Privacy Policy and Imprint

Privacy Policy

 

We value openness and transparency at OpenUp, and we are also open and transparent about how we manage your personal data. Your privacy is always our top priority. Your data is safe with us and we will use it appropriately

 

This Privacy Statement provides important legal information on how OpenUp processes your personal data when you use our services or visit our website. We advise you to read it carefully.
If you have any questions, concerns or complaints, please feel free to contact our Data Protection Officer at [[email protected]].

 

The latest changes were made on 13 February 2024.

 

General Information

 

Your privacy is important to us. This Privacy Statement contains information about your privacy rights and how OpenUp B.V. processes your data. This Privacy Statement relates to the processing of personal data of users of our services, visitors to our website and persons applying for a position at OpenUp.

 

Who is responsible for processing your personal data?

 

OpenUp B.V. (OpenUp), based in Amsterdam and registered with the Chamber of Commerce under number 77340159, is a “data controller” within the meaning of the applicable privacy rules, including the General Data Protection Regulation (GDPR).

 

To what does this privacy policy apply?

 

This privacy policy applies to all products and services that OpenUp offers and relates to the processing of the personal data of anybody who contacts us in any capacity.

 

This could include (potential) users of our services, visitors to the website, job applicants and all other people who contact us or whose personal data we process, with the exception of OpenUp employees.

 

What is personal data?

 

Personal data is any data that can be traced back to you as an individual. The most basic personal data is your name, telephone number, address and/or email address. Additionally, it relates to all the other data you share with us that can be traced back to you and is related to your contact with OpenUp. This includes your query, information about your personal situation or the results of your health check. In addition, your IP address and surfing behaviour, for example, might also fall under personal data.

 

What personal data do we process?

 

We process your personal data. By ‘process’, we mean that, depending on the specific circumstances and context, OpenUp may, for example, collect, store, use and transfer your personal data. You can read more about this below.

 

1. Users of our services

 

OpenUp processes users’ personal data for the provision of our services. We do this, for example, when you create a MyOpenUp account or when you decide to share personal data with us in the context of counselling by one of our psychologists or lifestyle experts.

 

People involved Purpose(s) of processing Personal data that could be processed Legal basis
People who use our services Providing access to our platform through a MyOpenUp account Create MyOpenUp account:

  • Email address
  • First name
  • Year of birth
  • Employer (if applicable)
We process health data based on your consent. This is requested when creating a My OpenUp account.

Other (non-special) personal data we process for the execution of the agreement between you and OpenUp (this is established when you accept our terms of use).

 

For the preparation of reports for employers, the data are pseudonymised, or anonymised, so that they cannot be traced back to natural persons. To the extent personal data would be processed here, this only happens if you have given your explicit consent. This is requested when creating a My OpenUp account.

Guidance from one of our psychologists and/or lifestyle experts in a 1-on-1 consultation The information requested for creating a MyOpenUp account plus:

  • Phone number
  • Information about your personal situation and well-being
Participating in OpenUp Spaces The information requested for creating a MyOpenUp account, plus the phone number
Performing the OpenUp check-in (self-guided care)
  • Name and e-mail address
  • Information about your personal situation and well-being
Participating in an HR roundtable and the subsequent sending of relevant information regarding our services.

 

Creating (anonymous) reports for the employer to provide insight into our services and their impact.

  • Name and e-mail address
  • Job title
  • Organisation
  • Date of birth
    Employer

 

 

2. Website visitors

 

OpenUp processes personal data to provide, maintain, and improve our website. This may also include responding to queries when you contact us through the website, for example, through the chat function. Please refer to our cookie statement for specific information on the cookies and similar technologies used in this context.

 

 

People involved Purpose(s) of processing Personal data that could be processed Legal basis
Website Visitors
  • For maintenance and optimisation of the website 
  • For analysing and improving our services
  • For handling any requests, complaints and disputes
  • To communicate with you via our chat function
  • IP address
  • Browser type and browser settings
  • Other technical information we may collect through cookies
  • Information you provide to us when you contact us via the chat function, at least your name and e-mail address
We process the personal data of website visitors based on our legitimate interest in providing and securing our website and pursuing the processing purposes or based on your consent to collect specific categories of personal data using cookies and other technologies.

