privacy policy

Privacy policy

1. Luscii

Luscii healthtech BV is a Dutch company. Our business activities take place in the European Economic Area (EEA) and, unless otherwise stated, our data is stored on servers within the EEA.

This Privacy Policy summarises when and how your personal data is collected, used, protected and disclosed, in accordance with your authority, when using our applications and website, and all functions, software and Services provided via the applications and website (the ‘Service’).

2. General

We reserve the right to alter the conditions of this Privacy Policy. If we make alterations to the Privacy Policy, we will inform you accordingly.

3. What personal data do we collect, for what purposes and for how long?

Personal data can be collected in a number of ways when using the Service. The appendix contains an overview of the information that Luscii can collect. It indicates what personal data is processed or can be processed. A distinction is also made between the data that we process from customers and the data from healthcare professionals who make use of the Service. The overview shows what personal data is processed, for what purpose, on what legal basis the processing is based, and how long the personal data is stored.

If you do not provide your personal information to Luscii or otherwise object to the use of your personal data by Luscii, you may be impeded in the use of the Service. The consequences of failing to provide or objecting to the processing of personal data are indicated below, per processing basis. Which personal data falls under which processing basis, can be found, per Service, in the appendix.

Processing based on Luscii’s legal obligations:

  • We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data stated in this section is required to comply with our legal obligations.

Processing necessary for the execution of the agreement:

  • You may be impeded in the use of the Service, and it is possible that the Service may not function effectively. We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data stated in this section is required for the Service to function and perform effectively.

Processing necessary for Luscii’s legitimate interests:

  • We may block or restrict your access to the Service and we reserve the right to terminate the agreement in accordance with our terms and conditions. The personal data mentioned in this section are required to meet the legitimate interests of Luscii and to prevent misuse of the Service and avoid security incidents.

Processes for which your explicit consent is required:

  • You may be impeded in the use of the Service, and it is possible that the App may not function properly. The personal details mentioned in this section are required for the App to function and perform effectively. Since this concerns sensitive personal data, however, your explicit permission is required for the processing of this personal data.

Processes for which your permission is required:

  • You will not be impeded in the use of the Service. Refusing or withdrawing permission will not have any negative consequences for your use of the Service.

Appendix 1: Processing for Luscii Contact & Luscii Vitals.

Appendix 2: General processing (e.g. when not making use of the Service).

4. Sharing personal data

Unless otherwise stated in this Privacy Policy, we do not specify, sell or trade any personal information about our visitors and users to third parties.

4.1 Sharing with Processors

We may engage third parties, such as hosting providers, to assist us in providing the Service. Those third parties may, in the context of their role in providing the Service, process your personal data. In this respect, such a third party is thereafter referred to as a ‘Processor’. We conclude processing agreements with these Processors.

We make use of the following types of Processors:

  • analytical software (cookies) to improve our services (e.g. privacy-friendly Google Analytics);
  • analytical software (cookies) for making offers (i.e. marketing); 
  • cloud services and hosting provider(s); 
  • email services providers; 
  • providers of services that collect health data;
  • providers of services for managing customer and user information;
  • video calling providers;
  • push notification providers.

In some cases, the Processor may collect your personal data on our behalf. We inform the Processors that they may not use personal data that they obtain from us, except for the purpose of providing the Service. We are not responsible for any additional information that you provide directly to the Processors. It is your responsibility to inform yourself about the Processor and their company before disclosing personal data.

4.2 Sharing with your permission

From time to time, we may also share personal data with third parties if you give us permission to do so. For example, we may work with other parties to offer you specific services directly. If you register for these services from third parties, we may share the personal information you provide, such as your name or other contact information that we consider necessary, with the third parties so that our partner can provide services or contact you directly.

4.3 Our legal responsibility

We may share personal data if we can trust that it is permitted by law or if we are legally obliged to do so. We may also share personal data with third parties if it is necessary or appropriate to do so to comply with the law, if it is necessary to comply with legal requests from authorities, to respond to any claims to protect our rights, ownership or safety, and those of our users, employees and the public, and to protect ourselves and our users, without limitation, against fraudulent, abusive, inappropriate or unlawful use of the Service. We will inform you immediately of any requests received from an executive, administrative or other government agency that concern your personal data, unless this is prohibited by applicable law.

4.4 Anonymous information

Please note that nothing within the policy limits the sharing of anonymous information, which can be shared with third parties without your consent.

5 Protection of personal data

We employ appropriate technical and organisational security measures for the processing of personal data. We follow general accepted standards for the protection of personal data, both during transmission and after receiving such data. We have taken the following measures for your protection:

