+3157343224 info@lifraumeni.eu

General Data Protection Regulation

General Data Protection Regulation (GDPR) Compliance Policy for [Your Patients Website Name]

Effective Date:  22 -2-2025
Last Updated:  22-2-2025

1. Introduction

‘European Li Fraumeni Foundation’ is committed to protecting the privacy and security of our users’ personal data. This GDPR Compliance Policy outlines how we collect, process, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy applies to all personal data collected through our website, Lifraumeni.eu, and any related services.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, email, IP address, health data).
  • Data Subject: The individual to whom the personal data relates (e.g., patients, website users).
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure).
  • Data Controller: The entity that determines the purposes and means of processing personal data (i.e., [Your Patients Website Name]).
  • Data Processor: A third party that processes personal data on behalf of the Data Controller.

3. Principles of Data Processing

We adhere to the following GDPR principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Data Minimization: Only the minimum amount of personal data necessary for the intended purpose is collected.
  4. Accuracy: Personal data is kept accurate and up to date.
  5. Storage Limitation: Personal data is retained only for as long as necessary for the intended purpose.
  6. Integrity and Confidentiality: Personal data is processed securely to protect against unauthorized access, loss, or damage.
  7. Accountability: We are responsible for demonstrating compliance with GDPR principles.

4. Types of Personal Data Collected

We may collect and process the following types of personal data:

  • Identity Data: Name, date of birth, gender, etc.
  • Contact Data: Email address, phone number, postal address.
  • Health Data: Medical history, symptoms, treatment plans, and other health-related information.
  • Technical Data: IP address, browser type, device information, and usage data.
  • Other Data: Any additional information provided by the user (e.g., feedback, survey responses).

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  1. Consent: The user has given explicit consent for specific purposes (e.g., receiving newsletters).
  2. Contractual Necessity: Processing is necessary to fulfill a contract with the user (e.g., providing healthcare services).
  3. Legal Obligation: Processing is necessary to comply with legal requirements (e.g., reporting infectious diseases).
  4. Vital Interests: Processing is necessary to protect someone’s life (e.g., emergency medical situations).
  5. Legitimate Interests: Processing is necessary for our legitimate interests, provided they do not override the user’s rights and freedoms.

6. Data Subject Rights

Under GDPR, users have the following rights regarding their personal data:

  1. Right to Access: Users can request a copy of their personal data and information about how it is processed.
  2. Right to Rectification: Users can request corrections to inaccurate or incomplete personal data.
  3. Right to Erasure (“Right to be Forgotten”): Users can request the deletion of their personal data under certain conditions.
  4. Right to Restrict Processing: Users can request the restriction of processing under certain circumstances.
  5. Right to Data Portability: Users can request their data in a structured, commonly used, and machine-readable format.
  6. Right to Object: Users can object to the processing of their personal data for specific purposes (e.g., direct marketing).
  7. Right to Withdraw Consent: Users can withdraw consent at any time, where processing is based on consent.

To exercise these rights, users can contact us at [Insert Contact Information].

7. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of sensitive data.
  • Regular security assessments and audits.
  • Access controls to limit data access to authorized personnel only.
  • Training staff on data protection and privacy practices.

In the event of a data breach, we will notify affected users and relevant supervisory authorities within 72 hours, as required by GDPR.

8. Data Sharing and Third Parties

We may share personal data with third parties only in the following circumstances:

  • With the user’s explicit consent.
  • To comply with legal obligations.
  • To provide healthcare services (e.g., sharing data with medical professionals).
  • With trusted third-party service providers (e.g., IT support, cloud storage providers) who comply with GDPR requirements.

We ensure that all third parties sign Data Processing Agreements (DPAs) to guarantee the secure handling of personal data.

9. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs).
  • Binding Corporate Rules (BCRs).
  • Adequacy decisions by the European Commission.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods are determined based on the type of data and its purpose.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze website traffic. Users can manage cookie preferences through their browser settings. For more details, please refer to our [Cookie Policy].

12. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Any changes will be posted on this page with an updated effective date. Users are encouraged to review this policy periodically.

13. Contact Us

If you have any questions or concerns about this GDPR Compliance Policy or wish to exercise your rights, please contact us at:

  • Email: Info@lifraumeni.eu
  • Phone: +31657343224
  • Address: Office: Oosterhaven 29 1671AB Medemblik / Breek 23 1671GE Medemblik

14. Supervisory Authority

If you believe that we have not complied with GDPR, you have the right to lodge a complaint with a supervisory authority, such as the [Insert Relevant Data Protection Authority].

This GDPR Compliance Policy ensures that ‘European Li Fraumeni Foundation’ remains transparent, accountable, and compliant with data protection laws, safeguarding the privacy and rights of our users.