Privacy policy

Last updated: 28 January 2026

Introduction

Welcome to NoordWell. We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website or services. It applies to our online store (noordwell.com), the MediSync product (including its physical device and companion mobile app), and any related services. We comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: NoordWell, Eerste Jan Steenstraat 72, 1072 NN Amsterdam, Netherlands, is the data controller of your personal data. In this policy, “we” or “us” refers to NoordWell. If you have any questions about how we use your data, you can contact us using the details in the Contact Us section below.

What Data We Collect

We only collect the personal data that we need to operate our business and provide our products and services to you. This includes:

  • Identity and Contact Information: For example, your name, shipping and billing address, email address, and phone number. We collect these when you create an account, make a purchase at checkout, or contact us.

  • Account Credentials: If you create an account on our site or app, we collect login details such as your username and password (stored in an encrypted form).

  • Order and Payment Information: Details necessary to process your orders, such as products ordered, order date, and payment method. Payment card information (e.g. credit card numbers) is handled securely by our payment processor (e.g. Shopify Payments or PayPal) – we do not store your full card details ourselves.

  • MediSync Device & App Data: If you use our MediSync smart pill box and its mobile application, we collect information you provide through the app (for example, medication names, dosage schedules, reminders) and data generated by the device/app during use. This may include logs of when a dose compartment is opened or a dose is taken, timestamps, and similar adherence information. We treat this as personal and sensitive information, and it is used only to deliver the MediSync service to you (such as sending you dose reminders or tracking your schedule). Every dose log is encrypted and stored securely.

  • Technical and Usage Data: When you interact with our website or app, we automatically receive some data about your device and usage. For example, we may collect your IP address, browser type, device type, operating system, unique device identifiers, pages or screens viewed, and time spent. This data helps us understand how our site and app are used and to secure our services. We collect this through cookies and similar tracking technologies (explained in Cookies below) and through the app’s normal operation. This information is generally aggregated and does not directly identify you, but it may be linked to your account or device.

  • Communication Data: If you contact us (via email, contact form, or support channels), we will collect the information you provide in those communications, such as your inquiries or feedback, along with your contact details. We use this to respond to you and keep records of our correspondence.

We do not collect any special categories of personal data about you unless you voluntarily provide it (for instance, health-related information you input into the MediSync app). We also do not knowingly collect personal data from children under the age of 16, and our products and services are not intended for children.

How We Collect Your Data

We collect personal data in the following ways:

  • Directly from You: Most data is provided by you. For example, you enter your information when placing an order, creating an account, filling in a form (such as the contact form or newsletter sign-up), or when using the MediSync app (by inputting your medication schedule or other data).

  • Automatically: Some data is collected automatically as you use our website or app. We use cookies and similar technologies to remember your preferences and gather usage statistics. The MediSync device/app also automatically logs certain events (like dose times) to function properly. This automatic collection is detailed in our Cookies section and the MediSync Data description above.

  • From Third Parties: In general, we do not purchase or obtain data about you from third-party sources. However, if you choose to sign in via a third-party service or link the app with a third-party (for example, if in future you link MediSync with a health platform or share data with a caregiver), we would obtain data through that integration with your consent. Also, when you make a payment, we receive confirmation from the payment provider. These third-party sources are limited to those needed to provide our services to you.

Why We Collect Data and Lawful Basis

We process your personal data only for specific purposes and in accordance with a lawful basis under GDPR. The main purposes for which we use your data, and their legal justifications, are:

  • To fulfill orders and provide our services: We use your identity, contact, and order information to process transactions, take payment, ship your MediSync device, and provide you with the products or services you requested. We also use your MediSync app data to operate the app’s features (for example, to send you medication reminders or sync your dose logs). Lawful basis: Performance of a contract with you (i.e. to deliver the product or service you have purchased or requested).

  • To communicate with you: We use your contact information to send service-related communications. This includes sending order confirmations, shipping updates, changes to our terms or policies, and responding to your enquiries or support requests. Lawful basis: Performance of contract (for communications related to your orders or account) and our legitimate interest in providing good customer service.

  • To send marketing updates (with consent): If you subscribe to our newsletter or otherwise opt-in, we will use your email to send you news, offers or product updates. You can unsubscribe at any time. We may also send you occasional product recommendations if you are an existing customer, as allowed by law. Lawful basis: Consent (for subscribers) or our legitimate interest in promoting our products to customers (with always the option to opt out). We will not send you marketing emails if you have not opted in or if you object.

