Your privacy is extremely important to NiceDay Healthcare Nederland B.V. (hereinafter: NiceDay Healthcare Netherlands / NiceDay). We therefore adhere to the relevant laws and regulations on privacy, including the General Data Protection Regulation (hereinafter: GDPR).

This means that we:

• Clearly record our purposes before we process your personal data, through this privacy and cookie statement;
• Store as little personal data as possible and only the data that is necessary for our purposes;
• Request explicit permission for the processing of your personal data, if permission is required;
• Take necessary security measures to protect your personal information. We also impose these obligations on parties that process personal data for us;
• Respect your rights, such as the right to view, correct or delete your personal data processed by us.

This privacy statement applies to the processing of data for which NiceDay is responsible. This is the case for the data that we collect from you, when you use the application without a referral letter and possibly the services of our own professionals. For the processing of the personal data that we obtain from you in this way, we determine the purpose and the means. This means that we are your point of contact for these data processing operations.

If your practitioner uses our application for your treatment and you therefore use our application with a referral letter, your practitioner is the controller for your data. In this case, we refer you for questions about the handling of your personal data to the privacy statement of the relevant practitioner.

Processing of personal data

In this privacy statement, we explain what we do at NiceDay with information we learn about you when you use our application. Below is indicated per subject which data we obtain from you and how long we keep this data, for what purpose this is done and on what basis. For a more detailed explanation of what we at NiceDay do with your personal data and what data we collect from you, when you visit our website, please refer to the privacy and cookie statement on our website niceday.app, nicedaycoaching.app and nicedaynederland.nl. If you have any questions or would like to know exactly what we have stored about you, please contact us using the details at the bottom of this statement.

What personal data does NiceDay collect from you and for what purposes?

NiceDay will only process your personal data in accordance with the GDPR. NiceDay processes your personal data for the following purposes:

Download our application

To use our services, you must download our application. You can do this via the App Store or Google Play. We have no influence on which personal data the provider (Apple or Google) processes and for what purpose. We recommend that you read the relevant privacy statements of the respective provider.

Registration application

If you wish to use our application, you must first register for a NiceDay user account. We will then create an account for you, on which you can log in with your email address and password of your choice.

To create an account for you, we use your:

• first and last name;
• email address;
• self-chosen password;
• IP address.

We process this personal data to be able to execute the agreement we enter into with you. We keep this information until you cancel the account.

You are responsible for the security of your login name and password. If you believe that your credentials have become known to a third party, you should change your password immediately. We are not responsible if someone else gains access to your account with your login details or through a violation of the terms and conditions or this privacy policy.

Your account

By logging into your account you will have professional help wherever and whenever you want. In the application you also have access to a management environment where you can set, specify and change things yourself.

For this we use your:

• account information;
• first and last name;
• email address;
• date of birth;
• residence;
• sex;
• profile picture;
• any short summary about yourself.

We do this to be able to execute the agreement that we enter into with you. We keep this information until you cancel your account.

Use application

When you are logged into your account, you can use the various functions that our application has to offer. For example, you can keep track of your feelings, a diary or a G schedule. You can also use our daily planner.

When you use our application, we process the following data from you:

• any recorded feelings and thoughts;
• any activities you have entered yourself;
• any information that you enter yourself as the content of your diary;
• any information that you enter as the content of your G schedule;
• activities included in your daily planner;
• any interview notes added by your professional;
• IP address;
• use of 4G/Wifi;
• internet speed when calling via NiceDay.

We do this to be able to execute the agreement that we enter into with you. We retain this information until you cancel your account.

Track steps

In our application you can choose to keep track of how much you move during the day. NiceDay will then automatically register your activity.

For this we use your:

• time zone;
• steps counted in an interval by Google Fit or Apple Health.

We do this on the basis of your consent. We will retain this information until you terminate your account. You can withdraw your consent at any time by sending an email to gdpr@nicedaynederland.nl.

Participate in research

To improve our services, we use general research into the use of our application.

For this we use your:

• usage data;
• IP address;
• use of 4G/Wifi;
• internet speed when calling via NiceDay.

We do this on the basis of your consent. We will retain this information until you terminate your account. You can withdraw your consent at any time by sending an email to gdpr@nicedaynederland.nl.

Sending notifications

When you use our application, you can choose to have us send notifications. For example, you can receive a notification of activities that are in your daily planner. This notification will then appear on your device.

For this we use your:

• device ID;
• IP address;
• device information.

We do this on the basis of your consent. We will retain this information until you terminate your account. You can withdraw your consent at any time by adjusting your preferences in the settings of the application.

