version: oktober 2019
We do everything we can to safeguard your privacy and, thus, we handle your personal data with care. In all cases, Fysio de Kolk complies with the applicable laws and regulations, including both the Dutch (AVG) and European (GDPR) privacy legislations. This means that we:
- Ask for your explicit consent for the processing of your personal data
- Have taken appropriate technical and organisational measures to ensure the security of your personal data;
- Do not pass on personal data to other parties, unless this is necessary for the execution of the purposes for which the data has been provided;
- Are always aware of your rights regarding your personal data.
Information we may hold
- Name and address
- Contact Information (email address, phone number)
- Date and place of birth
- Contact information (email addresses, phone numbers) and the name of your emergency contact
- Citizen service number (BSN) (only if necessary)
- ID number or copy of ID (only if necessary)
- Passport photo (only if strictly necessary, e.g. your personnel file)
- Medical records
- Insurance details
- Bank account details
- Information about your activities on our website (IP address, internet browser and device used)
Purposes of and principles for data processing
In a number of cases we process personal data in order to comply with legal obligations, but usually we do so in order to be able to provide our services. Most data is recorded for practical or efficiency reasons, which we can assume to be in your interest, reasons for this include:
- Communicating and providing information
- Administrative purposes
- Being able to provide our services as efficiently as possible
- Improving our services
- Execution of our employment contract
- Executing instructions
- Providing care
In concrete terms, this also means that we use your personal data for marketing purposes and to send you advertising materials or messages about our services. We do this if we believe they may be of interest to you. We may also contact you to request feedback on services provided by us or for market or other research purposes.
Where appropriate, we may wish to process personal data for reasons other than those set out above. For this we seek your explicit consent, for example on the basis of the agreed instruction, employment contract, cooperation or provision of our services. If we ever want to process personal data that we are allowed to process on the basis of your permission for other or more purposes, we will first ask you for your permission again.
Finally, we may also use your personal data to protect the rights or property of ourselves and our users and, if necessary, to comply with legal proceedings.
We will not process your personal data longer than for the purpose for which it was provided (see the section ‘Purposes and principles of data processing’). This means that your personal data will be kept for as long as it is necessary to achieve the relevant outcome. Certain data must be kept for a longer period (usually 7 years), as we have to comply with statutory retention obligations (e.g. the tax retention obligation) or in connection with regulations issued by our professional association.
Provision to third parties
The information you provide to us may be provided to third parties if this is necessary to carry out the purposes described above.
For example, we use a third party for:
- Taking care of the internet environment of the AVG (Dutch privacy legislation) programme
- Taking care of (financial) administration
- Providing newsletters
We never pass on personal data to other parties with whom we have not entered into a processing agreement. With these parties (processors) we will make the necessary arrangements to ensure the security of your personal data. Furthermore, we will not pass on the information provided by you to other parties, unless this is required and permitted by law. An example of when this may happen is if the police request (personal) data from us as part of an investigation. In such a case, we must cooperate and are therefore obliged to provide this information. We may also share personal data with third parties if you give us your written permission to do so.
Within the EU
We do not provide personal data to parties based outside the EU.
We only process personal data of minors (persons under the age of 16) if written consent has been given by the parent, guardian or legal representative.
We have taken appropriate organisational and technical measures for the protection of personal data as far as these can reasonably be expected of us, taking into account the interest to be protected, the latest technology and the costs of the relevant security measures. For example, we have taken the following measures:
- All persons who can access your data on behalf of Fysio De Kolk are bound to secrecy.
- We have a username and password policy on all our systems;
- We anonymise and encrypt personal data if necessary;
- We make backups of the personal data in order to be able to restore it in the event of physical or technical incidents;
- We regularly test and evaluate our measures;
- Our employees are aware of the importance of protecting your personal data.
Rights concerning your data
You have the right to access, rectify or delete the personal data that we have received from you (unless this is contrary to any legal obligations). You can also object to the processing of your personal data (or part of it) by us or by one of our affiliated processors. You also have the right to have the data provided by you transferred by us to yourself or by order of you directly to another party. We may ask you to identify yourself before we can comply with the above requests. We are allowed to process your personal data on the basis of a permission given by you, you always have the right to revoke this permission.
Incidents involving personal data
In the event of an incident (a so-called data breach) concerning the personal data concerned, we will inform you immediately, unless there are compelling reasons, if there is a concrete risk of negative consequences for your personal privacy. We aim to do this within 48 hours after we have discovered this data breach or have been informed about it by our (affiliated)processors.
If you have a complaint about the processing of your personal data, please contact us directly. If we cannot find a solution together with you, you have the right to submit a complaint to the Personal Data Authority (‘Autoriteit Persoonsgegevens’) , which is the supervisory authority in the field of privacy protection.
Fysio de Kolk Zuideinde 80
1511 GH, Oostzaan
Phone number: 075 -68 455 73