SmartMed takes the security and protection of personal data seriously. In this privacy statement, we will let you know how we handle your data and what rights you have. The personal data you provide to us will be carefully handled and secured in accordance with the General Data Protection Regulation (hereinafter: AVG). This privacy statement focuses on the processing of personal data for which we are ultimately responsible (Processor within the meaning of the AVG)

In our role as a service provider for our clients, we may be involved in the processing of both personal data and medical patient data, as entered by our clients, for which our clients are also ultimately responsible. SmartMed itself does nothing on its own initiative with this medical patient data, it is merely a "conduit" of the data. If you would like to know how we handle your personal data, please contact us. For specific questions about medical patient data, please refer to the appropriate client.

SmartMed is ISO2007 and NEN7510 certified, security standards in healthcare.

Who are we?

SmartMed (hereinafter also referred to as we or us), is responsible for the processing of personal data as reflected in this privacy statement. By SmartMed, we mean the legal entity SmartMed Holding B.V. and all companies under it. SmartMed's contact details can be found at the bottom of this statement.

From whom do we collect data and for what purpose?

We collect data from individuals in the following categories:

  • Business partners (including employees of current and potential customers, partners, suppliers and subcontractors): We collect your personal data if you are a contact for at least one of our business partners. We do this for the execution of the agreed cooperation and/or service provision and to provide each other with the best possible service in the process.
  • Personnel: As an employer, we collect the personal data of our employees. We do this for the performance of the employment contract, the legal obligations arising from it, and for the continued operation of our organization.
  • Candidates: If you have applied for one of our vacancies, or we have approached you to do so, we collect the personal data provided with your consent. We do this to assess whether you are or could be the right person to fill the vacancy and to contact you about it.‍
  • Visitors to our website: If you are a visitor to our websites and would like to sign up for an event and/or newsletter, or would like us to contact you, please leave your personal information.

We collect your information so we can keep in touch with you if you wish.

What data do we collect from you?

The data we process from our (potential) business partners is limited to name, position and (business) contact information.

If you are a job applicant, we process only the personal data necessary to assess whether you are or could be the right person to fill the vacancy and to contact you about it. For example:

Name information, gender, date of birth, e-mail address, telephone number, availability, resume, education and skills, diplomas, certificates, work history, cover letter, mobility, (salary) grading, references from previous employers, assessment report, (interview) interview notes and progress report of applications/mediation.

When entering into an employment contract, we additionally record the following data:

Nationality, BSN, copy ID card, visas, work permits, marital status, partner's name, emergency contact information, bank account number, salary (slips), certificate of good conduct, non-disclosure statements, ancillary positions, benefits, subsidies, premium discounts, wage garnishments, lease car, absence records and other data related to personnel, salary and absence records.

When entering into an assignment contract, we process the following data:

Company name, Chamber of Commerce number, bank account number, expiration date and document number ID card, VAT number and certificate of good conduct.

On what legal grounds do we process your data?

We process your data because we need it to enter into or perform a contract with you or your employer, because we are required to do so by law, have given your consent, or because we (or a third party) have a legitimate interest in doing so (which is consistent with the purposes for which we process personal data).

Provision of data to third parties

SmartMed works with companies that help us do business. In some cases, these companies have access to some of your personal information so that they can provide services to you on our behalf. They may not use your information for their own purposes. We enter into a processor agreement with companies that process your information on our behalf to ensure the same level of security and confidentiality of your information. SmartMed remains responsible for this processing.

Third party websites

SmartMed is in no way responsible for the privacy and cookie policies of websites linked to this website through links. We strongly encourage you to read the privacy and cookie policies of these websites before using them.

Use of data in our products for healthcare professionals

To optimize SmartMed's products, we process information about the use of the software. Understanding how you use the software helps us make the right improvements in the right places. When you use SmartMed's products, we collect some data from you. These include a pseudonymized user ID, your username and password. This includes a pseudonymized user ID, your user discipline, your global location based on ip address and the pages you visit within SmartMed's products.

We only use this data to optimize the software of our products. Personal data stored in SmartMed databases, such as patient data or other data you enter in SmartMed's products, is not processed by SmartMed as a data controller to optimize SmartMed's software products.

However, SmartMed may process this data on behalf of the healthcare institution, for example as a processor. This is then done under the terms of the processor agreement that SmartMed has agreed with the relevant healthcare institution (processors).

