Given the high volume of referrals, the processing time is slightly longer than 2 days. We ask for your understanding.

Privacy Statement

This Privacy Statement applies to the processing of personal data by Stichting Excellent Care Clinics (hereinafter referred to as ECC / ECCI) and Excellent Care Clinics International B.V. (hereinafter referred to as ECCI), located at Leeghwaterweg 1 B, 1951NA Velsen-Noord, and registered in the Dutch Chamber of Commerce under number 68567839.

The processing of personal data by ECC / ECCI is based on the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).

Personal data includes all information that can be traced back to you, such as your name, social security number (BSN), or information regarding your treatment. We ensure that personal data is handled confidentially and in accordance with applicable (privacy) legislation. Patient data is only accessible to directly involved healthcare professionals. Data is not shared with others unless explicit consent has been given by the patient or unless another legal basis applies.

Purposes of Processing

Your personal data is processed by ECC / ECCI for the following purposes:

  • To provide good and effective healthcare and to carry out the treatment agreement we have with you.
  • To maintain administration; calculating, recording, and collecting payments due.
  • To contact you and respond to questions, signals, or complaints, and to inform you about ECC / ECCI services.
  • To send appointment confirmations and reminders.
  • To comply with applicable legislation (administration, retention obligations, and audits, obligations from the Dutch Healthcare Authority).
  • Camera observation may serve various purposes, such as security, supervision, or monitoring of patients requiring intensive care.

Who is the Data Controller for Your Personal Data?

ECC / ECCI is the data controller for the processing of your personal data in connection with our healthcare services.

Which Personal Data Do We Process?

Below we describe which categories of personal data we process.

  • Information required to create a medical file for you, including anamnesis, results, diagnoses, and a treatment plan. We may also process your first and last name, initials, title, date of birth, email address, and mobile phone number. This information is primarily obtained from you. We also record whether you stay in our clinic.
  • Information we need to provide our services. This includes data you provide yourself, as well as information we collect about you, such as the length of your stay, the department, and your room number. We may also process information relating to the nature of your stay and the care you receive, such as diagnosis and treatment codes, appointment information, information about your practitioner, and questionnaires you completed.
  • Information needed to process payments. If you use services, we process your banking data (bank account number, bank name, BSN, insurance information).
  • Information in the form of images processed to ensure the safety and health of individuals. Camera monitoring helps protect patients, visitors, and staff.

Legal Grounds for Processing Your Personal Data

The legal grounds for the above-mentioned processing purposes are:

  • Your consent (Article 6(1)(a) GDPR), for example when ECC / ECCI asks you to participate in research.
  • Pre-contractual measures taken at your request and/or the execution of the agreement concluded with you (Article 6(1)(b) GDPR), such as the Medical Treatment Agreement Act (WGBO).
  • Compliance with legal obligations (Article 6(1)(c) GDPR).
  • Protection of your vital interests or those of others (Article 6(1)(d) GDPR).
  • The legitimate interests of ECC / ECCI or a third party (Article 6(1)(f) GDPR). These legitimate interests include:
    • Security of ECC / ECCI buildings and property;
    • Security and availability of network infrastructure to third parties, for example WiFi provided to patients and visitors;
    • Fraud prevention, monitoring of system logs, such as the Electronic Patient Record (EPD) and internet traffic;
    • Quality assurance and training purposes for employees;
    • Internal and external audits to improve the quality of care;
    • Scientific (or historical) research.

The processing of personal data is subject to strict rules. If we process personal data or instruct third parties to do so on behalf of ECC / ECCI, we are required to record this in a register specifying who is involved and which security measures have been taken.

Transfer Within the European Economic Area (EEA)

Your personal data may be processed within EEA countries where binding agreements with third parties have been established in accordance with the GDPR/UAVG.

Transfer Outside the European Economic Area (EEA)

If applicable, data transfer outside the EEA only takes place when an adequate level of protection is ensured by an (international) organisation. ECC / ECCI follows the relevant legal guidelines (adequacy decision).

Retention Period

ECC / ECCI does not store your personal data longer than necessary to achieve the purposes described above, unless required by law.

  • The retention period for a medical file is 20 years. Your file is destroyed 20 years after the last entry, unless you request earlier destruction.
  • Medical files of children are not destroyed. The retention period starts once the child becomes an adult. A child's file is therefore never destroyed before the age of 39, unless earlier destruction is requested.

Security of Your Personal Data

We have taken appropriate technical and organizational measures to protect your personal data from loss or unlawful use. Our systems and applications are secured according to current standards and regulations for information security in the healthcare sector.

Only employees involved in your treatment or related tasks have access to your personal data. All employees involved in your care are bound by a duty of confidentiality and do not share your data unless a legal or medical necessity exists.

Sometimes we engage third parties to provide certain services. In such cases, we make contractual agreements with these parties (the ‘processor’) to ensure confidential and careful handling of personal data. These agreements are documented in a data processing agreement.

What Privacy Rights Do You Have?

Regarding the personal data we process about you, you have the following rights:

  • Right of access and to receive a copy of your medical file. You may inspect your personal data and your full medical record. The physician may not refuse your request, but may restrict access to certain parts, such as personal notes or information concerning family members.
  • Right to data portability. If we process personal data you provided digitally, you can request to receive it in digital form to transfer it to another healthcare provider. This right applies only to data you provided, not to diagnoses or treatment decisions made by your practitioner.
  • Right to rectification. If we process personal data that is incorrect, you may request correction. Only factually incorrect data can be corrected. You may add your own viewpoint to your file, such as the outcome of a second opinion.
  • Right to object. When we process your data based on legitimate interest (for example for quality research), you may object to this processing.
  • Right to erasure. You may request deletion of your medical file or parts of it. However, we may refuse deletion if it is in your interest, in the interest of others (e.g. family), or if a legal obligation prevents deletion.

Scientific Research, Education and Quality – Opt-out Scheme

Scientific research using existing medical data and/or (remaining) biological material is essential to continuously improve healthcare. This data provides insight into disease progression and treatment. If you do not want your data and/or (remaining) tissue to be used for research, education, or quality purposes, you may object via

privacy@excellentcareclinics.nl

Data Protection Officer

ECC / ECCI has appointed Mr. Rob Donders as Data Protection Officer (DPO). The DPO monitors compliance with privacy legislation and advises ECC / ECCI on privacy matters. The DPO is independent and reports directly to the board. The DPO is also the contact person for all privacy-related questions from both data subjects and the Dutch Data Protection Authority. You can contact the DPO at

privacy@excellentcareclinics.nl

Do You Have a Question or Complaint?

ECC / ECCI will respond to your questions or requests within one month, unless more time is required. If more time is needed, we will inform you within one month. Due to complexity or volume, response time may extend to three months.

If you have any questions about your privacy at Medische Kliniek Velsen, you may contact our Data Protection Officer at privacy@excellentcareclinics.nl.

If you have a complaint, you may contact our staff verbally or by email (klachtenfunctionaris@excellentcareclinics.nl). We recommend discussing your concerns first with your healthcare professional. We always aim to resolve complaints immediately.

Identification

We may request proof of identity when handling questions or requests to prevent personal data from being shared with the wrong person or incorrect changes being made.

Supervisory Authority

You may always file a complaint with the supervisory authority. The supervisory authority for privacy legislation in the Netherlands is the Dutch Data Protection Authority. You can find their contact details via the website:

www.autoriteitpersoonsgegevens.nl

Can This Privacy Statement Be Changed?

This privacy statement may be updated. Changes will be published on this website and the latest update date will be mentioned. We recommend checking this privacy statement regularly.