For a good treatment it is necessary that I, as a treating therapist, create a file. This is also a legal obligation imposed by the Medical Treatment Agreement Act (WGBO).

In addition to the WBGO, the GDPR (General Data Protection Regulation) and the professional code of my professional association NWP  (Naturopathic Working Professionals)  and of the  koepel  KAB (Koepel  Alternative Treatments) apply to my work. This also includes the obligation of confidentiality (professional secrecy).

These affect the way in which and the purposes for which I record personal data.

A possible acting colleague is also bound by a duty of confidentiality and applies the same rules.

1. Legal basis for registration As a

   therapist, I am entitled within the meaning of the GDPR act to register and  process your personal data on the basis that I explicitly ask you for permission to do so through this document. You can revoke this consent at any time, of which you must then inform me.

I obtain the formal consent by having a declaration of consentsigned prior to the intakeinterview. (Inthe case of a minor, the parents/guardians must give their consent). You will receive a copy of this for your own administration. By means of an appointment confirmation by e-mail, I have already referred you to my website  
www.mariaedithiin.nl  for the privacy policy and the applicable general terms and conditions.

Of course, you are not obliged to provide me with any data. For the execution of the treatment agreement, however, some data (such as personal and medical data) are necessary. With regard to the other information and purposes mentioned, you can indicate on the declaration of consentthat you do not want it to be registered by me inany way, in writing or digitally.

2. As a therapist, I (possibly) process the following personal data:

Personal data of clients. I register the following data: name, address, telephone number, e-mail address, date of birth, gender, health insurer, general practitioner, details of parents (name, address, telephone number, e-mail address, date of birth, gender) and possibly. name of school for minors up to 16 years of age. I collect this data for the purpose of creating a file, maintaining contact (by telephone and e-mail), drawing up and sending invoices (by e-mail or regular mail), and keeping a calendar.

Treatment and medical history. I inform clients about their (global) medical and therapeutic history, and make notes about it. The purpose of this is to contribute to safety during therapy, and a substantive contribution to the therapy itself.

Personal history, feelings, beliefs etc. During consultations with clients, many personal and emotional topics are discussed. I can make notes about this in a ‘session report’. These reports are aimed at the substantive continuity and development of thetherapy.

Visit data, e-mail dialogue and telephone contacthistory. I register appointments with clients in a paper and digital agenda. I email clients at  the  email address  info@mariaedithiin.nl.   These e-mails  are stored on the e-mail server of the domain  mariaedithiin.nl and outlook.com. On my mobile phone (with telephone number 06-55988943 the contact history is kept (by telephone).

The invoice that clients receive from me contains the information requested by the health insurer, so that clients can possibly submit this invoice to their health insurer:

• name, address, place ofresidence;
• date of birth;
• date of treatment;
• short description of the treatment (including performance code).

The data from your file can also be used for the following purposes:

• To inform other healthcare providers (such as general practitioners), for example when the therapy has been completed or when referring to another practitioner;
• If necessary, for use for observation during my absence;
• For the anonymized use during peer review;
• To inform you  (by e-mail or regular mail)  about topics related to the therapy I give.

3. Your rights

As a data subject, you have a number of rights with regard to the registration of your personal data. Below is a brief overview of some important rights. A complete overview of your rights and additional provisions can be found on the website of the Dutch Data Protection Authority.

The right of access.
You have the right to request access to the personal data that I have registered during the therapy. You can ask for a written or digital access to your data.

The right to erasure.
You have the right to have your personal data that I have registered deleted, with the exception of the data that I have to keep from other legal obligations (for example, data on invoices), or data that I have to keep on the basis of regulations of my professional association (s) and / or disputes committees.

The right to change.
If you suspect that your personal data that I process is incorrect, or incomplete, you can submit a request to change or supplement this data.

The right to restriction.
You have the right to demand that I, as a therapist (temporarily or permanently), cease all processing (modification, addition and application, etc.) of your data.

The right to lodge a complaint with the supervisoryauthority.
You have the right to file a complaint with the Dutch Data Protection Authority regarding my processing of your personal data.

The right to withdraw this consent at anytime. You have the right to revoke this (in whole/in part) consent. From that moment on, as a therapist, I am no longer allowed to use your personal data, and not to process any new personal data about you.

If you send me a request in the context of oneof the above rights, you will receive a response to your request within one month.

4. Retention period

   In principle, I keep my files for 20 years, calculated from the date of recording each individual data. However, I can judge that the retention of some information is not necessary. The retention period may be longer if this is necessary for the purpose of the treatment. For minors, the retention period of 20 years starts from the eighteenth year of life. If clients die earlier, the retention period of 20 years from the date of death applies.

5. Data security (privacy) precautions

It is not only my legal duty, but also my express intention to act carefully and safely when processing your personal data, within the limits of reasonableness with regard to the efforts and investments that I can make for this purpose. As far as documents and notes on paper are concerned, I take precautions in the field of fire, water damage, loss and theft. With digital and possibly automated processed data, I take additional protection measures against data loss due to equipment defects, unauthorized access (‘hacking’) and theft or loss of equipment. If the security and integrity of the information are reasons of concern for you, I can inform you further about the aforementioned security measures on request.