NederlandsEnglish
Version 1.2 · Last updated 17 May 2026
1. Data controller
- Pal&Ko Thuiszorg B.V. (Dutch private limited company)
- Stationstraat 51, 6411 NK Heerlen, the Netherlands
- Chamber of Commerce (KVK): 97935050
- Email: info@palenkothuiszorg.nl
Privacy requests and data breach reports can be sent to info@palenkothuiszorg.nl attn. management. The technical contact for the apps is aryan@palenkothuiszorg.nl.
Pal&Ko Thuiszorg currently does not process personal data "on a large scale" within the meaning of GDPR Article 37(1)(c) (EDPB-WP243 guidance) and has therefore not formally appointed a Data Protection Officer. This is reassessed annually; once the threshold is exceeded, a DPO will be appointed and listed on this page.
2. Apps covered
- Pal&Ko Planning
3. Personal data we process
3.1 Staff
- Identity: first and last name, date of birth, gender.
- Contact: email address, phone number, home address.
- Payroll and administration: BSN, IBAN, contract type, hourly wage, mileage rate.
- Professional credentials: BIG registration, AGB codes, qualifications.
- Operational: shifts, hours worked, leave, sick reports, tasks.
- Address coordinates of the home address for route calculation (derived from the entered address via geocoding; no real-time GPS).
- Push notification token (Apple APNs or Google FCM).
- Audit log of mutations performed in the app.
3.2 Clients
- Identity: name, date of birth, BSN, contact details.
- Address and corresponding coordinates for routing (derived via geocoding).
- Health data: care indication, diagnoses, medication, allergies, care notes.
- Insurer, policy number, UZOVI code.
- Emergency contact, GP, informal caregivers.
- IBAN and billing address for PGB-funded care.
3.3 What the apps do not collect
- No IDFA, no Advertising ID and no tracking for advertising purposes.
- No integrations with data brokers, ad networks or social media trackers.
- No access to camera, microphone, real-time GPS, contacts or calendar of the device.
- No automated decision-making with legal effects or similarly significant effects within the meaning of GDPR Article 22. The apps use automated route optimisation to generate scheduling proposals, but these proposals are always reviewed and published by a planner before they take effect.
4. Purposes and legal bases
| Processing | Purpose | Legal basis (GDPR) |
|---|---|---|
| Client and medical data | Performance of the care contract | Art. 6(1)(b) and 9(2)(h) |
| BSN processing | Statutory healthcare exchange | Wabb (Dutch Healthcare Personal Data Act) |
| Staff personal data and planning | Performance of the employment contract | Art. 6(1)(b) |
| Payroll administration | Legal obligation (tax) | Art. 6(1)(c) |
| Push notifications | Operational communication | Art. 6(1)(b) and legitimate interest |
| Audit log | Compliance and inspectorate audits | Art. 6(1)(c) and legitimate interest |
| Route calculation | Efficient care planning | Legitimate interest (Art. 6(1)(f)) |
| Error detection and app stability (Sentry diagnostics) | Crash reporting and 10%-sampled performance metrics for bug fixing | Legitimate interest (Art. 6(1)(f)) — security and quality of the healthcare app |
5. Retention periods
| Category | Period | Legal basis |
|---|---|---|
| Client and care record (medical data) | 20 years after last contact | Wgbo art. 7:454 Dutch Civil Code |
| Payroll and invoicing | 7 years | Dutch tax law (AWR art. 52) |
| Salary administration | 7 years | Tax |
| Job applicants (rejected) | 4 weeks, or 1 year with consent | Dutch DPA guidance |
| Notifications | 1 year (auto-purged) | GDPR storage limitation |
| Leave requests | 3 years after end date | GDPR storage limitation |
| Push tokens | Up to 90 days after last activity, or on logout | GDPR storage limitation |
| Sentry diagnostic events (crashes and performance samples) | 90 days (default Sentry retention), then automatically purged | GDPR storage limitation |
| Account data after self-deletion | Immediate: PII erased · Audit: 7 years | GDPR Art. 17 and IGJ auditability |
6. Sub-processors
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage, realtime | EU (Ireland) |
| Vercel | App hosting | EU (Frankfurt) |
| Apple APNs | iOS push notifications (final delivery to the device) | USA (under Apple Developer Agreement) |
