Terms of use & legal details
Understand how moveUP leads in compliance and regulatory affairs.
PRIVACY POLICY
VERSION 8 – DEC 2025
This Policy is established by moveUP N.V:
Cantersteen 47
VAT: 0643.795.235.
privacy@moveup.care
We are particularly vigilant to the protection of personal data (hereinafter referred to as data) and to the respect of the privacy of all persons who come into contact with us. We act transparently, in accordance with national and international provisions in this area, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of individuals with regard to data processing for personal use and for the free movement of this data, and which repeals Directive 95/46 / EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR / GDPR").
This policy describes the measures undertaken for the treatment and processing of your personal data, and your rights as a data subject.
moveUP as processor of sensitive data such as health data, processes on behalf of hospitals, health care providers or b.clinic. You should therefore contact them for information on the processing of your personal data.
If your personal data are processed by b.clinic (virtual clinical expert clinic), please find b.clinic’s privacy policy here:
https://support.orthopedics.moveup.care/privacy-policy/privacy-policy-b-clinic/
You can react to any of the treatment described below by contacting us.
We inform you that your data will be used in compliance with this data protection declaration.
moveUP N.V.
Cantersteen 47
VAT: 0643.795.235.
privacy@moveup.care
Hereinafter, the "moveUP" or "we", “us”,” our”.
1. DEFINITIONS
In this statement, the following words and expressions shall be understood as follows:
| Statement: | This privacy statement. |
| General terms and conditions of use: | The general terms and conditions and the condition of use of moveUP which administer the use of moveUP. |
| Personal data: | Any information processed relating to an identified or identifiable physical person in accordance with this declaration is described in the article "The data processed". |
| Data relating to health: | Data of a personal nature relating to the physical or mental health of a physical person, which reveal information about the health condition of that person. |
| Our professional healthcare partners: | The healthcare professionals who are connected to the patient via moveUP. |
| Our services: | All the services we provide on moveUP in the context of our professional activity or in execution of our statutory purpose, as described in our general terms and conditions of use, more specifically: a personalized monitoring and rehabilitation program with a choice of exercises adapted to your situation by means of videos, a personalized follow-up, figures and graphs of your progress as well as, where applicable, connecting with our professional healthcare partners, etc. |
| Person responsible for processing: | The legal entity that determines the effectiveness and means of processing personal data in accordance with this declaration, namely us. |
| Processing: | Any operation or set of operations, whether or not carried out with the aid of automated processes and applied to data of a personal nature, such as collection, recording, organization, storage, adaptation or alteration, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, association or linkage, as well as the locking, erasure or destruction of data of a personal nature; in this declaration, the terms "processing", "processing", "processed", etc. refer to the present definition. |
| Anonymized data: | Removing identifiable elements such as name and e-mail address and using masking data. |
| DPO: | The data privacy officer (DPO) is the person who monitor’s moveUP compliance with the General Data Protection Regulation (GDPR) in relation to the protection of personal data. |
2. Why do we process your data?
We collect and process your personal data for different reasons based on a legal ground determined by the GDPR (for example, compliance with a legal obligation to which we are subject or the performance of a contract concluded with you).
| Purpose | Legal ground and processing details |
|---|---|
| Management of our medical care customers. |
The purpose is to manage our contracts and provide our service and process accounting
documents: invoices, accounting, provision of documents. We could process your personal data to contact you or a member of your team and answer your questions. This is necessary for: ✓ the execution of our contractual and statutory measures (article 6.1.b GDPR) ✓ compliance with legal obligations (article 6.1.c GDPR) |
| Management of the application and the identification and authentication of doctors and other care providers; or patients/customers. |
The purpose is to identify and authenticate the doctor and other care providers and grant him
access to our services in our application. We process your personal data to give you access to our application. We could also process your data to contact you and answer your questions; ensure the technical administration and security of moveUP. This is necessary for: ✓ the execution of our contractual and statutory measures (article 6.1.b GDPR) ✓ our legitimate interest (article 6.1.f GDPR) |
| Management of our patients/customers. |
The purpose is to manage our contracts and provide our service and process accounting
documents. We process your personal data in order to carry out operations relating to contracts; invoices; accounting; provision of documents. We could process your personal data to contact you and answer your questions. This is necessary for: ✓ the execution of our contractual and statutory measures (article 6.1.b GDPR) ✓ compliance with legal obligations (article 6.1.c GDPR) |
| Research, statistics, and improving our application software. |
The purpose is to develop our application and services. We process personal data in order to provide and improve our services. We process personal data to conduct scientific, historical and statistical research. We realize statistical analysis; for that purposes we anonymize your data, remove identifiable elements such as name and e-mail address, and use masking data for market research or other professional purposes. Anonymized data do not fall within the GDPR’s scope. This is necessary for: ✓ your consent (article 6.1.a GDPR) |
| Management of our communication. |
The purpose is to inform you about our services and/or activities. We process personal data in order to provide you with information relating to our activities and services. We may use your data to respond to our legitimate interest or to that of third parties, when this is necessary without affecting your interests or your fundamental freedoms and rights to offer and promote all services and/or share informative messages that corresponds to what you can reasonably expect from us in the context of our existing relationship or possible future relationship. This is necessary for: ✓ our legitimate interest (article 6.1.f GDPR) |
