Table of Contents

1 Introduction.

2 Definitions and Abbreviations.

3 Contact Details.

4 Data Collection, Processing and Storage.

4.1 What personal data can we collect from you?
4.2 Purpose and basis for data collection and receivers of personal data.
4.3 Recipients of your personal data.
4.4 Vacancies.
4.5 Feedback.
4.6 Protection of your personal data.
4.7 Retention of your personal data.
4.8 Marketing communications.
4.9 Cookies, or comparable techniques.
4.10 International Data Transfers.
4.11 Your Rights and Choices.
4.12 How to Contact Us?.

1 Introduction

Qurin Holding B.V, and its subsidiaries (hereinafter “Qurin,” “we,” “us,” or “our”) are committed to protecting the privacy and security of your personal data, being responsible for the processing of personal data as shown in this privacy statement through our website https://www.qurin.com. Processing of these data should be in alignment with the General Data Protection Regulation (GDPR). This privacy statement describes how Qurin collects, processes, stores, protects, transfers and deletes personal data. It also explains for which activities we process the data and on what legal basis we do so. The sharing of data with other parties is set out below, as well as the processing of personal data outside the European Economic Area (EEA).  This policy also explains the retention terms and details your rights as a data subject and what you need to do if you wish to file a complaint.

Note that we have a separate privacy statement for clinical trial participants. As such, processing operations taking place in that regard, are covered by that privacy statement. You can request this via customer.service@qurin.com.

Our vision on privacy

Your privacy is of the utmost importance to us. Qurin takes every measure to ensure that personal data is handled with care, precision, and security. Trust is the foundation of our innovation, and we are committed to safeguarding your health and data at every step.

2 Definitions and Abbreviations

GDPR General Data Protection Regulation
Services The services that Qurin provides to you
Personal Data Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

3 Contact Details

Qurin Holding B.V. registered at the Chamber of Commerce 85106410

having its offices at Keizersgracht 62, 1015 CS Amsterdam, The Netherlands.

Email address: info@qurin.com

4 Data Collection, Processing and Storage

4.1 What personal data can we collect from you?

In general, we may collect various categories of information about you through the Services, including:

  • Personal Data: as defined by article 4 of the GDPR, such as:
    • Contact Information: Such as your name, mailing address, phone number, and email address;
    • Interest and Relationship Information: Including data about your interest in specific health topics, services, or products;
    • Identity information to confirm your identity, such as passports or an identity card if we are obliged to do so by local law;
    • Usage Data: Information about how you interact with our websites or applications;
    • Online Identifiers: May be derived from your IP address or mobile device;
    • Recruitment Data: If you apply for a position, we may collect your résumé, educational background, employment history, references, date of birth, identification numbers, and other related data;
    • Any other information that you provide to us that can be used to identify you;
    • Financial Data, such as bank account number or billing address;
    • Professional Data such as name, business contact details like e-mail and business address, job title, company name, phone number, bank account, transaction information, e-mails that might contain personal information, other information voluntarily chosen to share with us.

When visitors fill out the contact form on the website, we collect the data shown on the website, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.

Qurin might receive job inquires, either through a listing of open positions or an open application. In addition to the data mentioned above, we collect and (can) process:

  • Identity data, first and last name
  • Address data (when provided)
  • Phone number(s) (when provided)
  • Email address(es) (when provided)
  • Motivational Letter (when provided)
  • Resume (CV)
  • Occupational classification (when provided)
  • Current work data (when provided)

Sensitive personal data

We do not knowingly collect personal data on this website from children under the age of 16 years. If you are under the age of 16, please do not give us any personal data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our privacy statement by instructing their children to never provide personal data on this website without their permission. If you have reason to believe that a child under the age of 16 years has provided personal data to Qurin through this website, please contact us and we will endeavor to delete that information from our databases.

4.2 Purpose and basis for data collection and receivers of personal data

How We Collect Data

We may obtain information directly from you:

  • Interact or use our website or any other service that displays or links to this privacy statement, including accessing or downloading materials from the resources or portals available to you on this website or requesting information about our products and services;
  • Visit our branded social media pages;
  • Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls, or texts;
  • Contact us through our contact form available in our website;
  • When applying for a job by email, through the website or when you apply through external recruiters;
  • Register to our newsletter, mailings, press releases, reports and or annual reports;
  • When you contact us, submit an inquiry or ledge a complaint;
  • When you register for our services;
  • When you enroll in programs.
  • Cookies and automated technologies: as described above, we use automated technologies to collect data related to device usage and interactions;
  • When establishing and maintaining a customer relationship (customer/business contact/vendor).

