1. Introduction
When you visit our site or use our services, we need data from you to make this possible. We only ask for personal data that we really need for the service in question. In doing so, we adhere to the General Data Protection Regulation (GDPR). This is legislation that uniformly regulates the privacy of citizens in all EU countries.
This privacy statement explains how we handle personal data.
2. Who is responsible for processing my personal data?
The platform organisation gevoelszaken, with its registered office in Hollandsche Rading, processes personal data as described in this privacy statement. Sometimes we do this for our own services, such as intakes (introductory appointments). In that case, we are the controller. But sometimes we also process personal data under instructions from and on behalf of practitioners who have asked us to support them. In that case, the practitioner is the controller and we are the processor.
3. Which of your data do we process?
If you are going to attend an intake or a therapy or coaching programme through us, it is necessary for us to process your personal data. At an intake appointment, this includes your name and contact information but not your medical data. We may ask you to briefly state the concern that you are approaching us for. If you go into therapy or coaching, the practitioner will also create a file for you. This is also a statutory duty under the Medical Treatment Contracts Act (WGBO).
Your file contains notes on your state of health and data on the treatments performed. The file may also include information necessary for your treatment that – with your explicit consent – we have requested from another healthcare provider, such as your general practitioner or another practitioner.
We and the practitioners make every effort to ensure your privacy. Among other things, this means that we handle your personal and medical data with care, and we ensure that unauthorised persons do not have access to your data.
The data will remain in your client file for 20 years, as stipulated by the Medical Treatment Contracts Act (WGBO). We keep the data we collect as part of the intake for two months. At the end of the retention period, we destroy the data unless there are compelling reasons to keep it for longer.
Healthcare invoice
The invoice (healthcare bill) you receive from us contains the data requested by health insurers, so that you can claim this invoice from your health insurance company. This data includes your name, address and place of residence, your date of birth, the date of your therapy session, a brief description of the treatment, such as ‘psychosocial consultation’, the cost of the treatment and possibly a treatment code. Coaching sessions are generally not covered by health insurers.
Special data
Special data includes data relating to your health, as well as to religion, personal beliefs or sexuality, or criminal data. In principle, the processing of special personal data is prohibited, unless you can invoke a legal exception. If the data is processed in the context of health care, counselling or social services, processing is permitted, but only if it is done by a professional with a professional duty of confidentiality or other person bound to confidentiality. Based on the Medical Treatment Contracts Act (WGBO), this exception therefore also applies to complementary or alternative care providers registered with RBCZ.
To the extent necessary for counselling/treatment, we record the following special personal data:
- Religion or personal beliefs
- Health
- Matters relating to sexuality
- Any criminal records, for example a report to Safe at Home (Veilig Thuis), counselling by youth services, domestic violence conflicts.
We do not record your Citizen Service Number (BSN).
4. What rules and laws do we abide by?
In addition to the GDPR, the treatment activities for which we act as an intermediary are subject to the Medical Treatment Contracts Act (WGBO) and the professional code of the Complimentary Healthcare Providers Registration (Register Beroepsbeoefenaren Complementaire Zorg, RBCZ). In addition, the individual practitioner with whom you enter into therapy or coaching is also bound by the professional code of their professional association. This professional code is specified in the treatment agreement you enter into at the beginning of your treatment programme. It may therefore vary for each individual practitioner.
We adhere to the following in all treatment and coaching programmes for which gevoelszaken acts as an intermediary.
1. Record-keeping requirement
Under the Medical Treatment Contracts Act (WGBO), practitioners are required to keep medical records.
2. Retention period
The general rule for keeping medical records is stipulated in the WGBO and is for a period of 20 years from the date of capture of each individual piece of data. The period may be longer if this is necessary for the purpose of treatment (for example, if a person has a chronic illness).
3. Professional duty of confidentiality
Each individual practitioner, whether therapist or coach, is subject to a professional duty of confidentiality under the professional code as well as the medical confidentiality provided for by law. Employees of the gevoelszaken platform, regardless of their position, are also bound by a duty of confidentiality.
