Transparency Statement (privacy statement)

What?
Quli bv is a social enterprise 'by and for care' and realizes digital forms of support to put people first in their personal care network. We develop Quli as a public platform and personal health environment (PGO) and scale up the use for the support of vulnerable people in particular, focusing on:

  • Maintaining or increasing autonomy, self-reliance and cooperation;
  • Improving the quality and safety of care and life;
  • Reduction of costs for people, their network and healthcare provision.
We always do this for the same purpose, namely to improve the quality of people's lives in terms of vitality/health, disability/illness and old age. The use of the Quli platform by people under the age of 16 is permitted, provided permission has been granted by the parents or custodian. In welfare and care, the handling of medical and other healthcare information and privacy is a sensitive and unruly subject. On the one hand, people have the right to digitally access and copy their healthcare data and to determine who may use what information relating to them and for what purposes. These data are called 'personal data'. On the other hand, care providers have various obligations under laws and regulations with regard to the handling of data, such as exchanging, storing and safekeeping data. In addition, care providers have a duty of confidentiality. How the different rights and obligations relate to each other is not easy and there is no unequivocal answer. Quli B.V. assumes that one of the basic principles is to inform you as an End User of the Quli platform as well and as completely as possible about who uses what data and for what purpose and to whom the user can contact in the event of questions. This Transparency Statement (which we deem to be more extensive than a Privacy Statement) is therefore primarily intended to inform you about us, our objectives, the set-up of the Quli platform and the method of processing personal data. We want to provide clarity about the rights, duties and responsibilities of the parties, including the user. Starting points therein are the highest possible level self-determination for people and transparency.

Who?
The provider of the Quli platform is Quli B.V. headquartered in Ede, the Netherlands, email: info@quli.nl. Quli is developed in Groningen and our service desk is located in Haaksbergen. The Quli platform runs on servers located in the Netherlands and it is managed by a Dutch partner (supplier of Quli B.V.). Quli B.V. cooperates with care organizations and other suppliers to develop, integrate/link and enable the use of additional functionality and data. We refer to this as Care Applications.

Objectives
When handling personal data, the purpose for which data are being registered, provided and/or processed is always key. The provider of the application must inform you clearly and fully about the purpose of processing. This provider may not do more with the data than for which it received the data or for the purpose for which they were obtained. The responsibility for this lies entirely with the relevant provider. Quli B.V. has no facilities available to monitor the use of the Quli platform and the Care applications in terms of content. If Quli B.V were to have access to personal data, it will not make it available to third parties without the permission of the person to whom the data relates, unless it is legally obliged to do so.

How?
We distinguish between two categories of personal data. 1. The first category concerns the (medical/care-related) personal data that we have received from you. Examples thereof include your name and telephone number. These data are relatively not privacy-sensitive. This in contrast to any documents that you keep in your personal file, which can be sensitive. 2. The second category concerns data that you exchange via Quli with care providers from whom you or your loved ones purchase/receive services. If it concerns data from the first category, Quli B.V. deems itself a "controller" within the meaning of the General Data Protection Regulation or GDPR. The purpose of processing is to store and process data on your behalf. If you want to share data with care providers, we ensure that this care provider only has access to data with regard to which you have indicated that this particular care provider may access these. You can withdraw this permission through Quli as well. In that case, we in our turn ensure that this care provider no longer has access to data. Because we consider Quli B.V. to be a controller, we have registered with the Dutch Data Protection Authority (Dutch DPA). If it concerns personal data from the second category, Quli B.V. is primarily the provider of the Quli platform. It is not responsible for the information that is offered, stored and processed via the applications. The responsible party is the care provider whose application is used. After all, you have a direct relationship with that care provider (for example, a medical treatment agreement or a care agreement). Quli B.V. does not determine the purposes and means of processing your data for that second category and is therefore, in principle, not a "controller" for that category of personal data within the meaning of the GDPR. However, Quli B.V. can be deemed a "processor" within the meaning of the GDPR. That is why we enter into agreements with affiliated care providers about how we process personal data on their behalf. These agreements are laid down in a Processing Agreement which is supplementary to the General Terms and Conditions applicable at Quli B.V. and to the Agreements that we conclude with care providers. In some cases, we conclude specific Processing Agreements with care providers if the general Processing Agreement does not suffice. You are at all times responsible for adequately protecting your devices, such as your computer, tablet or smartphone. Quli is hosted by a Dutch partner of Quli: Proteon Communication Builders b.v. with "Firelay Cloudsolutions for Liferay". The servers and data are located in the Netherlands. The set-up of the Quli platform and the servers on which Quli is hosted meet the highest possible security requirements. These are regularly assessed by external experts. Specific agreements have been made in the agreement between Quli B.V. and the hosting party regarding the protection of personal data, security and continuity. We prefer to use two-factor authentication when logging in to the Quli platform. Some care organizations require this. In those cases, we configure Quli so that you can only access data in this way. This is authentication where you have to enter something that only you know, in this case, your username and password, and something that only you have, in this case, your mobile phone, to which we send a code which you must enter. In the future, we may introduce two-factor authentication methods other than those referred to above. In case you require more information about the security of Quli, please contact: Fg@quli.nl. We will answer your questions within four weeks.

