Overslaan naar inhoud

Privacy Policy


Last updated: 22 November 2025


This Privacy Policy describes how Stichting Health Angel Services (“we”, “our”, “us”) collects, uses, shares, and protects your personal information in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy applies to all visitors and users of our website, forms, and services, and should be read in conjunction with our Terms of Service.


1. Purpose of Data Collection

We collect personal data solely for the purpose of delivering our support services to the Biontology® field. These include:

  • Managing registrations and determining eligibility for service;
  • Processing service and repair requests;
  • Facilitating communication between practitioners, clients, and third party suppliers (e.g., the Biontology® training institute, the Chiren®3.0 distributor, and Dr. J.C. Boswinkel’s legacy foundation);
  • Coordinating training or instrument purchase when initiated by you;
  • Issuing invoices or confirmations for transactions;
  • Managing access to restricted materials, forums, services, and webshop areas;
  • Handling general inquiries and complaints related to Biontology® experiences;
  • Providing administrative assistance for training enrolment, licensing documentation, and other field-related operations;
  • Maintaining internal records of user engagement, payment status, and historical conduct (for continuity and field protection)

We do not use personal data for advertising or commercial profiling.

2. Types of Data Collected

Depending on the interaction, we may collect:

  • ​Identification and contact data: full name, address, email, phone number
  • Professional information: practitioner status, instrument ownership, registration history
  • Transactional data: service requests, invoices, webshop orders
  • Supporting documentation for formal agreements (e.g. passport copy when required for license preparation)

We do not knowingly collect sensitive personal data such as health information, ethnicity, political opinions, or religious beliefs. We explicitly instruct users not to submit client-related personal data (e.g. from their own practice) that includes personal identifiers. If such information is submitted, we will take steps to delete or anonymise it.

3. Data Collection Methods

We collect personal data through:

  • Forms submitted via our website (Odoo platform); 
  • Email correspondence;
  • Webshop orders (password-protected, available to eligible users only);
  • Manual submissions (e.g. uploaded documents during onboarding or registration)​.

4. Legal Basis for Processing

We process your data under one or more of the following legal bases:

  • Your consent – where you have explicitly provided consent (e.g. by submitting a form, registering a device, or entering into an agreement);
  • Performance of a contract – including taking steps at your request prior to entering into a contract (e.g. delivering requested services, processing registrations, or responding to service-related inquiries in the context of service use);​
  • Compliance with a legal obligation - where processing is necessary to meet legal, tax, financial, or regulatory requirements;
  • Legitimate interest - where necessary for the continuity and integrity of the Biontology® field, internal administration, safeguarding our operations, or maintaining accurate service records.

5. Data Sharing

Your data may be shared only as necessary with affiliated and trusted third-party entities directly involved in the delivery of services you request, including:

  • The Institute for Applied Biophoton Sciences (for enrolment or training-related support); 
  • Stichting MIBA (for overseeing licensing, certification, and intellectual property use);
  • BoChi Instruments (for instrument purchase, logistics, warranty, and pick-up coordination);
  • Dr. Schwab Gesellschaft für Technologieberatung (for authorised repair coordination); 
  • Our accountants, legal advisers, or IT providers, where necessary for proper functioning.​

All third parties are bound by confidentiality and data protection obligations.​

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including the provision of services, compliance with legal obligations, enforcement of agreements, and protection of the integrity of the Biontology® field.

Retention periods are based on operational needs, regulatory obligations, and the potential necessity of preserving records related to past conduct, breaches, or disputes

Data will be securely stored and restricted from unnecessary access or use. We periodically review stored data and delete or anonymise it when it is no longer necessary.​

7. Your Rights Under GDPR

You have the following rights, subject to applicable limitations:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request corrections if your data is inaccurate or incomplete.
  • Right to Erasure (Right to Be Forgotten): You may request deletion of your personal data. However, we may retain data necessary to: 
    • Comply with legal or contractual obligations;
    • Maintain a record of service history;
    • Safeguard the continuity and ethical standards of the Biontology® field — for example, where a documented incident may impact the continuity or ethical boundaries of the field. In such cases, only the minimum data required will be retained.
  • Right to Restriction: You may request that we limit the processing of your data in specific cases.
  • Right to Object: You may object to processing based on our legitimate interests (such as internal coordination), unless we demonstrate compelling grounds to continue. This right does not apply to processing required for contracts, legal duties, or service continuity. 
  • Right to Data Portability: This right does not apply where we do not hold data in a structured, interoperable format for transfer. This is typically not relevant to our services.​

To exercise these rights, contact us via the Contact Form or email address listed on the website. We may request verification before processing your request.

8. Data Security

We take appropriate technical and organisational measures to protect your data against loss, misuse, or unauthorised access. This includes restricted access controls, secure storage, and regular platform maintenance.​

9. Cookies and Tracking

We do not use advertising cookies or engage in third-party tracking. Any cookies used on this site are limited to essential session functions and analytics.​

10. International Transfers

Some of our service providers (such as Odoo and Circle) may process data outside the European Economic Area (EEA). These providers are expected to implement appropriate safeguards in accordance with GDPR, such as Standard Contractual Clauses or processing in jurisdictions with an adequacy decision. 

We do not maintain direct contracts with these platforms but rely on their published commitments to data protection and security. Where applicable, your personal data is transferred only to entities with appropriate legal safeguards in place.​

11. Contact and Complaints

For questions or concerns about this Privacy Policy or how your data is handled, contact us via the Contact Form. You also have the right to lodge a complaint with your local data protection authority.​

12. Updates to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be published on this page.​

Review and Acknowledgment

By submitting your data through our website or related services, you acknowledge that you have read and understood this Privacy Policy and accept its terms.