  • Access to our servers and infrastructure is only possible from certain secure servers with specific IP addresses, and is only accessible through a specific combination of keys.
  • Access to our database is only possible using three-step authentication and personal accounts that are protected with a username and password. Only those who require access to the database for their task will receive such an account.
  • We use a password policy to guarantee strong passwords. Passwords must be reset periodically.
  • We use a firewall that is configured automatically through security scripts.
  • We use virtual private clouds for each separate environment (testing, acceptance and production) to reduce risks.
  • Saved data is always protected by encryption. Passwords are also hashed. Locally stored data (e.g. on iOS and Android) is also stored with encryption, in cases of sensitive information (medical or authentication details). Locally stored data will be deleted after logging out.
  • We use SSL (Secure Sockets Layer) technology to encrypt incoming transmission data.
  • The maximum number of incorrect login attempts is limited.
  • All information entered by users is checked to ensure that no malicious data is uploaded. • Software has been installed to detect malicious software in a timely manner.
  • Security updates take place on a monthly basis.
  • We monitor access to the back-end section to detect possible security breaches or other deviations.
  • We make a daily backup of the database. Users who have access to the database do not have access to the backups to prevent unwanted database deletion.
  • Cookies do not contain full authentication information, such as passwords. • Information in cookies is deleted after logging out. 
  • Important information in cookies is encrypted.
  • The duration of login sessions is limited.
  • We have a strict policy regarding the use of data carriers (such as laptops and USB sticks).
  • Access to the property is limited and the property is fully secured.

Please be aware that our Processors are responsible for processing, managing or storing (some of) the personal data that we receive. Processors are not authorised to use this information to advertise to you. These Processors are under contract, by means of a Processor Agreement, to protect the personal data that they have received from us.

However, there is no way of transmitting over the internet or a method of electronic storage that is 100% secure. As a result, we cannot guarantee absolute safety.

6 Links to third party sites

Our Services and/or website may contain links to other websites, as well as advertisements from third parties. Third party websites may keep track of your information. We have no control over such sites or their activities. Any personal data that you supply on the pages of third parties will be provided directly to that third party and will be subject to their particular privacy policy. We are not responsible for the content, privacy, and security practices and policies of websites that we link to or advertise on our Services and/or website. Links from our website to third parties or to other sites are only made available to you. We encourage you to review their privacy and security practices and policies before you provide personal information.

7 What choices do you have regarding the use of your personal data?

Before we share your personal data with third parties in ways not covered by this Privacy Policy, including use for direct marketing purposes, you will be notified and asked to give permission when such information is collected. We can send you marketing and promotional material about our products and Services. If you no longer wish the information to be used for direct marketing, you can contact us at the email address provided under ‘Contact’. You can also opt out by following the unsubscribe instructions included with each promotional email. This does not affect our right and ability to send you Service and account related emails or to use personal data as described in this Privacy Policy. We will respond to your requests as soon as possible, once we have received them.

8 Your rights

You can check, update, correct or delete your personal data collected by the website and the Service by emailing us at the email address provided under ‘Contact’ or by using the function, if available, designed for this purpose in the Service. Please note that the removal of personal data may lead to the termination of the right to use the Service. We reserve the right to retain your personal data in our files if we believe that this is necessary or recommended to provide the Service to others, to resolve disputes, to maintain the applicable terms of use, for technical and/or legal requirements, and/or if the Service requires it. To access your own personal data by email, you must provide sufficient proof of your identity, as requested. We reserve the right to deny access to any user if we have doubts about their identity. We will respond to all access requests within 4 weeks. In the case of complex requests, the deadline may be extended for another 4 weeks. If we extend the term, we will notify you within 4 weeks of the application submission date. You have the right to request that we limit or stop the processing of your personal data in the future. We will comply with your request, but this may result in hindered use of the Service and may nullify your ability or permission to use the Service, as stated in Article 4 of this Privacy Policy.

You may request, at reasonable intervals, the transfer of your processed personal information, as specified by you, as long as the requested information does not contain personal data of other persons and as long as the requested information has been processed on the basis of your permission or that processing is necessary for the execution of the Service. We will respond to such requests within 4 weeks, once they have been received.

You have the right to file a complaint with the appropriate privacy authority that authorises our processing of personal data. In the Netherlands, this authority is the Dutch Data Protection Authority, which can be reached at

9 Questions

If you have any questions, problems or comments about this Privacy Policy, please contact us via email at


1 Processing for Contact & Vitals

Necessary for the representation of the legitimate interests of Luscii, processing time up to 2 years after the end of the agreement.

Security service

  • IP address
  • User actions (login, logout, etc.)

Improving service and detecting errors 

  • Settings history
  • App version
  • iOS/Android device version
  • Browser version

We process other personal data collected for Luscii Contact and Luscii Vitals Services for the benefit of the healthcare institution (or other responsible party) on the basis of a processing agreement. If requested, we can provide the company’s details, so you can contact them and find out which personal data they process or to consult the privacy policy of that company. We are not allowed to provide information about the personal data we process on behalf of these companies.

2 Other processing (e.g. when not using a Service)

When using the website:
Necessary for the representation of the legitimate interests of Luscii, processing time up to 3 years and 2 months after the last use of the website, unless technically not possible.

Processing for the security of the Service

  • IP address

Functional cookies to improve your ease of use

  • Completed form fields

Analysing cookies to improve Luscii Services

  • IP address
  • Via which website you found us
  • Which pages you visited
  • How long your visit lasted
  • How you navigated through the website

When submitting your data:
Necessary for representing the legitimate interests of Luscii, processing time up to 6 months after last contact with Luscii. To be able to answer your questions and provide you with information

  • Name
  • Email address
  • Telephone number
  • Other personal data entered in the contact field