Support

In our application you can chat with a professional or with the NiceDay Team.

For this we use your:

• name;
• email address
• any information that you enter yourself as the content of your chat message;
• profile picture;
• IP address;
• device information.

We do this in order to be able to properly handle your request for contact with a professional or us and to execute the agreement with you. We retain this information until you close your account with us.

Contact

Via the contact form on our website you can ask questions or request information about NiceDay from former clients or professionals. In addition, you can also contact us by telephone or via email support@niceday.app.

For this we use your:

• name;
• email address;
• any information that you enter yourself as the content of your message;
• any information discussed during the telephone conversation.

We do this in order to properly handle your request to contact you and to execute the agreement with you. We retain this information until we are sure that you are satisfied with our response.

Anonymise

We can anonymise personal data that we obtain through the use of our services. The elements that ensure that the data can be traced back to you are removed and what remains are anonymous statistics. The statistical data is no longer personal data and therefore no privacy risks are associated with its use.

We have a legitimate interest in anonymising data. We need the anonymised data to perform statistical analyses and to improve our services. Because we carefully carry out the anonymisation and the data cannot be traced back to you afterwards, your privacy is guaranteed.

Are there situations where third parties have access to my personal data?

NiceDay will only share your data with other companies or institutions if this is necessary for the execution of the agreement, if we have received permission from you or if we are legally obliged to do so (for example, if the police requires this when a crime is suspected).

The parties that process personal data on our or your assignment are:

• IT suppliers and service providers;
• our hosting provider.

We have concluded a processing agreement with these companies to ensure that they handle your data with care.

In order to provide our services, NiceDay may provide your personal data to parties located outside the European Economic Area (EEA). NiceDay only does this if there is an appropriate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data.

We are aware of the judgment of the Court of Justice of the EU of 16 July 2020 (Schrems II case). We are currently investigating how we can best overcome this. We attach great importance to privacy and try to do everything we can to find a suitable solution. If we have a suitable solution, we will inform you about this via this privacy statement. Do you have questions about the processing of your personal data? Please contact us using the contact details in this privacy statement.

If you are registered with an institution that works with NiceDay, this institution may make additional agreements with you regarding access and sharing of your data. For more information about this, please contact the institution where you are registered.

All information shared between you and your chosen practitioner is strictly confidential and will never be transferred to a third party. Practitioners can broadly collect usage information and report it to stakeholders within the organisation for the purpose of determining the effectiveness and effectiveness of NiceDay. Information in this report can never be traced back to individual users.

Is your personal data secured?

Security of personal data is very important to us. NiceDay therefore takes appropriate technical and organisational security measures to protect personal data and also requires parties that process personal data on behalf of NiceDay. We constantly adjust security and pay close attention to what can go wrong. You can read extensively on our website how we protect your privacy.

What about children?

Our service does not intend to collect data about website visitors or application users under the age of 16. Unless they have permission from their parents or guardian. However, we cannot check whether a visitor is older than 16. We therefore advise parents to be involved in the online activities of their children, in order to prevent data about children from being collected without parental consent. If we become aware that a child under the age of 16 has provided us with personally identifiable information, we will take steps to delete this information as soon as possible.

What privacy rights do you have?

If you have any questions or want to know what personal data we have about you, you can always contact us. See the contact details below.

You have the following rights:

• Right of access: you have the right to view the personal data that we process about you.
• Right to rectification: you have the right to correct or supplement the personal data that we process about you if they are incorrect or incomplete.
• Right to withdraw your consent: you can easily withdraw your consent at any time.
• Right to object: you can object to the processing of your personal data.
• Right to removal: you can request us to erase your personal data.
• Right to data transfer: you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transfer that data to another controller without being hindered by us as controller to whom you have previously provided your personal data.
• Right to restriction of processing: in some cases you can request to limit the processing of your personal data (whether or not temporarily), which means that we process less data from you.

We may ask you to identify yourself with your request. We request data for this to ensure that you are the right person to whom the personal data belongs.

In principle, we will comply with your request within 30 days. However, this period may be extended for reasons related to the specific rights of data subjects or the complexity of the request. If we extend this period, we will notify you in a timely manner.

If you wish to exercise one of your rights, you can make this known via gdpr@nicedaynederland.nl. You can read our GDPR statement on our website.

Is this policy subject to change?

We may periodically adjust this policy. The date of the most recent change appears at the top of this privacy statement. Changes take effect immediately after they are made public. If changes have been made, we will notify you.

Filing a complaint

If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervisory authority. For the Netherlands, this is the Dutch Data Protection Authority.

Contact details