At PoliDirect we place high value on handling your records diligently. It is necessary that we record some of your personal details when you visit one of our clinics. In this privacy statement you will find how we handle your personal records and your rights regarding processing of these records. You will see the kind of personal information we receive and collect, and what we do in order to protect your records. You can also see how to contact us in case you have any questions regarding this privacy statement.
1. Which data do we record, and why do we need this?
2. Who has access to your data?
3. How long do we keep your records?
4. How do we protect your records?
5. Your rights
6. Information about cookies
7. Any other questions?
Which data do we record, and why do we need this?
Your personal data are recorded so we can provide you with safe health care. The following data are recorded in the Electronic Patients File (EPD in Dutch) when you schedule an appointment with us:
- Contact details, like name, address, phone number(s), email address(es), date of birth and BSN (social security number);
- Contact details of your GP (referrer) and pharmacy
- Your medical files, which contain: reports of consultation, reports of surgery, mail exchange with your GP or other referrer, prescribed medication, relevant medical history, results from medical examinations, photo’s and medical questionnaires;
- Medical issues, like your history and use of medication. This information is relevant for your doctor to get a picture of your health status and align your treatment to it.
- Questionnaires: before you will be treated you will receive a questionnaire regarding your treatment.
- Survey regarding your satisfaction: after you have been treated you will receive an invitation for a satisfaction survey. The results will help us to continuously improve our health care and service to you. The data are for internal use only, and we appreciate your cooperation to the survey, which is not obligatory.
In order to get your costs for health care compensated by your health insurance company, we use a code for every treatment which indicates the diagnosis and the operation.
- PoliDirect complies to the laws and regulations as published by the Nederlandse Zorgautoriteit (Dutch Healthcare Authority), www.nza.nl. In order to receive compensation from your healthcare insurance company we need to have a record of your BSN number (social security number), referrer, insurance company and policy number.
- We will not contact your insurance company for healthcare you pay for yourself. We record your IBAN-number and the amount paid at the transfer by bank. When you pay cash or by debit card your invoice and proof of payment will be recorded by us.
PoliDirect processes your personal details because you use our services and/or you provide us this information yourself. Please find below an overview of the data we process:
- First and last name, gender, date of birth, address, phone number, email address, and other personal data which you provide us with in a mail or phone exchange;
- Data about your activities on our website, browsing habits (f.i. because the company is part of an advertising network), and the browser and device you use.
Remarkable and/or sensitive, personal details that we use for marketing purposes
Our website and/or server is not intended to collect data about visitors to the website of 16 years or younger, unless they have permission from their parents or guardian. However, we cannot check if the visitor is older than 16 years, therefore we advise parents to be present when their children go online to prevent data from children being collected without parental permission. If you are however convinced that we have collected data about a minor without your permission, please contact us at firstname.lastname@example.org. We will delete the information immediately.
The marketing goals we are after (and need your personal data for)
PoliDirect processes your information for the following reasons:
- To contact you by email or phone when carrying out our services;
- To provide information regarding changes in our services and products;
- To enable you to set up an account;
- PoliDirect analyses your browsing habits on our website in order to improve it and align our offer of products and services with your preferences. For this we only look at IP addresses.
PoliDirect does not use automated processes in order to make decisions about issues that might have (considerable) impact on people. This concerns decisions taken by computerprograms or -systems without human interference (by f.i. a PoliDirect employee).
- Complaints: You can register a complaint on our website. The data entered on the form will be saved in our management system. The clinic, doctor or complaints officer concerned, will receive and handle your complaint, depending on the nature of the complaint. It will be stored separately from your medical files.
- Cameras: We do not have cameras in our locations, only motion sensors to prevent burglary, which only operate after hours.
Who has access to your data?
Only those healthcare professionals directly involved will have access to your data. The doctor on duty will also have access to your data in case of medical emergencies after hours. You need to give permission for any treatment before it takes place, which states that you have been well informed before the treatment takes place. This procedure is valid for all treatments. We might be required to report data about the patient to third parties, like:
- Your referrer; in case you have been referred to us by your GP, medical specialist or work safety doctor, we will give feedback to the referrer at certain points in time. Please advise us if you object. In case the treatment is not insured, we will not send information to your GP.
- Hospitals and other healthcare centres. If the procedure is transferred to a hospital or other healthcare centre, we will also transfer the data to them.
- If a medical expertise was performed, the requesting party will be informed.
- There might be occasions that we have to give access to your data by law. Think police, the Department of Justice, check up by the healthcare insurance company, Dutch Healthcare authority and the Inspection for Healthcare and Youth.
Medical files are checked during internal audits; in order to provide safe healthcare, it is important that your file is complete and up-to-date. During the internal audit the auditors will have access to files to randomly check if all required fields have been completed. The results of the audit are anonymised in the report, making it impossible to trace them back to an individual patient.
For the reimbursement of treatments the financial staff will need access to your data, to check if the invoice is correct and complete. Internal reports will never contain data that can be traced back to an individual patient.
Sharing personal details with third parties only occurs when this is needed to execute our agreement with you, or to comply to a legal requirement.
