This Privacy Statement sets out how Dental practice The ZuidAs processes your personal data which you provide to us or which we obtain through our website(s). This Privacy Statement was last amended on 23 May 2018. We may amend this Privacy Statement from time to time.
1. About the ZuidAs
- The ZuidAs is the party responsible for processing your personal data (the 'controller') within the meaning of the General Data Protection Regulation (‘GDPR’).
- The ZuidAs is located at Pieter Baststraat 25, 1071TV in Amsterdam. Any questions you might have can be emailed to firstname.lastname@example.org.
- The ZuidAs has appointed a data protection officer (‘DPO’). The DPO’s email address is email@example.com.
2. What personal data do we process?
This Privacy Statement provides information on the processing of personal data of potential patients , survey if the data is not being obtained from the data subjects themselves, and visitors to our websites. Potential patient, is taken to mean anyone signing up for treatment or requesting information. Consider in this regard contact details, data on enrolment and attendance and website use.
You can at any time change or withdraw your cookie consent on our website.
Amongst other things, we process the following personal data from potential patients:
- name and address;
- telephone number, email address;
- date of birth, sex;
Amongst other things, we process the following personal data from visitors to our websites: website visit and use;
- IP address;
- duration and time of visit to the website;
- use of social media.
Within the compass of surveys or scientific research we may, in addition to the above, process additional personal data for each survey or study. The nature and scope of the personal data can vary in these cases; further information on this will accompany the survey or study concerned.
3. For what purposes do we process personal data?
We process personal data for the purposes of our service provision, within the framework of dental care and research, and in order to comply with statutory obligations. Personal data supplied by potential patients is processed for the following purposes:
- registration for the purposes of treatment;
- administrative purposes, to enable treatments and the payments for these to be collected;
- to process requests for information about treatments;
- to provide support;
- to make appointments;
- to keep your medical file;
- to improve and extend our services;
- information purposes;
- to email (necessary) information from the ZuidAs;
- to fulfill other by patient requested services;
The personal data supplied by visitors to our websites is processed for the following purposes:
- to compile user statistics;
- to promote security and improvement of our websites; and
- to improve our services.
Within the compass of surveys or academic research, personal data is processed for the purposes of the survey or study concerned. Further information on the way in which personal data is processed will accompany the survey or study concerned.
4. Grounds for processing personal data
In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of the ZuidAs this legitimate basis will be – depending on the type of personal data concerned – performance of an agreement, a legal obligation, a legitimate interest or consent. If you do not provide certain personal data, you may not be allowed to attend any treatment, conduct research or benefit from all website functionality.
We need to process personal data for the purposes of fulfilling certain contractual obligations. Examples include processing personal data in connection with agreements between the ZuidAs and a patient
We need to process (and, in particular, save or hand over) certain personal data pursuant to such legislation as the Higher Education and Research Act, General Administrative Law Act, Higher Education and Research Funding Regulation and tax law.
We have an interest in being in a position to carry out certain surveys or research, to safeguard the quality of education and to provide information. On the grounds of these interests, we will process your personal data unless your privacy interests outweigh our interests. For that reason, we sometimes carry out surveys in the public domain with personal data being processed, carry out student satisfaction surveys and keep a record of your use of the website.
If none of the aforementioned bases for processing apply, then we will request your consent to process certain personal data. An example of a situation for which we could ask for your consent is issuing your personal data to an insurer , within the compass of an exchange project. You are free to withdraw your consent at any time.
5. To whom does the ZuidAs issue personal data?
In order to be of service to you and to perform our duties, we enlist the services of other parties to process personal data on our behalf. Third parties that we enlist include satisfaction survey organisers, insurers, accountants, debt collection agencies and investigatory agencies. We are required to request your consent for some transmissions. Sometimes we are legally obliged or a court will order us to hand over personal data to such parties as the Dutch Tax and Customs Administration (Belastingdienst), the police or the regulatory body.
If we instruct a third party to process personal data on our behalf and we have and retain control over the processing, we will sign a written processing agreement with the third party concerned (the 'processor'). That document will lay down agreements on such points as the objective, the duration and scope of the processing, the retention times and the security measures for the personal data. A processor within the meaning of the GDPR could (for example) be a party carrying out certain IT work for us or a financial service provider facilitating payments.
6. Processing personal data outside of the EU
The ZuidAs will endeavour to process your data solely within the European Union (‘EU’) by saving your data on a server located in the EU wherever possible. When we enlist the services of data processing firms, we stipulate that they must save personal data on servers located in the EU. To the extent that this is not possible, we take the requisite measures to provide a suitable level of protection to ensure that your personal data is secure.
7. Your rights with regard to personal data
You are entitled, under certain circumstances, to access any personal data processed by us or to have it corrected or deleted or restrict its processing. Sometimes you can also lodge an objection or request a transfer of your personal data. To submit a request to us in this respect, please contact us by sending an email to firstname.lastname@example.org. If in doubt about your identity, we are entitled to ask you to provide proof of your identity first.
Access and correction
If you wish to know whether we are processing your personal data or would like to amend your personal data, please get in touch with us.
Under certain circumstances, the GDPR allows you to have personal data erased. We will assess whether it is possible to implement such a request: in some cases we will have to retain your personal data, e.g. to comply with a statutory obligation, to facilitate dental care.
You are entitled to contact us with a request to restrict the processing of your data if you think that your personal data is incorrect, the processing of it is unlawful, you require it for legal action or you have objected to it being processed.
if we process your personal data on the basis of a legitimate interest, then you can object to further use of your personal data on the grounds of your specific reasons.
8. How do we secure your personal data?
We have taken appropriate technical and organisational measures to prevent loss or unlawful processing of personal data. For example, your personal data can only be viewed by staff authorised to view it on the grounds of their role.
9. How long do we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we use it. We are required by law to keep some data for a certain period of time.
Wherever possible, we will pseudonymise or anonymise your personal data to the fullest extent possible.
10. Questions and complaints
If you have any questions on the way in which we process your personal data, please let us know by sending an email to email@example.com. We will be happy to help.
If you believe that your personal data is being processed in breach of the GDPR, you can submit a complaint to the DPO by sending an email to firstname.lastname@example.org. The DPO is the link between the ZuidAs and the external regulatory body (the Dutch Data Protection Authority). The DPO acts independently and can consult with or seek advice from the Dutch Data Protection Authority regarding your complaint.
If you disagree with the outcome of the DPO’s handling of your complaint, you can submit a complaint to the Dutch Data Protection Authority directly. The Dutch Data Protection Authority will handle the complaint or request and make a decision on it.
Published by Dental practice the ZuidAs on 23 May, 2018.