What data?
We do not process any personal data other than the data we have obtained from the care provider or from you. This concerns basic data such as your name, address and telephone number, or more sensitive data, such as documents that you keep in your personal file. In addition, we keep track of technical traffic data. This mainly involves IP numbers. IP numbers are unique addresses that are linked to an Internet user. We keep these data in order to be able to trace acts contrary to the law, after the acts have been committed and after we have been notified of those offenses, so that we can hand over these data to the competent investigative authorities, subject to an express request to that end. It is possible that application providers process data other than we process. We recommend that you carefully read the (privacy) conditions of a provider of an application so that you know what data of yours that provider processes before you start using the application. Quli uses anonymized data to gain insight into the use of the service in order to be able to analyze the use, usability and/or the necessity for new functionality. Quli collects data about the use by professionals that can be shared with the care organization to which the professional is affiliated. In some cases, these data can be traced back to individual professionals. The care organization uses these data for training purposes, improving (work) processes and evaluating the use of e-health. 6.4 Quli logs activities of user and professionals with the aim of being able to subsequently demonstrate which practitioner or user has used a certain functionality within the framework of data breaches and/or computer crime and at what time. The logging of this information cannot be disabled.

Rights and obligations
As stated before, you are, in principle, entitled to decide for yourself who can use what information of yours and for what purposes. You can also add and remove data yourself. It is, in fact, the objective of Quli B.V. and the providers of the applications to allow you to exercise as many of these rights yourself. On the other hand, the providers of the applications offered on the Quli platform must store or exchange certain data of you. The scope of this Transparency Statement is too limited to discuss this in detail. Besides, it is the provider of the specific application that must comply with these rules first and foremost. This provider does have some room for manoeuvre in all this. If you have any questions about this, please send an email to the provider of the application or, alternatively, to FG@quli.nl; we will then forward this mail to the provider of the application.

Quli for profit and non-profit organizations
Quli is free for members of the public. If you use Quli as a profit or non-profit organization, you are required to purchase a subscription. Individual professionals, such as family physicians working solo, are exempt from paying subscription fees. You can request more information about this at Quli B.V.

Cookies
Cookies are small text files that are placed on your computer or device (such as a tablet) by the website, via the browser. Cookies that we place will never contain any personal data. The cookies that we place are functional cookies and non-functional cookies. Functional cookies are placed to increase user convenience. For example, a cookie can remember whether someone is logged in. The legislator has determined that website owners must request permission for placing non-functional cookies.

Contact
For questions and comments about Quli, you can contact: Quli B.V. info@quli.nl. For questions and comments about one or more applications and data processing, you can contact the provider of the relevant application or the relevant organization. For questions about information security and the allocation of responsibilities with regard to technical provisions, please contact info@quli.nl.

Changes
We may adjust this Transparency Statement periodically. When doing so, we will, of course, uphold your rights as much as possible. If the Transparency Statement implies a "deterioration" of your rights, we will notify you timely in advance before the Transparency Statement enters into force, so that you can stop using Quli if you do not agree with the changes.

Disclaimer
Quli B.V. makes this platform exclusively available in its capacity of a facilitator and, for that reason, it cannot guarantee the usability, reliability or accessibility of the platform or the applications. Offering applications and use of the functionality and/or applications offered is entirely at your own risk. Any liability of Quli B.V. and of (legal) persons associated with Quli B.V. is excluded, with the exception of damage or loss caused by intent or deliberate recklessness on the part of Quli B.V. Quli B.V., Ede, August 2019