Use of data in our patient app

This Pharmacy forYou mobile application (the "App") is provided to you by the participating pharmacy that you have or will link to your App account. The App allows you to use various services. To access these services, you create an App account and link this account to the pharmacy where you are also registered as a patient. When creating an account, we ask that you use the email address known and verified by your pharmacy. In addition, we will ask you for your Citizen Service Number on behalf of your pharmacy so that the pharmacy can determine if you are actually registered in their records.

Use of cookies

Like most websites and applications, we use cookies and similar technologies to ensure that our websites and applications work properly and to learn more about our users and their likely interests. A cookie is a simple small file sent with pages from this website and stored by your browser on your computer's hard drive. We use cookies with a purely technical functionality. We also place cookies that track your browsing behavior so that we can offer customized content. During your first visit to our website, we have already informed you about these cookies and asked your permission to place them. You can opt out of cookies by setting your Internet browser to no longer store cookies. In addition, you can also delete previously stored information through your browser settings. For an explanation, see https://veiliginternetten.nl/themes/situatie/cookies-wat-zijn-het-en-wat-doe-ik-ermee/

Data storage and security

The data we collect is stored on servers of the parties we engage. Naturally, we ensure that the data is adequately secured. The security measures are reviewed annually by an external auditor.

We make written agreements with parties involved in processing so that data is protected at all times.

Will my data be transferred to parties outside the EEA?

We do not actively transfer your data to external parties outside the EEA. All personal data is stored within the EEA. However, we use some applications whose technical support is located outside the EEA. To the extent that such technical support could reveal personal data, the data is protected by the fact that we only do business with parties certified under the EU-US Privacy Shield.

How long do we keep your data?

We do not retain your personal information longer than necessary. We use the following retention periods, as applicable:

If you are a contact person of our business relationship, we will keep your data as long as you work for our business relationship or as long as it is subject to a legal retention obligation.

After the expiration of the specified retention period, upon withdrawal of your consent or in response to a successful request for deletion of your data, we will delete your personal data from our systems.

If you apply for one of our open positions, or we approach you and you agree, we will retain your data for no longer than 4 weeks after the completion of the application process. Possibly, with your consent, we will keep your data for possible future vacancies. We will keep them no longer than 1 year unless you give us your consent again. Of course, you can withdraw this consent at any time.

If you work or have worked for us, we will keep your data for a maximum of 2, 5 or 7 years, depending on whether and if so which legal retention period applies, unless we have a legitimate interest in keeping certain data longer.

What rights do you have regarding your personal data?

You have the right to access, correct or delete your personal data. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by SmartMed and you have the right to data portability. This means that you can submit a request to us to send the personal data we hold about you in a computer file to you or another organization named by you.

You may send a request to inspect, correct, delete, transfer your personal data or request the revocation of your consent or objection to the processing of your personal data to info@smartmed.world. To ensure that the request for inspection is made by you, we ask that you send a copy of your proof of identity with the request. In this copy, black out the passport photo, MRZ (machine readable zone, the strip of numbers at the bottom of the passport), passport number and Citizen Service Number (BSN). This is to protect your privacy.

We will respond to your request as soon as possible, but within four weeks. We would also like to point out that you have the possibility to file a complaint with the national regulator, the Authority for Personal Data. This can be done via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons

In some cases we may refuse your request, for example if you ask us to delete your data, but we need it for tax reasons or as evidence in complaints. If this is the case, you will hear from us as soon as possible.


We take the protection of your data seriously and therefore also take appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. We have also agreed with processors and external parties who process personal data on our behalf that they will provide optimal security for personal data. If you have the impression that your data is not properly secured or there are indications of abuse, please contact us at info@smartmed.world.

Data incident reporting

If you suspect that a breach or possible breach of personal data security has occurred, report it immediately at info@smartmed.world.

Changes to this privacy statement

SmartMed reserves the right to make changes to this privacy statement. Therefore, please note that this privacy statement may be changed from time to time. Each version of this privacy statement can be identified by the date and version at the end of this document. We also archive all previous versions of this privacy statement in case you need an earlier version.

Questions, comments or complaints?

For questions, comments or complaints about how we handle your personal information or about this privacy statement, please contact us by mail, email or phone using the contact information below.


Spruce Hill 36

3708 JE Zeist

+31 85 1300 929


Responsible supervisory authority

Personal Data Authority

P.O. Box 93374

2509 AJ DEN HAAG (by appointment only)

Bezuidenhoutseweg 30


Version: 2.0 Date: 22.09.2023

When "Accept," there is an agreement that SmartMed stores cookies that personalize, analyze and market the website.