Privacy Policy

1. Introduction

Praxium attaches great importance to the protection of your personal data. In this privacy policy, we explain what data we collect when you visit our website, how we use this data, with whom we share it, and what rights you have. This privacy policy applies to all websites and services operated by Digital Front, the company behind the Praxium platform.

2. Data Controller

The data controller for the processing of data on this website is:

3. What Data We Collect

We only collect data that is necessary for the functioning of our website and for processing your requests.

Website visitors

• IP address (anonymized, via server logs)
• Browser type and version
• Pages visited and navigation patterns
• Date and time of the visit
• Referring website (if applicable)
• Language preference

Contact form

• Name
• Email address
• Content of your message

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the General Data Protection Regulation (GDPR), Article 6:

• Legitimate interest (Article 6(1)(f) GDPR): For the operation and security of our website, maintaining server logs, and analyzing website usage to improve our services.
• Consent (Article 6(1)(a) GDPR): For processing data that you voluntarily provide to us through the contact form. You may withdraw your consent at any time.
• Performance of a contract (Article 6(1)(b) GDPR): For processing data necessary for the delivery of our services to physiotherapy practices.

5. How We Use Your Data

We use the collected data exclusively for the following purposes:

• Operating and maintaining our website
• Responding to your inquiries through the contact form
• Improving the user experience on our website
• Ensuring the security of our website
• Complying with legal obligations
• Generating anonymous, aggregated statistics about website usage

6. Who We Share Your Data With

We only share your personal data with carefully selected service providers that are necessary for the operation of our platform. We have entered into data processing agreements with all of these parties.

Our service providers

We do not sell your personal data to third parties and will never do so.

7. Data Retention

We do not retain your personal data for longer than necessary for the purposes for which it was collected. For platform users (physiotherapy practices), specific retention periods apply in accordance with healthcare legislation:

• Contact form submissions: 2 years after receipt, unless ongoing correspondence requires longer retention
• Server logs: 90 days, automatically deleted thereafter
• Cookie preferences: until you revoke them or clear your browser data
• Website analytics (Vercel Analytics): cookie-free, aggregated usage data for understanding website traffic and improving the site
• Admin session data: duration of the session plus 30 days after logout
• Admin audit logs: 7 years, in accordance with HIPAA and the Dutch Medical Treatment Contracts Act (Wgbo)
• Patient and client health records: 20 years, in accordance with the Dutch Medical Treatment Contracts Act (Wgbo, Article 7:454 of the Dutch Civil Code)
• Staff employment data: duration of employment plus 2 years after end of employment

8. Your Rights

Under the GDPR (Articles 15 to 21), you have the following rights regarding your personal data:

• Right of access (Article 15): You have the right to know what personal data we process about you and to request a copy thereof.
• Right to rectification (Article 16): You have the right to have inaccurate or incomplete personal data corrected.
• Right to erasure (Article 17): You have the right to request that we delete your personal data, unless there is a legal ground for retaining it.
• Right to restriction of processing (Article 18): You have the right to restrict the processing of your data under certain circumstances.
• Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Article 21): You have the right to object to the processing of your personal data based on our legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at privacy@praxium.nl. We will respond to your request within 30 days, in accordance with the GDPR.

9. Security

We take the protection of your personal data very seriously and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• HTTPS/TLS encryption for all data transmission
• Two-layer encryption at rest: all data is encrypted by our hosting infrastructure through transparent disk encryption, and sensitive personal data is additionally encrypted at the application level with AES-256-GCM before storage in the database
• Role-based access control (only authorized personnel have access)
• Regular security audits and updates
• Incident response plan for data breaches in compliance with the GDPR notification requirement

Security monitoring and audit logging

To protect the security and integrity of our platform, we log IP addresses and browser information for security monitoring purposes. The legal basis for this processing is our legitimate interest in ensuring the security of our platform and the prevention of fraud and abuse (Article 6(1)(f) GDPR). Security audit logs are retained for 7 years in accordance with healthcare compliance requirements.

10. Cookies

Our website only uses strictly necessary cookies that are essential for the functioning of the website. We do not place tracking, marketing, or analytics cookies, but we do use cookie-free Vercel Analytics for aggregated website statistics.

Cookies we use

• Language preference: Remembers your selected language (Dutch or English)
• Cookie preferences: Stores your cookie choice so the banner is not shown on every visit

For transparency: we currently use Vercel Analytics to measure aggregate website usage, such as visits, page views, referrers, and device/browser trends. Plausible Analytics may be added later or used in parallel in the future.

You can adjust your cookie preferences at any time via the cookie settings in the website footer.

11. Third-Party Services

Below you will find an overview of all external services we use, the purpose of processing, and what data is processed:

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, new technologies, or legal requirements. In the case of substantial changes, we will inform you via a notice on our website. We recommend that you review this privacy policy regularly. The date of the last modification is indicated at the top of this document.

13. Contact and Complaints

Do you have questions about this privacy policy or about how we process your personal data? Please contact us:

If you believe that your personal data is not being processed correctly, you have the right to file a complaint with the Autoriteit Persoonsgegevens (AP), the Dutch supervisory authority for data protection: