We also consider your privacy important. Airportho Utrecht strives to guarantee your privacy as well as possible and will treat the information you provide us confidentially. When processing personal data, we observe the applicable laws and regulations in the field of privacy. In this privacy statement we inform you about the way in which we handle your data.
Categories of personal data
By using the website and the services available on it, you leave certain information with us. This also happens at our practice in the context of the implementation of the treatment. This can be personal data. We only store and use the personal data that are provided directly by you or of which it is clear that they are provided to us for processing.
Depending on the service you use, we may collect the following data:
- Name and address details
- Phone number
- Date of birth
- Payment details
- Citizen service number for personal use
- E-mail address
- Insurance information
- Medical history (anamnesis), diagnosis
- Information from other healthcare providers
- (X-ray) photos, dental models
Because we believe privacy is important, we have appointed a DPO (privacy officer), while it is as yet unclear whether a relatively small orthodontist practice like ours is obliged to do so.
- we do not register large-scale personal data, but most of the information that we register, such as diagnosis, photos containing personal data, etc. do fall into the special category. In line with our professional confidentiality, this information is only shared with other healthcare providers if they are actively involved in the treatment. • we register patient data.
- we share date of birth and name with our laboratories in the context of good care provision (experience shows that passing on less data can lead to confusion / mix-ups).
- we register appointments; an external server sends appointment reminders and confirmations of appointments made by e-mail.
- We make an automatic daily backup of all our data and this backup is externally located and well secured. • we send our medical data to other care providers by email, only if they act as referrer or co-practitioner.
- we only use photos of patients in presentations or on websites after explicitly requested to do so. Conversely, we also request that you only first ask for explicit permission if you take photos in the practice. • we register BSN to check insurance data, we do not share this with any external party.
- we register contact details / address and communicate this with other care providers if necessary for proper care provision.
- we send our invoices via Famed by e-mail and therefore share, unless objection, telephone number and e-mail address with Famed so that you can pay any unreimbursed part of the treatment via iDEAL
Basis for data processing
We may only lawfully process your personal data if we do so on a legal basis. We process your personal data because this is necessary for the performance of the agreement between you and us, as laid down in Article 6 paragraph 1 sub b of the General Data Protection Regulation (AVG). In addition, we may process your personal data for another legitimate interest, such as informing our patients about current events or changes to our services. This basis is laid down in Article 6 paragraph 1 sub f of the GDPR.
Purposes of data processing.
The personal data collected by us is used for the following purposes:
Create file to register with the practice.
- Keeping your medical record up to date.
- Scheduling an appointment.
- Correspondence about your treatment or an appointment, with you, or with other healthcare providers who are actively involved in your treatment.
- With our orthodontic laboratories for making equipment.
- Being able to carry out your treatment properly.
Provision of your personal data to third parties
In principle, we only provide your personal data to third parties if you have given permission for this yourself. Data provision without your consent takes place if this is necessary to be able to execute the agreement between you and us or if a legal obligation requires us to do so.
We will not keep your data longer than is necessary for the purposes described in this privacy and cookie statement, unless this is necessary on the basis of a legal obligation. For the storage of your medical data we use the legal retention period of 15 years from the Medical Treatment Contracts Act. In addition to the WGBO, we also take into account retention periods that arise from other legislation, if necessary.
We and our suppliers have taken appropriate security measures to protect your data as well as possible.
References to third party websites (via hyperlinks)
In order to be of service to you, we have included references to websites of third parties on our websites. We would like to point out that when you visit these websites, the conditions from the privacy statements of these third parties apply. We recommend that you read the privacy statements of these websites before continuing to use them.
Cookies from the American company Google are placed via our website as part of the Analytics service. We use this service to keep track of and receive reports on how visitors use the website. We do not use this service for logged in users. We have not allowed Google to use the obtained Analytics information for other Google services, we have the IP addresses anonymized. The information collected by Google is transferred to and stored on servers in the United States. We have concluded a processor agreement with Google. The information that Google collects is anonymized as much as possible. We have no influence on the use of the data by Google and / or third parties. Google can provide this information to third parties if they are legally obliged to do so, or if third parties process the information on behalf of Google. Google adheres to the privacy principles of and is affiliated with the Privacy Shield of the US Department of Commerce and the European Commission. For more information about this data processing, you can read Google’s privacy statement.
When you have provided personal data to us, you have various rights that you can exercise. You have the right to view, rectify and delete your data. You can also request us to transfer your data to you or another party or to limit the data processing. You are also free to object to the processing of your data. You can also withdraw your consent to the data processing at any time. You can make your request known to us by sending us an e-mail to firstname.lastname@example.org or by contacting us by telephone at: 030-3075494. We aim to respond to your request within 7 days and will try to comply with your request as much as technically possible.
In the unlikely event that personal data is “on the street”, we will report this to you and to the government.
Submit a complaint to the Dutch Data Protection Authority
In the unlikely event that you are not satisfied with the way we handle your data, you can submit a complaint about this to the Dutch Data Protection Authority. The contact details of the Dutch Data Protection Authority can be found here: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-over-informatie-persoonsgegevens
Changes to this privacy statement
We reserve the right to change this privacy statement. These changes will be announced via our practice website. We therefore recommend that you consult this statement regularly so that you are aware of any changes.
Our contact information
Do you have any questions or comments after reading this privacy and cookie statement? Then you can contact us via the contact details below:
3532 HW Utrecht