We value openness and transparency at OpenUp, and we are also open and transparent about how we manage your personal data. Your privacy is always our top priority. Your data is safe with us and we will use it appropriately.
When you visit our website, call us or send a question through the chat, have a consultation with one of our psychologists (coaches), or apply for a job with us, you are sharing your personal data with us. We use this to provide you with the best possible service. We think it’s important that you know what happens to your data. Naturally, we handle it with the utmost care.
The latest changes were made on 16 February 2023.
Who is responsible for processing your personal data?
OpenUp B.V. (“OpenUp”), based in Amsterdam and registered with the Chamber of Commerce under the number 77340159, is responsible for processing your personal data.
This could include (potential) users of our services, visitors to the website, job applicants and all other people who contact us or whose personal data we process, with the exception of OpenUp employees.
What is personal data?
Personal data is any data that can be traced back to you as an individual. The most basic personal data is your name, telephone number, address and/or email address. Additionally, it relates to all the other data you share with us that can be traced back to you and is related to your contact with OpenUp. This includes your query, information about your personal situation or the results of your health check. In addition, your IP address and surfing behaviour, for example, might also fall under personal data.
What personal data do we process?
At OpenUp, we process a variety of personal data for a variety of purposes.
We might process the following data about you:
- Your first name and last name
- Email address
- Telephone number
- Address and place of residence
- Information about your personal situation and health, including your query
- The results of your health check
- Any other personal data that you share with us
For what purpose and on what basis do we process your personal data?
The table below lists the personal data we process, for what purpose and on what basis. In addition, you can see how we obtained this data.
|Data type||Source||Processing purpose||Lawful basis|
Provided by you as a user of the OpenUp services:
|These data are used to offer our services to you as a user of the OpenUp platform in the best possible way||The processing is necessary for the performance of the agreement between you and OpenUp (in accordance with Article 6(1)(b) of the General Data Protection Regulation “GDPR”). This agreement comes about when you ask us a question for help or make an appointment with us by chat, phone or video call|
*We call this data well-being data
Provided by you as a user of the OpenUp services:
|These data will be processed in order to be able to offer our services to you as a user of the OpenUp platform in the best possible way||This data will only be processed if you have given your express consent (in accordance with Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Act). You give this consent when making an appointment online|
||Provided by you when you subscribe to our (e-mail) newsletters on the website||These data will be processed to keep in touch with you and provide you with information, for example through our (email) newsletters and blogs||We have received your consent to process personal data (in accordance with Article 6, paragraph 1 under (a) GDPR). You give this consent online when you subscribe to our newsletters. You can always unsubscribe via the ‘unsubscribe’ link at the bottom of these (e-mail) newsletters.|
|Data about our services and their outcomes||Obtained by us through your use of our services||To be able to research the effectiveness of our services, to improve them and to draw up reports (that cannot be traced back to a natural person) for the employer.||We will pseudonymise or, if possible, anonymise this data. Insofar as this nevertheless involves the processing of personal data, this will only take place if you have given your express consent (in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR). You give this consent when making an appointment online.|
|User statistics of our website, such as number of visitors, length of visit, which parts of the website are viewed and how clicks are made||Obtained by us during your visit to the OpenUp website. This includes your browsing behaviour, including data about your first, previous and current visit, which pages you view, how you navigate through the site and which parts you click on||To optimise our website and make it more user-friendly||
These are generic reports, which cannot be traced back to you as an individual visitor.
Insofar as this does involve the processing of personal data, we have a legitimate interest in doing so (in accordance with Article 6(1)(f) of the GDPR).
You can apply for a position with us. We then process the following personal data:
|Provided by you when you fill out the online application form||We use this data to assess your suitability for the position and to contact you||We have a legitimate interest in processing this data (in accordance with Article 6(1)(f) of the GDPR). This is because otherwise we will not be able to assess your suitability for the position and/or we will not be able to contact you|
How do we protect your personal data?
OpenUp takes many measures to protect your personal data, both on a technical and organisational level. We are ever vigilant about this to ensure that your data is processed in a careful manner. We do this by:
- Taking appropriate measures so that your personal data is safe, given the possible risks. For example, we have an external audit carried out annually to assess if our measures comply with the latest information security standards.
- Making sure that the OpenUp employees who can view your personal data are obligated to maintain confidentiality. It is good to note that all our psychologists (coaches) are held to strict standards of professional secrecy. In addition, they and the other OpenUp employees are also contractually bound to confidentiality.
- Setting up user names and passwords on all of our systems. We test these systems regularly, with the help of professional experts, to make sure that they are working and robust.
- Anonymising or pseudonymising your personal data, where possible, to ensure your privacy in the event of possible breaches.
With whom is your data shared?
OpenUp might share your personal data with the following parties:
- With you as a user.