 

 

3. Newsletter recipients

 

People involved Purpose(s) of processing Personal data that could be processed Legal basis
Recipients of our newsletter Sharing insights and relevant content on mental well-being via our newsletter
  • Name
  • Email address
When you subscribe to the OpenUp newsletter on the website, you have permitted us to send you our newsletter. Revoking this consent is easy: click “Unsubscribe” at the bottom of each newsletter e-mail.

 

 

4. Applicants

 

People involved Purpose(s) of processing Personal data that could be processed Legal basis
Persons applying for a position at OpenUp Assess the applicant’s suitability for a vacancy at OpenUp (recruitment) and contact the applicant. In addition, for certain positions, it is important to be able to test integrity/reliability.
  • First and last name
  • E-mail address
  • Phone number
  • Address
  • Photo
  • Gender
  • Education
  • Experience
  • Certificate of good conduct
  • Creditworthiness
We process the personal data of job applicants based on our legitimate interest in selecting the best candidates for OpenUp and taking steps before entering into a contract or when the processing is necessary to comply with legal obligations. We may also process personal data based on your consent, for example, to keep your application file for one year, should we have a job for you. When we perform an integrity check, we will always inform you of this in advance.

 

 

How do we obtain your personal data?

 

We obtain your personal data in different ways:

  • Provided by you: e.g. information you provided for creating a MyOpenUp account, completing the self-check-in or during a session with one of our psychologists and/or lifestyle experts.
  • Obtained from third parties: sometimes, we receive your data from other people or external parties, for example, through a recruiter or social media if you have given that party permission to do so.
  • Automatically obtained: We obtain some personal data automatically, for example, through cookies and similar techniques (read more about this in section […]).

When you do not provide personal information

In principle, you are not obliged to provide any information about yourself to us. However, your refusal to supply certain information may adversely affect, for example, our service to you. Suppose providing specific personal data is a legal obligation or an essential contractual requirement to conclude a contract with us. In that case, we will separately provide additional information about this to the extent that this needs to be clarified in advance. In this case, we will also inform you of the possible consequences if this information is not provided.

 

 

With whom will your data be shared? 

 

We only share your personal data with third parties under the following conditions:

  • Sharing personal data is for providing a service or engaging a third party. Thus, subcontractors will only have access to the personal data they need for their part of the service and will not be allowed to process the data for their own purposes.
  • The persons at the third party with access to the personal data must keep it confidential. 
  • The third party is obliged to comply with applicable data protection legislation.

 

There are three categories of third parties (‘processors’) with whom we may share your data on a need-to-know basis:

  • External service providers involved in the relevant processing activity (see overview below);
  • Parent, sister and/or subsidiary companies of OpenUp engaged in the appropriate processing activity;
  • Public authorities, when required by law.

 

An overview of processors (not affiliated to OpenUp) can be found in the table below:

 

Processor Objective
24sessions Video call with our psychologists
Microsoft Azure Hosting data from files
Google For email contact and website usage analysis
Sendgrid Sending e-mails from our platform
ActiveCampaign Sending OpenUp updates and newsletters
Livestorm Participating in OpenUp Spaces
Voys Telephone contact (only when calling one of our local numbers)
LiveChat When chatting via our website (only when you contact us via the chat on our website)
Mollie Payment for our services (only when you and not your employer pay for OpenUp)
Greenhouse Support with your application (only when applying for a job at OpenUp)

 

 

How do we protect your personal data?

 

OpenUp attaches great importance to protecting the privacy and personal data of individuals. Therefore, OpenUp has taken appropriate technical and organisational measures to safeguard and secure your data, including:

  • OpenUp is ISO27001 and NEN7510 certified, which means that our processes meet our sector’s (legally) set requirements for information security.
  • We have internal policies and procedures, such as a data breach procedure. 
  • Conducting an annual external audit to assess whether our measures comply with the latest information security standards;
  • We ensure that persons who may access your data are bound to strict confidentiality. Good to know: our psychologists and lifestyle experts have professional secrecy, and all our employees are (also) contractually bound to privacy.
  • We have usernames and passwords set up on all our systems. We regularly test these systems with skilled experts for their operation and robustness.

 

 

To which countries do we transfer your data?

