Privacy Statement Blue Health Intelligence
Blue Health Intelligence handles the data of its clients and users with due care. (Medical) personal data is treated confidentially and secured appropriately. We comply with the applicable laws and regulations in the field of privacy and data protection, including the General Data Protection Regulation (GDPR). This also applies when your data is shared with third parties in the context of care, aftercare or guidance. Where necessary, we ask for your (explicit) consent for the processing of your personal data.
In this privacy statement, we inform you about the personal data we process, the purposes for which we do so, and the rights you have. We therefore ask you to read this statement carefully.
1. Controller of your personal data
The controller responsible for the processing of your personal data is:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Data Protection Officer
Blue Health Intelligence has appointed a Data Protection Officer (DPO); the contact details are:
Leanne Verdonck
E-mail: leanne@bluehealth.co
Telephone: 020-2101572
2. Categories of personal data
When you visit our website, use our app, sign up for a membership or book a health scan with us, you leave certain data with us. This also occurs in the context of the performance of a (medical) treatment agreement and/or service agreement. Depending on the service you use, we may process the following categories of personal data:
Identification and contact details
Name, address, place of residence details
Gender
Date of birth
E-mail address
Telephone number
Contact and communication preferences
(Where applicable) data of insurance partners
Account and usage data
Login details for your Blue Health Intelligence account (username, hashed passwords)
Preferences within the app/portal
Information about your appointments and membership
Log files and usage data of the website and app (such as pages visited and features you use)
Technical data
IP address
Device and browser data
Cookie IDs and similar identifiers
Payment and invoicing data
Payment method
Transaction data
Invoice data
Data about your practitioners
Data of your general practitioner, medical specialist or other healthcare providers (where relevant)
Medical and health data (special categories of personal data)
Medical history (for example previous conditions, surgeries)
Physical characteristics (such as weight, height, BMI, blood pressure, heart rate)
Lifestyle data (for example sleep, exercise, nutrition, smoking and alcohol use)
Data concerning your health in a broad sense
Results of laboratory tests (blood, urine and other biomarker analyses), including, among other things:
Cholesterol and other blood lipids
Glucose values and markers for (pre)diabetes
Kidney and liver function
Hormones, allergies, vitamins (where applicable)
Results of imaging examinations, such as:
Ultrasound or other scans
Other image materials
Reports and advice from doctors, including any translations thereof
Results of cardiological examinations (for example ECG recordings, heart rhythm data)
Data from wearables and other devices (if you connect these)
Activity data (for example steps, workouts, heart rate)
Sleep data
Other health data linked by you from wearables, home measurement equipment or apps
We are the controller within the meaning of the GDPR for the data referred to above, insofar as we determine the purpose and means of the processing.
3. Legal bases for data processing
We only process your personal data if there is a valid legal basis for doing so.
Medical personal data (special categories)
Your medical personal data is only processed on the basis of:
Your explicit consent (Art. 9(2)(a) GDPR), for example when you consent to certain examinations, the use of wearables or the sharing of data with other healthcare providers; and/or
The necessity for preventive or curative care in the context of a medical treatment agreement (Art. 9(2)(h) GDPR in conjunction with Sections 7:446 et seq. and 7:457 of the Dutch Civil Code), insofar as there is a medical treatment agreement.
Other personal data
In addition, we process personal data on the basis of:
Performance of a contract (Art. 6(1)(b) GDPR)
For example for the:
Creation and management of your account
Execution of your membership
Scheduling and carrying out appointments and examinations
Handling of payments and invoicing
Your consent (Art. 6(1)(a) GDPR)
For example when you sign up for marketing communications (newsletter) or when we use non-essential cookies. You may withdraw your consent at any time.
Legitimate interest (Art. 6(1)(f) GDPR)
For example for:
Improving and securing our systems and services
Evaluating our services and conducting limited customer satisfaction surveys
Informing existing clients about similar services, current developments or changes to our services (within the legal framework)
In all cases, we do not process more data than is necessary for the relevant purpose.
