Ancora values your privacy and takes great care in the protection and confidential processing of your personal data. Ancora adheres to the applicable laws and regulations regarding data protection.
Contact details of the personal data controller
Ancora Health B.V.
9711 GC Groningen
Categories of personal data
By using our services and website, you can share personal data with us. Ancora can also process your personal data in the context of the execution of an agreement or because you have given your permission to us to do so. We only process your personal data that is provided directly by you or for which it is clear that it is provided to us for processing.
Depending on the service you use, Ancora may collect the following personal data:
- Name and address;
- Email address;
- Telephone number;
- Information about your appointment;
- IP address;
- Medical information:
- Personal medical history (medication, previous or current health conditions, and history of surgical interventions);
- Family history (previous or current health conditions from 1st or 2nd degree blood relatives);
- Lifestyle data:
- Activity and exercise (including degree of activity during daily routine, and fitness and sporting habits);
- Nutrition (including dietary habits and preferences, and food allergies);
- Stress management strategies from validated questionnaires;
- Subjective wellbeing from validated questionnaires;
- Health-related behaviours including smoking, drinking, and others from validated questionnaires;
- Results of your health assessment:
- Blood: biomarkers of, including but not to limited to, liver health, bone and muscle health, heart health, metabolic health, renal health, blood health, thyroid health, stress, and nutrition status;
- Urine: biomarkers of, including but not limited to, renal health;
- Fitness: markers and measurements of, including but not limited to, body composition and anthropometrics, and cardiopulmonary conditioning.
Legal basis for data processing
We will only process, your medical personal data on the basis of your explicit consent (Article 9, paragraph 2, sub a of the General Data Protection Regulation, GDPR). We process your personal data because this is necessary for the execution of the agreement between you and us, as laid down in Article 6, paragraph 1, sub b of the GDPR. We may also process your personal data for our legitimate interest, such as informing our customers about current events or changes to our services as laid down in Article 6, paragraph 1, sub f of the GDPR.
If Ancora processes your personal data on the basis of your given consent, then you have the right to withdraw this consent at any time, however this may have consequences for the extent to which we can continue to provide you with our services.
Purposes of data processing
The personal data collected by us is used for the following purposes:
- Creating your account to register with Ancora;
- Logging in to your account;
- Keeping your medical record;
- Providing health assessment reports and lifestyle advice;
- Scheduling an appointment;
- Keep track of your preferences;
- Improving our service to you;
- Performing other services that you have requested;
- Keeping track of results from previous examinations and / or treatments;
Providing your personal data to third parties
We will only provide your personal data to third parties if this is necessary for the execution of an agreement or if you have given your consent to do so. We may also provide your personal data to third parties if required by law.
– Laboratory for the collection of blood and urine;
– Fitness tests performer;
– Service providers who provide marketing and communication for Ancora;
Your data will not be stored for any longer than is necessary for the purposes for which it was collected, unless this data must be kept for legal reasons. Your personal data will be stored in our administration within the applicable legal retention periods. Your medical personal data (blood and urine samples) has a retention period of five (5) years.
To protect your data as well as possible, we have taken appropriate security measures. In particular, we have taken the following security measures:
- Secured website
- Secure managed hosting environment
- SSL certificate
- Two Factor Authentication for users to log in with authorization tokens that can expire
- User Data is on a different server than the personal Genetical and Bio Data
- Genetical and Bio Data are behind a Private Cloud and can not be accessed from outside
- Measures to prevent DDOS attacks and hacker attempts
- Monitoring the platform on errors and traffic
- Ancora is the only one who has access to the data in the personal file
- Ancora has taken physical and digital measures for access protection of the systems in which personal data is stored.
We use Google Analytics to keep track on how visitors use our website. This information is obtained, including the IP address of your computer, transferred to and stored by Google on its servers. Google uses this information to keep track on how our website is used.
When you have provided us with your personal data, you have various rights that you can exercise. You have the right to view, correct and delete your personal data. You can also request us to transfer your personal data to you or another party or to limit the data processing. You are also free to object to the processing of your personal data. Additionally, you can always withdraw your consent to the data processing. You can make such aforementioned request known to us by emailing to firstname.lastname@example.org. Ancora will respond to your request as soon as possible, but no later than within four weeks.
Submit a complaint to the Data Protection Authority
In the unlikely event that you are not satisfied with the way we handle your personal data, you can submit a complaint to the Dutch Data Protection Authority. The contact details of the Dutch Data Protection Authority can be found on this website
Changes to this privacy statement
Our contact information