If you provide us personal data relating to other individuals (e.g., employees, individuals working for a customer, an affiliate or a service provider), you warrant that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this privacy statement.

If you believe that your personal data has been provided to us improperly or want to exercise your rights relating to your personal data, please contact us by using the contact information detailed in the section “How to Contact us” available at the end of this document.

Personal data we collect from other sources:  

We collect personal data from customers/business contacts and vendor: We receive and store your personal data that our customers, business providers or vendors have provided to us in order to satisfy contractual obligations. The types of information we may collect directly from our customers and their employees include names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information, as well as other contact or other information they choose to provide us or upload to our systems in connection with the products or services they offer us. Other personal information we process may vary depending on the requirements specified in third-party agreements. In those cases, we assume that those entities have appropriate legal grounds to share personal data with us.

We may supplement our records with data from public sources, business partners, data vendors, or social media platforms such as LinkedIn or X (formerly Twitter).

How We Use Information

Below is an overview of the personal data we collect, including the sources of personal data, how we  may use the data, for which purposes we may use it, and the legal purpose thereof.

Purpose Description Legal basis
To respond to inquiries or provide information about our products or services We process your personal data when you contact us. Our legitimate interest to ensure effective communication by responding to inquiries and providing accurate information about our products or services, supporting informed decision-making and trust in a regulated healthcare context.
To manage event participation, contests, or rebate programs Processing personal data to manage participation in events, contests, or rebate programs, including registration, communication, validation, and prize or rebate distribution. Our legitimate interest is to efficiently organize and administer events, contests, or rebate programs to engage participants, ensure fair participation, and deliver promised benefits.
To support our business and clinical research partnerships Processing personal data to enable collaboration with external partners in business and clinical research, including data sharing and coordination activities. Our legitimate interest in managing or performance of a contract that we have with a partner. The legitimate interest is to facilitate and manage business and clinical research partnerships to advance collaborative goals and ensure effective communication and coordination.
To support day-to-day operations We process your personal data in relation to security monitoring, analytics, fraud prevention, and system optimization Our legitimate interest is to ensure the effective and efficient functioning of day-to-day business operations necessary for delivering services and maintaining organizational stability.
Aggregating data We process your personal data for the purposes of aggregating this information to ensure that it is no longer identifying you. Our legitimate interest in minimizing the amount of personal data processed as part of the noted processing activity.
Providing and improving our Websites We process your personal data to operate and administer our website and to provide you with the content you access and request.

We process your personal data to analyze overall trends and help us improve the user experience on our websites.

 Our legitimate interest to operate, maintain, and continuously improve the functionality, security, and user experience of our websites and/ or your consent.
Registering visitors to our premises We process your personal data in our registration form for security reasons Our legitimate interest in ensuring the safety, security, and administrative management of our premises by registering and monitoring visitors.
Sending communications, administering surveys, and conducting research We process your personal data to send you marketing information, newsletters and other non-transactional communications Your consent to receive any direct marketing or communication from us or when you are already a registered client.
Providing, developing and optimizing the performance of the services We process your personal data to develop, optimize, provision, and improve the performance of the services and to satisfy our obligations under the applicable terms of use Our legitimate interest in providing and administer our Services in line with customer expectations
Where applicable, compliance with legal obligations incumbent on us.
Managing our customer accounts. We process your personal data in relation to our CRM system to manage customer and user accounts generally, such as billing, customer correspondence, customer relationship management, and maintaining your customer account. Our legitimate interest is to manage and support customer accounts in a structured and compliant manner to ensure reliable delivery, traceability, technical support, and regulatory follow-up and performance of a contract when applicable.
Maintaining our security We process your personal data for the purposes of maintaining Qurin’s own security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect Qurin  or its services Our legitimate interest in promoting the safety and security of Qurin and to protect our rights and the rights of others
Managing job applications We process your personal data in relation to the position you apply for. The purpose of talent acquisition, including assessing capabilities, reference checks and eventually providing you with an offer/labor contract. Our legitimate interest process job application data based on our legitimate interest in assessing candidates’ suitability, managing the recruitment process, and selecting qualified individuals to join our team  through any of our channels and performance of a contract. We will ask consent when required.

