Contact us

+32 4 290 62 40

Privacy policy

Introduction

This privacy policy concerns the personal data collected and used by SRL MyMedJob, whose registered office is located at Chession 1 Boîte 4, 4053 Embourg, registered with the ECB under number 1011.960.220. The data collected is in the context of the use of the MyMedJob platform, available on the website https://mymedjob.be as well as on the associated mobile application.

Definitions

  • Data controller: SRL MyMedJob, which determines the purposes and means of processing personal data.
  • User: any individual or legal entity using the MyMedJob platform, in particular doctors, other healthcare professionals and healthcare establishments.
  • Personal data: any information that directly or indirectly identifies a natural person (name, address, e-mail, telephone number, etc.).
  • Processing: any operation carried out on personal data, in particular its collection, recording, storage, consultation, transmission, generation and destruction.
  • Sensitive Data: diplomas, extracts from criminal records, identity cards and any other relevant legal documents sent by professionals or establishments during applications or exchanges. Purposes of Data Processing

Users' personal data is collected and processed in order to :

  1. Enable healthcare professionals to create a personal account and apply for jobs via the platform.
  2. Simplify the exchange of information between healthcare professionals and facilities that publish staffing or on-call requirements.
  3. Continuously improve the platform's functionality by gathering feedback from users through workshops and feedback sessions.
  4. Enable healthcare establishments to publish job offers, on-call duty, or availability of premises for rent.
  5. Ensure the security of data and communications exchanged via the platform.

Legal basis for processing

The processing of personal data is based on the following legal grounds:

  • The explicit consent of users when creating their account or using MyMedJob services (art. 6.1 (a) RGPD)
  • Contractual necessity for the performance of the services requested, such as the establishment of relations between healthcare professionals and establishments (art. 6.1 (b) of the RGPD)
  • MyMedJob's legitimate interest in continuously improving its services and guaranteeing data security (art. 6.1 (f) RGPD).
  • Compliance with a legal obligation (e.g. tax law) (art. 6.1 (c) RGPD);


How the "mymedjob.be" platform

MyMedjob is an innovative mobile application dedicated to healthcare professionals. It enables them to quickly find professional opportunities, be they job offers, internships or practice locations. Thanks to its intuitive interface and advanced functionalities, the application simplifies the process of finding and connecting practitioners and healthcare establishments.

Users, whether they are healthcare professionals or people in charge of facilities, are invited to create a private and secure account in order to exchange information (concerning job offers, internships or the provision of premises).

 

What Data is collected and for what purpose does the Data Controller store this Data?

a. Principle

In accordance with the RGPD, Data is collected for specified purposes.

The collection of Data must also be based on one of the legal grounds set out in Article 6 of the RGPD.

If the Data Controller decides to use the Data for a purpose other than that set out in the Policy, it will provide prior information to the Data Subject about this other purpose.

The purpose of this Policy is to inform the Data Subject of the purposes and principles that apply to his/her Personal Data.

b. The person concerned is a healthcare professional

The first information is collected by the Data Controller when a user account is created.

The information may then be collected when you log on to your account or during exchanges with the Data Controller.


MyMedJob collects the following categories of personal data:

1. Identification data: surname, first name, medical specialty, e-mail address, telephone number, town.

Legal basisPurpose
Consent

User Account management: When creating an Account, the User gives his or her consent to the use of his or her Data. Subsequent connections to the user's Account are also based on this consent.

Users may withdraw their consent at any time and request that their Data be deleted.

Necessary for contract performanceManagement of user requests: The Data Controller needs user Data to manage any requests they may have (internship requests, premises requests, job requests, etc.).
Legitimate interest of the data controller or a third party

Security: When a User Account is created, the Data Controller uses the telephone number (GSM) to send an SMS as part of a double authentication system (legitimate interest: network guarantee and information security).


2. Professional details: gender, INAMI number, date of birth, updated CV, cover letter, letter(s) of recommendation.

Legal basisPurpose
Consent User file management: When creating an account, users give their consent to the transmission and use of their professional data.
Users may withdraw their consent at any time and request that their data be deleted.
Necessary for contract performanceFacilitating job applications: Data processing is necessary to enable the user to apply for jobs published on the platform.
Legitimate interest of the data controller or a third party Service improvement: Business data can be used to analyze user needs and optimize the platform experience.