| Management of our pre-contractual relationships. |
The purpose is to respond to your requests. We process your personal data to respond to requests (e.g., via the contact form), or if you sent us your Curriculum. We can also process your personal data to contact you to initiate a possible future collaboration. This is necessary for: ✓ the execution of pre-contractual measures (article 6.1.b GDPR) |
| Management of our suppliers. |
The purpose is to manage our suppliers and provide our service and process accounting
documents. We process personal data to fulfill our contractual obligations to you/your company or our legal obligation (e.g., accountable legal obligations). This is necessary for: ✓ the execution of our contractual and statutory measures (article 6.1.b GDPR) ✓ compliance with legal obligations (article 6.1.c GDPR) |
| Management of our litigation. |
The purpose is to manage disputes and protect our legal interests. We may use your personal data to respond to our legitimate interest or to that of third parties, when this is necessary without affecting your interests or your fundamental freedoms and rights to manage a litigation in the context of our existing relationship or possible future relationship. We also have a legitimate interest in processing personal data for the defense of our interests (article 6.1.f GDPR). We may also be required to process sensitive data in this context, in accordance with Article 9.2.f) GDPR. This is necessary for: ✓ our legitimate interest (article 6.1.f GDPR) |
3. What data is collected and processed?
We only collect personal data that is adequate, relevant and limited to what is strictly necessary with regard to the purposes for which it is processed. Depending on the purposes, data collection is carried out differently.
| Purpose | Categories of data and how we collect it |
|---|---|
| Management of our medical care customers. |
Personal identifying data: first and last name; personal address; phone number. Electronic identification data: email address. Professional data: job title; workplace; your Riziv/INAMI number; VAT. We collect this data directly through you; from publicly available sources (mainly LinkedIn); via your patient/colleague/healthcare institution/hospital in contact with us. |
| Management of our patient/customers. |
Personal identifying data: first and last name; personal address; phone number; national register number. Electronic identification data: email address; IP address; encrypted password and username, or the PIN code. Personal feature: date of birth; place of birth; gender; nationality. Family data: marital and familiar status; (family composition). Location data. Photos and videos: according to your rehabilitation. Identity card: may be requested for verification of your data (depending on your request/registration/use). We collect this data directly through you; or your device from publicly available sources (mainly LinkedIn); via your patient/colleague/healthcare institution/hospital in contact with us. |
| Management of the application and the identification and authentication of doctors and other care providers. |
Personal identifying data: first and last name; personal address; phone number. Electronic identification data: email address; encrypted password and username; IP address. Professional data: job title; workplace; your Riziv/INAMI number; national register number. Identity card: can be requested to verify your data. We collect this data directly through you (e.g., registration, forms, events, trainings, business card). |
| Research, statistics, and improving our application software. |
Personal identifying data: surname; first name; address; telephone number; order number; etc. Electronic identification data: email address; encrypted password. Personal feature: nationality; gender; languages spoken; country and town/city of birth. Health data: encrypted data; photographs; any (health) data required for our clinical trial or research to improve our application. We collect this data directly from you; from publicly available sources. |
| Management of our communication. |
Personal identifying data: surname; first name; telephone number; address. Electronic identification data: email address. We collect this data directly from you; from publicly available sources; via your patient/colleague/ healthcare institution/hospital in contact with us. |
| Management of our pre-contractual relationships. |
Personal identifying data: surname; first name; address; telephone number; order number. Electronic identification data: IP address; email address. Personal features: age; sex; date of birth; country; language; in your resume. Professional data: diploma; career; in your resume. Photographs; ID copy. We collect this data directly from you; from publicly available sources (depending on your actions/requests, forms, events, trainings, business card). |
| Management of our suppliers. |
Personal identifying data: first and last name; address; telephone number; order number. Electronic identification data: IP address; email address. Financial data: VAT; bank account number; open receivable. Location data: accessed only to pair moveUP and Garmin Health SDK. No location data is collected and/or processed. We collect this data directly from you; from publicly available sources. |
| Management of our litigation. |
Personal identifying data: last and first name; address; telephone number; order number. Electronic identification data: IP address; email address. Family data: marital status. Personal feature: age; sex; date of birth; language. Professional data: profession; diploma; career. Health data: from your medical file. Any data necessary for the defense of our legal interests. We collect this data directly from you; from publicly available sources; from your healthcare institution/hospital/health care provider. |
4. Processing of children’s data
Children’s data is collected only under the following conditions:
- The child is 16 years old or older and has provided their consent.
- The child is at least 13 years old, and consent from a parent or legal guardian has been obtained. Note that the specific age requirements may differ by jurisdiction. A parent or legal guardian may create an account on behalf of their child, assuming full responsibility for the account and its use.
- Within the context of a clinical study, consent from a parent or legal guardian has been obtained when the child is under 18 years old.
