Depending on the assignment we agree with your employer, we process your personal data for the following purposes:

Certificate management: Your employer may ask you to send your medical certificates directly to us. If this is not the case, your employer may provide us with the medical certificate with a view to checking your disability.

Identity check: to ensure that information about your incapacity for work is linked to the correct employee, your employer provides us with a daily list of all employees employed, stating their name, address, date of birth and employee number.

Check disability.

Compiling statistics in the context of the employer's welfare and absenteeism policy.

When processing your personal data, we apply the principle of minimal data processing.

With a view to the above-mentioned purposes, we process the following personal data from you:

    Surname, first name, gender, address, place of residence, employee number / master number, date of birth, position, department, employer, language, date of employment, date of termination of employment, status: your employer provides this information to us.
    Details of the treating doctor (if we receive a certificate, if this is necessary for the check-up or in the event of an arbitration procedure)
    Duration of incapacity for work, whether it concerns an initial certificate or an extension
    Nature of the disability (work accident / occupational disease / accident / hospitalization), whether you are allowed to leave your place of residence
    If you work for a government agency: file number Medex
    If you work for the Flemish Government and have stated a diagnosis on your certificate, aggregated reports are created based on this data, your age, position, department and duration of disability. These reports are completely anonymous. To guarantee this, data will only be included in the report from a dataset of 20.

Furthermore, we collect the content of each communication for as long as necessary to provide you with our services.

To maintain personnel lists for the purpose of checking identity, we rely on Article 6.1(f) GDPR: the legitimate interest of you and your employer: after all, we must be sure that the information relating to the disability is linked will be given to the appropriate staff member.

For certificate management, we rely on Article 9.2(b) GDPR: the processing is necessary for the performance of obligations and the exercise of specific rights of the controller or the data subject in the field of labor law and social security and social protection law.

For the medical check of the incapacity for work, we rely on Article 9.2h GDPR: the processing is necessary for the purposes of preventive or occupational medicine and/or for the assessment of the employee's fitness for work.

If you are a staff member of the Flemish Government or one of its agencies, you may have a diagnosis stated on the certificate. We rely on your consent to process this information for statistical purposes.

Finally, we also rely on the legitimate interest of Mediwe itself (if this is necessary to safeguard our rights) or a legal obligation when certain legislation or a legal procedure requires us to process.

We share your personal data with your consent, if it is necessary to provide you with our services or if this is required by law.

We may share your personal data with affiliated companies or with third parties that perform data processing on our behalf. When these service providers act as data processors on our behalf, we do not permit them to use or disclose this data in a manner that does not correspond to the cases described in this privacy statement.

We do not sell or disclose the personal information we have collected to third parties, except as described in this privacy statement or as notified to you at the time of collection.

We may also disclose your personal data:

    when certain legislation or a legal procedure requires us to do so,
    in the context of an investigation into suspected or current fraudulent and illegal activities.

We reserve the right to transfer personal data in the event that we sell part or all of our company or assets. If such a sale occurs, we will take all reasonable measures to encourage the acquirer to correctly process the personal data provided to us in a manner consistent with this privacy statement.

We retain personal data for as long as necessary to provide you with our services or for other essential purposes, such as complying with our legal obligations.

The data will be deleted 5 years after the end of any cooperation or after the last contact between us, except in the case of an ongoing dispute.

We have taken the necessary physical, technical and organizational security measures to effectively protect your personal data against unauthorized access and use and disclosures.

This way, only authorized persons have access to your data, after password verification on our server.

Encryption via SSL technology is applied to data traffic on both our website and email traffic from Mediwe.

The personal data in our database is kept encrypted so that the information is not readable by unauthorized persons.

If you have further questions about this privacy statement, wish to exercise your rights, or wish to change the data or settings you provide, you can contact our DPO:

Mediwe vzw
Sneeuwbeslaan 20 box 4
2610 Wilrijk
Email: privacy@mediwe.be

In accordance with GDPR, you can request us to view your personal data at any time, request a copy, correct it, transfer it, request restriction of processing or delete it in whole or in part. You can also file an objection to the processing of your personal data.

Following such a request, we will only process these personal data to the extent that we have a valid reason to continue processing them or if this is necessary to comply with a legal obligation.

If the processing is based on your consent, you can always withdraw this consent – in whole or in part.

If you have a request, question or complaint about the processing of your personal data, you can send it to privacy@mediwe.be, with proof of identity so that we are sure that we follow up on the request from the right person. We undertake to respond to these requests and complaints in a timely manner.

If at any time you feel that one of your rights has not been respected, you can also file a complaint with the Belgian Data Protection Authority via contact@apd-gba.be (www.gegevensbeschermingsautoriteit.be).

If you want the processing of your personal data to be limited, you can send a request to privacy@mediwe.be.

However, such a request is only possible in the following cases:

    the accuracy of the personal data is disputed,
    the processing of the personal data is unlawful, but you object to the deletion of the personal data.
    Mediwe no longer needs the personal data for the intended processing purposes, but you need it for the establishment, exercise or substantiation of a legal claim.

You objected to the processing of your personal data pending the question whether Mediwe's legitimate grounds outweigh those of the employee.