3. Technical data: IP addresses, connection logs, cookie information, password created by the user to configure his/her account;

Legal basisPurpose
Consent Improved browsing: IP addresses, cookies and connection logs are collected with users' consent to personalize their experience.
Necessary for contract performancePlatform security: Technical data is used to guarantee secure access to services.
Legitimate interest of the data controller or a third party Abuse prevention: connection logs and IP addresses can be consulted to detect any suspicious activity.


4. Sensitive data: diplomas, extracts from criminal records, identity cards and any other relevant legal documents provided by professionals or establishments during applications or exchanges.

Legal basisPurpose
Consent Professional profile management: Diplomas, police records and other documents are provided voluntarily by users to complete their file.
Necessary for contract performance

Legal compliance: This data is necessary to ensure that users comply with the legal requirements of their profession.

Facilitating job applications: Data processing is necessary to enable the user to apply for jobs published on the platform.

Legitimate interest of the data controller or a third party Reliability of information: Verify the authenticity of legal documents to protect employers and platform users.


How long is the Data kept?

The Data Controller retains the Data for the time necessary to achieve the purpose of the processing.

Retention periods are determined on the basis of a number of criteria, including the type of processing, its purpose, the place where the Data is stored, the type of Data Subject and the type of Data collected. The retention period for a particular Data processing operation may be communicated to the Data Subject on request.

In general :

  • Patients' Data is retained as long as they have a Patient Account and do not request deletion and/or withdraw their consent. The Data will be deleted immediately upon deletion of the Patient Account or if the Patient withdraws consent / requests deletion of the Data;
  • In any event, the Data Controller keeps the Data in accordance with the legal retention periods.

Who collects the Data?

Data may be collected by the Data Controller or via the site host or the Data Controller's subcontractors. The Data is then passed on to the Data Controller.

A list of intermediaries is available on request.

Some intermediaries may be established in a third country outside the European Economic Area which guarantees an adequate level of protection for Personal Data, as determined by the European Commission.

Where intermediaries are established in countries that do not grant an equivalent level of privacy protection, the Data Controller declares that it takes specific measures, in accordance with the data protection legislation in force in the EEA, to protect Personal Data.

How is Data collected?

Data is mainly collected when a User Account is created or when the User adds additional information.

They may also be collected during exchanges with the Data Controller by telephone or e-mail.

Finally, Data may also be collected via cookies(see specific information on this subject).

How do we secure them?

Appropriate technical and organizational measures have been put in place to ensure a level of security commensurate with the risks, including, among others, as required:

  • means to guarantee the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the means to restore availability and access to Personal Data within an appropriate timeframe in the event of a physical or technical incident.
  • internal regulations concerning personal data processing and access management;

With regard more specifically to the processing of data when a User Account is created, it should be noted that data is recorded and stored on an encrypted database in order to enable authentication of the Data Subject.

What rights do you have?

Depending on the type of processing carried out on personal data, the Data Subject may assert several of the following rights:

1. Right to information

Any Person concerned by this Personal Data has a right to information concerning the Data collected. It is in particular through this Privacy Policy that the Data Controller wishes to provide this information.

The Data Subject who wishes to obtain more information about the Personal Data collected may be refused this request in the following cases:

  1. The data subject already has this information;
  2. If the request requires disproportionate or impossible efforts;
  3. If providing this information could seriously compromise the purpose of the processing.

2. Right of access

All Data Subjects have the right to access their Personal Data.

To do this, the Data Subject must make a request to the relevant department of the Data Controller so that the latter can provide details of the precise Data it holds about him or her, subject to the rights and freedoms of others which cannot be infringed.

A response must be given within one month of the request being made by the Person concerned. However, this deadline may be extended by a further month depending on the complexity and number of requests. In the latter case, the Person concerned will be informed within one month of his or her request for access.

The data controller is entitled to demand payment of a "reasonable fee" based on the administrative costs incurred in producing these documents, in the event that the request is excessively recurrent, unfounded or manifestly intended to abuse this right of access.