4. Purposes of the data processing
We use your personal data for, among other things, the following purposes:
Creating and managing your Blue Health Intelligence account
Registering and guiding you as a client, member or user
Logging into your personal environment (app and/or web portal)
Maintaining and managing your medical file
Scheduling, carrying out and following up on your appointments and examinations
Mediating and cooperating with (external) healthcare providers and diagnostic centres
Processing and analysing results of (medical) examinations
Processing data from wearables and other devices that you connect
Providing advice and reports to you (and, where applicable, to your general practitioner or specialist with your consent or on the basis of the treatment relationship)
Sending communications about your account, appointments or important changes to our services
Performing or arranging other services requested by you
Improving, testing and optimising our systems, app and services
Complying with legal obligations, such as tax retention obligations and healthcare legislation
Sending newsletters and other marketing communications (where permitted)
5. Disclosure of your personal data to third parties
We only disclose your personal data to third parties if this:
Is necessary for the performance of the agreement (including the medical treatment),
Is necessary to comply with a legal obligation, or
Takes place on the basis of your (explicit) consent.
Examples of categories of recipients are:
Laboratories and diagnostic centres
External medical specialists and other healthcare providers
IT service providers and software suppliers (for example for hosting systems and the app)
Hosting and cloud providers
Suppliers of electronic communication and mail services
Suppliers of analysis and monitoring tools (for example web/app analytics)
Financial service providers and payment providers
Translation agencies (for medical translations)
(Where applicable) employers or other contracting parties, solely with your consent or on the basis of a specific legal basis
With parties that process personal data on our behalf, we conclude a data processing agreement in which appropriate safeguards for your privacy are laid down.
6. Retention periods
We do not retain your data for longer than necessary for the purposes for which it was collected, unless a longer retention period is legally required or permitted.
Medical file and health data
Insofar as we process your personal data in the context of a medical treatment agreement, we in principle retain the medical file for 20 years after the last contact, in accordance with the statutory retention period under the Dutch Medical Treatment Contracts Act (WGBO), unless another period applies or longer retention is necessary (for example due to claims or legal obligations).
This includes, among other things:
Name, address and place of residence details
Contact details
Medical history
Examination results and findings
Image materials
Reports from doctors and other healthcare providers
Financial data
We retain invoices and financial transactions for 7 years on the basis of tax legislation.
Marketing and communication data
Data that we use for newsletters or other marketing communications will in principle be retained until 2 years after you were last a customer or 2 years after you gave consent, unless you unsubscribe or object earlier.
After the retention periods have expired, your data will be deleted, anonymised or pseudonymised, unless retention is still necessary for, for example, an ongoing dispute.
7. Security measures
We take appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. These include:
Access to personal data is limited to authorised employees and healthcare providers, via personal accounts with passwords and, where applicable, additional security steps.
Data is stored in secure systems with access control.
We use encrypted (secure) connections (for example SSL/TLS) when sending personal data via our website and app.
We maintain internal procedures and access guidelines to prevent misuse and unauthorised access.
Important systems are tested and assessed periodically for security.
Despite all efforts, no form of data transfer or storage can be 100% secure. Should a data breach nevertheless occur, we will act in accordance with the GDPR and, if required, report this to the Dutch Data Protection Authority and the data subjects concerned.
8. Websites and services of third parties
Our website and app may contain links to websites or services of third parties (for example other healthcare providers, knowledge platforms or partners).
When you visit these websites or services, the privacy statement and terms of that third party apply. We recommend that you read these statements carefully before using such services. We are not responsible for the way in which these third parties handle your data.
9. Cookies and (web) analytics
Our website and app use cookies and similar technologies.
Cookies are small text files or pieces of code that are placed on your device when you visit our website or use our app. With the help of cookies, we can:
Ensure that the website and app function properly (necessary cookies)
Remember your preferences
Analyse and improve the use of the website and app
(Where permitted) show you more relevant content and advertisements
The information collected via cookies may include, among other things, the date and time of your visit, pages viewed and the manner in which you use our website or app.
Analysis and tracking tools (e.g. Google Analytics)
Blue Health Intelligence may use analytics tools, such as Google Analytics or similar services, to gain insight into the use of the website and app. The data collected in this process, including in some cases IP address, is anonymised or pseudonymised as much as possible. Where required, we ask for your consent to place non-essential cookies.