 
Undertaking financial reporting, managing payments, preparing internal reports, and business modelling When necessary we process your personal data for the purposes of financial reporting, modelling purposes (e.g., forecasting), and to make or collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you, the company you represent or your organization. Our legitimate interest is to ensure accurate and transparent financial oversight, enable efficient payment and budgeting processes, and support data-driven decision-making critical to the sustainability and strategic growth of the business. and/ or performance of a contract.
Complying with legal and/or regulatory obligations We process and/or disclose your personal data to the extent required when cooperating with competent authorities, regulators or relevant jurisdictions to ensure the compliance with legal requirements under applicable laws and/or protect our rights Legal obligation incumbent on Qurin or any of its affiliates.
Litigation and claims We may process your personal data during litigation or administrative procedures and when defending or exercising legal rights and claims Legal obligation.
Managing customer, business contact and vendors Fulfil purchases and other paid services, register you as a visitor, Establish and maintaining a customer relationship Performance of a contract: the contract we have with you as a supplier and/or customer and/or business contact.

Legitimate interest: our legitimate interest in maintaining contact with our business partners, vendors and customers to support ongoing collaboration, explore future opportunities, and strengthen our professional relationships.

 

4.3  Recipients of your personal data

Access to personal data relating to you is limited. It is Qurin’s policy that persons within the organization should only have access to personal data on a need-to-know basis. Where applicable, we share your personal data in the following circumstances:

Qurin’s Companies, subsidiaries, partners, and affiliates

We may share your personal data with subsidiaries and/or affiliates for purposes consistent with this privacy statement. Personal data is transferred between Qurin entities to ensure efficient and effective business operations and to enable Qurin to provide customer, sales, marketing, human resources, finance, information technology, legal, quality assurance, product development, and other support services.

Third Parties: Vendors, contractors, and other service providers

Qurin may share personal data with other service providers or other third parties that carry out functions or services on our behalf or that assist or enable our operations. These providers include, but are not limited to, hosting, e-mail and collaboration service providers, freelancers, consultants, product feedback or customer support, head-hunters, travel agencies and travel service providers, HR system providers, payrolling program vendors, and IT processing systems.

Personal data will only be disclosed if such service providers have provided sufficient guarantees to implement appropriate technical and organizational measures to protect your personal data and that is consistent with this privacy statement and applicable law.

Business transfers

Qurin may share personal data with other parties in connection with a significant corporate transaction or restructuring, including mergers, acquisitions, asset sales or insolvency. We may also transfer your personal data to law enforcement agencies, courts, tribunals, and regulatory bodies to comply and demonstrate compliance with our legal and regulatory requirements.

 

With your consent

When you authorize specific data sharing, such as with a healthcare provider participating in a Qurin-sponsored program.

Legal Compliance and Protection

To comply with applicable laws, regulatory inquiries, or legal processes, or to protect the rights, safety, and integrity of Qurin, its stakeholders, or the public. Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements or to investigate fraud.

Aggregated or De-identified Data

We may share data that cannot reasonably identify you, for reporting or research purposes.

No commercial use: Qurin will not sell your personal data to third parties.

Third parties to whom we transfer your personal data are themselves responsible for compliance with data protection law unless they act as our data processor in which case we will conclude a data processing agreement. We are not responsible for the processing of your personal data by third parties if they act as an independent data controller.

4.4 Vacancies

Qurin will collect the provided data as mentioned under section 4.1. Qurin will remove your data after 4 weeks, starting after the completion of the hiring procedure unless you have given us permission to store your data longer in which case it will be stored for a maximum of 1 year after the completion of the hiring procedure. As a solicitor you can always request to view all data Qurin has collected, request to rectify incorrect data or request removal. When you want Qurin to keep your data for a possible job opening later, Qurin might keep the data for 1 year at most.

4.5 Feedback

Qurin is required to collect data on post market surveillance. Any data provided by customers, users, patients in relation to (the use of) our products is considered feedback. Feedback can consist of requests, comments or complaints. All data provided is required to be stored as provided in SOP-23 (Post Market Surveillance).

