PRIVACY STATEMENT for the 'Compendium App'

In this privacy statement, Synopsis B.V. (hereinafter " Compendium " or " we " / " us ") explains how it, as a
controller, deals with the personal data it obtains and processes in connection with your use of the
Compendium application for iOS and Android ("the App "). Information traceable to a natural person is called
'personal data'. The collection, use and storage of personal data is called 'processing'. By " you ", we mean
anyone that comes within the scope of this privacy statement, specifically users of the App.

1. How we obtain personal data

You need an account to be able to use the App. We collect personal data partly through you providing it to
us when you register for an account, but we also collect personal data that we obtain from your use of our
services, like the App, and from your use of third-party services.

Information provided when creating an account
If you want to use the App, we need certain information from you. Therefore, when you create an account,
you are required to complete the fields marked as mandatory. The consequence of not providing this
information is that you will then not be able to use the App. Among other things, we process the following
data about you: contact information (name, place of residence, email address and phone number). In
addition, to secure your account, we have to process the password you have chosen.

Other information you yourself provide
If you have created an account, you will (possibly) also provide other information while using the App, for
instance information about your interests, hobbies and preferences, information about your work and/or
additional information about you as a person. You are not obliged to provide this information about yourself.

Data collected based on your use of the App
We collect information about how you use the App and how App users interact with our services, what their
indicated preferences are, and what settings they choose. In some cases, we do this through the use of
pixel tags and similar technologies that create and store unique identifiers, as explained in more detail
below. In addition, we may collect information about your mobile device, like the model, operating system
and version, preferred language, unique identifier, serial numbers, and mobile network information. When
you interact with the App, we collect server logs, which may include information like the device IP address,
access dates and times, app features or pages viewed, app crashes and other system activity, browser
type, and third-party sites or services you used before interacting with the App. We do this in order to be
able to improve the user experience of the App. See also: Purposes and bases for processing personal
data below.

2. Bases: the legal reasons for using personal data

We may use personal data based on six different 'bases' set out in the law:
· your consent;
· preparing or performing an agreement you are about to enter into or to which you are a party,
like the terms of use and Compendium's general sale and delivery conditions;
· to comply with a legal obligation;
· to protect your 'vital interests' (exceptional);
· because of the need to process personal data for the performance of a task carried out in the
public interest;
· because of our 'legitimate interests' or those of the organisation with which we (may)
share your personal data.

3. Legitimate interests: what are they?

Sometimes we process personal data because of our legitimate interests. We will explain in more detail
below when this could be the case. Legitimate interests can be diverse. Compendium's legitimate interests
include: marketing, creating brand awareness for the organisation, communication, IT management and
security, research into and analysis of own products or services for the purpose of optimising the services
Compendium offers you as a user of the App, corporate governance, legal affairs, internal management.
We only process personal data on the basis of a 'legitimate interest' if, in doing so, the processing does not
unnecessarily harm your privacy and it is always proportionate. If you would like to know how we make this
consideration, please get in touch (see also: 12 Contacting Compendium ).

4. Purposes and bases for processing personal data

We process your personal data (name, email address) for certain purposes described below, and on the
bases specified there:
· to enable the use of all the features of the App and provide you with all the services the App has
to offer. If this involves sharing information about you with other users, your consent will be sought;
· to allow users to communicate with each other (using the 'Hello', 'Ask' or 'Meet' feature),
this is based on the performance of an agreement to which you are a party;
· to maintain and improve the App and supporting IT systems, based on our legitimate
interests;
· to enable payments, send receipts, provide products and services, based on an agreement to
which you are a party;
· to offer, organise and complete contests and competitions, based on our legitimate
interests and the performance of an agreement;
· for advertising and marketing purposes, including sending newsletters via email, marketing
through our website, based on our legitimate interests and, where required, your consent;
· because we want to inform you about or make you aware of Compendium's work, based on our
legitimate interests.

