MEDIQ

Privacy Policy

Last updated: April 2026

1. Who we are

MEDIQ Health Technologies ("MEDIQ", "we", "us") operates the platform available at mediqhealth.be and its subdomains. We act as data controller for the personal data described in this policy.

For questions about this policy or to exercise your rights, contact us at privacy@mediqhealth.be.

2. Data we collect

Account data

When you register or are registered by a clinic, we collect your name, email address, date of birth (patients), role, and encrypted password.

Appointment data

We record the date, time, duration, type of consultation, visit notes entered by the healthcare professional, and appointment status.

Usage data

We log standard server-side request metadata (IP address, browser type, pages visited, timestamps) for security and diagnostic purposes. We do not build behavioural profiles for advertising.

Payment data

Subscription payments are processed by Mollie NV (Belgium). We store a Mollie payment reference but never store raw card numbers or bank account details.

Contact form

If you use the contact form on our website we store your name, email address, and message for the time needed to respond, then delete them.

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b) GDPR) — processing your account and appointment data is necessary to deliver the service.
  • Legal obligation (Art. 6(1)(c) GDPR) — we may retain certain records to comply with Belgian tax, accounting, and healthcare regulations.
  • Legitimate interest (Art. 6(1)(f) GDPR) — server logs are kept to detect and prevent fraud and abuse.
  • Consent (Art. 6(1)(a) GDPR) — where we rely on consent (e.g. marketing communications), you may withdraw it at any time.

4. How long we keep your data

  • Account data: retained for as long as your account is active, plus 30 days after deletion.
  • Appointment records: 10 years from the date of the consultation (Belgian healthcare record-keeping obligation).
  • Server logs: 90 days.
  • Contact form messages: deleted within 90 days of the last exchange.
  • Payment references: 7 years (Belgian accounting law).

5. Who we share your data with

We do not sell personal data. We share it only with:

  • Gigalixir — cloud hosting provider (servers in EU).
  • Mollie NV — payment processing (Belgium).
  • Bird (MessageBird) — SMS delivery for appointment reminders.
  • Authorities — where required by law or court order.

All processors are bound by data processing agreements and operate within the EEA or under adequate safeguards.

6. Your rights under GDPR

As a data subject you have the right to:

  • Access — request a copy of your personal data (Art. 15).
  • Rectification — correct inaccurate data (Art. 16).
  • Erasure — request deletion where no legal obligation requires retention (Art. 17).
  • Restriction — ask us to limit processing while a dispute is resolved (Art. 18).
  • Portability — receive your data in a machine-readable format (Art. 20).
  • Objection — object to processing based on legitimate interest (Art. 21).
  • Withdraw consent — where processing is consent-based, withdraw at any time.

To exercise any right, email privacy@mediqhealth.be. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

7. Security

We use TLS for all data in transit. Sensitive fields (e.g. social security numbers) are encrypted at rest using AES-256-GCM. Access is restricted by role and tenant isolation enforced at the database level.

8. Cookies

We use cookies to operate the platform. See our Cookie Policy for details.

9. Changes to this policy

We may update this policy. Material changes will be notified by email or a notice on the platform at least 14 days before taking effect. The date at the top of this page always reflects the latest revision.