In a separate cookie statement (if available), you will find more information about the specific cookies and tools we use and how you can manage your cookie preferences.
10. Newsletter and marketing communications
On the basis of your consent
If you have signed up for the newsletter via our website, app or otherwise, you will regularly receive information from Blue Health Intelligence by e-mail about our services, examinations, events, promotions and client stories. This takes place on the basis of your consent (Art. 6(1)(a) GDPR).
The content of the newsletter may be tailored to your interests and previous contact moments with Blue Health Intelligence. This personalisation is based on the information you share with us (for example preferred topics) and possibly limited usage data.
You may withdraw your consent at any time by clicking the unsubscribe link in the newsletter or by contacting us.
Existing clients
When you have purchased a service or examination from Blue Health Intelligence, we may send you information by e-mail about similar services or relevant developments (Art. 6(1)(f) GDPR in conjunction with Section 11.7(4) of the Dutch Telecommunications Act). You can always object to this by using the unsubscribe option in the e-mail or by e-mailing us.
If you wish to object to the processing of your personal data for marketing purposes, you can send an e-mail to: privacy@bluehealth.co
11. Your rights
As a data subject, you have various rights under the GDPR. You may request from us, among other things:
Access to your personal data
Rectification (correction) or completion of incorrect or incomplete data
Erasure of your personal data (insofar as permitted within the statutory retention obligations)
Restriction of the processing of your personal data
Transfer of your data (data portability) to you or to another party
To object to certain processing operations, for example to the use of your data for marketing on the basis of legitimate interest
You may also withdraw your consent, insofar as given, at any time. This does not have retroactive effect on processing operations that have already taken place.
You can submit your request or objection by sending an e-mail to: privacy@bluehealth.co. Blue Health Intelligence will respond to your request as soon as possible, but no later than within four weeks. In some cases, we may ask for additional information to verify your identity.
12. Complaint to the Dutch Data Protection Authority
If you are not satisfied with the way Blue Health Intelligence handles your personal data, we naturally hope that you will first discuss this with us so that we can look for a solution.
In addition, you always have the right to lodge a complaint with the Dutch Data Protection Authority, the Dutch supervisory authority in the field of privacy. The contact details and procedure can be found on the website of the Dutch Data Protection Authority.
13. Changes to this privacy statement
We may amend this privacy statement from time to time, for example because our services change or because laws and regulations are updated. The most recent version can always be found on our website.
We recommend that you consult this statement regularly so that you remain informed of any changes. In the event of material changes, we will actively inform you where possible.
14. Contact
Do you have any questions or comments about this privacy statement or about the processing of your personal data by Blue Health Intelligence? If so, please contact us via:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Updated 20-03-2026
Privacy Statement Blue Health Intelligence
Blue Health Intelligence handles the data of its clients and users with due care. (Medical) personal data is treated confidentially and secured appropriately. We comply with the applicable laws and regulations in the field of privacy and data protection, including the General Data Protection Regulation (GDPR). This also applies when your data is shared with third parties in the context of care, aftercare or guidance. Where necessary, we ask for your (explicit) consent for the processing of your personal data.
In this privacy statement, we inform you about the personal data we process, the purposes for which we do so, and the rights you have. We therefore ask you to read this statement carefully.
