This privacy statement describes how Huisartsenpraktijk Westertoren B.V. handles the processing of your personal data. Huisartsenpraktijk Westertoren B.V. has its registered office at Stadhouderskade 55, 1072AB Amsterdam. The visiting address is Westermarkt 2, 1016DK Amsterdam.
Where reference is made in this privacy statement to Westertoren, this is understood to mean Huisartsenpraktijk Westertoren B.V.
Westertoren is a care provider. As a care provider, we feel it is important that we handle the (personal) data entrusted to us safely. We do this by complying with the obligations of the General Data Protection Regulation (AVG) and the specific rules regarding privacy that apply in the healthcare sector.
These rules are set out in the Medical Treatment Agreement Act (WGBO), among others. This privacy statement is intended to inform you about how we handle personal data and what measures we have taken to keep your data safe.
To whom does this privacy statement apply?
This privacy statement is applicable to patients of Westertoren and to visitors of one of the Westertoren websites.
What is personal data?
Personal data are data that allow you to identify someone directly or indirectly. Examples of directly identifiable personal data are a person's name or their date of birth. Indirectly identifiable personal data is, for example, an e-mail or IP address or telephone number.
This privacy statement also refers to the "processing" of personal data. Processing means: all actions that we can perform with personal data. Think of the consultation, storage or removal of data, but also the sharing of your personal data with other parties on the basis of your permission.
Why do we need your personal data?
At Westertoren we process your personal data for various reasons. All the processing we carry out is based on providing care and/or improving the care we provide. This may be in the context of:
1. Necessary data to be able to treat you medically and to deal with the financial aspects of the treatment (care);
2. For effective management and policy;
3. Improving our products and/or services;
4. Scientific research, education and information;
5. If the processing is necessary for, for example, combating serious danger to your health; and/or
6. To comply with a legal obligation (e.g. mandatory reporting of a contagious disease under the Public Health Act).
We will always inform you of what we will be processing the personal data for and use the personal data received only for the purpose for which we have obtained it.
How do we handle your personal data?
The personal data that you entrust to us is treated by us as highly confidential and we have taken various technical and organisational measures to keep the personal data we process safe. We do this for example by:
1. All employees within Westertoren have a duty of confidentiality.
2. Various technical and organisational measures to protect your personal data from unauthorised access.
3. Your personal data will not be retained for longer than is necessary for the proper provision of care. For medical data this retention period is in principle 20 years (from the last treatment), unless longer retention is necessary, for example for your own health or that of your children. This is at the practitioner's discretion;
4. Complete anonymisation of the personal data and any statistics for research and scientific purposes.
5. We conclude a processing agreement with all third parties that process personal data on our behalf.
Our legal basis
Within Westertoren, we process your personal data on the basis of various legal bases. The legal basis we use to process your personal data is important because, as a data subject, you have various rights based on this basis.
1. Most of the data we process is based on the medical treatment agreement that you conclude with us upon registration.
2. In certain cases, explicit permission from you is required before we can process the personal data. This is for example the case when we ask you to participate in a scientific or service research project or when you start using the Quin App. If personal data is processed on the basis of permission, we will always ask you explicitly in advance.
3. Statutory duty or if someone is in danger (of death).
We always inform you about which of your personal data we (will) process. We can do this via your care provider, in the practice, via a leaflet, via our website or via the newsletter.
Your rights as data subject
As a data subject (the person whose personal data you hold), you have several rights that you may be able to invoke. These rights are not absolute, which means that you cannot invoke them in all circumstances. In some cases, due to a legal or business constraint, we may not have to comply with a request. If this is the case, we will always inform you of this.
1. The right to know if and what personal data of yours are being processed;
2. The right to inspect and copy such data (insofar as this does not violate the privacy of another person). You can also have your representative (such as a written representative, or your curator or mentor) submit the request for access;
3. The right to correct, supplement or delete data if necessary;
4. The right to request the (partial) destruction of your medical data. We can only comply with this if the retention of the personal data is not of substantial importance to another party and if the personal data does not have to be retained on the grounds of a statutory regulation;
5. The right to add a personal statement (of a medical nature) to your file;
6. The right to object to the processing of your data in certain cases
If you want to exercise one of these rights, you can do so by filling in a request form at your West Tower. The information you provide on the form will be kept strictly confidential. Exercising one of your rights will not affect the care we provide to you.
It is preferable, in the interests of keeping personal data safe, that you come and collect the file in person, or through an authorised representative. If this is not possible, we can send the data to you by registered post.
If you are not registered with a practice or if you are a visitor to this website, you may send an e-mail with your request to email@example.com. ATTENTION: The e-mail address does not answer questions about Westertoren.
Westertoren will not retain your data any longer than is strictly necessary in the context of the provision of care. For medical data, the retention period is, in principle, 20 years (counting from the last update of the file), unless longer retention is necessary in connection with the provision of care.
If you send an e-mail to Westertoren, your e-mail will not be kept longer than necessary for answering your question.
Only in the case of justified reasons, e.g. in relation to the settlement of a complaint procedure, can we keep your data longer than stated above. In this case your data will be deleted after the procedure is completed.
Exchange of data
After you have given your specific permission, Westertoren safely and reliably exchanges relevant medical information with the HAP via the National Switch Point. If you visit the HAP in the evening or at the weekend, the HAP in turn shares a follow-up message with the GP practice. In this way, the GP knows exactly which complaints you had at the HAP and what action was taken as a result.
Medication data can also be shared with your pharmacy and your treating medical specialist(s). This includes the medication prescribed to you by your GP, but also any intolerances, contraindications and allergies (ICA data). Other prescribers and dispensers of medication can take this into account. In this way, we as a GP practice contribute to medication safety.
Only if you give your explicit permission, we may also exchange medical data with the Quin app, which is offered by Quin B.V. For more information about how Quin B.V. deals with personal data, please refer to Quin B.V.'s privacy statement www.Quin.md/privacy.
Westertoren may in this context share your data with the following parties:
1. those directly involved in carrying out your treatment;
2. those who act as a substitute for the practitioner, to the extent that the provision is necessary for the work to be carried out in that context;
3. investigators (as referred to in article 7:458 of the Civil Code);
4. healthcare insurers, to the extent that the provision of data is necessary in connection with the obligations arising from the insurance agreement;
5. third parties charged with the collection of debts, insofar as the provision of data is necessary for this purpose and does not concern medical data;
6. you have given your unambiguous consent to the data processing, or
7. the data processing is necessary for the fulfilment of a legal obligation by the practitioner of the profession of individual healthcare, or
8. the data processing is necessary due to a vital interest of yours (e.g. an urgent medical need).
Question or complaint?
Do you have a question or a complaint? For example, about who we share information with or our handling of your medical information? If so, your doctor/care provider will be happy to discuss this with you. If you have any questions directly related to this privacy statement or if you are a website visitor, please send an e-mail to firstname.lastname@example.org.
If you suspect that Westertoren is processing your personal data in a way that contravenes the applicable privacy legislation, you can submit a complaint to the Authority for the Protection of Personal Data. For more information about filing a complaint we refer you to the website of the Personal Data Authority.