Last updated on August 16, 2021.
Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:
Obviously, we may not request or use your personal data without good reason. We are allowed to do this only if the processing of personal data is based on one of the ‘grounds’ permitted by law. This means that we may only use your personal data for one or more of the following reasons:
We need your personal data for concluding and performing a contract you have entered into with us in your own name or as a representative of a company.
b. Legal obligation
The law may lay down rules that we have to comply with and which would involve processing your personal data (example, employment and tax legislation).
c. Our legitimate interest
We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. Here are a few examples of when this might happen:
Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it. We use your personal data to help make our services as effective, reliable and efficient as possible. We only use your personal data for business purposes such as:
To offer you the best possible services and remain competitive in our business, we share certain data internally within MCR and externally with third parties.
a. MCR entities
We transfer data across MCR businesses for various purposes. We may do this for internal administrative purposes, to improve our services to you, or because we are required to do so by law.
b. Government, Supervisory and Judicial authorities
To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities.
c. Financial institutions
To process certain payments, we may have to share information about you with our banks.
d. Service providers
When we use other service providers to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. We carefully select these service providers and clearly agree with them on how they are to handle your personal data. We remain responsible for your personal data. Sometimes we engage other parties that also provide services, such as lawyers or auditors. These parties bear their own responsibility for their use of your personal data.
Your personal data is processed outside Europe too. Additional rules apply in that case. This is because not all countries have the same strict data protection rules as we do in Europe. MediCapital Rent has a system of contracts, rules and tools, in an effort to ensure effective levels of data protection.
a. Sharing personal data within our group
We may share your personal data outside Europe within our group. If you require further information on this, please contact us on firstname.lastname@example.org.
b. Sharing personal data with other service providers
We may occasionally share your personal data with other companies or organisations outside Europe, for instance in the context of an outsourcing agreement.If you require further information on this please contact us on email@example.com.
We keep personal data for as long as is necessary to achieve the purposes for which it has been collected. The General Data Protection Regulation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however, which we must comply with. Such legislation includes the general requirement for businesses to keep records, as set out in the Dutch Civil Code and tax laws.
Client data may be kept longer for various reasons, such as for risk management purposes, for security reasons or so that claims, investigations or legal proceedings can be handled properly.
When you visit our websites, your data is collected and stored using cookies.
Necessary, marketing and statistics cookies are used on medicapitalrent.com and portal.medicapitalrent.com and only necessary cookies are used on centrix.medicapitalrent.com.
You do not have to accept cookies, but if you opt to turn off or delete cookies generated via our websites, it may not perform as it has been designed to, possibly reducing the functionality on our websites, the options available to you, as well as the performance of our websites during your visit. All modern browsers allow you to change your cookie settings. These settings will typically be found in the ‘options’ or ‘preferences’ menu of your browser.
If your personal data is processed, you have privacy rights. If you have questions about which rights apply to you, please get in touch with us through the email address under the heading “Contact and questions” below.
a. Right to access information
You have the right to ask us for an overview of your personal data that we process.
b. Right to rectification
If your personal data is incorrect, you have the right ask us to rectify it. If we shared data about you with a third party and that data is later corrected, we will also notify that party accordingly.
c. Right to object to processing
You can object to us using your personal data for our own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data.
You may not object to us processing your personal data if:
d. Right to restrict processing
You have the right to ask us to restrict using your personal data on a temporary basis if:
e. Right to data portability
You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, and based on applicable local law, we will transfer your personal data.
f. Right to erasure
We are legally obliged to keep your personal data. You may ask us to erase your online personal data and right to be forgotten would be applicable if:
g. Right to complain
Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us at the email address under the heading “Contact and questions” below. You also have the right to file your complaint with the Dutch Data Protection Authority, https://autoriteitpersoonsgegevens.nl.
When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity. In some cases we may deny your request and, if permitted by law, we will notify you of the reason for denial. If permitted by law, we may charge a reasonable fee for processing your request.
We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time (than what is normally permitted by law) to complete your request, we will notify you immediately and provide reasons for the delay.
To ensure the security and confidentiality of the personal data that we collect, we take appropriate technical and organisational measures (we use data networks protected by, inter alia, industry standard firewall and password protection; we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction).
In addition, our employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.