The General Data Protection Regulation (GDPR) requires Sanus Psychology Practice to specifically ensure it complies in terms of protection of privacy, that only necessary personal data is recorded and kept, and that processing, access control and securitisation protocols are in place to protect use (processing) of, and access to personal data.
Privacy Statement (GDPR compliance)
This Privacy regulation statement provides clarity regarding the processing and use of personal data and associated material within the operational sphere of Sanus Psychology Practice, based on compliance with the EU General Data Protection Regulation (GDPR)
Application
This privacy statement applies to the following categories of individuals:
- (potential) clients
- visitors of the practice
- visitors of the website (https://www.expatpsychology.nl/)
- associates (supervisors, trainers etc.)
Processing of personal data
Personal data are all data that can be traced to a specific person (not to an organization, association or company). We distinguish them in ordinary and special personal data. Ordinary personal data provide factual information about a person (e. g name, date of birth, gender, nationality, BSN-number, current address, contact details etc.). Special personal data concerns data of a sensitive nature (e. g information related to your mental and physical health, family history etc.).
I collect/process personal data:
- that the client has provided me with, either in person (orally or via forms), or by telephone, or digitally (via e-mail)
- that referrers or other care providers have submitted to me under the written permission of the person concerned
- during a visit by a data subject to the website
- via audio recordings when the client involved has signed a written permission
Legal basis
I process personal data under the following legal grounds:
- The written consent of the (former or current) client. This permission can always be withdrawn for the future, without this affecting the lawfulness of the processing of the data collected before the withdrawal
- Aiming to attend to a treatment plan and goals set in collaboration with the client
- A legal obligation, such as the obligation to keep records (according to the WGBO- The Act on the Medical Treatment Agreement and NIP)
- A legitimate interest, such as the use of contact information for inviting a meeting or being paid for my services.
The basis for this personal data is the agreed request for help and / or assignment.
Special personal data are stored digitally and encrypted, in accordance with the rules of the WGBO and NIP.
Provision to third parties
For example, I may use a third party for:
- The internet environment of the GDPR program (to safeguard the privacy of your data)
- Taking care of the invoicing
- Reporting the tax in connection with my business operations.
- Dealing with administrative tasks and referring my clients in case of my death or severe incapacity-injury to handle the tasks of my practice
I never pass on personal data to other parties with whom I have not entered into a processor agreement. The processing agreement contains the necessary agreements to ensure the security of your personal data. Furthermore, I will not pass on the information provided by you to other parties, unless this is legally required and permitted. I will always share special personal data in accordance with the rules of the WGBO and NIP.
Storage period
I do not store personal data longer than necessary for the purpose for which it was provided or required by law.
That means:
- medical data: at least 20 years after the end of the treatment
- (financial) administrative data: 7 years after recording the data
Security
I have taken appropriate technical and organizational measures to protect your personal data against unlawful processing.
Rights concerning your data
You have the right to inspect, rectify or delete the personal data that I have received from you (the deletion can be requested after the expiration of the “storage period” mentioned above). In any case, the right to request any correction or removal does not apply to the findings/conclusions which are the psychologist’s professional responsibility. You, also, have the right to have your data transferred by me to yourself or, by order of you, directly to another party. I will ask you to adequately identify yourself before I can respond to the aforementioned requests.
You always have the right to withdraw your consent to me to process your personal data in the future without this affecting the lawfulness of the processing of the data collected before the withdrawal.
Complaints
If you have a complaint about the processing of your personal data, I kindly ask you to contact me about this primarily in hope that we can come to a solution together. You always have the right to file a complaint with the Dutch Data Protection Authority, this is the supervisory authority in the field of privacy protection.
Changes to privacy statement can always change this privacy statement. A current version of the privacy statement is published on the website.
Ask
If you have any questions or comments about this Privacy Statement, please contact me.
Contact details
Sanus Psychology Practice
Middelstegracht 131, 2312 TV Leiden
info@expatpsychology.nl