  • To improve and personalise our products and website: We analyse how customers use our website, app, and device to improve functionality and user experience. For example, technical and usage data helps us debug issues, optimise our user interface, and understand which features are most useful. We may also use MediSync usage data in aggregate to improve device features or develop new products. Wherever possible, we use aggregated or anonymised data for analytics. Lawful basis: Legitimate interests – it is in our interest to refine our products and services, and we ensure this does not override your rights.

  • To ensure security and prevent fraud: We may use personal data (like IP addresses or order history) to protect our website, app, and customers from fraud, theft or misuse. This includes verifying accounts, monitoring for suspicious activity, and enforcing our terms of service. Lawful basis: Legitimate interests in maintaining the security of our services and preventing harm, and in some cases legal obligation (if we are required by law to implement certain anti-fraud measures).

  • To comply with legal obligations: We retain and use certain data to fulfil our legal and regulatory duties. For example, we keep transaction records for accounting/tax purposes and may process personal data to handle product warranties or safety recalls. We may also disclose information if required by law (e.g. complying with a court order or a request from authorities). Lawful basis: Legal obligation.

  • With your consent, for other specific purposes: In certain cases we may ask for your consent to use your data for a purpose that is not covered by the above. For instance, if you choose to link your MediSync data to a caregiver’s app or share your information with a doctor, we will do so only with your explicit direction/consent. You are free to withdraw such consent at any time. When consent is withdrawn, we will stop the processing for that purpose.

We will not use your personal data for any purpose that is incompatible with the ones listed above. In particular, we do not sell your personal data to anyone, and we do not use your data for third-party advertising purposes. We also do not engage in excessive tracking of our users’ browsing beyond what’s needed for analytics and functionality (see Cookies below). Your data stays yours – we use it only as explained in this policy.

Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit our site. We use cookies and similar technologies to ensure our website and services function properly, to remember your preferences, and to understand how people use our site or app. Here is a summary of how we use them:

  • Essential Cookies: These are necessary for the website to operate. For example, our store uses cookies to keep items in your shopping cart and to enable the checkout process. Without these, the site would not remember your cart or login status.

  • Analytics Cookies: We use third-party analytics (such as Google Analytics) to collect information about website traffic and user interactions. This helps us improve our website’s design and performance. Analytics cookies may track things like how you navigated our site, which pages you viewed, and how long you spent. The data collected is aggregated and anonymised; we do not identify you personally via analytics. You can opt out of Google Analytics by using a browser add-on if you wish.

  • Functionality Cookies: These remember choices you make (like language or region, if applicable) to provide enhanced features and a more personal experience. For instance, the MediSync app or web account might use a form of local storage or cookie to keep you logged in or remember your settings.

  • Advertising Cookies: Currently, we do not use third-party advertising or targeting cookies on noordwell.com. We do not show third-party ads, and we do not track your browsing outside of our own website. If this changes in the future, we will update this policy and request any necessary consents.

Cookie control: When you first visit our site, you may see a cookie notice. By using our site after seeing this notice, you agree to the use of cookies as described. You can always choose to disable cookies by adjusting your browser settings. You can also delete cookies that have already been set. Please note, however, that blocking all cookies may impair the functionality of our website (for example, the shopping cart may not work without cookies).

For more information on cookies and how to manage them, you can visit AboutCookies.org (a general information site). Our use of cookies is designed to be compliant with EU law. If you have any questions about specific cookies we use, feel free to contact us.

Who We Share Your Data With

We treat your personal data with care and confidentiality. We do not sell your information to third parties. However, we do share certain data with trusted third parties in order to run our business and provide services to you. These recipients include:

  • Service Providers and Partners: We share data with companies that help us operate our website, store, and services. This includes:

    • Shopify: Our online store is built on Shopify. Shopify acts as our e-commerce platform and hosts the site. This means information you provide (like your name, email, address, and order details) is stored on Shopify’s servers. Shopify is a trusted platform that is GDPR-compliant and has strict data protection measures. They will only use your data to support our website (for example, processing payments and orders) and as otherwise agreed in their contract with us.

    • Payment Processors: When you make a purchase, your payment is handled by third-party payment gateways (such as Shopify Payments, PayPal, or credit card networks). These processors receive your payment details directly to process the transaction. We share with them the information needed to verify and complete the payment (e.g. order total, currency, and sometimes your email or billing address for verification). They are responsible for your payment data and have their own legal obligations to protect it.

    • Shipping and Delivery Companies: We share your name, contact information and shipping address with our delivery partners (for example, postal services or courier companies) so they can deliver your orders. They will use this info only for shipping and delivery purposes.

    • Email and Communication Tools: If we send newsletters or important notifications, we may use an email service provider (for instance, an email marketing platform) to distribute those messages. We provide your email address and sometimes your name to that service for the purpose of sending you our communications. They are not allowed to use your email for anything else.

