Who are we?
We are Bluesquare (legally known as Blue Square SA), located at Hive5 – Rue des Francs 79, 1040 Brussels, Belgium.
In the context of our activities, we collect and process certain personal data. Pursuant to EU data protection and privacy legislation, we sometimes act as a ‘data processor’, and sometimes as a ‘data controller’:
- We act as a data processor on behalf of our clients/customers (who act as data controllers) when our clients/customers carry out surveys for example using our web/mobile application; In this case, our clients/customers determine the information to collect via the surveys and the purposes for which this information will be used (such as the follow-up of grants and subsidies);
- We also act as a data processor on behalf of our clients/customers (who act as data controllers) when we are hosting the data collected via the surveys on our cloud-based platform, anonymize and make this information accessible to our clients/customers via this platform, on their request and under their instructions.
- We act as a data controller when we anonymise and aggregate the collected patient data for our own statistical and research purposes and/or collect certain data via access to government databases with their consent.
- We act as data controller when we collect customer and supplier data such as name, function and contact details.
We know that privacy is important and should be respected
- We value individuals’ right to privacy and strive to protect personal data in accordance with applicable data protection legislation and more specifically with the EU General Data Protection Regulation (“GDPR”) and its national implementing legislation.
- For those activities for which we only act as a ‘data processor’, our clients/customers are responsible for providing adequate data processing information to all individuals whose personal data are collected.
How do we collect personal data?
In the context of the services we provide to our clients/customers, we collect personal data relating to individuals who participate in surveys about services received through government or NGO programs in countries around the world.
Generally, the following information is collected and processed:
- Location data (GPS coordinates of the location where the data is inputted by the person interviewing the patient)
- Name and surname
- Information about the hospital, health center or school that was visited by the person
- Type of services the person has received (this might include health services)
- Level of satisfaction indicated by the person, and answers to other questions (e.g. relating to bribes or sexual violence)
This information is generally collected via mobile questionnaires. Local interviewers are requested to complete these questionnaires together with the person and to duly inform the person on the collection and processing of their data, so that they can validly consent hereto. Such consent is then confirmed before the actual survey starts.
Other information can also be collected by us through access to health facility or other public registries and government databases, subject to the legal requirements governing access to such databases.
For what purposes do we use these personal data?
- When we act as a data processor, we collect information from interviewees, as described above, for the purposes specified by our clients/customers, generally relating to the administration and follow-up of grants and subsidies to hospitals, healthcare service providers and schools.
- When we act as a data controller, we aggregate and anonymise interviewees information, as described above, for statistical and research purposes (e.g. to generate geographical maps indicating with geo-codes where interviews have taken place).
We rely on grounds of public interest and statistical research to for the anonymisation process. Insofar as this would not suffice, we have also put in place an opt-in consent mechanism. In any case, as soon as it is fully anonymised, the information can no longer be linked back to the patients concerned and is not ‘personal data’ anymore.
- When we act as a data controller, we collect information from clients, partners and supplies (name, function, organization, contact details) in order to i) share news and updates about what we do and 2) ask about their level of satisfaction with our product and services. We do not share clients’ information to third parties without their explicit consent.
With whom do we share personal data?
In the context of the purposes listed above, we may share personal data with third parties, such as:
- our clients/customers (as they are ‘data controller’);
- independent developers working for us; and/or
- any IT service providers that would be engaged by us to perform some of the processing operations or to host any data sets.
The anonymous/aggregated data sets generated by us may also be shared with third parties. These data sets do however not contain any personally identifiable information.
Where relevant, we will ensure that contractual safeguards are implemented to ensure the protection of personal data in case of disclosure to a third party.
If any party to whom we may disclose personal data would be located outside the European Economic Area (EEA), we will ensure that measures are taken to ensure adequate protection of personal data in accordance with applicable data protection legislation.
How long do we store personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as determined by our clients/customers).
Insofar as we would act as data controllers ourselves, we will anonymize any personal data obtained from patients via the surveys we perform as soon as possible, so that we do not retain any personal data in our data sets.
How do we protect personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the risks that we have identified. In any case, our data warehouse is only accessible to authorized (internal or external) users who have a login and password.
We also protect personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
Which rights do individuals have and how can they exercise them?
Individuals have the right to:
- information about and access to their personal data;
- rectify their personal data;
- erasure of their personal data (‘right to be forgotten’);
- restriction of processing of their personal data;
- object to the processing of their personal data (‘withdraw their consent’); and
- receive their personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) their personal data to another organization.
Finally, individuals also have the right to lodge a complaint with the Belgian (or any other competent) Data Protection Authority.
To read more about these rights, and circumstances under which they can be exercised, see the Annex below.
Any questions? contact us!
Annex – Rights of data subjects
Right to information and right to access your personal data
You may at any time request more information on our processing activities and the personal data that we are keeping from you.
