Privacy Statement - Sanus Psychology

This privacy statement provides clarity regarding the processing, storage, and security of personal data at Sanus Psychology Practice, in compliance with the EU General Data Protection Regulation (GDPR/AVG), NEN 7510, and relevant Dutch healthcare laws (e.g., WGBO).

Application

This privacy statement applies to:

• (Potential) clients of Sanus Psychology Practice.

• Visitors to the practice premises or website (https://www.expatpsychology.nl/).

• Associates (e.g., supervisors, trainers, or collaborators).

Processing of Personal Data

Personal data refers to all data that can identify an individual. I distinguish between ordinary personal data and special personal data:

• Ordinary personal data: Name, contact details, date of birth, nationality, etc.

• Special personal data: Data related to your mental or physical health, family history, and treatment-related information.

I collect/process personal data in the following ways:

1. Directly from you: During intake, therapy, or via forms, phone calls, email, or in person.

2. Via third parties: Data shared with your consent by referrers, previous care providers, or collaborators.

3. From website use: When visiting or interacting with the website (e.g., contact forms).

4. From audio recordings: Only with your explicit, written permission.

Legal Basis for Processing

Your data is processed under one or more of the following legal grounds:

1. Consent: Written consent provided by you. You may withdraw your consent at any time without affecting the legality of prior data processing.

2. Execution of a treatment agreement: For fulfilling therapy goals collaboratively set with you.

3. Legal obligations: Complying with laws such as the WGBO and fiscal obligations.

4. Legitimate interests: For operational purposes like scheduling appointments or invoicing.

Security of Your Data

I have implemented technical and organizational measures to ensure your data is protected against unlawful access, loss, or unauthorized processing, including:

1. Encryption:

• Digital data (e.g., session notes) is encrypted at rest and during transfer to secure storage.

• Emails containing sensitive information are sent using encrypted channels (e.g., ProtonMail with password protection).

2. Access Control:

• Physical files are kept in a locked cabinet in a secure office.

• Devices used for data processing (e.g., tablets, laptops) are password-protected and encrypted.

3. Data Minimization:

• Only essential data is collected and retained for the required period.

4. Secure Communication:

• Sensitive information is shared with you securely, using encrypted email or password-protected documents.

Data Retention

Your data will be stored only as long as necessary or as required by law:

1. Medical and session records: Retained for 20 years after the end of therapy, in compliance with the WGBO.

2. Financial and administrative data: Retained for 7 years, as required by tax law.

After these periods, data will be securely deleted or destroyed.

Sharing Data with Third Parties

I only share your personal data under the following conditions:

1. With your consent: For referrals, consultations, or collaboration with other professionals.

2. For operational purposes:

• Invoicing and bookkeeping.

• Tax reporting.

• Administrative support (e.g., continuity planning for practice management in case of my incapacity).

3. With processors: I ensure all third-party service providers (e.g., email, cloud storage) have signed Data Processing Agreements (DPA) to comply with GDPR/NEN 7510.

4. When legally required: Such as when mandated by a court or supervisory authority.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

1. Access: You may request access to the data I have about you.

2. Rectification: You may request corrections to inaccurate or incomplete data.

3. Erasure: You may request the deletion of your data when it is no longer required, except for data I am legally required to retain.

4. Data portability: You may request your data in a portable format for transfer to yourself or another professional.

5. Objection or restriction: You may object to or request the restriction of certain data processing activities.

To exercise these rights, please contact me at info@expatpsychology.nl. You may be asked to verify your identity before I process your request.

Complaints

If you believe your data is not handled properly, I encourage you to contact me directly so we can resolve the issue.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at:

www.autoriteitpersoonsgegevens.nl

Changes to This Privacy Statement

This privacy statement may be updated as necessary to reflect changes in legal requirements or operational practices. The most recent version will always be available at https://www.expatpsychology.nl.

Contact Details

Sanus Psychology Practice

Middelstegracht 131

2312 TV Leiden

Email: info@expatpsychology.nl

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.