Privacy Policy

3CO Privacy Policy
Version: 1.2
Last updated: February 13, 2026

Identity and contact details
Adonis2 B.V. | Trade name: 3CO
‍ KvK number: 91610028
VAT number: NL865710892B01
Website: www.3co.nl
‍ E-mail: info@3co.nl

Introduction

‍
The operator of this website is Adonis2 B.V., trading name 3CO. (“3CO”, “we”, “us” or “our”). The associated details can be found under the Identity and contact details section.

‍
We attach great importance to protecting the privacy of our users and handle the personal data of visitors and customers with care. In doing so, we always follow the applicable laws and regulations, including the General Data Protection Regulation (AVG) and other relevant provisions. In this privacy policy, we explain how we collect, use, store and provide personal data when you use our website www.3co.nl (the “Platform”) visits or uses.
Through the Platform, we bring customers into contact with independent doctors we work with (the “Healthcare Providers”). If you choose to have your order delivered by our partner pharmacy (the “Partner Pharmacy”), the Platform also acts as a link with this Partner Pharmacy. Please note: the Healthcare Providers and the Partner Pharmacy are jointly responsible for processing your personal data.
By using the Platform and agreeing to this Privacy Policy, you consent to the processing of your personal data as described herein. If you do not (no longer) accept this privacy policy, you will not be able to use the services and products offered via the Platform.

Personal data that we process

‍
3CO processes personal data that you provide to us yourself and/or that arise because you use our services. Each time you use the Platform, we may collect information about you including the following actions:
- Creating an online account (registration process);
- Filling out an intake form for medical consultation;
- Conducting online contact or consultations with a doctor via chat, audio or video calls;
- Ordering medicines or other products and services;
- Navigating and interactively using the website;
- Contacting us by phone, text message, letter or email.

In doing so, we process the following categories of personal data:
- Identification data: first and last name, date of birth, gender.
- Contact details: address, email address, phone number.
- Account details: username, password and other login details.
- Communication data: correspondence, emails and messages via the Platform or other information provided by you.
- Health information: medical data, treatments, medication information and medical history.
- Social Security Number (BSN): we only ask for this for personal verification by our - Partner Pharmacy and to issue a legally valid prescription.
- Transaction data: information about your purchases, including purchase history. Please note: we do not process payment information ourselves; it is processed securely by our external payment processor.
- Technical data: such as IP address, location data, browser type, device data, log files and cookies.
- Information about your website visit: including the pages you view, the links you click, the route you follow, and what files or information you view or download.
Additional information: Information related to your use of the website and access to our services, such as marketing preferences, completed surveys, and feedback.

The use of our website is only allowed for people aged 18 or over. We do not knowingly collect personal data from minors.

Special and/or sensitive personal data that we process

‍
We are aware of the extra sensitive nature of health-related data (also referred to as special categories of personal data). That is why we take additional precautions to ensure that this information is treated securely and confidentially. This data is only kept for as long as necessary for the purposes for which it was collected.

In this context, 3CO processes the following special categories of personal data:
- (Hair) health
- Social Security Number (BSN)

For what purpose do we process personal data

‍
We process your personal data for various purposes, including:

Services: Offering our products and services in the field of dermatological health, facilitating consultations with Healthcare Providers, and processing your medical data by these Healthcare Providers.
Basis: execution of an agreement (art. 6 paragraph 1 sub b GDPR) for regular personal data; healthcare (art. 9 paragraph 2 sub h GDPR) for medical data by healthcare providers; and explicit consent (art. 9 paragraph 2 sub a GDPR) for special categories of personal data, unless this processing already falls under art. 9 paragraph 2 sub h GDPR.

Purchase and Shipping: Processing your orders, managing purchases and (at your request) delivering medication via our Partner Pharmacy, including filling out your prescription.
Basis: execution of an agreement (art. 6 paragraph 1 sub b GDPR) for regular personal data; healthcare (art. 9 paragraph 2 sub h GDPR) for medical data by the Partner Pharmacy; and explicit consent (art. 9 paragraph 2 sub a GDPR) for special categories of personal data, unless covered by art. 9 paragraph 2 sub h GDPR.