- OpenUp employees who are directly involved with coaching you as a user, but only to the extent that the data is necessary for them to carry out their work.
- OpenUp employees who are engaged in administration and conducting research to improve our services. These employees only have access to personal data that has been anonymized or is under pseudonyms.
- Some mother, sister and/or daughter companies of OpenUp. These are OpenUp Technologies B.V. (this entity manages and develops the software that is used to carry out our services) and OpenUp Medical B.V. (only if you are also making use of the OpenUp Medical B.V. services).
In addition, we may engage other service providers (“processors”) to process your personal data. In these cases, they will work exclusively according to the OpenUp instructions and guidelines. We have entered into a processing agreement with these processors that fulfils the requirements set out in the GDPR. An overview of processors can be found below:
|24sessions||Video calls with our coaches|
|Microsoft Azure||Hosting data from files|
|For email contact and analysis website usage|
|Sendgrid||Sending emails from our platform|
|ActiveCampaign||Sending OpenUp updates and newsletters|
|Livestorm||Participating in OpenUp Spaces|
|Voys||Telephone contact (only when calling one of our local numbers)|
|Mollie||Payment for our services (only when you pay for OpenUp yourself and not your employer)|
|Greenhouse||Support with your job application (only when you apply for a job at OpenUp)|
Your personal data will only be shared with other parties if there is grounds for this. We will never share your personal data with your employer. We will also never share your data with third parties for commercial purposes without first asking your permission. In this case, only the necessary contact information will be shared.
We recommend that you also read the privacy policies for the above-mentioned companies.
Where do we store your data?
We store your well-being data on servers located within the European Union.
How long will your data be stored?
We like getting to know you, but we will never store your personal data for longer than necessary. For this purpose, we observe the following retention periods:
1- Data about your personal situation and health
We store this for three years after you stop using the OpenUp services unless you give us permission to keep the data beyond this period.
2- Financial and administrative data
We keep this for seven years after collecting the data.
3- Data from employees and freelancers, excluding (financial and) administrative data
This is kept for seven years after leaving employment or after the end of the assignment contract. A copy of your passport is kept for five years and other data from your personnel file is kept for two years.
4- Data from applicants
These are kept for a maximum of four weeks after completion of the application process unless we have obtained your consent to keep them longer. If so, this is for the maximum duration of one year.
5- Visitors to the website
These are stored for a maximum of two years after the last visit to the website unless an objection is made earlier. In this case, we will proceed to delete this data.
What about cookies and other technology on the website?
First and foremost, we are a mental health platform. We mainly use our website to share information and to engage you as a (prospective) user.
For more information about cookies, visit http://www.allaboutcookies.org.
What if you want to view, change or delete your personal data?
If you have questions or want to know what personal data we hold of yours, then you can always contact us via firstname.lastname@example.org
Amongst other things, you can:
- Find out exactly what personal data we have of yours and how we are using it
- Exercise your right to obtain data from us, so that you can transfer it (data portability)
- Have mistakes corrected
- Have outdated personal data deleted
- Withdraw your consent to have your personal data processed
- Object to a particular usage of your personal data
More specifically, your coach can always show you the data contained in your file, if requested. Your coach can also share a copy of your file with you. If you want to view your file or receive a copy from us, please send this request via email to email@example.com. If you believe that the personal data in your file is factually incorrect, then you can ask your coach to correct this data.
If you want to have your personal data deleted before the expiration of the retention period specified by us, then you can also send a request for this by email (firstname.lastname@example.org). In most cases, we will respond to your request as quickly as possible and delete your personal data.
The right to lodge a complaint
If you have a complaint about the manner in which we process your personal data, please email us at email@example.com, or discuss it directly with your coach. We are happy to help and will, of course, endeavour to solve any complaints to your satisfaction. It is also possible to lodge a complaint with a supervisory authority (such as the ICO in the UK).
Any further questions?
If anything is troubling you, by all means, ask. You can email your questions to us at firstname.lastname@example.org, or ask your coach directly. Whatever your question, we are happy to help!
Operator & Responsible:
Nieuwe Herengracht 47, 1052 ND, Amsterdam, The Netherlands
Legal representatives: Gijs Coppens & Rik Plender
Chamber of commerce ID: 77340159
VAT ID: NL860976993B01
Tel.: +31 20 2444 888 (Netherlands) +49 30 30808172 (Germany)
Information regarding professional liability insurance:
Name and registered office of the insurer:
Princess Beatrixlaan 35
2509AV The Hague
Scope of insurance: International
EU dispute resolution and consumer arbitration board:
The European Commission provides a platform for online dispute resolution (ODR), for more information on this platform click here: https://ec.europa.eu/consumers/odr/. OpenUp is not obliged to participate in dispute resolution proceedings in front of a consumer arbitration board. In case there is a (potential) dispute please contact our team through email@example.com