We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Cookie Policy.
Privacy Policy
PRIVACY POLICY Cookie First by Aikchol Hospital
Last updated 13 December 2021
Your privacy is very important to us. In this document we provide you with information regarding the data we collect, how and why we collect it, and how we store and secure it.
1. Contact information
Customers and users of CookieFirst may contact us via the information provided below.
CookieFirst by Aikchol Hospital.
Plantage Middenlaan 42a
1018 DH Amsterdam
KvK-number: 75762277
legal@cookiefirst.com
Data protection officer
Tom van den Bos
legal@cookiefirst.com
2. The information we collect
When using our website, app and/or services we collect the following information.
If you create an account the following data is processed:
Your name
Your address
Your residence
Your phone number
Your email address
Your IP-address (anonymised)
Your payment details
Cookie preferences
If you visit our website or use our services the following end user data is processed:
Your IP-address (anonymised)
The date and time of the consent
User agent of the End User’s browser and operating system
The URL from which the consent was submitted
An anonymous, random and encrypted key value
The End User’s consent state, serving as proof of consent
If you visit our website or use our services the following system generated data is processed:
The type of your browser
The operating system that you use
The internet service provider
User device data
We specifically do not aim our services and products at persons under the age of sixteen (16). If personal data regarding such persons is discovered in our systems the data will be deleted without undue delay.
3. The purposes for which we process information
The information we process can be used for one or multiple of the following purposes:
Account management
When you have an account with us we need to process your personal information to ensure that you can log in and make changes to your subscription, orders, and payment. We also need your personal information to be able to contact you.
Orders and payment
When you place an order or make a payment to us, we need certain personal information to ensure the correct processing of your request, to prevent fraud, and for tax purposes.
Marketing
With your consent we process your personal information to be able to send you tailored offers regarding our products and services.
In order to analyse how our website and services are used and how we can improve them we use pseudonymised data.
We can also use your personal data for targeted advertising.
Sending you newsletters
If you sign up for our newsletter we need your personal details to send you the newsletter and enable you to unsubscribe.
Market research
Pseudonymised, anonymised, and aggregated data collected from website visitors to help us improve our services.
Your personal data is processed when you fill in questionnaires and/or customer satisfaction ratings
Security and error logging
We can process personal data for security and error logging and thus, to improve our security and data protection.
4. Legal basis for processing
We always process your personal data with the utmost care. In this section the different legal bases we use are set out.
We always process your data on the basis of the consent you give us to do so. We could also process your data if it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. These legal bases are set out in article 6(1)(a) & (b) of the GDPR.
In order to enter into a contract regarding the purchase of one of our services, you must provide us with the required information. If you do not provide the required information it is not possible for us to deliver our services.
In some cases we are legally obliged to process your data, article 6(1)(c) GDPR. In that case, we will alway inform you of this processing, unless a legal obligation prevents us from doing so.
5. How we protect your data
Digital Data solutions has taken technical, organisational and physical security measures to ensure that the data you share with us is protected against all forms of unlawful processing. Examples are: accidental or unlawful destruction, accidental loss, alteration, unauthorised use, unauthorised modification, disclosure and/or access.
For safety and security reasons we cannot disclose the specific measures we have taken. A few broad examples are set out below.
5.1. Confidentiality
This means that we have processes and measures in place to protect your personal data against unintentional, unlawful, or unauthorised access disclosure or theft.
All our personnel are subject to full confidentiality and any third parties hired are obliged to sign a confidentiality agreement if the full confidentiality is not part of the main agreement. All data we process is encrypted to align with best practices for protecting confidentiality and data integrity.
Data is encrypted with Secure Socket Layer (SSL) technology and data which are no longer necessary are destroyed without undue delay. When personal data is accessed by authorised personnel the access is only possible over an encrypted connection. All devices used by personnel have antivirus software.
5.2. Integrity
This means that we have processes and measures in place for the maintenance of, and the assurance of, data accuracy and consistency. Access to personal information is only possible on a need to know basis and there are processes in place for identification and authentication of persons wanting access. There are also processes in place for erasure or rectification of incorrect information.
5.3. Availability
This means that we have processes and measures in place to ensure the timeliness and reliability of access to and use of data. We use the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.
All data centers where your personal information is stored are within the EU and comply with industry standards such as ISO270001 for physical security and availability. For example, by using 24h security staff, two-factor authentication, barriers, fencing, and security cameras.
5.4. Data breach notification
We do our best to prevent any kind of unauthorised access to your personal data. In the event that your data is compromised, we have internal procedures and policies on how to handle these situations. We will notify you and the competent Supervisory Authority(ies) within 72 hours with information about the extent of the breach, affected data, any impact on our services and our plan for measures to secure the data, and limit any further negative effects on the data subjects.
6. How we use cookies
For information on our use of cookies, we refer you to our Cookie Policy.