1. Controller of your personal data
The controller responsible for the processing of your personal data is:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Data Protection Officer
Blue Health Intelligence has appointed a Data Protection Officer (DPO); the contact details are:
Leanne Verdonck
E-mail: leanne@bluehealth.co
Telephone: 020-2101572
2. Categories of personal data
When you visit our website, use our app, sign up for a membership or book a health scan with us, you leave certain data with us. This also occurs in the context of the performance of a (medical) treatment agreement and/or service agreement. Depending on the service you use, we may process the following categories of personal data:
Identification and contact details
Name, address, place of residence details
Gender
Date of birth
E-mail address
Telephone number
Contact and communication preferences
(Where applicable) data of insurance partners
Account and usage data
Login details for your Blue Health Intelligence account (username, hashed passwords)
Preferences within the app/portal
Information about your appointments and membership
Log files and usage data of the website and app (such as pages visited and features you use)
Technical data
IP address
Device and browser data
Cookie IDs and similar identifiers
Payment and invoicing data
Payment method
Transaction data
Invoice data
Data about your practitioners
Data of your general practitioner, medical specialist or other healthcare providers (where relevant)
Medical and health data (special categories of personal data)
Medical history (for example previous conditions, surgeries)
Physical characteristics (such as weight, height, BMI, blood pressure, heart rate)
Lifestyle data (for example sleep, exercise, nutrition, smoking and alcohol use)
Data concerning your health in a broad sense
Results of laboratory tests (blood, urine and other biomarker analyses), including, among other things:
Cholesterol and other blood lipids
Glucose values and markers for (pre)diabetes
Kidney and liver function
Hormones, allergies, vitamins (where applicable)
Results of imaging examinations, such as:
Ultrasound or other scans
Other image materials
Reports and advice from doctors, including any translations thereof
Results of cardiological examinations (for example ECG recordings, heart rhythm data)
Data from wearables and other devices (if you connect these)
Activity data (for example steps, workouts, heart rate)
Sleep data
Other health data linked by you from wearables, home measurement equipment or apps
We are the controller within the meaning of the GDPR for the data referred to above, insofar as we determine the purpose and means of the processing.
3. Legal bases for data processing
We only process your personal data if there is a valid legal basis for doing so.
Medical personal data (special categories)
Your medical personal data is only processed on the basis of:
Your explicit consent (Art. 9(2)(a) GDPR), for example when you consent to certain examinations, the use of wearables or the sharing of data with other healthcare providers; and/or
The necessity for preventive or curative care in the context of a medical treatment agreement (Art. 9(2)(h) GDPR in conjunction with Sections 7:446 et seq. and 7:457 of the Dutch Civil Code), insofar as there is a medical treatment agreement.
Other personal data
In addition, we process personal data on the basis of:
Performance of a contract (Art. 6(1)(b) GDPR)
For example for the:
Creation and management of your account
Execution of your membership
Scheduling and carrying out appointments and examinations
Handling of payments and invoicing
Your consent (Art. 6(1)(a) GDPR)
For example when you sign up for marketing communications (newsletter) or when we use non-essential cookies. You may withdraw your consent at any time.
Legitimate interest (Art. 6(1)(f) GDPR)
For example for:
Improving and securing our systems and services
Evaluating our services and conducting limited customer satisfaction surveys
Informing existing clients about similar services, current developments or changes to our services (within the legal framework)
In all cases, we do not process more data than is necessary for the relevant purpose.
4. Purposes of the data processing
We use your personal data for, among other things, the following purposes:
Creating and managing your Blue Health Intelligence account
Registering and guiding you as a client, member or user
Logging into your personal environment (app and/or web portal)
Maintaining and managing your medical file
Scheduling, carrying out and following up on your appointments and examinations
Mediating and cooperating with (external) healthcare providers and diagnostic centres
Processing and analysing results of (medical) examinations
Processing data from wearables and other devices that you connect
Providing advice and reports to you (and, where applicable, to your general practitioner or specialist with your consent or on the basis of the treatment relationship)
Sending communications about your account, appointments or important changes to our services
Performing or arranging other services requested by you
Improving, testing and optimising our systems, app and services
Complying with legal obligations, such as tax retention obligations and healthcare legislation
Sending newsletters and other marketing communications (where permitted)
5. Disclosure of your personal data to third parties
We only disclose your personal data to third parties if this:
Is necessary for the performance of the agreement (including the medical treatment),
Is necessary to comply with a legal obligation, or
Takes place on the basis of your (explicit) consent.
Examples of categories of recipients are:
Laboratories and diagnostic centres
External medical specialists and other healthcare providers
IT service providers and software suppliers (for example for hosting systems and the app)
Hosting and cloud providers
Suppliers of electronic communication and mail services
Suppliers of analysis and monitoring tools (for example web/app analytics)
Financial service providers and payment providers
Translation agencies (for medical translations)
(Where applicable) employers or other contracting parties, solely with your consent or on the basis of a specific legal basis
With parties that process personal data on our behalf, we conclude a data processing agreement in which appropriate safeguards for your privacy are laid down.