 

In principle, OpenUp does not process your data in countries outside the European Economic Area (EEA). This applies in any case to data relating to your health. Suppose your data is processed outside the EEA. In that case, the transfer will be legitimised as follows:

 

  • The transfer of your data to a third party outside the EEA can primarily be legitimised based on a so-called adequacy decision by the European Commission stating that the third country in question offers an adequate level of data protection. An overview of all adequacy decisions taken can be found here.
  • When your data is transferred to a country outside the EEA for which no adequacy decision is in force, we apply the relevant version of the Model Clauses in the contract with the party involved in the transfer. This model contract was approved by the European Commission to protect your data, with the parties completing the annexes to provide relevant information on the processing. Additional safeguards are taken where appropriate.

 

 

How do we determine how long we keep your personal data?

 

We keep your data no longer than necessary for processing purposes. For example, we delete data about your personal situation and well-being [three] years after you stop using OpenUp’s services.

However, exceptions to the general retention periods may apply:

  • Shorter custody period. If you exercise certain privacy rights, we may keep your personal data for a shorter period of time.
  • Longer custody period. In certain situations, we process your data for a more extended period than is necessary for processing. This is the case, for example, when we need to process personal data for longer because of
    • Custody obligations. To comply with a minimum retention period or other legal obligation to which OpenUp is subject under EU law or the law of an EU member state;
    • Procedures. Personal data necessary in connection with legal proceedings;
    • Freedom of expression. When further processing of personal data, it is required to exercise the right to freedom of expression and information;
    • Your (explicit) consent to retain the data beyond the retention period.

You can contact us to know more about how long we process (personal) data and why. Our contact details are listed at the bottom of this privacy statement.

 

What are your privacy rights? 

 

Under the AVG, you have several rights as a data subject:

  • Right to access: the right to request access to your data. 
  • Right to rectify: if the personal data we hold about you is incorrect, you have the right to ask us to correct it.
  • Right to forgetfulness: if you want us to delete your personal data, you have the right to request us to delete your data. However, we can only comply with such requests in some cases.
  • Right of objection: the right to object to processing personal data when we invoke our legitimate interest as a processing ground (see paragraph 3 above).
  • Right of limitation: OpenUp will continue to store personal data at your request but may, in principle, no longer do anything with it.
  • The right to human review of automated decisions concerns the right not to be subject to a decision based solely on automated processing that significantly affects the individual. In this regard, we inform you that we do not use automatic decision-making when processing your data.
  • Right to withdraw consent: you can revoke your consent to a specific processing activity at a time. However, withdrawing consent does not affect the lawfulness of processing based on the consent before it was withdrawn.
  • Right to complain: This concerns your right to complain with a supervisory authority, particularly in the EU Member State where you live, work or where an alleged infringement occurred. Here, you can find a list of supervisory authorities and their contact details. We would be grateful if you would approach us with your concerns before approaching the supervisory authority. Please contact us in advance using the contact details provided.

 

How can you exercise your privacy rights?

 

You can exercise your privacy rights free of charge by sending your request via e-mail to [email protected]. We will provide information on the follow-up to the request without undue delay and, in principle, within one month of receiving the request. Depending on the complexity of the request and the number of requests, this period may be extended by two months.

 

 

How can you contact us? 

 

If you have any questions, concerns or complaints, please feel free to contact us at [email protected]

 

Amendments

We may occasionally amend this Privacy Statement to adapt it to new technologies, standard practices, laws and regulations, or other purposes. The most recent version can always be accessed on our website.

 

 

Imprint

 

Operator & Responsible:

OpenUp BV

Nieuwe Herengracht 47, 1011 RN, Amsterdam, The Netherlands

Legal representatives: Gijs Coppens & Rik Plender

Chamber of commerce ID: 77340159

VAT ID: NL860976993B01

 

Contact:

Tel.: +31 20 2444 888 (Netherlands) +49 30 30808172 (Germany)

E-Mail: [email protected]

Website: www.openup.com

 

Information regarding professional liability insurance:

Name and registered office of the insurer:

Nationale Nederlanden

Princess Beatrixlaan 35

2509AV The Hague

Scope of insurance: International

 

EU dispute resolution and consumer arbitration board:

The European Commission provides a platform for online dispute resolution (ODR), for more information on this platform click here: https://ec.europa.eu/consumers/odr/. OpenUp is not obliged to participate in dispute resolution proceedings in front of a consumer arbitration board. In case there is a (potential) dispute please contact our team through [email protected]