Privacy Policy

1. Information We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, date of birth, gender, patient ID
• Contact Data: Email address, phone number, postal address
• Health Data: Medical history, treatment records, genetic information, biometric data (special category data under GDPR)
• Technical Data: IP address, browser type, device information, cookies
• Usage Data: How you interact with our website and services
• Communication Data: Your preferences and correspondence with us

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: For processing health data and genetic information (Article 9(2)(a) GDPR)
• Contract: To provide our cellular therapy services
• Legal Obligation: To comply with healthcare regulations and tax laws
• Vital Interests: In medical emergency situations
• Legitimate Interests: For research purposes (with appropriate safeguards)

3. How We Use Your Information

We use your personal data for:

• Providing cellular therapy treatments and medical services
• Managing your patient account and treatment records
• Communicating about your treatment and care
• Processing payments and insurance claims
• Conducting scientific research (with explicit consent)
• Complying with legal and regulatory requirements
• Improving our services and treatment protocols

4. Special Category Data (Health Information)

Processing of your health, genetic, and biometric data requires additional safeguards:

• Explicit consent obtained before any processing
• End-to-end encryption for all health data
• Access limited to authorized healthcare professionals
• Regular security audits and assessments
• Data minimization principles strictly applied

5. Data Sharing and International Transfers

We may share your data with:

• Healthcare providers involved in your treatment
• Laboratory partners (under strict data processing agreements)
• Regulatory authorities when required by law
• Insurance providers (with your consent)

For transfers outside the EU/EEA, we ensure appropriate safeguards through: Standard Contractual Clauses (SCCs), adequacy decisions, or your explicit consent.

6. Data Retention

We retain your personal data for:

• Medical records: 20 years after last treatment (Dutch law requirement)
• Financial records: 7 years (tax law requirement)
• Research data: Duration of study plus 15 years
• Marketing communications: Until you unsubscribe

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion (subject to legal retention requirements)
• Right to Restriction: Limit processing of your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact our Data Protection Officer at dpo@celljevity.life.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Essential cookies: Required for website functionality
• Analytics cookies: To understand website usage (with consent)
• Marketing cookies: For relevant advertising (with consent)

You can manage cookie preferences through our cookie banner or browser settings.

9. Data Security

We implement appropriate technical and organizational measures:

• ISO 27001 certified information security management
• End-to-end encryption for health data
• Regular security audits and penetration testing
• Staff training on data protection
• Incident response procedures

10. Children's Privacy

For patients under 16, we require parental consent for processing personal data. Parents/guardians can exercise rights on behalf of their children.

11. Automated Decision-Making

We do not use fully automated decision-making for treatment decisions. Any algorithmic analysis of your health data is reviewed by qualified healthcare professionals.

12. Complaints

If you have concerns about our data processing, you can:

• Contact our Data Protection Officer: dpo@celljevity.life
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl

13. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or website notice.