6. Retention periods
We do not retain your data for longer than necessary for the purposes for which it was collected, unless a longer retention period is legally required or permitted.
Medical file and health data
Insofar as we process your personal data in the context of a medical treatment agreement, we in principle retain the medical file for 20 years after the last contact, in accordance with the statutory retention period under the Dutch Medical Treatment Contracts Act (WGBO), unless another period applies or longer retention is necessary (for example due to claims or legal obligations).
This includes, among other things:
Name, address and place of residence details
Contact details
Medical history
Examination results and findings
Image materials
Reports from doctors and other healthcare providers
Financial data
We retain invoices and financial transactions for 7 years on the basis of tax legislation.
Marketing and communication data
Data that we use for newsletters or other marketing communications will in principle be retained until 2 years after you were last a customer or 2 years after you gave consent, unless you unsubscribe or object earlier.
After the retention periods have expired, your data will be deleted, anonymised or pseudonymised, unless retention is still necessary for, for example, an ongoing dispute.
7. Security measures
We take appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. These include:
Access to personal data is limited to authorised employees and healthcare providers, via personal accounts with passwords and, where applicable, additional security steps.
Data is stored in secure systems with access control.
We use encrypted (secure) connections (for example SSL/TLS) when sending personal data via our website and app.
We maintain internal procedures and access guidelines to prevent misuse and unauthorised access.
Important systems are tested and assessed periodically for security.
Despite all efforts, no form of data transfer or storage can be 100% secure. Should a data breach nevertheless occur, we will act in accordance with the GDPR and, if required, report this to the Dutch Data Protection Authority and the data subjects concerned.
8. Websites and services of third parties
Our website and app may contain links to websites or services of third parties (for example other healthcare providers, knowledge platforms or partners).
When you visit these websites or services, the privacy statement and terms of that third party apply. We recommend that you read these statements carefully before using such services. We are not responsible for the way in which these third parties handle your data.
9. Cookies and (web) analytics
Our website and app use cookies and similar technologies.
Cookies are small text files or pieces of code that are placed on your device when you visit our website or use our app. With the help of cookies, we can:
Ensure that the website and app function properly (necessary cookies)
Remember your preferences
Analyse and improve the use of the website and app
(Where permitted) show you more relevant content and advertisements
The information collected via cookies may include, among other things, the date and time of your visit, pages viewed and the manner in which you use our website or app.
Analysis and tracking tools (e.g. Google Analytics)
Blue Health Intelligence may use analytics tools, such as Google Analytics or similar services, to gain insight into the use of the website and app. The data collected in this process, including in some cases IP address, is anonymised or pseudonymised as much as possible. Where required, we ask for your consent to place non-essential cookies.
In a separate cookie statement (if available), you will find more information about the specific cookies and tools we use and how you can manage your cookie preferences.
10. Newsletter and marketing communications
On the basis of your consent
If you have signed up for the newsletter via our website, app or otherwise, you will regularly receive information from Blue Health Intelligence by e-mail about our services, examinations, events, promotions and client stories. This takes place on the basis of your consent (Art. 6(1)(a) GDPR).
The content of the newsletter may be tailored to your interests and previous contact moments with Blue Health Intelligence. This personalisation is based on the information you share with us (for example preferred topics) and possibly limited usage data.
You may withdraw your consent at any time by clicking the unsubscribe link in the newsletter or by contacting us.
Existing clients
When you have purchased a service or examination from Blue Health Intelligence, we may send you information by e-mail about similar services or relevant developments (Art. 6(1)(f) GDPR in conjunction with Section 11.7(4) of the Dutch Telecommunications Act). You can always object to this by using the unsubscribe option in the e-mail or by e-mailing us.
If you wish to object to the processing of your personal data for marketing purposes, you can send an e-mail to: privacy@bluehealth.co
11. Your rights
As a data subject, you have various rights under the GDPR. You may request from us, among other things:
Access to your personal data
Rectification (correction) or completion of incorrect or incomplete data
Erasure of your personal data (insofar as permitted within the statutory retention obligations)
Restriction of the processing of your personal data
Transfer of your data (data portability) to you or to another party
To object to certain processing operations, for example to the use of your data for marketing on the basis of legitimate interest
You may also withdraw your consent, insofar as given, at any time. This does not have retroactive effect on processing operations that have already taken place.