    • Analytics and Developers: We use Google Analytics (and similar analytics tools) to help us understand usage of our site and app. These tools may process technical and usage data (as described in Cookies). Google may store this data on servers outside the EU (e.g. in the USA). We have measures in place (such as a data processing agreement and IP anonymisation) to protect your data. Other technical partners or developers who assist in maintaining our website and app may also have access to data in the course of their work, but they will only process it on our instructions and under confidentiality.

  • Business Transfers: If NoordWell undergoes a business change, such as a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner as part of the transaction. If that happens, we will ensure your data remains protected and give you notice before any transfer, as well as any choices you may have.

  • Legal Requirements and Protection: We may disclose personal data if required to do so by law or valid legal process (for example, in response to a court order or a request from law enforcement). We may also share information when we believe it’s necessary to comply with a legal obligation, to enforce our terms and conditions, or to protect the rights, property, or safety of NoordWell, our users, or others. This could include sharing information with authorities or fraud prevention agencies.

  • With Your Consent or At Your Direction: Apart from the cases above, we will only share your data with third parties if you have given us explicit permission. For instance, if the MediSync app offers an option to share your medication adherence data with a family member, caregiver, or doctor at your request, we will do so only with your authorisation. You are in control of whether such data is shared and with whom.

International Transfers: Whenever we share your data with third parties, it might involve transferring your personal data outside the European Economic Area (EEA). For example, Shopify’s servers or Google’s analytics servers may be located in Canada or the United States. If we transfer data outside the EEA, we ensure that appropriate safeguards are in place to protect your information. These safeguards might include: using companies in countries officially deemed to provide an adequate level of data protection (for example, Canada is recognised by the EU as having adequate privacy laws for commercial organisations), or implementing EU Standard Contractual Clauses (SCCs) with the service provider to contractually require the same level of data protection. We remain responsible for the protection of your information, regardless of where it is processed.

We require all service providers to respect the security of your personal data and to treat it in accordance with the law. They are only permitted to process your data for specified purposes and in accordance with our instructions.

How Long We Keep Your Data

We will not retain your personal data for longer than necessary. We keep different types of data for different periods, depending on the purpose for which it was collected and our legal obligations. Here are some general guidelines on our retention periods:

  • Order and Transaction Data: We retain records of your purchases (including invoices, order details, and payment history) for as long as needed to complete the transaction and thereafter as required for accounting and tax compliance. In the Netherlands, for example, we are obliged to keep financial records for 7 years.

  • Account Information: If you create an account with us, we will keep your account details (name, contact info, login credentials, etc.) until you delete your account or ask us to delete them. Inactive accounts may be archived or deleted after a lengthy period of non-use, but we typically retain account data to make your return easier unless you request removal. You can also request deletion of your account at any time (see Your Rights below).

  • MediSync Device/App Data: We retain your MediSync-related data (medication schedules, dose logs, etc.) as long as you continue to use the device and app so that you have a continuous record and service. If you stop using MediSync or request deletion of this data, we will delete or anonymise the personal data associated with your account (unless we need to keep it for a legal reason). By default, when an account is deleted, associated MediSync logs and personal settings are removed from our active systems.

  • Marketing Emails: If you have consented to receive marketing communications, we will keep your contact details on our mailing list until you unsubscribe or withdraw your consent. If you unsubscribe, we will promptly remove you from the mailing list (though we may keep a record of your request to ensure we respect it in future).

  • Communications and Support: Emails or messages you send to us may be kept for our records so we can refer to them when providing you with support. We will not retain personal communications longer than necessary, but we may keep records of customer service interactions for a certain period (typically up to a few years) in case you have further queries or for training and quality purposes.

  • Analytics Data: Aggregated analytics data (which does not directly identify individuals) may be retained longer for historical analysis. However, any personal components of usage data (like an IP address in server logs) are typically anonymised or deleted within a short period (a few months) unless we need to retain it for security investigations.

After the relevant retention period has ended, we will either securely erase your personal data or anonymise it so it can no longer be linked to you. For example, instead of deleting an order record entirely, we might remove personal identifiers from it, and retain the non-personal parts (like product and sales information) for business analytics. If there is any data we cannot fully delete due to technical reasons, we will put measures in place to prevent any further use of it.

Your Rights Under GDPR

As an individual in the EU (or in certain other jurisdictions with similar laws), you have rights regarding your personal data. We respect these rights and have processes to help you exercise them. Your key data protection rights are:

  • Right of Access: You can ask us to confirm if we are processing your personal data and request a copy of the data we hold about you. This allows you to know and verify the information we have.