4.6 Protection of your personal data

Qurin uses appropriate technical and organizational measures to ensure that the personal data we process is protected from unauthorized access, use, destruction, alteration or disclosure in accordance with applicable laws and regulations. In case of data transmission or when IT storage problems arise we have appropriate procedures in place to protect your personal data and privacy.

4.7 Retention of your personal data

We will retain your personal data for as long as is necessary in order to fulfil the purposes for which we have collected your personal data, including any legal requirements. When the personal data is no longer needed for its original processing goal, and there are no further legal requirements or you have withdrawn your consent, we will delete or anonymize your personal data.

4.8 Marketing communications

You can opt-out of receiving promotional or marketing communications from us at any time, by using the unsubscribe link in the email communications we send, or by contacting us using the details provided in the section ‘How to contact us’ at the end of this privacy statement. Please note that if you have accounts for our Services, we will still send you non-promotional communications, like service-related emails.

4.9 Cookies, or comparable techniques

Qurin uses cookies on their website, and for this we have set up a “Cookie Statement”.

4.10 International Data Transfers

Your Personal Data will be processed within the European Economic Area (EEA) and stored on servers located within the EEA whenever possible. However, Your Personal Data may be transferred to and stored by us or by our affiliates and third parties described above, located in countries outside the EEA. Consequently, your personal data may be processed outside your jurisdiction, and in countries that may not provide the same level of data protection as your jurisdiction. However, we ensure that the recipient of your personal data provides an adequate level of protection, for example by entering into appropriate data processing agreements and, if necessary, standard contractual clauses or an alternative lawful data transfer mechanism.

4.11 Your Rights and Choices

Depending on where you live (e.g., the European Economic Area, European Union, United Kingdom or Switzerland, etc.) you may have the following rights with respect to your personal data (Art 15 GDPR):

  • Right of access: you can contact us any time to request the personal data we may hold and request a copy and a list of purposes for which your personal data is processed.
  • Right to correction: you have the right to require us to correct mistakes in your personal data should you notice any.
  • Right to erasure; you have the right to require us to delete your personal data—in certain situations.
  • Right to object: you have to object at any time to your personal data being used for direct marketing (including profiling) and in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests. We may however continue to process your personal data if, even if you object thereto, we have compelling legitimate grounds for the processing that override your integrity interest.
  • Right to restriction of use; you have the right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
  • Right to data portability; you have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
  • Right to withdraw consent: you have the right to withdraw your consent at any moment where you have provided it previously. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to the withdrawal.
  • Right not to be subject to decisions without human involvement: you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our website.

If you wish to exercise any of your rights mentioned above, please contact us using the information in the section ‘How to Contact Us’ at the end of this document. We will respond to your request within 30 days of receiving such request. If we are unable to honour or otherwise deny your request, we will provide a reason why.

We may charge you a reasonable fee in the case that you request additional copies of your personal data or make excessive requests. Insofar as is practicable and required under law, we will notify third parties with whom we have shared your personal data of any request for correction, deletion and/or restriction to the processing of your personal data. Please note that we cannot guarantee third parties will follow up on our notification and we encourage you to contact those third parties directly.

If you feel that our processing of your personal data infringes data protection laws, or if you feel that we have not handled your complaint properly, you have a legal right to lodge a complaint with the Data Protection Authority within your country.

4.12 How to Contact Us?

Data review, rectification and removal

Like stated with soliciting you can always request the data we obtained from you, stored or processed. You have the right to request rectification of the data when the data is (proven) incorrect. You also have the right to request removal of (part of) the data. Qurin is required to do so when you revoke your approval. Qurin has the right to/ obligation to identify yourself, to avoid other people will view, change or request removal of your data.

Data Protection Officer

Qurin has appointed a Data Protection Officer.

DPO Consultancy
Europalaan 28b
5232 BB ‘s-Hertogenbosch
The Netherlands

Email: privacy@qurin.com.

Changes to This Statement

We reserve the right to amend this privacy statement at any time and from time to time. We encourage you to review it periodically. If you use this website after the amended privacy statement has become effective, you will be deemed to have agreed to the amended privacy statement.

Contact Information

For questions or concerns regarding this privacy statement or the handling of your personal data,
please contact us at:

Email: privacy@qurin.com.

Postal address: Qurin Holding B.V., Keizersgracht 62, 1015 CS Amsterdam, The Netherlands