GDPR Statement

Last reviewed: May 2026

Lyvup B.V. is committed to processing personal data in accordance with the General Data Protection Regulation (GDPR / AVG) and applicable Dutch data protection law.

Who we are

Lyvup B.V. is the data controller for personal data collected through this website and through its research and platform activities. Registered address: Herengracht 59, 1015 BC Amsterdam, Netherlands (KvK: 80366708). Contact: info@lyvup.com.

Special category data

Lyvup's platforms process health data — classified under Article 9 GDPR as special category data. This data is subject to enhanced legal protections and is processed only on the basis of explicit consent or other applicable legal grounds under Article 9(2) GDPR. Health data is stored exclusively on European servers and is not transferred to third countries without appropriate safeguards.

Legal bases for processing

Depending on the context, Lyvup processes personal data on the following legal bases:

• Consent (Article 6(1)(a)) — for website analytics cookies and direct marketing communications
• Contract (Article 6(1)(b)) — for processing necessary to deliver agreed services
• Legitimate interests (Article 6(1)(f)) — for website security and fraud prevention
• Explicit consent (Article 9(2)(a)) — for health data processed through clinical research or platform programmes
• Scientific research (Article 9(2)(j)) — where applicable within funded research programmes

Your rights

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access — to obtain a copy of the data we hold about you
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data where no legal basis for continued processing applies
• Right to restriction — to limit how we process your data in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to processing based on legitimate interests
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

Data security

Lyvup implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. We are actively implementing ISO 27001 and NEN 7510 information security standards. Data Processing Agreements (DPAs) are provided as standard to all B2B partners who process personal data on Lyvup's behalf or alongside Lyvup's platforms.

Supervisory authority

If you believe your rights under the GDPR have not been respected, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl.

Contact

To exercise your rights or for any data protection enquiries, please contact info@lyvup.com.