Communication: Maintaining contact about the services and products you have purchased, such as informing you when a new message from your Healthcare Provider is available, sending reminders, providing shipping and tracking information, customer service, and answering questions. This can take place by phone or email when necessary for our services.
Basis: execution of an agreement (art. 6 paragraph 1 sub b GDPR) and legitimate interest (art. 6 paragraph 1 sub f GDPR) for regular personal data; explicit consent (art. 9 paragraph 2 sub a GDPR) for special categories of personal data.

Marketing: Sending marketing and promotional materials, including reminders of products and services you've expressed interest in. If you have given your consent, medical data can also be used to provide customized marketing information. Basis: explicit consent (Art. 9 (2) (a) GDPR) for special categories of personal data; consent (Art. 6 (1) (a) GDPR) for regular personal data; and legitimate interest (Art. 6 (1) (f) GDPR) to inform existing customers about similar own products or services after a purchase.

Online ads: Using online advertisements to make our products and services visible and to inform you about what we offer.
Basis: legitimate interest (Article 6 (1) (f) GDPR), provided that we are authorized to use your personal data for this purpose.

Improvement of services: Performing user analyses and customer satisfaction surveys to improve our services and marketing activities.
Basis: legitimate interest (Art. 6 (1) (f) GDPR) or consent (Art. 6 (1) (a) GDPR).

Legal obligations: Complying with legal obligations, including retention obligations and reports to competent authorities.
Basis: legal obligation (Article 6 (1) (c) GDPR).

On what basis do we process personal data

‍
We base the processing of personal data on the following legal grounds:
- Consent (art. 6 paragraph 1 sub a GDPR): when you have explicitly given permission to process your personal data for a specific purpose.
- Explicit consent (Article 9 (2) (a) GDPR): this specifically applies to special categories of personal data that require your explicit consent.
- Health care (art. 9 paragraph 2 sub h GDPR): processing that is necessary for medical diagnosis, the provision of health care or the performance of treatments. This processing takes place by or under the responsibility of a healthcare professional, including the Healthcare Providers and the Partner Pharmacy. We rely on this basis when your data is processed by or under the responsibility of these parties.
- Performance of an agreement (Art. 6 (1) (b) GDPR): when the processing is necessary for the execution of the agreement you have entered into with us, or to take certain steps at your request prior to the agreement.
Legal obligation (Art. 6 (1) (c) GDPR): to comply with legal requirements that we are obliged to comply with.
- Legitimate interest (Art. 6 (1) (f) GDPR): for purposes that arise from our legitimate interests, such as improving our services, provided that this does not affect your fundamental rights and freedoms.

consent

‍
In particular, we obtain your explicit consent for the collection and provision of medical data (including sharing it with Healthcare Providers and the Partner Pharmacy). This information may be provided by you via the intake form, the chat function or in other ways. You grant this consent as soon as you start the intake process and agree to this privacy policy.

If you choose not to place your order through the Partner Pharmacy, your medical information will not be shared with them.

In addition, you give us permission to use your medical and sensitive information to better tailor the marketing messages we send to your personal situation, in line with this Privacy Policy.

You reserve the right to withdraw your consent at any time.

Cookies and similar techniques that we use:
At 3CO, we use cookies and similar technologies to improve your visit to our website. This allows us to analyze the performance and functionality of the site and to provide personalized content and ads. In this section, we explain the types of cookies we use and how you can manage your preferences.

3CO uses different categories of cookies: essential cookies, analysis cookies, personalization cookies and marketing cookies. A cookie is a small text file that is placed in the browser of your computer, tablet or smartphone when you first visit the website. Our functional cookies ensure that the website works properly and remember, for example, your settings and preferences. In addition, we use cookies to make the website function optimally and to map user behavior so that we can show you more relevant content and ads.

On your first visit, we informed you about our use of cookies and asked for permission to place them. Do you not want cookies? Then you can set your browser so that no more cookies are stored. You can also manually delete previously placed cookies via your browser settings. More information about this can be found at: veiliginternetten.nl. Please note that third parties, such as social media companies, can also place cookies via our website.