Right to rectification of inaccurate or incomplete personal data of
You have the right to require us to, without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
Right to deletion of your personal data (‘right to be forgotten’)
You may request us to delete (part of) your personal data in the following situations:
– when the processing is no longer necessary for achieving the purposes for which we collected or otherwise processed these; or
– when the processing was based on your consent and you have decided to withdraw that consent;
– when you have other reasonable grounds to object to the processing of your personal data;
– when we would unlawfully process your personal data;
– when your personal data have to be erased in compliance with a legal obligation.
We note that in some cases we may refuse to delete personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims. As far as the right to deletion would effectively apply, we will anonymise your personal data.
Right to restriction of processing
You may request us to (temporarily) restrict the processing of your personal data in the following situations:
– when you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or
– when the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
– when we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
– pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data (free of charge)
You may under certain circumstances object to the processing of your personal data, in particular if you choose to withdraw the consent on which our data processing activity is based.
You can revoke your consent at any time, by sending written notice to us at the address indicated above (or by contacting our client/customer). Once you have revoked your consent, your data will be anonymized, so that we can no longer make a connection between you and the data.
Right to data portability
In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies:
– in case the processing is based on consent or on the necessity for the performance of a contract; and
– in case the processing is carried out by automated means.
Description (explanation of what the cookie does)
This 3rd party Google Analytics persistent cookie is used to distinguish users when collecting information about page visits. This cookie helps us to identify website areas to be improved.
This 3rd party Google Analytics session cookie is used by Google Analytics to monitor requests rate toward their servers. This cookie helps BlueSquare to identify website areas to be improved.
End of session
This 1st party BlueSquare session cookie is used to maintain information about each visit to the website and enable core site functionality. This cookie only lasts for the duration of user’s visit, being deleted as soon as a user closes a web browser.
These 1st party __atuvc and _atuvs cookies are persistent cookies that are created and read by the AddThis social sharing site in order to make sure user sees the updated count if user shares a page and return to it before BlueSquare share count cache is updated. No data from that cookie is sent back to AddThis.
These 3rd party cookies are created by the AddThis social sharing site. AddThis collects some information such as which web page you came from, which type of browser you are using, and your general geographic location. If you use the AddThis tool to share content they aggregate data about what pages are shared, when, and how. They also assign your web browser a unique identifier. This ID doesn’t, and can’t, say anything about you. It’s a random series of numbers and letters used to distinguish users from each other.
These 3rd Google cookies are used to track user’s preferences so that related content or adverts can be shown. This helps us to show you customized ads on Google.
AddThis also makes use of Scorecard Research tracking which sets the UID and UIDR 3rd party cookies for browser behaviour research.
Terms & Conditions
This site, and the terms and conditions for our providing information, is governed by our Disclaimer. By using this site, you acknowledge that you have read the Disclaimer and that you accept and will be bound by the terms thereof.
The service is provided “as is” and “as available,” and there are no warranties, claims or representations made by BlueSquare and/or its authorised suppliers, either express, implied, or statutory, with respect to the web site, including warranties of quality, performance, non-infringement, nor are there any warranties created by course of performance. BlueSquare does not warrant that the service will meet your needs or be free from errors, or that the operation of the service will be uninterrupted. The foregoing exclusions and disclaimers are an essential part of this agreement.
You assume full responsibility for your use of our sites. Any information you send or receive during your use may not be secure and may be intercepted by unauthorized parties. Your use of the site is at your own risk. We are not liable for any direct, indirect, special, incidental, or consequential damages (including damages for loss of business, loss of profits, litigation, or the like). Whether based on breach of contract, breach of warranty, tort (including negligence), product liability or otherwise, even if advised of the possibility of such damage. We are not liable for content made available by third parties, such as blogs or comments. The limitations of damages set forth above are fundamental elements of the basis of the agreement between us and you. We would not provide this site and information without such limitations. No representations, warranties or guarantees whatsoever are made as to the accuracy, adequacy, reliability, currentness, completeness, suitability or applicability of the information to a particular situation.
This site contains links to other Internet sites. We are not liable for such hyperlinks, they are not endorsements of any products or services in such sites, and no information in such site has been endorsed or approved by BlueSquare.
BlueSquare reserves the right to change or modify any of the terms and conditions at any time, by posting the new agreement to this site. You are responsible for regularly reviewing the policy. No amendment to or modification of these terms and conditions will be binding unless:
In writing and signed by a duly authorized representative of BlueSquare
You accept updated terms online, or
You continue to use BlueSquare’s website after BlueSquare has posted updates to the terms and conditions.
These terms and conditions shall be governed by and construed under the Laws of Belgium.
The material contained in all sites managed by BlueSquare (including, without limitation, all articles, text, images, logos etc.) (the “Websites”) are protected by copyright. No material from our Websites may be copied, reproduced, republished, uploaded, broadcast, posted, transmitted or distributed except as expressly permitted by BlueSquare. The use of materials on the Websites in any other way or for any purpose other than for personal, non-commercial use is in violation of BlueSquare’s copyright and other proprietary rights. Permission for all other uses of materials of our Websites must be obtained from us in advance, in writing.