This document provides the contractual framework for the processing of personal data by Rosa on behalf of its professional customers. It is part of the agreement between you (as a health professional) and Rosa.
“Rosa” is Rosa ASBL, a non-profit organization established at Cantersteen 10, 1000 Brussels, with enterprise number 0745.832.604. To communicate with Rosa about processing of personal data, or to exercise any of your rights described in this agreement, please send an email to firstname.lastname@example.org.
You are considered as a data controller for the data processing activities covered by this agreement, because:
As a data controller, you are responsible for the processing activities covered by this agreement.
Rosa must comply with some legal obligations imposed to it as a data processor, and must also help you to comply with some of your own obligations, in the manner described in this agreement.
Rosa must make sure that its personnel and the contractors having access to personal data covered by this agreement, are bound by appropriate confidentiality obligations.
Rosa must implement appropriate security measures to protect the personal data covered by this agreement against unauthorized access, modification or destruction. Rosa relies on technologies or services of its subcontractors for parts of these measures.
Rosa must evaluate these security measures from time to time and adapt them if needed, to take into account the evolutions of the risks, the technology and the costs associated with these measures.
You authorize Rosa to rely on services provided by other companies to perform the data processing activities covered by this agreement.
If Rosa receives a request or complaint from a patient about a data processing activity covered by this agreement, Rosa must notify you. You are responsible for handling the request.
On your request, Rosa will provide you with reasonable assistance and information that you need for answering a request from a patient.
If you notice or suspect a breach of security, you must contact Rosa as soon as possible.
If Rosa notices a breach of security leading to the unauthorized access, modification or destruction of personal data covered by this agreement, Rosa must notify you as soon as possible.
In some circumstances determined by the data protection laws, you are obliged as a data controller to notify a data breach to the regulatory authority and to the affected persons. Rosa will help you comply with this obligation, depending on the circumstances:
In either case, Rosa must keep you informed, to the best possible extent, about:
You may instruct Rosa to delete personal data that you are responsible for, and that is no longer relevant for the intended purpose.
Rosa is not obliged to keep data that you are responsible for, for more than 30 days after the end date of your agreement with Rosa.
You acknowledge that sending emails to the main contact address mentioned in your account is a valid way for communicating with you about this agreement. You must keep that address up to date.
Rosa may change this data processing agreement, but must announce in advance these changes and the date where they will become effective. The agreement between you and Rosa will be modified accordingly at that date.
This agreement is governed by Belgian law. In the unfortunate case of a dispute between you and Rosa that cannot be solved amicably, the competent courts of Brussels, French or Dutch section, will handle the dispute.