Privacy Policy

PRIVACY POLICY Cookie First by Aikchol Hospital

Last updated 13 December 2021

Your privacy is very important to us. In this document we provide you with information regarding the data we collect, how and why we collect it, and how we store and secure it.

1. Contact information

Customers and users of CookieFirst may contact us via the information provided below.

CookieFirst by Aikchol Hospital.

Plantage Middenlaan 42a

1018 DH Amsterdam

KvK-number: 75762277

Data protection officer

Tom van den Bos

2. The information we collect

When using our website, app and/or services we collect the following information.

If you create an account the following data is processed:

Your name

Your address

Your residence

Your phone number

Your email address

Your IP-address (anonymised)

Your payment details

Cookie preferences

If you visit our website or use our services the following end user data is processed:

Your IP-address (anonymised)

The date and time of the consent

User agent of the End User’s browser and operating system

The URL from which the consent was submitted

An anonymous, random and encrypted key value

The End User’s consent state, serving as proof of consent

If you visit our website or use our services the following system generated data is processed:

The type of your browser

The operating system that you use

The internet service provider

User device data

We specifically do not aim our services and products at persons under the age of sixteen (16). If personal data regarding such persons is discovered in our systems the data will be deleted without undue delay.

3. The purposes for which we process information

The information we process can be used for one or multiple of the following purposes:

Account management

When you have an account with us we need to process your personal information to ensure that you can log in and make changes to your subscription, orders, and payment. We also need your personal information to be able to contact you.

Orders and payment

When you place an order or make a payment to us, we need certain personal information to ensure the correct processing of your request, to prevent fraud, and for tax purposes.


With your consent we process your personal information to be able to send you tailored offers regarding our products and services.

In order to analyse how our website and services are used and how we can improve them we use pseudonymised data.

We can also use your personal data for targeted advertising.

Sending you newsletters

If you sign up for our newsletter we need your personal details to send you the newsletter and enable you to unsubscribe.

Market research

Pseudonymised, anonymised, and aggregated data collected from website visitors to help us improve our services.

Your personal data is processed when you fill in questionnaires and/or customer satisfaction ratings

Security and error logging

We can process personal data for security and error logging and thus, to improve our security and data protection.

4. Legal basis for processing

We always process your personal data with the utmost care. In this section the different legal bases we use are set out.

We always process your data on the basis of the consent you give us to do so. We could also process your data if it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. These legal bases are set out in article 6(1)(a) & (b) of the GDPR.

In order to enter into a contract regarding the purchase of one of our services, you must provide us with the required information. If you do not provide the required information it is not possible for us to deliver our services.

In some cases we are legally obliged to process your data, article 6(1)(c) GDPR. In that case, we will alway inform you of this processing, unless a legal obligation prevents us from doing so.

5. How we protect your data

Digital Data solutions has taken technical, organisational and physical security measures to ensure that the data you share with us is protected against all forms of unlawful processing. Examples are: accidental or unlawful destruction, accidental loss, alteration, unauthorised use, unauthorised modification, disclosure and/or access.

For safety and security reasons we cannot disclose the specific measures we have taken. A few broad examples are set out below.

5.1. Confidentiality

This means that we have processes and measures in place to protect your personal data against unintentional, unlawful, or unauthorised access disclosure or theft.

All our personnel are subject to full confidentiality and any third parties hired are obliged to sign a confidentiality agreement if the full confidentiality is not part of the main agreement. All data we process is encrypted to align with best practices for protecting confidentiality and data integrity.

Data is encrypted with Secure Socket Layer (SSL) technology and data which are no longer necessary are destroyed without undue delay. When personal data is accessed by authorised personnel the access is only possible over an encrypted connection. All devices used by personnel have antivirus software.

5.2. Integrity

This means that we have processes and measures in place for the maintenance of, and the assurance of, data accuracy and consistency. Access to personal information is only possible on a need to know basis and there are processes in place for identification and authentication of persons wanting access. There are also processes in place for erasure or rectification of incorrect information.

5.3. Availability

This means that we have processes and measures in place to ensure the timeliness and reliability of access to and use of data. We use the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

All data centers where your personal information is stored are within the EU and comply with industry standards such as ISO270001 for physical security and availability. For example, by using 24h security staff, two-factor authentication, barriers, fencing, and security cameras.

5.4. Data breach notification

We do our best to prevent any kind of unauthorised access to your personal data. In the event that your data is compromised, we have internal procedures and policies on how to handle these situations. We will notify you and the competent Supervisory Authority(ies) within 72 hours with information about the extent of the breach, affected data, any impact on our services and our plan for measures to secure the data, and limit any further negative effects on the data subjects.

6. How we use cookies

For information on our use of cookies, we refer you to our Cookie Policy.

Download File