HealthTalk Privacy Notice

HealthTalk Privacy Regulations for High-Risk Speech-to-Text Clinical AI

HealthTalk's Commitment to Privacy

At HealthTalk, we prioritize the protection of personal data for our users and patients. We handle personal data with the utmost care and ensure that it is secured and processed in accordance with this Privacy Notice and all applicable laws and regulations.

Processor and Controller Roles

HealthTalk BV, located at Bargelaaan 200 and registered with the Dutch Chamber of Commerce under number 92905501, is responsible for the HealthTalk platform and for processing activities for which HealthTalk determines the purposes and means, including platform operation, security, account administration, and AI-enabled drafting functionality.

For clinical processing carried out in the treating relationship, HealthTalk and the treating physician or healthcare organisation may act as joint controllers where they jointly determine the purposes and essential means of processing.

Your doctor will usually determine the clinical purposes of processing and remains responsible for clinical decisions and the content of the medical record within the meaning of applicable law.

Where HealthTalk acts only on documented instructions, HealthTalk acts as processor. Where HealthTalk materially determines platform or AI processing together with the healthcare provider, the parties should document the arrangement as joint controllers and make the essence of that arrangement available to patients.

Data Collection

We collect personal data only where there is a valid legal basis for the relevant processing activity. In a healthcare context, this may include provision of healthcare or treatment, performance of a contract, compliance with legal obligations, legitimate security interests (such as protecting the platform and its users from fraud, misuse, and unauthorized access), or explicit consent where consent is specifically appropriate, such as optional research participation.

Types of Data Collected

  • Contact information: Name, email, address, phone number, billing, and delivery addresses.
  • Account details: Screen name and password.
  • Personal information: Gender, place of residence, date of birth, and purchase history.
  • Payment information: Payment or credit card details.
  • Health data: Images, photos, videos, physical characteristics, health data (for example weight, heart rate, blood pressure, and cholesterol), medical history, medication information, family illness history, and fitness activities. These are special category data under GDPR and receive enhanced protection.

Purpose and Use of Data

HealthTalk uses personal data for the following purposes:

  • Platform functions: To enable features of the HealthTalk platform and your personal HealthTalk health environment, including account creation and login.
  • Support services: To provide support via email, such as password resets.
  • Transaction processing: To handle purchases and services requiring your name and address.
  • Health monitoring: To track fitness activities, health data, and progress, and display results in your health environment.
  • Health reports: To generate basic health reports using your email, date of birth, zip code, house number, and gender.
  • Research: To use anonymised data for scientific research and product improvement. Consent is required for participation in active research unless another research basis and appropriate safeguards are clearly documented and communicated before research processing starts.
  • AI-generated reports: HealthTalk uses a large language model (LLM) to generate summaries or draft reports of conversations between doctors and patients. This application may be classified as high risk, depending on the applicable regulatory analysis, and is subject to strict safety and compliance requirements. The clinician is always responsible for meaningful review and may accept, modify, reject, or replace the draft. No clinical decision should be based solely on automated processing without meaningful human oversight.

Patients may request meaningful information about the use of AI in generating drafts, including the significance of processing, envisaged consequences, and how to request human review or correction of the resulting record.

Information Security

HealthTalk implements appropriate technical and organizational measures, supported by the NEN 7510 and ISO/IEC 27001-certified infrastructure and services provided by MEDrecord BV, where MEDrecord BV acts as a service provider or sub-processor under written contractual arrangements.

MEDrecord BV is certified for NEN 7510 and ISO 27001 standards for healthcare information security, ensuring:

  • Availability: Information and services are accessible when needed.
  • Confidentiality: Only authorized persons have access to information.
  • Integrity: Information is accurate and complete.

We use secure SSL/TLS encryption for data exchange and store personal data on physically separate, secure servers within the European Economic Area. HealthTalk remains responsible for maintaining security measures appropriate to the sensitivity of the personal data and the healthcare context.

Data Retention and Transfer

Personal data is retained as long as necessary for the purposes for which it was collected, unless law requires otherwise, including any applicable statutory medical-record retention period.

Clinical records may need to be retained for legally required healthcare retention periods, while account, billing, security log, and research data are retained according to separate documented retention schedules.

Data is stored on secure servers within the European Economic Area unless a specific provider or support arrangement requires an international transfer supported by an appropriate GDPR transfer mechanism.

Your Rights

You have the right to request access to, correction of, or deletion of your personal data. You may object to processing on legitimate grounds and withdraw consent at any time.

Where deletion is requested, HealthTalk assesses the request against applicable legal retention duties, healthcare obligations, and research safeguards. Where data cannot be deleted immediately, HealthTalk will explain the reason and, where appropriate, restrict, pseudonymise, or otherwise protect the data.

Where your data is processed based on consent or contract, you may also request data portability under Article 20 GDPR.

Cookies

We use cookies to enhance your experience on the HealthTalk website. Cookies help us recognize you, save preferences, and improve website functionality.

You can manage cookies through your browser settings. Where cookies are not strictly necessary, we request your prior consent through a cookie banner or preference tool, and you may withdraw or adjust that consent as easily as you gave it.

Updates to this Privacy Notice

We may update this Privacy Notice to reflect changes in our practices or applicable laws. Where a material change affects how we use your personal data, we provide an appropriate notice through the platform, by email, or by another suitable communication channel before the change takes effect, where required.

Contact Information

For questions or requests regarding your personal data, contact us at hello@healthtalk.ai.

If you request data deletion, your anonymised or pseudonymised health data may remain available for scientific research only where a valid legal basis and appropriate safeguards apply.

You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl), if you believe your personal data has not been handled appropriately.

Children and Minors

HealthTalk may process health data relating to minors where necessary for the provision of healthcare. In the Netherlands, the digital consent age is sixteen years. For patients under sixteen, consent of a parent or legal guardian is required before personal data is processed through the platform.

HealthTalk will take reasonable steps to verify parental authority where required. [TO CONFIRM: the specific verification procedure and any age-gating mechanism.]

Thank you for trusting HealthTalk with your personal data.

Wij zijn gecertificeerd

NEN 7510-1:2017 Certified by Brand Compliance, MGMT SYS. RvA C 548
ISO 27001:2022 Certified by Brand Compliance, MGMT SYS. RvA C 548
MedMij - veilig online uitwisselen van medische gegevens

In het domein van klinische apps is certificering essentieel. Het garandeert de kwaliteit, veiligheid en naleving van industriestandaarden van de app. Voor zorgprofessionals en patiënten zorgt certificering voor betrouwbaarheid, nauwkeurigheid en gebruikersveiligheid, waardoor het een fundamentele indicator van app-geloofwaardigheid is.

HealthTalk © 2026

gemaakt metbijMEDrecord