What are cookies?

‍
Cookies are small text files that are stored on your device when you visit our website. Thanks to cookies, we can recognize your device the next time you visit, remember your preferences and analyse how the website is used so that we can make improvements.

How do we use cookies?

‍
Essential cookies: necessary for the website to function. Without these cookies, basic functions such as navigation and access to secure pages will not work properly.
Analysis cookies: collect information about the use of the website, such as which pages are most visited or if error messages occur. The information has been aggregated and therefore anonymous.

‍
Personalization cookies: enable additional functions and personal settings. These can be placed by ourselves or by external providers whose services we use.

‍
Marketing cookies: ensure that ads are better suited to your interests. They also limit how often you see the same ad and help measure campaign effectiveness.

Managing cookie preferences

‍
You decide how cookies are used. Via your browser, you can set cookies to be rejected or to receive a notification when a cookie is placed. Please note that disabling cookies may limit the functionality of our website, so you may not be able to use all features.

Sharing personal data with third parties

‍
We use external parties to perform our services. 3CO never sells your data to third parties. Data is only shared when it is necessary to provide our services or when we are legally obliged to do so. If third parties process personal data on behalf of 3CO, this always happens on the basis of a processing agreement that includes agreements about the protection and security of personal data. Below, we explain who we share data with, why this happens and under what conditions:

Partner pharmacy: In order to provide you with the prescribed medication, we share relevant personal data with our Partner Pharmacy. This may include prescription and additional medical information. Countermedication control can also take place via the National Exchange Point (LSP), so that safe use in combination with other medicines is guaranteed.

‍
Healthcare providers: your medical data can be shared with your treating doctor so that they have a complete overview of your health situation and can tailor treatment accordingly. This may also include patient data from the online questionnaire, if you have given your consent.

‍
Payment processor: For the secure processing of payments, 3CO collaborates with Plug&Play. As soon as you make a purchase, your payment details are immediately processed by Plug&Play. 3CO itself has no access to this information. Plug&Play processes your data in accordance with their own privacy policy and strict security standards.
Statutory authorities: if we are obliged to provide data to government organizations or supervisors.

‍
Third-party advertising services: In order to provide customized advertising services, 3CO may share certain data with external advertising partners.
Service providers: we work with various external parties that provide support services. This may include IT service providers (including cloud providers such as Amazon Web Services), payment operators (such as Plug&Play), courier services for order delivery (e.g. PostNL), and other parties that provide us with technical or support services.

Transfer of data to third countries

‍
3CO tries to limit the transfer of personal data outside the European Union (EU) as much as possible. In some cases, however, it may be necessary to transfer personal data to parties outside the EU.

One example is the use of service providers' servers in the United States for the purposes mentioned above. Specifically, this concerns Webflow, where the transfer takes place on the basis of standard contractual clauses approved by the European Commission. Upon request, we can provide you with a copy of these terms. With Webflow, only technical data and information about your website visit is shared.

Comply with personal data processing principles

‍
3CO processes personal data in line with the six fundamental principles of the General Data Protection Regulation (GDPR). These principles form the basis of our data policy and guarantee that we handle personal data carefully and responsibly.

Legality, Fairness and Transparency

‍
Legality: personal data is only processed on the basis of a valid legal basis, such as consent from the person concerned, performance of an agreement, compliance with legal obligations or our legitimate interest.
Fairness: processing takes place in an honest manner, where we treat personal data with respect.
Transparency: we inform stakeholders clearly and accessible via this privacy policy and other means of communication about how personal data is collected, used and shared.

‍
Purpose limitation

‍
We process personal data only for predetermined, concrete and lawful purposes that have been clearly shared with the person concerned. Data is not further used in a way that is contrary to these purposes.
Examples of purposes include providing medical care, managing user accounts and improving our services.

