Privacy Statement

About this privacy notice

This privacy notice explains how IDA Foundation collects, uses and shares your personal data, and your rights in relation to the personal data we hold. This privacy notice concerns our processing of personal data of past, present and prospective customers and suppliers of IDA Foundation. This policy (IC900B, v2) was last updated on 1 October 2021.

Who are we?

IDA Foundation is an independent social enterprise providing medicine and medical goods to healthcare organisations worldwide, at the best price possible. IDA Foundation strives to offer end-to-end services, from sourcing and procurement through to delivery. In between, we provide warehousing, quality assurance, documentation, insurance and transport.

Visiting Address
Slochterweg 35
1027 AA Amsterdam
Postal Address
P.O. Box 37098
1030 AB Amsterdam
The Netherlands
Tel: +31 (0)20 4033051


Our GDPR Owner and data protection representative Bart van Osch  can be contacted directly at

What data do we process about your organisation?

The data we process is generally standard information which is not sensitive (e.g. contact details that may also be available publicly). When you register as an IDA Foundation customer / supplier, we process personal data that you supply to us through registration on our website, via email and/or telephone. This data includes:

  • Contact details: These may include organisation name, contact person, email address, office address and telephone number
  • License: To qualify as an IDA customer, you need to possess a license which indicates you are an official health provider. A copy of this license is stored in your customer card to prove your eligibility to receive medicines and medical supplies.
  • Financial details: As an IDA customer, we need your payment details to process payments for our services.
  • Communications: This includes communications related to previous orders (via email).
Vendors and third parties
  • All necessary information to conduct business and to qualify services and products.

How do we obtain your data?

Generally, we receive the data directly from you. Some information related to your organisation or may come from other sources, for example visit reports written by our regional managers or local agents (IDA Foundation staff).

Why do we process your data?

1. Performing our services

IDA processes data of external partners (customers, suppliers) for performing our services. This data usually includes basic data such as contact details, relevant contacts, which allows us to communicate with you about orders, shipments and any other business-related correspondence.

2. Legal obligation

In the case of suppliers, aside from contact details we also process quality assurance- related data, proving that our suppliers and products comply with appropriate guidelines and regulations.

3. To improve our services to you

By analysing data (e.g. of previous orders), we can gain insights that may help us personalise future services to you.

What is the legal ground for using your data?

We process your personal data for one of the following reasons:

  • The processing is necessary for the performance of the agreement, for example a delivery of products
  • The processing is necessary to meet a legal obligation, for example to comply with GDP requirements
  • You have opted in to processing your data, for example to be used for newsletter communications. Our newsletters give you the option to immediately unsubscribe from these communications should you want to opt out at a later stage.

How do we secure your data?

We handle your data carefully and take the necessary technical and organisational measures to safeguard sufficient protection of all data. We have put in place technical and organisational measures to protect your data against loss or unlawful processing. For example, measures to use our website and IT systems safely and avoid abuse, but also protection of physical spaces where data are stored. We have an IT security policy in place and arrange training programmes of our staff in personal data protection. Only authorised staff can view and process your data.

All our employees follow the IDA Code of Conduct which means they have confirmed they will comply with the legislation and regulations and codes of conduct and will act ethically. We also have a separate Code of Conduct for our business partners and other third party entities. 


How long do we store your data?

We do not store your data longer than necessary. In certain cases, the law decides how long we may or must store data. In other cases, we have determined how long we need to store your data. We have drawn up a retention schedule for this.

Customer files for example are stored for at least 7 years after the relationship with IDA Foundation has ended. A quotation that has not resulted in an agreement in general will be removed after several months.

With whom do we share your data?

Your data is stored internally in our administration systems for business purposes. We only share your data with third parties if required by the law, for IDA business purposes. Your data may be stored in an external system (e.g. IT service providers, MailChimp if you have opted in to newsletters). IDA Foundation maintains what data is stored here and your data is not used by these providers.

In the case of legal obligations we will supply data to the authorities.

What are your rights?

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have several rights regarding your personal data:

  • If you have opted into the processing of your data, you have the right (in certain circumstances) to opt out at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
  • You have the right to lodge a complaint to the Personal Data Authority (tel. 0900-2001201) if you believe that we have not complied with the requirements of the GDPR regarding your personal data.
  • Viewing or correcting data: You have the right to ask us what personal data we process about you and to have incorrect data adjusted or deleted.
  • In certain cases, and under certain conditions, you have the right to have the personal data that we have about you removed.
  • Restriction on the processing. If you believe we process your personal data unlawfully, or that the data processed by us is incorrect, you may request that the processing be restricted. This means that the data may no longer be processed by us.
  • Transfer of the data (data portability). You are entitled to a copy of the personal data you have provided to us for the performance of an agreement you have concluded with us or if you have given us permission to use them. This only concerns personal data that we received from you yourself, not data we received from third parties. The purpose of this right is to enable you to easily transfer this data to another party.

Using the IDA Foundation website

We are committed to safeguarding the privacy of our website visitors.

Cookies and Google Analytics

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. We do not collect personal data, and use the information generated to create reports about the use of the website. Google will store this information. Click here to view Google's privacy policy. Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. Please note that blocking all cookies may have a negative impact upon the usability of many websites.

Third Party Websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Social Media (Facebook, Twitter, LinkedIn)

You can choose to message us via our social media pages such as Facebook, LinkedIn and Twitter. We use these platforms to communicate with you reactively, or we may share updates with you if you have chosen to follow IDA Foundation’s page. You may choose to ‘unfollow’ our page at any moment.

The use of social media is your own responsibility. This privacy statement does not apply to the way in which social media platforms deal with the personal data provided by you. Please note that many social media platforms are established outside the European Union and store data outside the European Union. The European Union’s privacy legislation usually doesn’t apply in that case. We would advise you to consult the privacy statement of these social media channels for more information about the way in which they process your personal data.

Adjustment of the privacy statement

The privacy legislation is not static and may be adjusted to keep up-to-date. We will do so if there are new developments, for example if there are changes in our business activities or in the law. You will find the most recent version of this privacy statement on our website. We can also inform you retroactively about changes in this privacy statement through our news page.

Any questions or issues?

Do you have questions about this privacy statement? Please contact