You can submit your request or objection by sending an e-mail to: privacy@bluehealth.co. Blue Health Intelligence will respond to your request as soon as possible, but no later than within four weeks. In some cases, we may ask for additional information to verify your identity.
12. Complaint to the Dutch Data Protection Authority
If you are not satisfied with the way Blue Health Intelligence handles your personal data, we naturally hope that you will first discuss this with us so that we can look for a solution.
In addition, you always have the right to lodge a complaint with the Dutch Data Protection Authority, the Dutch supervisory authority in the field of privacy. The contact details and procedure can be found on the website of the Dutch Data Protection Authority.
13. Changes to this privacy statement
We may amend this privacy statement from time to time, for example because our services change or because laws and regulations are updated. The most recent version can always be found on our website.
We recommend that you consult this statement regularly so that you remain informed of any changes. In the event of material changes, we will actively inform you where possible.
14. Contact
Do you have any questions or comments about this privacy statement or about the processing of your personal data by Blue Health Intelligence? If so, please contact us via:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Updated 20-03-2026
Privacy Statement Blue Health Intelligence
Blue Health Intelligence handles the data of its clients and users with due care. (Medical) personal data is treated confidentially and secured appropriately. We comply with the applicable laws and regulations in the field of privacy and data protection, including the General Data Protection Regulation (GDPR). This also applies when your data is shared with third parties in the context of care, aftercare or guidance. Where necessary, we ask for your (explicit) consent for the processing of your personal data.
In this privacy statement, we inform you about the personal data we process, the purposes for which we do so, and the rights you have. We therefore ask you to read this statement carefully.
1. Controller of your personal data
The controller responsible for the processing of your personal data is:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Data Protection Officer
Blue Health Intelligence has appointed a Data Protection Officer (DPO); the contact details are:
Leanne Verdonck
E-mail: leanne@bluehealth.co
Telephone: 020-2101572
2. Categories of personal data
When you visit our website, use our app, sign up for a membership or book a health scan with us, you leave certain data with us. This also occurs in the context of the performance of a (medical) treatment agreement and/or service agreement. Depending on the service you use, we may process the following categories of personal data:
Identification and contact details
Name, address, place of residence details
Gender
Date of birth
E-mail address
Telephone number
Contact and communication preferences
(Where applicable) data of insurance partners
Account and usage data
Login details for your Blue Health Intelligence account (username, hashed passwords)
Preferences within the app/portal
Information about your appointments and membership
Log files and usage data of the website and app (such as pages visited and features you use)
Technical data
IP address
Device and browser data
Cookie IDs and similar identifiers
Payment and invoicing data
Payment method
Transaction data
Invoice data
Data about your practitioners
Data of your general practitioner, medical specialist or other healthcare providers (where relevant)
Medical and health data (special categories of personal data)
Medical history (for example previous conditions, surgeries)
Physical characteristics (such as weight, height, BMI, blood pressure, heart rate)
Lifestyle data (for example sleep, exercise, nutrition, smoking and alcohol use)
Data concerning your health in a broad sense
Results of laboratory tests (blood, urine and other biomarker analyses), including, among other things:
Cholesterol and other blood lipids
Glucose values and markers for (pre)diabetes
Kidney and liver function
Hormones, allergies, vitamins (where applicable)
Results of imaging examinations, such as:
Ultrasound or other scans
Other image materials
Reports and advice from doctors, including any translations thereof
Results of cardiological examinations (for example ECG recordings, heart rhythm data)
Data from wearables and other devices (if you connect these)
Activity data (for example steps, workouts, heart rate)
Sleep data
Other health data linked by you from wearables, home measurement equipment or apps
We are the controller within the meaning of the GDPR for the data referred to above, insofar as we determine the purpose and means of the processing.
3. Legal bases for data processing
We only process your personal data if there is a valid legal basis for doing so.