  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay. For example, if you change your email address or notice an error in your account info, let us know and we will fix it.

  • Right to Erasure: This is also known as the “right to be forgotten.” You can request that we delete your personal data if it is no longer necessary for us to hold it, or if you have withdrawn consent (where applicable) or object to our processing (see below), or if we are unlawfully processing your data. Please note, for legal reasons we might not be able to delete certain data immediately – for instance, we must keep some transaction records for tax law. But we will inform you if that’s the case.

  • Right to Restrict Processing: You have the right to ask us to limit the processing of your data in certain circumstances. This means we would store your data but temporarily not use or share it until the restriction is lifted. You might exercise this if you contest the accuracy of the data or have objected to processing and want us to pause while you verify something, for example.

  • Right to Data Portability: You can request a copy of certain information you have provided to us in a structured, commonly used, machine-readable format. You may also request that we send that data to another company where technically feasible. This right applies to data processed by us by automated means, under the legal basis of consent or contract (for example, you might want an export of the data you put into the MediSync app).

  • Right to Object: You have the right to object to our processing of your personal data when we are relying on legitimate interests as the lawful basis, and you feel our processing impacts your rights. You also have the absolute right to object to your data being used for direct marketing purposes. If you object, we will stop processing your data for that purpose unless we have a compelling legitimate ground to continue (or if needed for legal claims). In the case of marketing, if you object or opt-out, we will cease marketing to you.

  • Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. For example, you can unsubscribe from our marketing emails or disconnect a linked service you had opted into. Withdrawing consent will not affect the lawfulness of any processing we did before your withdrawal.

  • Right not to be subject to automated decisions: We do not currently make any decisions about you that are purely automated (without human involvement) and that have legal or similarly significant effects. If that ever changes, you would have the right to certain protections and to request human review of any such decision.

To exercise any of these rights, please contact us (see Contact Us section). We may need to verify your identity before fulfilling certain requests (for example, to ensure we do not give your data to someone else). We will respond to your requests as soon as possible, and at least within the timeframe required by law (generally within one month for GDPR requests). Exercising these rights is free of charge. However, if a request is unfounded or excessive (e.g. repetitive), we may charge a reasonable fee or refuse the request, as permitted by law – but we will explain why.

If you believe we have not handled your personal data properly or have not satisfied your rights, you also have the right to lodge a complaint with a supervisory data protection authority. If you are in the Netherlands, you can contact the Autoriteit Persoonsgegevens (Dutch Data Protection Authority). If you are in another EU/EEA country, you can contact your local Data Protection Authority. Of course, we would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any complaints or issues.

Data Security

We understand that the personal data you share with us is important and must be protected. We take appropriate security measures to safeguard your information against unauthorised access, alteration, disclosure, or destruction. These measures include technical safeguards (such as encryption, secure servers, and firewalls) and organisational measures (ensuring that only staff who need your information to perform their duties have access to it, and that our staff and partners are trained in data protection). For example, we encrypt sensitive data in transit (TLS/SSL for our website) and at rest where applicable. Your MediSync device logs and health-related data are stored securely with encryption, and strict access controls are in place so that only you (and those you authorise) can view that information.

Despite our best efforts, please note that no method of transmission over the internet or electronic storage is 100% secure. We continuously work to protect your data, but we cannot guarantee absolute security. We also depend on you to help keep your information safe. We encourage you to choose strong, unique passwords for your account and to keep them confidential. If you have any reason to believe that your interaction with us is no longer secure (for example, if you suspect that your account has been compromised), please contact us immediately so we can assist.

Updates to This Policy

We may update or modify this Privacy Policy from time to time, for example to reflect changes in our practices, technology, legal requirements, or other operational reasons. When we make changes, we will post the updated policy on our website and change the “Last updated” date at the top. For significant changes, we may also notify you directly (such as by email or a notice on our homepage). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Any changes will become effective when posted, unless otherwise required by law. If we make changes that materially affect how your personal data is processed, we will seek your consent if required.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help with any privacy or data protection queries you may have.

  • Email: support@noordwell.com

  • Postal Address: NoordWell, Eerste Jan Steenstraat 72, 1072 NN Amsterdam, Netherlands

  • Telephone: +31 (0)20 214 6660 (Monday–Friday, 9:00–17:00 CET)

NoordWell is responsible for the processing of your personal data as described in this policy. You can also reach out to us to exercise your data rights or for more information about our privacy practices. We will respond as promptly as possible.

Thank you for trusting NoordWell with your information. We value your privacy and will always work to protect it. Your data stays yours – and we are dedicated to using it responsibly and securely, so you can use MediSync and our services with peace of mind.