The Hylyght website and online application is managed by Hylyght BV with registered address Abrahamsweg 3, 9310 Moorsel, Belgium.
Hylyght is compliant with the GDPR law in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and has taken the necessary measures as described below.
This privacy statement is not a contract between you and us or any other party involved, and is not intended to create any legal rights. The purpose of this privacy statement is only to inform you about our processing of your personal data. Our Data Protection Officer Hylyght has appointed Lode Goossens as Data Protection Officer (DPO). Any questions regarding protection of personal data can be directed to firstname.lastname@example.org.
The Hylyght online application may be used to store your personal information on your account page. You can view such information on your account page. As such Hylyght is data processor (verwerker) of these personal data.
The parties that use the personal data for their purposes are responsible for the data processing (verwerkingsverantwoordelijke). In addition, our application is intended to manage physical test information, such as planned tests, test results, test history and test schedules. Please note that this information may be considered as health data under your local data protection legislation.
The Hylyght online application only stores the information that you have provided yourself, or that your health care professional or trainer has provided when managing your tests. We will store your personal data only as long as necessary for the fulfillment of our professional relationship with you. In addition to the performance of an agreement with you or to your benefit, this includes the realization of marketing purposes and the maintenance of the client relationship. We are also required to keep your personal data as long as required by applicable laws (e.g., due to tax requirements). After the end of our professional relationship with you, we may archive your data, solely to be used for research purposes in order to improve our services.
Please note that the use of our online application is subject to the conclusion of a license agreement, which specifies that the license holder must obtain your prior consent to process your (health) personal data on our online application. While the license agreement allows the full use of our online application, you (or your organization or health care professional) are free to choose which functionalities you use and thus which personal information you store on our online application. However, when providing personal data on your account page, you will be made aware of the mandatory character of the provision of your (minimal) personal data by an asterisk next to the field that has to be completed in order to use the minimal functionalities of the application. All other information that can be provided on the online application is provided on a voluntary basis. Please note that if certain information is not provided (such as physical parameters or test results), important functionalities of our online application will not operate properly.
We will use your Personal Data only for the following purposes:
-Providing information about the characteristics of our services;
-Sending newsletters or direct marketing messages about our services, if you have consented (opt-in) to receive such communication;
-Answering the questions you may ask us about our services through the contact form;
-Managing your account, giving you access to your account and thus enabling you to use our online application;
-Enabling you or your health care professional to use the functionalities of our online application;
-If you are a license holder: manage our professional relationship, including sales and accounting;
-Managing our online application;
-Offering you customer support.
Our online application is hosted in the cloud managed by our trusted IT hosting service provider, who may need to access your data for technical support purposes. Appropriate safeguards are put in place to prevent unauthorized use by their associates.
Other members of your organization or your health care professional may have partial or full access to your data. Their access is managed by your account administrator and falls under their responsibility.
We do not provide your personal data to any other third party, except in rare and specific situations, such as, but not limited to, to comply with legal or regulatory requirements or obligations in accordance with applicable law, a court order, administrative process or judicial
process or subpoena.
In the event that we are wholly or partially merged or acquired by another company, we may also transfer your personal data to such company if the services that are offered to you are transferred.
If personal data is shared as mentioned above, we seek to limit the scope of data that is furnished to the amount necessary for the performance of the specific purpose of the transfer. Unless otherwise precluded by legal process, we require recipients to protect your personal data and abide by applicable privacy laws and regulations.
You have the right to access your personal data in order to ensure that your personal data is still accurate and up to date.
You may view and correct your own data after logging in to our online application. If needed, please consult your account administrator (i.e. your license holder) to gain access or view your data, as (s)he is your first line of contact into our online application and has full access to your information that is held on our online application.
You also have the right to ask us directly if we hold any personal data on you by making an access request. If we hold information about you, we will explain what we have, why we’re holding it and who it could be disclosed to. You may also request to have a copy of the
information in an intelligible form. If we hold personal data about you that is incorrect, you may request us to correct any mistake in the same manner. As appropriate, we will involve your account administrator in this process, as (s)he is your first line of contact into our online application.
To make an access request directly to us, please see the section Get in touch.
We recognize the importance of information security, and are constantly reviewing and enhancing our technical, physical, and logical security rules and procedures. We have established technical means, procedures and policies to preserve the integrity, confidentiality and privacy of your personal data, during its collection, use, transfer and storage while under our control; e.g. secure login and authentication. All connections to the platform are through https; and thus encrypted according to SSL standards.
Due to the longitudinal character of tests and follow-up on physical characteristics, and because test data are used anonymously for scientific research, personal data and test results are retained indefinitely. When the license holder removes data from his or her account, the data are archived but can still be used anonymously for scientific research.
In case of a data protection incident or breach we will inform the license holder of this incident. It is his or her duty to inform every impacted member of their organization. In case one of the license holders notices a data protection incident, they can report this incident using the questions below. Hylyghts’ DPO will stay in contact with the impacted organization until the issue is resolved.
The aim of these questions is to ensure that in the event of a security breach related to personal data, potential or actual personal data breach, all information is gathered to understand the reality of the breach, its impact, and the next steps to be taken.
These questions must be completed at once by any license holder with knowledge of the breach. It must be sent, to the Data Protection Office mailbox (email@example.com) + phone call to Lode Goossens, Data Protection Officer (+32 498 61 92 91), who can then take the
Form filled in by
Description of processing concerned:
Date and time of the discovery of the breach:
How did you become aware of the breach?
Did third parties have unauthorized access to personal data?
Categories(s) of personal data concerned:
Categories of data subjects concerned:
Number  of data subjects concerned:
Nature  of breach:
Other circumstances of the breach:
What immediate action has been taken to
contain/mitigate the breach?
 Estimate, if possible. If it is not possible to provide even an estimate, write “NA”.
 E.g.: theft/disclosed in error/technical problems, loss of hard drive…
If you wish to contact us to receive more information on how we process your personal data, or if you want us to remove your personal data, please send your request to Hylyght, by email to firstname.lastname@example.org.
In case of complaints about the data protection by Hylyght, complaints can be filed with the
data protection authority.
We reserve the right to modify or amend this Online Application Privacy Statement at any time and for any reason. For this reason, we urge you to review this statement from time to time while you’re visiting our online application. We will however bring explicitly to your attention any operational change that could impact the choices you have made on our online application regarding the processing of your personal data. The Privacy statement was last updated on March 30, 2020.