Data minimization

‍
We limit processing to the personal data that is strictly necessary for the intended purposes. Only data that is relevant and does not go beyond what is necessary is collected. Our data collection practices are reviewed regularly to ensure that no redundant information is collected or retained.
Accuracy
We ensure that personal data remains accurate and up to date. Incorrect or outdated data will be updated or deleted as soon as possible.
Data subjects have the right to have their data corrected, and we have set up procedures to easily exercise this right.

Storage limitation

‍
Data is not kept longer than necessary for the purpose for which it was collected, or as long as legal retention periods require.
For example, medical data is stored in accordance with the legal obligations for medical records. As soon as data is no longer required, we securely delete or anonymise it.

‍
Confidentiality and Integrity

‍
We take appropriate technical and organizational measures to protect personal data against unauthorized access or processing, and against loss, destruction or damage. Examples include encryption, access restrictions and the use of secure communication channels.

How we protect personal data

‍
3CO takes the security of personal data very seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unlawful alteration or destruction. If you still have reason to suspect that your data is not properly secured or that there is abuse, please contact our customer service directly via the live chat on the website or by email at info@3co.nl.

To protect your personal data, 3CO has implemented the following organizational and technical measures, among others:
- Access control: access to personal data is only possible for authorized employees and third parties who need this information for their work. Access is further secured with role-based authorizations and two-factor authentication.
- Encryption: data is stored and transmitted in encrypted form, both at rest and during transmission, using strong encryption protocols. This ensures confidentiality and integrity of personal data.

‍
Secure connections: Communication with our website takes place via a secure TLS connection. In addition, we use DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance). These technologies ensure that e-mail communications from 3CO cannot be falsified and that your messages are delivered securely and reliably. Together with TLS, DKIM and DMARC ensure that data and correspondence between you and 3CO remain protected and confidential.

‍
Backups and recovery: we regularly back up personal data and have set up recovery procedures to ensure the continuity of our services in the event of incidents or data leaks.

‍
Monitoring and logging: our systems are actively monitored to identify suspicious activity. We also keep log files of access to personal data for control and accountability.

3CO continues to continuously review and improve these measures to ensure a high level of security.

Patient and Consumer Rights

‍
You have the following rights with respect to your personal data:
- Right of access — you can request what personal data 3CO processes about you, including the purposes of the processing, the categories of data and the recipients.
- Right to rectification — if your information is inaccurate or incomplete, you can ask us to correct or complete it.
- Right to be forgotten — in certain situations, you can ask us to delete your personal data, for example when data is no longer required, you withdraw your consent, or the processing proves unlawful.
- Right to restrict processing — in specific cases, such as when the accuracy of data is disputed or objected, you can request that processing be temporarily restricted.
- Right to data portability — you may receive the personal data that you have provided to 3CO in a structured, commonly used and machine-readable form and transfer it to another party without hindrance.
- Right to object — you can object to processing based on your specific situation at any time, in particular when processing is based on a legitimate interest or a task carried out in the public interest.
- Right to withdraw consent — if processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of the processing that took place before the withdrawal.

Exercising your rights

‍
You can exercise your rights by contacting us using the contact details in this privacy policy or on our website. We will respond within a reasonable time and in accordance with applicable laws.

In addition, we would like to point out that you have the opportunity to file a complaint with the Data Protection Authority. This can be done via: autoriteitpersoonsgegevens.nl.

3CO respects your privacy and rights and encourages you to contact us if you have any questions or concerns.

How long we keep personal data

‍
We do not keep personal data longer than necessary for the purposes for which it was collected, or as long as required by law. Data is stored as long as you are registered as a user of the Platform. Afterwards, data can be stored for historical, statistical or scientific purposes, with 3CO striving to store it in a form that no longer makes it possible to identify people. Medical data is stored in accordance with the legal storage periods for medical records.

Privacy Policy Changes

‍
We reserve the right to change this privacy policy. In case of major changes, we will inform you via the Platform or by e-mail. We recommend that you check this policy regularly to stay informed about how we process your personal data.

Contact

‍
If you have any questions, comments or complaints about this privacy policy or our handling of personal data, please contact us at: info@3co.nl.
We strive to process your message within a reasonable period of time and reach a solution.