OUR PRIVACY POLICY

Perhaps you have already heard something about the current development regarding Privacy. Starting  may 25th the ‘Algemene Vordering Gegevens’ (AGV)  comes into effect. This is a law that ensures data processing within the European Union. At SMC Fysiomed we take the security of your privacy extremely serious. In addition to a modern standard of security, confidentiality and an honest group of employees, SMC Fysiomed also has a Privacy policy, which can be read below.

Article 1: definitions

1.1 Personal data Data concerning an identified or identifiable person.
1.2 Processing personal data Collecting, recording, providing, forwarding, consulting, bringing together, storing, organizing and using personal data. This includes client files.
1.3 File A structural set of personal data: electronic or a physical copy.
1.4 The person concerned The person to whom the data relates.
1.5 Responsible The person responsible for the goal determination and the use of the processing equipment within SMC Fysomed. Accountability for: storage, processing and data usage.
1.6 Administrator Responsible for the complete management of personal data within SMC Fysiomed.
1.7 User Person (employee) who can add and / or change personal data to the archive with the consent of the administrator.
1.8 Authority personal data Independent non-profit organization that oversees the execution of the processing of personal data.

Article 2: The scope of these regulations

2.1 These regulations contain actions concerning the processing of personal data, regardless of whether automated or not automated by SMC Fysiomed employees.

Article 3: The purpose of these regulations 

3.1 The purpose of these regulations is to formulate a practical elaboration, in order to comply with legal conditions regarding the management with regard to the processing of personal data and general patient rights.
3.2 The regulations apply to the overall data management with regard to personal data that is carried out within SMC Fysiomed.

Article 4: Terms and conditions for a lawful processing of personal data

4.1 The collection of personal data only takes place in consultation with the patient / client, these are informermed both in writing and verbally. The collection objectives are justified, data are never shared unsolicited with third parties or used for purposes outside the core business of SMC Fysiomed.
4.2 The processing of personal data must be completed accurately, up-to-date and in a complete sense by the user within SMC Fysiomed. The manager is responsible for monitoring this use, the collection may not be more comprehensive in nature than is deemed essential.


Article 5: The foundations for the active processing of personal data

5.1 An organization must have legitimate reasons for collecting personal data, the following principles must be met:

  • The person concerned has granted unambigious consent regarding the processing of his / her personal data.
  • The legal obligation with regard to reporting is met.
  • The reporting is in accordance with the interest of the person concerned.

Article 6: The processing and management of the personal data of SMC Fysiomed

6.1
The controller keeps a register containing the personal files, these are stored within a digitally and physically protected environment.
6.2 The administrator supervises the users with regard to the legal conditions that apply to the processing of personal data.
6.3
The person responsible will appoint an employee who is responsible for reporting the processing method to the AP (Authority for Personal Data).
6.4
The administrator is obliged to report any changes in the reporting restructuring of data.

Article 7: Notification regarding the person concerned

7.1 The responsible is obliged to inform the patient / client in an oral and written manner.

Article 8: Representation of personal data of a person under age 

8.1 If the person concerned is younger than twelve, this person is insufficiently competent to deal with the decision-making concerning the processing of personal data. The parent or guardian is expected to give an agreement.
8.2 The same applies to a person in the age group 12-16 who is not in a position to reasonably assess his/ her interests in the matter.
8.3 If the person concerned is a minor, the decision-making regarding the recording, destruction or modification of the personal data will at all times fall under the responsibility of the parent / guardian.

Article 9: Providing data to third parties

9.1 Data is never shared with third parties without the permission of the person concerned. The person concerned must give an oral and written consent before data may be shared with third parties.
9.2 Within SMC Fysiomed data can be provided without the consent of the person concerned, this only happens when necessary, for example;

  • if the professional is involved in the acute care process or the assistance of the person concerned.
  • if the person in question is involved in the financial or administrative acts relating to the person concerned.
  • the professional supervises the treatment quality, only possible within a closed setting.
9.3 Personal data are not sent to countries outside the European Union, unless it can be demonstrated that human rights and software security are dealt with at an adequate level.

Article 10: Personal data and access provision

10.1 Users have access to personal data if this is necessary.
10.2 The person responsible uses appropriate organizational and technical measures. This is to prevent: destruction, loss, disclosure, unregulated changes and / or access. The risks are estimated in advance, then appropriate security systems and policies are drawn up for this.

Article 11: 

11.1
 The person concerned has the right to obtain the personal data relating to him, which he has provided to a controller, in a structured, current and machine-readable form, and he has the right to transfer this data to another controller without being hindered.

Article 12: Storage period 

12.1 The personal data will be stored indefinitely in the database of SMC Fysiomed. A person can possibly return, in this situation more appropriate care can be provided.
12.2 The person concerned is allowed to request the user to proceed with the deletion / destruction of data at any time. SMC Fysiomed is legally obliged to honor this request.

Article 13: the handling of complaints

13.1 When the rules of this document are not complied with or there is a logical suspicion within SMC Fysiomed, there are two options:

  • Contact the person responsible within SMC Fysiomed and discuss the dispute.
  • Submitting a request to the Dutch Data Protection Authority, this authority will conduct an investigation regarding the personal data processing and the AVG legislation.

If you have questions regarding the above; please contact us!