Privacy Policy

This privacy policy was last updated on February 12, 2026.

1. Parties and subject matter

Uma Health BV
(hereinafter "Uma" or the “Controller”)

Registered office: Beigemsesteenweg 109, 1850 Grimbergen, Belgium
KBO/VAT: BE1016.045.702
E-mail: thibaut@umahealth.be

The Data Controller establishes this Privacy Policy, which aims to inform Users in a transparent manner about the website hosted at the following address: https://www.umahealth.be, (hereinafter referred to as the Site), and about the manner in which personal data is collected and processed by the Controller.

The term "User" refers to any user, whether a natural person or a legal entity, who visits the Site or interacts with the Site in any way.

In its capacity as Data Controller, the Data Controller determines all technical, legal, and organizational means and the purposes for processing the personal data of Users. The Data Controller undertakes to implement all necessary measures to ensure that the processing of personal data is carried out in accordance with the Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the "Law") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (i.e. the General Data Protection Regulation (GDPR) or 'GDPR'; hereinafter referred to as the Regulation).

The Controller is free to choose a natural or legal person who processes the personal data of the Users at the request and on behalf of the Controller (hereinafter referred to as the Processor or SubcontractorWhere applicable, the Controller undertakes to select a Processor that offers sufficient guarantees regarding the technical and organizational measures for the processing of personal data, in accordance with the Law and the Regulation.

2. Processing of personal data

The use of the Site by Users may result in the collection of personal data. The processing of this data by the Data Controller or by service providers acting in the name and on behalf of the Data Controller is carried out in accordance with the Law and the Regulation.

Personal data are processed by the Controller, in accordance with the purposes stated below, in the following situations:

Sending newsletters and/or promotional materials.
You can call or email us if this is necessary to carry out our services.
To inform you about changes to our services and products.
Analysis of your behavior on the website to improve the website and tailor the range of products and services to your preferences.
In connection with an application for a job or collaboration with the Controller, where we collect information provided by you, such as identity data, CV and cover letter.

3. Purpose of the processing of personal data

In accordance with Article 13 of the Regulation, the purposes of the processing of personal data are communicated to the User. These purposes are as follows:

Sending newsletters and/or promotional materials, with permission as a legal basis.
You can call or email us if this is necessary to carry out our services, with permission as a legal basis.
To offer you the opportunity to create an account, with permission as a legal basis.
Tracking your browsing behaviour across different websites to tailor our products and services to your needs, with permission as a legal basis.

4. Personal data that may be processed

The User agrees that, during the visit and use of the Site, the Data Controller collects and processes the following personal data:

First and last name
Address details
Phone number
Email address
Other personal data that you actively provide, for example by creating a profile on this website, in correspondence and by telephone
Data about your surfing behaviour across different websites (for example because this company is part of an advertising network)
Internet browser and device type

The Controller collects and processes these personal data in accordance with the terms and principles described in this Privacy Policy.

By accessing and using the Site, the User declares that they have given their free, specific, informed, and unambiguous consent to the processing of their personal data. This agreement applies to the content of this Privacy Policy.

Consent is given by the positive and active action by which the User checks the privacy policy box in the hyperlink. This consent is an essential condition for performing certain actions on the Site or for enabling the User to enter into a contractual relationship with the Data Controller. Any agreement between the Data Controller and a User regarding the services and goods offered on the Site is subject to the User's acceptance of the Privacy Policy.

The User agrees that the Data Controller, in accordance with the terms and principles set out in this Privacy Policy, collects and processes his/her personal data that he/she provides on the Site or in connection with the services offered by the Data Controller, for the purposes stated above.

The User has the right to withdraw this consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on prior consent.

6. Retention period of the Users' personal data

In accordance with Article 13, paragraph 2, of the Regulation, the Controller shall store personal data only for as long as reasonably necessary for the purposes for which they are processed.

In all cases, this term shall not exceed two years.

