Localisation
The androiddev.tools service locates all your personal and health data on computing facilities and infrastructure located in the Netherlands.
Age restrictions
Under the rules adopted by the MedMij foundation, you must be sixteen years of age or older to participate in the PGO framework. This means that you must not use the androiddev.tools service unless you are sixteen or older.
Cookies
We only use cookies that enable us to ensure the functionality of the androiddev.tools service, including to enable you to sign-in correctly.
We do not use or deploy performance, functionality, targeting or advertising cookies.
What are your data protection rights?
Your data access rights
You may request that we provide you with access to the personal information we hold about you. To do so please contact us by email at privacy@worlddataexchange.com
Your right to rectification
You have the right to request us to rectify personal data we hold about you.
To do so please contact us by email at privacy@worlddataexchange.com
If you wish to rectify personal or health data you download from the health providers who participate in and hold your personal or health data under the MedMij framework, you must contact the health service provider to amend, correct, annotate or rectify the data in question in accordance with the relevant laws and regulatory processes of the Netherlands and any applicable clinical rules and norms.
Your right to erasure
The androiddev.tools service includes functionality that enables you to erase your personal data by deleting your account. You can delete your account by selecting “Delete my account” from the androiddev.tools main menu icon and following the instructions.
Your right to restriction of processing
We do not use, disclose or provide your personal data to any third party for reward or otherwise. We do not access your personal and health data for any purpose or reason unless we are compelled to do so by a law enforcement agency, regulatory authority or otherwise by a person or organisation that has the legal authority to do so.
Your right to data portability
You may request that we provide you with an accessible copy of the personal data we hold about you in a readily available format.
Such as request may be made by sending an email to us at privacy@worlddataexchange.com.
Amendments
We review this privacy policy from time to time to ensure that it remains accurate and up to date. If we amend this policy, we will provide you with prior notification and an explanation of the amendments.