Medical personal data (special categories)
Your medical personal data is only processed on the basis of:
Your explicit consent (Art. 9(2)(a) GDPR), for example when you consent to certain examinations, the use of wearables or the sharing of data with other healthcare providers; and/or
The necessity for preventive or curative care in the context of a medical treatment agreement (Art. 9(2)(h) GDPR in conjunction with Sections 7:446 et seq. and 7:457 of the Dutch Civil Code), insofar as there is a medical treatment agreement.
Other personal data
In addition, we process personal data on the basis of:
Performance of a contract (Art. 6(1)(b) GDPR)
For example for the:
Creation and management of your account
Execution of your membership
Scheduling and carrying out appointments and examinations
Handling of payments and invoicing
Your consent (Art. 6(1)(a) GDPR)
For example when you sign up for marketing communications (newsletter) or when we use non-essential cookies. You may withdraw your consent at any time.
Legitimate interest (Art. 6(1)(f) GDPR)
For example for:
Improving and securing our systems and services
Evaluating our services and conducting limited customer satisfaction surveys
Informing existing clients about similar services, current developments or changes to our services (within the legal framework)
In all cases, we do not process more data than is necessary for the relevant purpose.
4. Purposes of the data processing
We use your personal data for, among other things, the following purposes:
Creating and managing your Blue Health Intelligence account
Registering and guiding you as a client, member or user
Logging into your personal environment (app and/or web portal)
Maintaining and managing your medical file
Scheduling, carrying out and following up on your appointments and examinations
Mediating and cooperating with (external) healthcare providers and diagnostic centres
Processing and analysing results of (medical) examinations
Processing data from wearables and other devices that you connect
Providing advice and reports to you (and, where applicable, to your general practitioner or specialist with your consent or on the basis of the treatment relationship)
Sending communications about your account, appointments or important changes to our services
Performing or arranging other services requested by you
Improving, testing and optimising our systems, app and services
Complying with legal obligations, such as tax retention obligations and healthcare legislation
Sending newsletters and other marketing communications (where permitted)
5. Disclosure of your personal data to third parties
We only disclose your personal data to third parties if this:
Is necessary for the performance of the agreement (including the medical treatment),
Is necessary to comply with a legal obligation, or
Takes place on the basis of your (explicit) consent.
Examples of categories of recipients are:
Laboratories and diagnostic centres
External medical specialists and other healthcare providers
IT service providers and software suppliers (for example for hosting systems and the app)
Hosting and cloud providers
Suppliers of electronic communication and mail services
Suppliers of analysis and monitoring tools (for example web/app analytics)
Financial service providers and payment providers
Translation agencies (for medical translations)
(Where applicable) employers or other contracting parties, solely with your consent or on the basis of a specific legal basis
With parties that process personal data on our behalf, we conclude a data processing agreement in which appropriate safeguards for your privacy are laid down.
6. Retention periods
We do not retain your data for longer than necessary for the purposes for which it was collected, unless a longer retention period is legally required or permitted.
Medical file and health data
Insofar as we process your personal data in the context of a medical treatment agreement, we in principle retain the medical file for 20 years after the last contact, in accordance with the statutory retention period under the Dutch Medical Treatment Contracts Act (WGBO), unless another period applies or longer retention is necessary (for example due to claims or legal obligations).
This includes, among other things:
Name, address and place of residence details
Contact details
Medical history
Examination results and findings
Image materials
Reports from doctors and other healthcare providers
Financial data
We retain invoices and financial transactions for 7 years on the basis of tax legislation.
Marketing and communication data
Data that we use for newsletters or other marketing communications will in principle be retained until 2 years after you were last a customer or 2 years after you gave consent, unless you unsubscribe or object earlier.
After the retention periods have expired, your data will be deleted, anonymised or pseudonymised, unless retention is still necessary for, for example, an ongoing dispute.
7. Security measures
We take appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. These include:
Access to personal data is limited to authorised employees and healthcare providers, via personal accounts with passwords and, where applicable, additional security steps.
Data is stored in secure systems with access control.
We use encrypted (secure) connections (for example SSL/TLS) when sending personal data via our website and app.
We maintain internal procedures and access guidelines to prevent misuse and unauthorised access.
Important systems are tested and assessed periodically for security.
