Privacy statement

If you are a client of The Grange, we process your data. Naturally, you want your information to be secure with us. At The Grange, we also value your privacy greatly. We do our utmost to handle your personal information carefully and to protect it. In this privacy statement, you can read which data we process about you, how we handle this data, and what your rights are regarding it.

Whose data do we process?

• You as a client
• You as a contact person*
• You as a legal representative*

If you are a contact person or legal representative, The Grange processes a limited amount of personal data about you, such as your name, contact details, and your relationship to the patient. This information is necessary for us to contact you regarding the client’s treatment.

Who is responsible for my data?

The Grange is the so-called data controller in the sense of the General Data Protection Regulation (GDPR). This means that we are responsible for the proper and careful processing of your personal data. We determine:

• Which personal data is processed;
• Why the data is processed;
• How the data is processed;

What personal data do we process about you?

Below is an overview of the personal data that we process from you:

• First and last name
• Gender
• Date of birth
• Place of birth
• Address details
• Phone number
• Email address
• Citizen Service Number (BSN)
• Policy number of your health insurance
• Various details about your health
• If applicable: legal representative(s)

Why do we use your data?

We use your personal data within The Grange for:

• Diagnosis, treatment, and aftercare of clients
• Exchanging data with referrers, general practitioners, and other healthcare providers
• Financial settlement of care/treatment (for example, healthcare costs)
• Accountability (regarding the quality of care)
• Quality assurance and quality improvement
• Scientific research
• Education and (further) training

If we do not receive your data, we cannot deliver the requested quality of care. We also risk not being paid for the care, and that chain partners cannot adequately offer their services to you or The Grange.

For what purposes and on what basis do we process your data?

We process your personal data with a clear purpose and only as much as necessary. We only process personal data:

• If you as a client have clearly consented to the processing of your personal data
• If it is necessary for the execution of a contract in which you are involved, such as a treatment agreement
• If it is necessary to comply with a legal obligation (for example, the obligation to report a communicable disease under the Public Health Act)
• If it is necessary to combat serious danger to your health
• If it is necessary for the proper execution of a public task by an administrative body
• If it is necessary for the interests of the data controller or another person, and the interest of the person from whom the data is processed does not outweigh this

With whom do we share your data?

In principle, we do not share your data with others. We only provide your information to third parties if you have given explicit consent for this, or if there is a good reason or legal obligation to do so. The Grange shares your data for the above purposes with:

• Other healthcare providers directly involved in your treatment. This data pertains to your treatment.
• Your health insurer
• Your general practitioner
• Quality and safety registries
• The municipality
• Other research institutions or third parties involved in scientific research
• Other recipients based on your consent or if there is a legal obligation

How do we protect your data?

Confidentiality

All employees within The Grange are required to handle your data confidentially. These employees are subject to the (derived) medical professional secrecy or are bound by a contractual confidentiality agreement with us.

Security

Your personal data is well protected by us against unauthorized access. For example, only employees involved in your treatment, support, or administration are allowed to view your file. We keep track of every individual employee, healthcare provider, or practitioner who views your file (logging). You have the right to receive an electronic copy of this logging, so you can see which employee, healthcare provider, or practitioner viewed or requested your file on what date. The Grange ensures that computers are well secured. It is possible that The Grange assigns another organization to process personal data or outsources tasks. We then use a data processing agreement in which security agreements are established. Your data may also be transferred to countries whose privacy legislation does not fall under the General Data Protection Regulation (countries outside the EU, except for the countries in the EEA). In such cases, The Grange makes agreements with the recipients of the personal data regarding privacy and information security. The Grange does not use automated decision-making.

How long do we keep your data?

We do not keep your data longer than necessary for the purposes mentioned above. We retain all your data for 20 years from the moment our care for you ends. This is required by the Medical Treatment Agreement Act (WGBO). We may retain your data longer if necessary, for example, for your health or that of your children.

What are your rights?

Your right to access and copy

You have the right to view your personal data and medical file. You can ask your practitioner for this. However, your practitioner may shield certain parts of your file if it contains information about someone else, such as a family member or another client. You will only see the data that pertains to you, such as treatment plans and treatment records. We may refuse access if the privacy of another would be compromised. You also do not have the right to access personal notes from healthcare providers, practitioners, or employees. You can request a copy of certain parts of your medical file or the entire file free of charge. Only when you request multiple written copies or when the request is unfounded or excessive do we charge a reasonable fee.

Your right to correction and supplementation

Are your personal data incorrect? It is important that you have them corrected. This only concerns objective data, such as an address change or if your phone number has changed. You may also always request to supplement your data.

Your right to data portability

You have the right to obtain your personal data in a structured format, such as a PDF file. This includes personal data that you as a client have actively and consciously provided, both directly and indirectly. You also have the right to transfer this data to another data controller, such as another healthcare provider. You can also ask us to pass your data on to another organization.

Your right to erasure

You can request the deletion of your personal data, certain parts of your medical file, or the entire file. There may be reasons why we refuse your request for deletion. Please note that not all data can be deleted, for example, when a mandatory retention period applies or when retention may be important for another party.

Your right to object

If you believe that your personal data should not be processed, you can object. The Grange may decide not to accept the objection if it believes that your personal data must still be used for compelling reasons (legal obligation or legitimate purpose).

Your right to withdraw consent

If you have given us consent to process certain data, you can withdraw this consent at any time. You can also grant consent that you did not previously provide at any later time.

Cookie Policy

A cookie is a small text file that is stored on your computer, tablet, or smartphone during your first visit to our website. You can opt-out of these cookies by setting your internet browser to no longer save cookies. You can also delete all previously stored information through your browser settings. For more information: cookie statement.

Questions and Complaints

We take the protection of your personal data and medical file seriously and are committed to handling your data carefully. However, it may happen that you have questions or that we do not meet your expectations regarding your privacy protection.

You can submit questions, comments, or complaints in various ways:

• For general information about privacy, the GDPR, and the security of your data, we refer you to the website of the Dutch Data Protection Authority.
• You can send a request for access, copy, correction, supplementation, or transfer of your file, or an objection to the processing of your personal data to **@ch********.nl.
• If you have specific questions or comments regarding the protection of your privacy, you can contact the Data Protection Officer of The Grange at **@ch********.nl. This person supervises the application and compliance with privacy legislation within The Grange. We hope you can express your questions and/or comments through this channel.
• You also always have the right to file a complaint with The Grange at kl******@ch********.nl.
• It is also possible to file a complaint with the Dutch privacy supervisory authority: the Dutch Data Protection Authority.

Contact

Our general contact details are: The Grange
Ulvenhoutselaan 79
4834 MD Breda
Email: in**@ch********.nl
Phone: 088 242 6437

Changes

We reserve the right to change this privacy statement. Therefore, please check our website regularly for the latest version of our privacy statement.