5. Sharing with and obtaining from third parties

Your personal data may be shared with:

· service providers who process payments for us, based on, for instance, our legitimate
interests and to perform an agreement with you;
· service providers that provide communications and IT services and hosting providers;
· parties that assist us with our service provision and that are not processors (for
example, accountants and legal/other consultants), based on our legitimate interests;
· enforcement authorities, including investigation agencies, or other third parties, if we are
required to do so by law; and
· (potential) buyers or investors, based on legitimate commercial purposes (like the (possible) sale
of business activities or shares or a reorganisation);

The transfer of your data to the third parties referred to above will only occur to the extent permitted by
applicable laws and regulations.

Some third parties we engage qualify as 'processors' (for example, hosting service providers, or parties
that organise or conduct campaigns or surveys). Agreements are made with such parties in accordance
with applicable legal requirements.

6. Your consent

As has already been discussed a number of times, in a number of cases we will need your unambiguous
consent before we are allowed to carry out (or have a third party carry out) particular personal data
processing. If consent is required, we will seek it from you beyond this privacy statement. We need your
consent for the following processing operations, among others:
· if, through the App, data are placed and/or read out on your device (phone, tablet, etc.) and this
is not necessary for the technical operation of the App;
· for processing your location;
· for disclosing your interests, hobbies and preferences, information about your work and/or
additional information about you as a person to other users.

You are free to give your consent or withhold it. You may withdraw your consent once it has been given
whenever you wish. A failure to provide consent or the withdrawal of it may affect the services provided by
Compendium. For example, you will no longer fully be able to use the App if you do not share information
with other users.

7. Children

The App is intended for persons of 16 years of age or older. We do not therefore intend to process children's
personal data.

8. Transfer outside the EEA

Sometimes your personal data are also transferred to (or stored by) a recipient outside the European
Economic Area (EEA). This is the case, for example, with our service provider Google Cloud services,
which stores data in the US. The countries in which those recipients are located may have different rules
on using and protecting personal information. If those rules do not provide an appropriate level of protection,
we will ensure that additional safeguards are in place. For instance, we will use American service providers
that have voluntarily submitted to the EU-US Privacy Shield (like Google), and in other cases that typically
use EU model contracts for the transfer of personal data. You can contact us for a copy of the relevant
safeguards.

9. Your rights, including the right to object

You have the right to know which personal data we hold about you and for what purposes, and you have
the right to access those data and correct them if necessary. If you have given your consent, you may
withdraw it at any time, at which point the relevant processing will cease. In addition, in certain cases you
have the right to object to processing related to direct marketing and processing based on a 'legitimate
interest', and to ask us to limit the use of your personal data or to erase or transfer them (data portability).
You also have the right to file a complaint with the Dutch Data Protection Authority. You may exercise these
rights only to the extent that such rights have been granted to you under the applicable law.

The foregoing rights may be exercised by submitting a request by email to
klantenservice@compendiumgeneeskunde.nl. With respect to certain requests, we reserve the right to
reject your request if permissible by law.

10. Retention period

In principle, we do not retain your personal data longer than is necessary for the purposes for which they
were obtained and to comply with our legal obligations. This generally means that your personal data are
retained as long as one of the following situations applies:
· your personal data are needed because you have an account, or because we are otherwise
being of service to you;
· your personal data are necessary to protect our rights (normally speaking, for the duration of the
applicable statutory limitation period); or
· we are required by the applicable laws and regulations to retain your personal data, because, for
example, of tax laws, in which case a period of 7 years often applies after the end of our
relationship with you.

11. Changes to this privacy statement

We may unilaterally amend or supplement this privacy statement. We will announce these changes if we
are required by law to do so.

12. Contacting Compendium

For questions or comments about this privacy statement and/or the processing of personal data, please
contact Synopsis B.V. by email: klantenservice@compendiumgeneeskunde.nl.

This privacy statement was last updated in December 2023.