Despite all efforts, no form of data transfer or storage can be 100% secure. Should a data breach nevertheless occur, we will act in accordance with the GDPR and, if required, report this to the Dutch Data Protection Authority and the data subjects concerned.
8. Websites and services of third parties
Our website and app may contain links to websites or services of third parties (for example other healthcare providers, knowledge platforms or partners).
When you visit these websites or services, the privacy statement and terms of that third party apply. We recommend that you read these statements carefully before using such services. We are not responsible for the way in which these third parties handle your data.
9. Cookies and (web) analytics
Our website and app use cookies and similar technologies.
Cookies are small text files or pieces of code that are placed on your device when you visit our website or use our app. With the help of cookies, we can:
Ensure that the website and app function properly (necessary cookies)
Remember your preferences
Analyse and improve the use of the website and app
(Where permitted) show you more relevant content and advertisements
The information collected via cookies may include, among other things, the date and time of your visit, pages viewed and the manner in which you use our website or app.
Analysis and tracking tools (e.g. Google Analytics)
Blue Health Intelligence may use analytics tools, such as Google Analytics or similar services, to gain insight into the use of the website and app. The data collected in this process, including in some cases IP address, is anonymised or pseudonymised as much as possible. Where required, we ask for your consent to place non-essential cookies.
In a separate cookie statement (if available), you will find more information about the specific cookies and tools we use and how you can manage your cookie preferences.
10. Newsletter and marketing communications
On the basis of your consent
If you have signed up for the newsletter via our website, app or otherwise, you will regularly receive information from Blue Health Intelligence by e-mail about our services, examinations, events, promotions and client stories. This takes place on the basis of your consent (Art. 6(1)(a) GDPR).
The content of the newsletter may be tailored to your interests and previous contact moments with Blue Health Intelligence. This personalisation is based on the information you share with us (for example preferred topics) and possibly limited usage data.
You may withdraw your consent at any time by clicking the unsubscribe link in the newsletter or by contacting us.
Existing clients
When you have purchased a service or examination from Blue Health Intelligence, we may send you information by e-mail about similar services or relevant developments (Art. 6(1)(f) GDPR in conjunction with Section 11.7(4) of the Dutch Telecommunications Act). You can always object to this by using the unsubscribe option in the e-mail or by e-mailing us.
If you wish to object to the processing of your personal data for marketing purposes, you can send an e-mail to: privacy@bluehealth.co
11. Your rights
As a data subject, you have various rights under the GDPR. You may request from us, among other things:
Access to your personal data
Rectification (correction) or completion of incorrect or incomplete data
Erasure of your personal data (insofar as permitted within the statutory retention obligations)
Restriction of the processing of your personal data
Transfer of your data (data portability) to you or to another party
To object to certain processing operations, for example to the use of your data for marketing on the basis of legitimate interest
You may also withdraw your consent, insofar as given, at any time. This does not have retroactive effect on processing operations that have already taken place.
You can submit your request or objection by sending an e-mail to: privacy@bluehealth.co. Blue Health Intelligence will respond to your request as soon as possible, but no later than within four weeks. In some cases, we may ask for additional information to verify your identity.
12. Complaint to the Dutch Data Protection Authority
If you are not satisfied with the way Blue Health Intelligence handles your personal data, we naturally hope that you will first discuss this with us so that we can look for a solution.
In addition, you always have the right to lodge a complaint with the Dutch Data Protection Authority, the Dutch supervisory authority in the field of privacy. The contact details and procedure can be found on the website of the Dutch Data Protection Authority.
13. Changes to this privacy statement
We may amend this privacy statement from time to time, for example because our services change or because laws and regulations are updated. The most recent version can always be found on our website.
We recommend that you consult this statement regularly so that you remain informed of any changes. In the event of material changes, we will actively inform you where possible.
14. Contact
Do you have any questions or comments about this privacy statement or about the processing of your personal data by Blue Health Intelligence? If so, please contact us via:
Tiuri Health B.V. (brand name Blue Health Intelligence)
Linnaeushof 81h
1098KS Amsterdam
Telephone: 020-2101572
E-mail: privacy@bluehealth.co
Chamber of Commerce number: 98047213
Updated 20-03-2026
