We can summarise GDPR using the following principles: Right to information: personal data is collected for a specific legitimate purpose, and may not be used for other purposes. Organisations need to be fully transparent about this. Transparency: the person whose data is processed actively agreed to this and has been informed of his/her rights. Right of access to your data: every person has the right of access to his/her personal data and supplementary information. These data must be correct at all times. Every person has the right to correct his/her data. Right to be forgotten: every person has the right to request removal of his/her personal data without having to provide a specific reason for this. Retention period: personal data may not be retained longer than deemed necessary for a specific purpose. Data protection: all personal data must be protected against access by unauthorised persons or loss of data. Right to use data for one’s own goals: every person has the right to request his/her personal data and/or to use it for his/her own goals. Every person also has the right to move his/her data and/or to copy it to another organisation. Restriction of information: every person has the right to restrict or block access to his/her data. 

MeDirect ensures that all personal data is securely stored. To protect your personal details against access by unauthorised persons or loss, we implemented the necessary technology and keep it up to date at all times. In the event that third parties offer a service to MeDirect, a contractual agreement ensures they implement the correct security procedures to safeguard your personal data such as working with encrypted information. The transfer of personal data to third parties will only be for purposes laid down in our agreements with clients and/or our term and conditions.

We amended our privacy policy to be in keeping with GDPR legislation. This privacy policy defines which information we collect of every person, why we collect this information and with which parties this information is shared. This privacy policy also defines your rights and specifies MeDirect’s contact if you have questions relating to the security of personal data. 

MeDirect uses a number of channels to keep clients up to date of new products, services and/or offers, such as email and post. MeDirect gives its clients the possibility to register for this communication. If no use is made of this possibility by the client, he/she will not receive this communication. Every client can modify his/her preferences at all times by: Unsubscribing by clicking the “unsubscribe” link in the email communication. Contacting our client service. Sending an email to [email protected] for the attention of our Data Protection Officer (DPO).  Update your preferences of your profile on your secure website

GDPR legislation stipulates that at least one of the following conditions must be met to process your personal details: Active consent: every person who has actively given his/her consent to use personal data. This consent can be obtained both digitally and on paper. Contract: the processing of personal data can be necessary to comply with certain contractual obligations. Legal obligation: the processing of personal data can be necessary to respect legal obligations

A couple of months prior to 25 May 2018, MeDirect already took some measures to be in line with GDPR legislation. Various initiatives were implemented to protect our clients and employees, such as: An amendment of our privacy policy. Giving privacy training to all our employees. Amendment of our general terms and conditions and cookie policy. Training to our employees concerning HR requests. A review of how we ask whether someone wants to be informed of our commercial offers or newsletters. Amendment of internal policies to ensure they are in line with GDPR legislation.

The General Data Protection Regulation (GDPR) is a set of rules to ensure a better protection of European citizens’ data. It is a revision of European legislation from 1995, the Data Protection Directive. The GDPR’s goal is twofold: on the one hand it aims to safeguard European citizens’ privacy, on the other hand it wants to give citizens more rights as to what happens with their personal data. GDPR came into force on 25 May 2018.