7. Recipients of data and disclosure to third parties

Personal data may be disclosed to employees, collaborators, subcontractors, processors, or suppliers of the Controller, provided that adequate guarantees are provided for the security of the data and insofar as they cooperate with the Controller in the marketing of products or the provision of services. They act under the direct authority of the Controller and are responsible for collecting, processing, or outsourcing this data.

In all cases, the recipients of the data and those to whom the data is disclosed will comply with the contents of this Privacy Policy. The Data Controller will ensure that they process this data only for the intended purposes and in a discreet and secure manner.

In the event that the data is provided to third parties for direct marketing or prospecting purposes, the User will be informed in advance so that he/she can give prior and express consent to this use of personal data.

8. User Rights

The User may exercise his/her rights at any time by sending a message by e-mail to the following address: thibaut@umahealth.be or a letter by post, accompanied by a copy of his/her identity card, to the following address:

Uma Health BV
Beigemsesteenweg 109
1850 Grimbergen
Belgium

a. Right of access

In accordance with Article 15 of the Regulation, the Data Controller guarantees the User the right to access their personal data. The User has the right to access this personal data and the following information:

The categories of personal data that are processed
The recipients or categories of recipients to whom the personal data have been or will be disclosed
Where applicable, recipients are in third countries or international organisations and the appropriate or suitable safeguards
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

The Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the User.

If the User submits this request electronically (for example by email), the data will be provided in a commonly used electronic format, unless the User requests otherwise.

The copy of the data will be provided to the User within one month of receipt of the request.

b. Right to rectification

The Controller guarantees the User the right to rectification and erasure of personal data.

Pursuant to Article 16 of the Regulation, incorrect, inaccurate, or irrelevant data may be corrected or deleted at any time. The User must first make the necessary changes themselves from their user account, unless they cannot be made independently, in which case the request can be addressed to the Data Controller.

In accordance with Article 19 of the Regulation, the Controller shall inform each recipient to whom the personal data have been disclosed of any rectification of the personal data, unless this proves impossible or involves disproportionate effort. The Controller shall provide the data subject with information about these recipients upon request.

c. Right to erasure

The User has the right to obtain the erasure of his/her personal data as soon as possible in the cases referred to in Article 17 of the Regulation.

Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data.

The two preceding paragraphs do not apply to the extent that processing is necessary:

For the exercise of the right to freedom of expression and information
For compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller
For the institution, exercise or defence of legal claims

In accordance with Article 19 of the Regulation, the Controller shall inform each recipient to whom the personal data have been disclosed of any erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. The Controller shall provide the data subject with information about these recipients upon request.

d. Right to restriction of processing

The User has the right to restrict the processing of his/her personal data in the cases referred to in Article 18 of the Regulation.

Pursuant to Article 19 of the Regulation, the Controller shall inform each recipient to whom the personal data have been disclosed of any restriction of processing, unless this proves impossible or involves disproportionate effort. The Controller shall provide the data subject with information about these recipients upon request.

e. Right to data portability

Pursuant to Article 20 of the Regulation, Users have the right to receive from the Controller the personal data concerning them in a structured, commonly used and machine-readable format. Users have the right to transmit this data to another controller without hindrance from the Controller, in the cases provided for in the Regulation.

Where the User exercises his or her right to data portability, he or she shall have the right to have personal data transmitted directly from one controller to another, where technically feasible.

Exercising the right to data portability does not affect the right to erasure. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

The right to data portability shall not adversely affect the rights and freedoms of others.

f. Right to object and automated individual decision-making

The User has the right to object, on grounds relating to his or her particular situation, at any time to the processing of his or her personal data, including profiling based on these provisions. The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the User shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If the User objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

g. Right to lodge a complaint

The User has the right to lodge a complaint regarding the processing of their personal data by the Data Controller with the Data Protection Authority competent for the Belgian territory. More information can be found on the website: https://www.gegevensbeschermingsautoriteit.be/.