3. Right of rectification

All Data Subjects have the right to obtain from the Data Controller, as soon as possible, the rectification of inaccurate Personal Data concerning them.

The Data Subject may also request that incomplete data be completed, in particular by providing an additional declaration.

The Data Controller will notify the Data Subject of the completion of this procedure.

4. Right to erasure

The Data Subject shall be entitled to the right to erasure of his/her Data as soon as one of the following reasons arises:

  • The Data are no longer necessary for the purposes for which they were collected or processed by the Data Controller;
  • The Data Subject wishes to withdraw his/her consent and there is no other legal basis for such processing;
  • The Data Subject objects to processing that is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party;
  • The Data Subject has the right to object to the use of his or her personal data;
  • The Data has been processed unlawfully ;
  • Data must be erased to comply with a legal obligation under Union law or the law of the Member State to which the Data Controller is subject;

In the event of such a request, the Data Controller will take reasonable steps to delete the data within one month of the request.

Requests for deletion can be made by sending an e-mail to suppression@mymedjob.be.

The Data Controller will notify the Data Subject of the completion of this procedure.

In the event that the Data Controller does not wish to grant this request, it will give reasons for its refusal.

The right to erasure does not apply insofar as the processing of such data is necessary:

  • to the exercise of the right to freedom of expression and information ;
  • to comply with a legal obligation which requires processing under Union law or the law of the Member State to which the Data Controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • the establishment, exercise or defense of legal claims;
  • for archival or statistical purposes as provided for in article 89 of the RGPD.

5. Right to restrict processing

The Data Subject has the right to obtain from the Data Controller the restriction of the processing where one of the following applies:

  • the accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the Personal Data;
  • the processing is unlawful and the Data Subject objects to the erasure of the data and requests instead that their use be restricted;
  • the Data Controller no longer needs the Personal Data for the purposes of the processing, but it is still necessary for the Data Subject to establish, exercise or defend legal claims;
  • the Data Subject has objected to the processing by virtue of his/her right to object, during the verification as to whether the legitimate grounds pursued by the Data Controller prevail over those of the Data Subject.

This request for limitation implies that Personal Data may, with the exception of storage, only be processed with the consent of the Data Subject, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State.

The Data Controller will notify the Data Subject of the completion of this procedure.

6. Right to portability

Where the processing of the Data Subject's Personal Data is based on consent given by the latter, or on a contract, and such processing is carried out using automated processes, and provided that the data has not been anonymized, the Data Subject may request to receive such data in a structured, commonly used and machine-readable format.

The Data Subject may transfer this data to another data controller, without the Data Controller being able to prevent this.

7. Right to object

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of Personal Data concerning him or her based on the public interest or the legitimate interest of the Data Controller, including profiling based on such interests.

The Data Subject may also object to Data processing that is based on his/her consent or on a contract, provided that the data has been collected for prospecting purposes or for archival and statistical purposes.

The Data Controller will no longer process such data unless it can demonstrate compelling legitimate grounds for the processing which override the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.

How can you assert your rights?

Applications can be submitted internally via the following e-mail address: info@mymedjob.be or suppression@mymedjob.be

If you are not satisfied with the follow-up given to your request, you can always exercise one of the rights set out above, or lodge a complaint with the Data Protection Authority.

You can contact her as follows:

  • By phone: (+32) (0)2 274 48 00 ;
  • E-mail: contact@apd-gba.be;
  • Online contact form: https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte ;
  • By post: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium ;


Data Sharing

Personal data collected may be shared with :

  • Healthcare establishments or users of the platform within the framework of applications or any other type of offer available on the application.
  • Third-party service providers supplying technical, logistical or other services to MyMedJob, enabling it to carry out its activities.
  • Competent authorities if required by law.

In any event, MyMedJob ensures that any data sharing strictly complies with applicable legal and contractual requirements.

Cookies and Similar Technologies

The MyMedJob platform uses cookies to improve user experience, measure performance and ensure the smooth operation of services. Users can configure their cookie preferences directly via the popup on the home screen of our website.

Modification of the Privacy Policy

This privacy policy may be modified at any time to reflect legal, regulatory or technical developments. Any substantial modification will be communicated to users via e-mail or a notification on the platform.

Last update date: 14/03/2025