Version November 12, 2024

Data processing within the Luscii application

Luscii healthtech B.V. (Luscii, we, our, us) is a Dutch company. We are located at Nicolaas Beetsstraat 216 (3511 HG) in Utrecht, the Netherlands. We develop technology for home measurement applications. This enables healthcare providers to monitor their patients and clients remotely. We want good care to be readily available to everyone.

Luscii makes the technology for the App. Healthcare institutions purchase our services. Among other things, your healthcarei institution determines the purposes for which they will use the App, the diagnoses for which an App will be implemented, and the threshold values at which action must be taken by either the healthcare provider or the patient. We provide the technology and support, and ensure that the App is easy for you to use. 

We process personal data of users of our home measurement application(s) (App(s)). These may be the healthcare providers who view and analyse the measurement results and, of course, the patients and clients who keep track of their measurement results in our Apps. We process the personal data of users on behalf of the healthcare institutions that prescribe the Apps. The healthcare institutions are responsible for the processing and we are the processor. We make agreements with healthcare institutions regarding how we process personal data on their behalf and the security measures that we take. Your healthcare institution determines the purposes for processing of your data via the App. Contact your healthcare institution for more information about her privacy policy regarding the use of the App.

In our App, we can process the following information from users on behalf of healthcare institutions: Type of user (patient/admin/caregiver), first and last name, gender, postcode, date of birth, email address, telephone number, name of healthcare institution and/or healthcare provider that has prescribed the App, unique username or ID, patient number, account start date, program, messages sent via the App (feedback, support), App settings, measurements and values, and frequencies thereof, logging of use (date and time log in/out), authentication token, IP address, information for push notifications, type of device used (iOS/Android) and version number, browser information, version of the App, diagnoses, information about conditions and medication.

The healthcare institution may only process personal data via the App if there are legal grounds to do so. In most cases, grounds can be found in the execution of the medical treatment agreement that the healthcare institution has with the client or patient. If necessary, the healthcare institution may also request permission. We process the personal data in the App on behalf of the healthcare institution and do not require independent processing grounds in which to do so.
The healthcare institution will determine in advance the purposes for which it will process personal data via the App. We have no control over this.

The personal data that we process from you in the App will always be shared with your healthcare provider of the healthcare institution. We may also share your personal data with third parties from whom we purchase services, i.e. our subcontractors. These sub-contractors are to be regarded as ‘sub-processors’. We agree with the healthcare institution which services of third parties to use. We always enter into a sub-processor agreement to ensure that these third parties, just like us, handle your personal data with care.

We have agreed with the healthcare institution that we will take measures to protect your personal data against unlawful processing. We work in accordance with ISO 27001:2017, NEN 7510, 7512 and 7513 and Cybersecurity Essentials. More information can be found here.

Would you like to know more about the data processing in the Luscii’s applications? Please contact your healthcare institution. You can also contact your healthcare institution if you wish to invoke your rights with regard to your personal data. This includes the right to access, the right to supplement and correct personal data, and the right to remove personal data.