4. Minors
gevoelszaken does not act as an intermediary for clients who have not yet reached the age of 16.
5. Who has access to your data?
The data we use following the intake to suggest the most appropriate practitioners to you does not contain health data and is only accessible to the gevoelszaken staff members who are involved in the intake and in ‘matching’ you with the appropriate practitioner.
If you are in a therapy or coaching programme, your practitioner is the only one who has access to your file. Under their professional code, they have a professional duty of confidentiality. Other employees (such as IT support) who have access to client files for purely functional reasons have access only to those portions necessary for their function and have also signed a confidentiality agreement. Practitioners can discuss certain cases with colleagues or case histories in peer supervision groups. This is always done in an anonymous and unrecognisable way.
6. Data security
The digital client files that gevoelszaken works with are password protected. Naturally, we make regular backups of our client files. We also continually install the latest versions of all the gevoelszaken software to ensure that our systems are optimally protected.
Data breaches
The data breach notification obligation has been in effect since 1 January 2016. This notification obligation means that in the event of any serious data breach, organisations (including therapists and coaches) must notify the Dutch Data Protection Authority immediately (within 72 hours of the data breach). The Dutch Data Protection Authority is notified if the data breach results in serious adverse consequences for the protection of personal data or if there is a significant likelihood of this happening. The data subject, i.e. you as a client, will only be informed if the data breach is likely to adversely affect your privacy.
In accordance with these requirements, gevoelszaken reports data breaches, including when informed of them by third-party vendors or processors.
7. Information
At gevoelszaken, we inform you online about our approach and the data we process in our work. This information is recorded in a written treatment agreement between you as the client, and your practitioner. It is sent by mail to the e-mail address you have provided through the website.
Both on the gevoelszaken website and in this document, you will find information about our approach, the record-keeping requirement and the obligations under the Medical Treatment Contracts Act (WGBO), the Healthcare Quality, Complaints and Disputes Act (Wkkgz) and the professional code.
8. Contact by e-mail, phone or chat
You can contact us by e-mail or phone. We use your data in order to contact you. The chat function in your personal online environment enables you to chat with your personal practitioner. These chat sessions are added to your file and we must also keep them for 20 years in accordance with the WGBO (see above).
9. Data for enabling an optimal web experience
We collect data to ensure that our website works properly. We collect this data using cookie techniques, your IP address, information about your Internet browser, and information about the settings of the operating system of the computer or mobile device you use. To the extent that this data is not anonymised, we delete it within five years after the last time you visited our site. In addition, you can request that your data be deleted at any time. When you visit our site, we ask for your consent to use cookies.
10. Other external service providers
We also engage other third-party service providers as necessary to assist with matters including supporting the delivery of our digital services such as hosting, maintenance and support of our websites and applications; supporting our customer service; and providing financial services.
If these parties need personal data for this purpose, we share only the data strictly necessary for the task the external service provider is performing for us.
We never sell your data, either to these service providers or to other third parties. In the agreements we have with external service providers, we document what they are allowed to do with the data.
11. What are your rights regarding your data?
Naturally, you also have rights when it comes to processing your data. If you have any questions about this, please feel free to ask us.
Right to information
You have the right to know how we handle your personal data and what rights you have in that regard, hence the explanation in this privacy statement.
Right of inspection
You have the right to inspect and copy the data we have about you. You can request a transcript from us at [email protected], free of charge.
Right to correct, supplement or delete
You can ask us to correct your personal data or do so yourself online. You can also ask us to delete your personal data. We will then delete all records except those we are required or permitted by law to keep. You can submit your requests to us by e-mail at [email protected].
Right to object
In certain cases, you have the right to restrict the processing of your personal data. If you believe that this is relevant for you, please submit a request to us by e-mail at [email protected].
Right to lodge a complaint
You have the right to lodge a complaint about the way we handle your data. If you have a complaint, please let us know as soon as possible by e-mail at [email protected]. You also have the right to lodge a complaint with the Dutch Data Protection Authority.
12. Questions?
If you have any questions, please feel free to contact us at [email protected].