PoliDirect will do its utmost to make sure your treatment is as safe as possible, however, accidents happen. In medical emergencies you might be transferred to a nearby hospital. All relevant details from your medical file will then be transferred to the hospital without your permission upfront, in light of the swiftness required.
In case of a medical calamity in the clinic we are required to make this known to the Inspection for Healthcare and Youth. We will inform you in case this notification concerns you. In case of an medical emergency we have to advise the details of the patient (name, date of birth, address and phone number).
In case you call our emergency line after hours because of a medical emergency, you will reach our emergency squad. They will register your name, date of birth and phone number, and a short description of the cause. These data will be sent to the doctor on duty to inform him/her, or you will be connected to the doctor. Because this is an emergency and speed is of the essence, you will not be asked for permission for registering the details mentioned before.
Our complaint procedure meets the Wwkgz legislation (the Dutch law for quality, complaints and disputes in healthcare).
The clinic manager will first look into the complaint, then (if necessary) it will be transferred to our medical director. An independent complaints officer will be involved if we cannot handle the complaint internally.
In order to take care of your complaint(s) the complaints officer will have access to your data from the moment you enter the complaint with PoliDirect or through an external institution, like the Health care Arbitration Board, Inspection for Health care and Youth, the disciplinary tribunal or court and/or personal injury attorney. The complaints officer will handle the complaints independently, but can ask for material council from the Quality and Safety Manager or Medical Director in case of complicated complaints. Your personal details will be treated carefully and anonymously as much as possible.
How long do we keep your records?
PoliDirect respects the legal terms for storing and deleting records and will not keep your records any longer than strictly necessary to realise the goals for which we collected your details in the first place.
For consulting and treatment your records will be kept for a minimum of 15 years
Your financial data will be kept for a minimum of 7 years
For marketing purposes your records will be kept for 5 years
How do we secure the records?
Your privacy and the security of your data have high priority for our organisation. We use a number of internal organisational and techical actions to safeguard your privacy. Our Dataprotection Officer monitors the maintaining of the laws and regulations, this privacy statement, internal codes of conduct, procedures and working instructions by all the employees and doctors, and reports to the board regularly.
Unfortunately it is always possible that something affects the security of your data. We will follow the mandatory notification “data leakage” in these cases. We will inform you if your data are at risk because of a data leakage, and advise you what to do. You can read the procedure on the website of the Personal Records Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl. You can also report a data leakage to us by calling PoliDirect at 088-888 4555 or send an email to email@example.com
Patient rights regarding medical files are recorded in the laws and regulations (AVG). For instance your right of access to and completion/correction of the file, the right to have a copy of your files and the right of deletion of your medical records.
You can submit a request to receive a copy of your files by sending an email to firstname.lastname@example.org. We will contact you to verify the request. Your files will be send to you within 4 week days by registered mail or registered email.
If you would like access to your files, please schedule an appointment in the clinic. You can have access together with your doctor or an employee.
Correction or completion
In case you want a correction or completion of your files you can tell your doctor. He/she will assess the correction or completion, as it should not interfere with safe procedures.
It is possible to have your medical files deleted, of course within the boundaries of the law. You can send a request by email to email@example.com. We will contact you to verify the request, and comply within 3 months, unless certain regulations or a specific law prohibits us from doing so. For example in somebody else’s interest, or because the data are required to provide healthcare. In case PoliDirect rejects the request we will advise you of the reason for the rejection in writing.
In case we can delete your files, we will notify you of the deletion. Out of precaution we will send you a copy of the files by registered mail, so you still have the data in case of unforeseen circumstances.
In case only part of your medical file can/will be deleted, we will make a note in your files that part of the data has been deleted on your request.
Revoking of permission
You are entitled to revoke your permission for (parts of forementioned) dataprocessing or object against the processing of your personal details by PoliDirect. You are also entitled to data portability, which means that you can request us to transfer the personal records that we have on file for you to yourself or to a third party.
You can send your request for access, correction, deletion or data portability of your personal records or your request to revoke your permission or objection to the processing of your personal details to firstname.lastname@example.org.
In order to make certain that a request for access has been made by you, we will require a copy of your ID with the request. Please blank out your picture, MRZ (machine readable zone, the part with the numbers on the bottom of your passport), passport number and BSN (Civil Service Number) for your own privacy. We will come back to you about your request as soon as possible, max within 4 weeks.
Information about cookies
PoliDirect uses functional and analytical cookies on its website
These refer to recording your preferences. After you have completed a form, the website will remember the data you entered. These cookies make sure that the website performs optimally. Userfriendliness will suffer without these cookies.
With these cookies we record various data in Google Analytics, like the number of visitors to our website, which pages they look up and how long they stay on each page. We can see this using IP-addresses, which are personal data according to the AVG (Privacy Protection Law). Therefore we would like to inform you about these.
Any further questions?
PoliDirect would like to draw your attention to the fact that you can file a complaint with the national supervisory authority, the Personal Data Protection Authority. You can do this by clicking on: autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons