Privacy Policy

Last updated on August 16, 2021.


This is the Privacy Policy of MediCapital Rent (“MCR”, “we”, “us” and “our”), and it applies to us as long as we process personal data that belongs to individuals described below (“you”). We process personal information in accordance with the European General Data Protection Regulation (“GDPR”).

1. Purpose and scope of this Privacy Policy

We understand that your personal data is important for you. This Privacy Policy explains in a simple and transparent way what personal data we collect, record, store, use and process and how.

This Privacy Policy applies to:

2. The types of personal data we process

Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:

3. On what legal ground do we process your personal data?

Obviously, we may not request or use your personal data without good reason. We are allowed to do this only if the processing of personal data is based on one of the ‘grounds’ permitted by law. This means that we may only use your personal data for one or more of the following reasons:

a. Contract

We need your personal data for concluding and performing a contract you have entered into with us in your own name or as a representative of a company.

b. Legal obligation

The law may lay down rules that we have to comply with and which would involve processing your personal data (example, employment and tax legislation).

c. Our legitimate interest

We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. Here are a few examples of when this might happen:

4. What we do with your personal data

Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it. We use your personal data to help make our services as effective, reliable and efficient as possible. We only use your personal data for business purposes such as:

5. Who we share your data with and why

To offer you the best possible services and remain competitive in our business, we share certain data internally within MCR and externally with third parties.

a. MCR entities

We transfer data across MCR businesses for various purposes. We may do this for internal administrative purposes, to improve our services to you, or because we are required to do so by law.

b. Government, Supervisory and Judicial authorities

To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities.

c. Financial institutions

To process certain payments, we may have to share information about you with our banks.

d. Service providers

When we use other service providers to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. We carefully select these service providers and clearly agree with them on how they are to handle your personal data. We remain responsible for your personal data. Sometimes we engage other parties that also provide services, such as lawyers or auditors. These parties bear their own responsibility for their use of your personal data.

6. Your personal data outside Europe

Your personal data is processed outside Europe too. Additional rules apply in that case. This is because not all countries have the same strict data protection rules as we do in Europe. MediCapital Rent has a system of contracts, rules and tools, in an effort to ensure effective levels of data protection.

a. Sharing personal data within our group

We may share your personal data outside Europe within our group. If you require further information on this, please contact us on

b. Sharing personal data with other service providers

We may occasionally share your personal data with other companies or organisations outside Europe, for instance in the context of an outsourcing agreement.If you require further information on this please contact us on

7. How do we determine the period for which your personal data is stored?

We keep personal data for as long as is necessary to achieve the purposes for which it has been collected. The General Data Protection Regulation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however, which we must comply with. Such legislation includes the general requirement for businesses to keep records, as set out in the Dutch Civil Code and tax laws.

Client data may be kept longer for various reasons, such as for risk management purposes, for security reasons or so that claims, investigations or legal proceedings can be handled properly.

8. Cookies

When you visit our websites, your data is collected and stored using cookies.

Cookies are small information files that are saved onto the device you use to visit our websites, such as a computer, smartphone, tablet or smartwatch. When we use the term “cookies” in this document, we also mean it to include similar technologies, such as JavaScripts and web beacons

Necessary, marketing and statistics cookies are used on and and only necessary cookies are used on

You do not have to accept cookies, but if you opt to turn off or delete cookies generated via our websites, it may not perform as it has been designed to, possibly reducing the functionality on our websites, the options available to you, as well as the performance of our websites during your visit. All modern browsers allow you to change your cookie settings. These settings will typically be found in the ‘options’ or ‘preferences’ menu of your browser.

9. Your rights and how we respect them

If your personal data is processed, you have privacy rights. If you have questions about which rights apply to you, please get in touch with us through the email address under the heading “Contact and questions” below.

a. Right to access information

You have the right to ask us for an overview of your personal data that we process.

b. Right to rectification

If your personal data is incorrect, you have the right ask us to rectify it. If we shared data about you with a third party and that data is later corrected, we will also notify that party accordingly.

c. Right to object to processing

You can object to us using your personal data for our own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data.

You may not object to us processing your personal data if:

d. Right to restrict processing

You have the right to ask us to restrict using your personal data on a temporary basis if:

e. Right to data portability

You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, and based on applicable local law, we will transfer your personal data.

f. Right to erasure

We are legally obliged to keep your personal data. You may ask us to erase your online personal data and right to be forgotten would be applicable if:

g. Right to complain

Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us at the email address under the heading “Contact and questions” below. You also have the right to file your complaint with the Dutch Data Protection Authority,

10. Exercising your rights

When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity. In some cases we may deny your request and, if permitted by law, we will notify you of the reason for denial. If permitted by law, we may charge a reasonable fee for processing your request.

We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time (than what is normally permitted by law) to complete your request, we will notify you immediately and provide reasons for the delay.

11. How we protect your personal data

To ensure the security and confidentiality of the personal data that we collect, we take appropriate technical and organisational measures (we use data networks protected by, inter alia,  industry standard firewall and password protection; we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction).

In addition, our employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.

12. Changes to this Privacy Policy

We may amend this Privacy Policy to remain compliant with any changes in law and/or to reflect how our business processes personal data. We will publish the up-to-date version of the Privacy Policy on our websites.

13. Contact and questions

If you have any queries or complaints about our compliance with this Privacy Policy, or if you would like to make any recommendations or comments to improve the quality of our Privacy Policy, please email us at