Parents or legal guardians have the right to review, request the deletion of, or refuse any further collection of their child's data. If data is inadvertently collected from a child without appropriate consent, immediate steps will be taken to delete the information upon notification via privacy@moveup.care.
5. Is your data disclosed or shared with third parties?
The data listed above is accessible to people who are members of our team, or intervening as collaborators, professional healthcare practitioners, and only to the strict extent necessary to our lawyers or any technical advisers, to banking or insurance organizations.
We are also likely to transmit your data:
- a) at the request of a legal, judicial or administrative authority or auxiliary of justice; or
- b) in good faith, considering that this action is required to comply with any current law or regulation.
- c) in order to protect and defend our rights or those of other users of our services.
- d) for the purposes of pharmacovigilance and materiovigilance to ensure patient safety and compliance with regulatory obligations.
We may also be required to leave access to certain data to our co-contracting parties, qualified as “subcontractors” within the meaning of the legislation, to the extent strictly necessary for the achievement of our purposes, such as the operation of applications or computerized management systems.
In all circumstances, we ensure the protection of your data by agreements ensuring confidentiality.
6. Do we transfer your data outside the European Union?
We do not make transfers outside the European Union. If applicable, data transfers to a country outside the Union will only be authorized if and only if:
- The European Commission has issued a decision granting an adequate level of protection equivalent to that provided for by European legislation.
- The transfer is covered by an adequate measure granting a level of protection equivalent to that provided for by European legislation, such as the Commission's Standard Clauses.
- Your consent.
7. How long is your data kept?
Your personal data that we process will be kept for:
- the duration of our contractual relationship.
- the time strictly necessary for the fulfilment of our legal and contractual obligations, as part of your registration/application.
- the time strictly necessary to protect the vital interests of you or any other person.
Retention periods
The personal data are kept for a limited time depending on the purpose and the legal obligations, and then securely deleted:
- Medical care customer: 7 years from 1 January of the year following the end of the financial year (accounting laws).
- Patient/customer: 30 years from our last action in your files.
- Identification/authentication of doctors and other care providers: no storage; deleted at the end of our contractual relation.
- Research/statistics/improving the application: 20 years after completion of our study and research for clinical trial.
- Communication: 2 years from your last contact with us.
- Pre-contractual relationships: 2 years after our last contact.
- Suppliers: 7 years from 1 January of the year following the end of the financial year (accounting laws).
- Litigation: in case of dispute, 7 years from notification of the decision (accounting laws).
8. How do we protect your privacy?
We strive to optimally protect your personal data against unauthorized use and leakages. To this end, we use physical, organizational, technological, administrative and appropriate measures such as, and not limited to:
- We use recognized security and encryption processes to ensure the security of the transmission and storage of your data to and from moveUP.
- We have organizational measures in place, such as restricting access to our computer systems in accordance with the strict needs of each member of staff.
- As soon as we can, your data will be pseudonymized or anonymized (depending on the purpose).
- We host your information on our servers which are protected by ad hoc security and certificates.
- We have an internal privacy policy and we conduct regular basic training to maintain data privacy awareness.
9. What are your rights and how to exercise them?
We attach a great deal of importance to the rights we have as individuals. We are at your service and invite you to contact our contact person at: privacy@moveup.care or via info@moveup.care or by post to our postal address.
We have also appointed a DPO, who is available to you at: sp@altalaw.be.
You can exercise the following rights:
- Right of access, information and rectification: to access and receive a copy of personal data.
- Right to restrict processing.
- Right to object: to object to processing. You can click “unsubscribe” in every e-mail you receive from us.
- Right to data portability.
- Right to erasure / right to be forgotten.
- Right to individual decision making: we combine automated processes with human intervention; no fully automated individual decision-making for the time being.
- Questions, comments, complaints, data leaks? Please report immediately via privacy@moveup.care.
At the latest one month after receipt of your request, we will inform you in writing of the action we have taken at your request. Depending on the difficulty of your request or the number of requests, this period may be extended by two months (we will inform you within one month of receiving your request).
Finally, you also have the right to lodge a complaint with the Data Protection Authority (DPA):
www.autoriteprotectiondonnees.be/
Rue de la Presse, 35 at 1000 Brussels
Phone: +32 (0) 2 274 48 00
Fax: +32 (0) 2 274 48 35
Email: contact@apd-gba.be
You can also lodge a complaint in the first instance court.
More info:
https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint
10. Do we use cookies?
A cookie is a code in the form of a file stored on your computer. Cookies help us to improve our website, to facilitate your browsing and to analyze audiences.
To learn more about our Cookie Policy, please visit our website under the "Cookies Policy" tab.
11. What is the applicable law and the competent jurisdictions?
This Policy is governed by Belgian law. Any dispute relating to the interpretation or execution of this Policy will be subject to Belgian law and will fall under the exclusive jurisdiction of the courts of the judicial district of Brussels.
12. Be mindful to the update of this policy!
This Policy can be updated at any time without notice of modification. We advise you and invite you to consult it regularly.