| Google FCM (Firebase Cloud Messaging) | Push notifications for iOS and Android. On iOS the app uses the Firebase Messaging SDK as a relay to Apple APNs. | EU/USA |
| PDOK Locatieserver (Dutch Land Registry / Ministry of the Interior) | Geocoding of addresses to coordinates (full address: street, house number, postcode, city) | EU (the Netherlands) |
| TomTom Routing API (TomTom International B.V.) | Travel time and distance calculation based on coordinates only (lat/lng, no address or name) | EU (Amsterdam, the Netherlands) |
| Pal&Ko OSRM fallback (self-hosted DigitalOcean VPS) | Fallback routing service when TomTom is unavailable (lat/lng only) | EU (Frankfurt, Germany) |
| Capgo Cloud (Capgo SAS) | Version check for in-app updates of JavaScript and asset files. Receives anonymous device ID and app version only; no personal data. | EU (France) |
| Sentry (Functional Software, Inc., via Sentry GmbH) | Error detection and performance monitoring: receives crash stack traces, error events and 10%-sampled performance metrics. User context contains only profile ID and role — no email, name, BSN or client data. API keys and authorization headers are actively stripped from fetch/xhr breadcrumbs before transmission. Sentry DPA per sentry.io/legal/dpa. | EU (Frankfurt, Germany — ingest.de.sentry.io) |
A data processing agreement is in place with these parties or their general processor terms apply. Pal&Ko Thuiszorg does not share data with data brokers, advertising networks, marketing platforms or social media providers.
7. Security
- Encryption in transit using TLS 1.2 or higher.
- Encryption at rest in the database (AES-256, Supabase default).
- Row Level Security per role; staff see only their own data and assigned clients.
- Audit logging of mutations on sensitive tables.
- Native screen and recording protection on iOS (secure canvas) and Android (FLAG_SECURE).
- Annual review of access rights, security measures and sub-processors.
8. Rights of data subjects (GDPR Articles 15–22)
- Access — via Profile → Download my data in the app.
- Rectification — correction of inaccurate data.
- Erasure — where permitted; medical records are subject to mandatory retention under Dutch Wgbo law. For the login account: in the app via Profile → Delete account.
- Restriction of processing.
- Data portability — own data in machine-readable JSON via the app.
- Objection to processing based on legitimate interest.
Requests can be sent to info@palenkothuiszorg.nl with subject "GDPR request". We respond within one month. You also have the right to file a complaint with the Dutch Data Protection Authority.
9. BSN (Dutch citizen service number)
Pal&Ko Thuiszorg processes the BSN exclusively for legally mandated healthcare purposes under the Dutch Healthcare Personal Data Act (Wabb) and the Dutch BSN Act. The BSN is not used for other purposes and not shared with third parties beyond the legally permitted exchange with health insurers, the CAK, the CIZ and the Tax Authority.
10. Health data
Health data are processed as a special category of personal data under GDPR Article 9(2)(h): necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of healthcare or the management of healthcare systems and services. Processing is performed under the responsibility of a professional bound by professional secrecy under EU or national law (GDPR Article 9(3) in conjunction with Dutch Civil Code Article 7:457).
11. Data breach procedure
Pal&Ko Thuiszorg reports suspected data breaches to the Dutch Data Protection Authority within 72 hours where there is a risk to the rights and freedoms of data subjects. In case of high risk, data subjects are also informed directly. A breach can be reported via info@palenkothuiszorg.nl with subject "Data breach". Complaints about care delivery itself fall under the Wkkgz complaints procedure and are sent to klachten@palenkothuiszorg.nl.
12. Not a medical device
The apps of Pal&Ko Thuiszorg are not medical devices within the meaning of Regulation (EU) 2017/745 (MDR). The information in the apps is intended for planning and organising home care, not for diagnosis, treatment or medical advice. For medical decisions, always consult a qualified healthcare professional.
13. Changes
This policy may be updated when laws, sub-processors or app functionality change. The current version is on this page. Substantive changes are communicated via an in-app notification.