Complaints can be submitted to the following addresses:

Data Protection Authority

Drukpersstraat 35, 1000 Brussels
Tel. +32 2 274 48 00
Fax. +32 2 274 48 35
E-mail: contact@apd-gba.be

The User may also file a claim for injunction with the President of the Court of First Instance of his/her place of residence.

9. Cookies

The Site uses cookies to identify users. This allows us to provide users with a better browsing experience and to make improvements to the Site and its content. The purposes and methods of cookies are described in this article.

a. General principles

A cookie is a file placed temporarily or permanently on the User's device when visiting the Site for subsequent connection. Cookies allow the server to recognize the User's device.

Cookies may also be installed by third parties with whom the Controller collaborates.

Some of the cookies used by the Data Controller are necessary for the proper functioning of the Site, others are necessary to improve the User experience.

The User can customize or disable cookies.

By using the Site, the User expressly agrees to the management of cookies as described in this article.

b. Types of cookies and purposes pursued

The Data Controller uses different types of cookies on the Site:

Technical cookies: Necessary for the functioning of the Site, allow communication of entered data and are intended to facilitate User navigation.
Analytical and audience cookies: These allow us to recognize the user and count the number of users over a given period. They indicate browsing behavior to improve the browsing experience by showing relevant suggestions and offers. They also help identify and fix any bugs on the site.
Functional cookies: Facilitate the use of the Site by remembering certain choices (for example, user name or language).
Tracking cookiesThe Data Controller uses tracking cookies through Google Analytics to measure User interaction with the Site's content and generate anonymous statistics. These statistics help improve the Site. Google explains the use of these cookies at: https://www.google.com/intl/nl/policies/privacy/.

c. Retention period for cookies

Cookies are stored for the time necessary to achieve their intended purpose. The cookies that may be stored on the User's hard drive and the storage period are detailed in our Cookie Policy.

If the User does not want the Site to place cookies on their hard drive, they can manage or delete them by adjusting their browser settings. The User can also set their browser to notify them when a website uses cookies, allowing them to decide whether to accept or reject them.

If the User disables certain cookies, they acknowledge that the Site may not function optimally. Some parts of the Site may not be usable or may only be partially usable.

If the User wishes to manage and/or delete cookies, he/she can do so via the following links:

Internet Explorer: Deleting and managing cookies
Microsoft Edge: Clear browsing data in Microsoft Edge
Chrome: Delete, enable and manage cookies in Chrome
Firefox: Deleting cookies
Safari: Managing cookies and website data

If the User refuses to allow the use of Google Analytics cookies, he/she can configure the browser on the following website: https://tools.google.com/dlpage/gaoptout.

10. Limitation of the Controller's Liability

The Site may contain links to other third-party websites not affiliated with the Data Controller. The Data Controller is not responsible for the content of these sites or their compliance with the Regulation and the Law.

Persons with parental authority must give their express consent to minors under the age of 16 to disclose personal information or data through the Site. The Data Controller recommends that persons with parental authority promote responsible and safe internet use. The Data Controller is not liable for the collection and processing of personal information and data from minors under the age of 16 without the effective consent of their parents or legal guardians, nor for inaccurate data—particularly regarding age—entered by minors. Under no circumstances will the Data Controller process personal data if the User indicates that they are under 16 years of age.

The Data Controller is not responsible for any loss, damage or theft of personal data, in particular as a result of the presence of viruses or following computer attacks.

11. Safety and security

The Controller implements technical and organizational measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the cost of implementation in relation to the nature, context, and purposes of the processing of personal data.

The Data Controller uses industry standard encryption technologies when transferring or collecting data on the Site.

12. Changes to the Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy to comply with legal obligations. Users are therefore requested to regularly consult the Privacy Policy to stay informed of any changes and adjustments. Such changes will be posted on the Site or sent by email to ensure opposability.

13. Applicable law and competent court

This Privacy Policy is governed exclusively by Belgian law. Any dispute will be submitted to the courts of the judicial district where the Controller's registered office is located.

14. Contact

For any question or complaint regarding this Privacy Policy, the User may contact the Data Controller at the following address:

Uma Health BV